National Information Assurance (IA) - Joint Interoperability Test

CNSS Instruction No. 4009Revised June 2006

NATIONAL

INFORMATION ASSURANCE (IA)

GLOSSARY

THIS DOCUMENT PROVIDES MINIMUM STANDARDS. FURTHERIMPLEMENTATION MAY BE REQUIRED BY YOUR DEPARTMENT OR AGENCY.

CNSS Instruction No. 4009

CNSS Secretariat (I01C) -

1. The CNSSAssurance (IA) terms suin May 2003. This edit

2. We recogncoordination, and we enGlossary Working Grouto meet regularly for cowe will identify that sou

3. The Workterms come into being aprevious version were ddeletion (C.F.D.). If a tdeleted, please resubmirelevance to the securitclarity. Use these samenew terms. In all casesnumbers found below.

4. Representaaddress listed below, by

National Securit

Glossary Wobmitted by th

ion incorpora

ize that, to recourage yourp is to keep pnsideration orce if possib

ing Group wond old termseleted, otherserm you stillt the term wity of informaticriteria to re

, send your su

tives of the Ccontacting th

KLieu

Committee on National Security Systems

r
National Manage
y Agency - 9800 Savage Road - STE 6716 - Ft Meade MD 20755-6716 www.cnss.gov

[email protected](410) 854-6805

FOREWORD

rking Group recently convened to review Informatione CNSS membership since the Glossary was last published

tes those terms.

main useful, a glossary must be in a continuous state ofreview and welcome your comments. The goal of theace with changes in information assurance terminology and

f comments. When using definitions from another source,le.

uld like your help in keeping this glossary up to date as newfall into disuse or change meaning. Some terms from theupdated or added, and some are identified as candidates for

find valuable and need in your environment has beenh a definition based on the following criteria: (a) specificon systems; (b) economy of words; (c) accuracy; and (d)commend any changes to existing definitions or to suggestggestions to the CNSS Secretariat via e-mail or fax at the

NSS may obtain additional copies of this instruction at thee Secretariat via email, or on the CNSS Web Page.

/s/EITH B. ALEXANDERtenant General, U.S. Army


SECTION I

TERMS AND DEFINITIONS

A

access Opportunity to make use of an information system(IS) resource.

access control Limiting access to information system resourcesonly to authorized users, programs, processes, orother systems.

access control list (ACL) Mechanism implementing discretionary and/ormandatory access control between subjects andobjects.

access control mechanism Security safeguard designed to detect and denyunauthorized access and permit authorized accessin an IS.

access level Hierarchical portion of the security level used toidentify the sensitivity of IS data and the clearanceor authorization of users. Access level, inconjunction with the nonhierarchical categories,forms the sensitivity label of an object. (Seecategory.)

access list (IS) Compilation of users, programs, or processesand the access levels and types to which each isauthorized.

(COMSEC) Roster of individuals authorizedadmittance to a controlled area.


2

access profile Associates each user with a list of protected objectsthe user may access.

access type Privilege to perform action on an object. Read,write, execute, append, modify, delete, and createare examples of access types. (See write.)

accountability (IS) Process of tracing IS activities to a responsiblesource.

(COMSEC) Principle that an individual is entrustedto safeguard and control equipment, keyingmaterial, and information and is answerable toproper authority for the loss or misuse of thatequipment or information.

accounting legend code (ALC) Numeric code used to indicate the minimumaccounting controls required for items ofaccountable COMSEC material within theCOMSEC Material Control System.

accounting number Number assigned to an item of COMSEC materialto facilitate its control.

accreditation Formal declaration by a Designated AccreditingAuthority (DAA) that an IS is approved to operateat an acceptable level of risk, based on theimplementation of an approved set of technical,managerial, and procedural safeguards. (Seesecurity safeguards.)

accreditation boundary 1. (IA) - Identifies the information resourcescovered by an accreditation decision, asdistinguished from separately accreditedinformation resources that are interconnected orwith which information is exchanged viamessaging. (Synonymous with Security Perimeter)

2. (IC) – For the purposes of identifying theProtection Level for confidentiality of a system to beaccredited, the system has a conceptual boundarythat extends to all intended users of the system,both directly and indirectly connected, who receiveoutput from the system (DCID 6/3, 5 Jun 99)


3

accreditation package Product comprised of a System Security Plan (SSP)and a report documenting the basis for theaccreditation decision.

accrediting authority Synonymous with Designated AccreditingAuthority (DAA).

add-on security Incorporation of new hardware, software, orfirmware safeguards in an operational IS.

adequate security Security commensurate with the risk andmagnitude of harm resulting from the loss, misuse,or unauthorized access to or modification ofinformation. This includes assuring thatinformation systems operate effectively and provideappropriate confidentiality, integrity, andavailability, through the use of cost-effectivemanagement, personnel, operational, and technicalcontrols. (OMB Circular A-130)

advanced encryption standard FIPS approved cryptographic algorithm(AES) that is a symmetric block cypher using

cryptographic key sizes of 128, 192, and 256 bitsto encrypt and decrypt data in blocks of 128 bits.

advisory Notification of significant new trends ordevelopments regarding the threat to the IS of anorganization. This notification may includeanalytical insights into trends, intentions,technologies, or tactics of an adversary targetingISs.

alert Notification that a specific attack has been directedat the IS of an organization.

alternate COMSEC custodian Individual designated by proper authority toperform the duties of the COMSEC custodianduring the temporary absence of the COMSECcustodian.

alternative work site Government-wide, national program allowingFederal employees to work at home or atgeographically convenient satellite offices for partof the work week (e.g., telecommuting).


4

anti-jam Measures ensuring that transmitted informationcan be received despite deliberate jammingattempts.

anti-spoof Measures taken to prevent the unauthorized use oflegitimate Identification & Authentication (I&A)data, however it was obtained, to mimic a subjectdifferent from the attacker.

application Software program that performs a specific functiondirectly for a user and can be executed withoutaccess to system control, monitoring, oradministrative privileges.

assurance Measure of confidence that the security features,practices, procedures, and architecture of an ISaccurately mediates and enforces the securitypolicy.

assured software Software that has been designed, developed,analyzed and tested using processes, tools, andtechniques that establish a level of confidence inits trustworthiness appropriate for its intendeduse.

attack Attempt to gain unauthorized access to an IS’sservices, resources, or information, or the attemptto compromise an IS’s integrity, availability, orconfidentiality.

Attack Sensing and Warning Detection, correlation, identification,(AS&W) and characterization of intentional unauthorized

activity with notification to decision makers so thatan appropriate response can be developed.

audit Independent review and examination of recordsand activities to assess the adequacy of systemcontrols, to ensure compliance with establishedpolicies and operational procedures, and torecommend necessary changes in controls,policies, or procedures.

audit trail Chronological record of system activities to enablethe reconstruction and examination of thesequence of events and/or changes in an event.


5

authenticate To verify the identity of a user, user device, orother entity, or the integrity of data stored,transmitted, or otherwise exposed to unauthorizedmodification in an IS, or to establish the validity ofa transmission.

authentication Security measure designed to establish the validityof a transmission, message, or originator, or ameans of verifying an individual's authorization toreceive specific categories of information.

authentication system Cryptosystem or process used for authentication.

authenticator Means used to confirm the identity of a station,originator, or individual.

authorization Access privileges granted to a user, program, orprocess.

authorized vendor Manufacturer of INFOSEC equipment authorized toproduce quantities in excess of contractualrequirements for direct sale to eligible buyers.Eligible buyers are typically U.S. Governmentorganizations or U.S. Government contractors.

Authorized Vendor Program Program in which a vendor, producing an(AVP) INFOSEC product under contract to NSA, is

authorized to produce that product in numbersexceeding the contracted requirements for directmarketing and sale to eligible buyers. Eligiblebuyers are typically U.S. Government organizationsor U.S. Government contractors. Productsapproved for marketing and sale through the AVPare placed on the Endorsed CryptographicProducts List (ECPL).

automated security monitoring Use of automated procedures to ensure securitycontrols are not circumvented or the use of thesetools to track actions taken by subjects suspectedof misusing the IS.

automatic remote rekeying Procedure to rekey a distant crypto-equipmentelectronically without specific actions by thereceiving terminal operator. (See manual remoterekeying.)


6

availability Timely, reliable access to data and informationservices for authorized users.

B

back door Hidden software or hardware mechanism used tocircumvent security controls. Synonymous withtrap door.

backup Copy of files and programs made to facilitaterecovery, if necessary.

banner Display on an IS that sets parameters for systemor data use.

benign Condition of cryptographic data that cannot becompromised by human access.

benign environment Nonhostile environment that may be protectedfrom external hostile elements by physical,personnel, and procedural securitycountermeasures.

binding Process of associating a specific communicationsterminal with a specific cryptographic key orassociating two related elements of information.

biometrics Automated methods of authenticating or verifyingan individual based upon a physical or behavioralcharacteristic.

bit error rate Ratio between the number of bits incorrectlyreceived and the total number of bits transmittedin a telecommunications system.

BLACK Designation applied to information systems, and toassociated areas, circuits, components, andequipment, in which national security informationis encrypted or is not processed.

boundary Software, hardware, or physical barrier that limitsaccess to a system or part of a system.

brevity list List containing words and phrases used to shortenC.F.D. messages.


7

browsing Act of searching through IS storage to locate oracquire information, without necessarily knowingthe existence or format of information beingsought.

bulk encryption Simultaneous encryption of all channels of amultichannel telecommunications link.

C

call back Procedure for identifying and authenticating aremote IS terminal, whereby the host systemdisconnects the terminal and reestablishescontact. Synonymous with dial back.

canister Type of protective package used to contain anddispense keying material in punched or printedtape form.

cascading Downward flow of information through a range ofsecurity levels greater than the accreditation rangeof a system network or component.

category Restrictive label applied to classified or unclassifiedinformation to limit access.

CCI assembly Device embodying a cryptographic logic or otherCOMSEC design that NSA has approved as aControlled Cryptographic Item (CCI). It performsthe entire COMSEC function, but depends uponthe host equipment to operate.

CCI component Part of a Controlled Cryptographic Item (CCI) thatdoes not perform the entire COMSEC function butdepends upon the host equipment, or assembly, tocomplete and operate the COMSEC function.

CCI equipment Telecommunications or information handlingequipment that embodies a ControlledCryptographic Item (CCI) component or CCIassembly and performs the entire COMSECfunction without dependence on host equipment tooperate.


8

central office of record Office of a federal department or agency that keeps(COR) records of accountable COMSEC material held by

elements subject to its oversight.

certificate Digitally signed document that binds a public keywith an identity. The certificate contains, at aminimum, the identity of the issuing CertificationAuthority, the user identification information, andthe user’s public key.

certificate management Process whereby certificates (as defined above) aregenerated, stored, protected, transferred, loaded,used, and destroyed.

certificate revocation list List of invalid certificates (as defined above) that(CRL) have been revoked by the issuer.

certification Comprehensive evaluation of the technical andnontechnical security safeguards of an IS tosupport the accreditation process that establishesthe extent to which a particular design andimplementation meets a set of specified securityrequirements.

certification authority (CA) (C&A) Official responsible for performing thecomprehensive evaluation of the security featuresof an information system and determining thedegree to which it meets its security requirements.

(PKI) Trusted entity authorized to create, sign, andissue public key certificates. By digitally signingeach certificate issued, the user’s identity iscertified, and the association of the certifiedidentity with a public key is validated.

certification authority Commercial-off-the-shelf (COTS) workstation withworkstation (CAW) a trusted operating system and special purpose

application software that is used to issuecertificates.

certification package Product of the certification effort documenting thedetailed results of the certification activities.

certification test and Software and hardware security tests conductedevaluation (CT&E) during development of an IS.


9

certified TEMPEST technical An experienced, technically qualified U.S.authority (CTTA) Government employee who has met established

certification requirements in accordance withCNSS (NSTISSC)-approved criteria and has beenappointed by a U.S. Government Department orAgency to fulfill CTTA responsibilities.

certifier Individual responsible for making a technicaljudgment of the system’s compliance with statedrequirements, identifying and assessing the risksassociated with operating the system, coordinatingthe certification activities, and consolidating thefinal certification and accreditation packages.

challenge and reply Prearranged procedure in which a subject requestsauthentication authentication of another and the latter

establishes validity with a correct reply.

checksum Value computed on data to detect error ormanipulation during transmission. (See hashtotal.)

check word Cipher text generated by cryptographic logic todetect failures in cryptography.

cipher Any cryptographic system in which arbitrarysymbols or groups of symbols, represent units ofplain text, or in which units of plain text arerearranged, or both.

cipher text Enciphered information.

cipher text auto-key Cryptographic logic that uses previous cipher text(CTAK) to generate a key stream.

ciphony Process of enciphering audio information, resultingin encrypted speech.

classified information Information that has been determined pursuant toExecutive Order 12958 or any predecessor Order,or by the Atomic Energy Act of 1954, as amended,to require protection against unauthorizeddisclosure and is marked to indicate its classifiedstatus.


10

classified information spillage Security incident that occurs whenever classifieddata is spilled either onto an unclassified IS or toan IS with a lower level of classification.

clearance Formal security determination by an authorizedadjudicative office that an individual is authorizedaccess, on a need to know basis, to a specific levelof collateral classified information (TOP SECRET,SECRET, CONFIDENTIAL).

clearing Removal of data from an IS, its storage devices,and other peripheral devices with storage capacity,in such a way that the data may not bereconstructed using common system capabilities(i.e., keyboard strokes); however, the data may bereconstructed using laboratory methods. Clearedmedia may be reused at the same classificationlevel or at a higher level. Overwriting is one methodof clearing. (See magnetic remanance.)

client Individual or process acting on behalf of anindividual who makes requests of a guard ordedicated server. The client’s requests to theguard or dedicated server can involve data transferto, from, or through the guard or dedicated server.

closed security environment Environment providing sufficient assurance thatapplications and equipment are protected againstthe introduction of malicious logic during an IS lifecycle. Closed security is based upon a system'sdevelopers, operators, and maintenance personnelhaving sufficient clearances, authorization, andconfiguration control.

code (COMSEC) System of communication in whicharbitrary groups of letters, numbers, or symbolsrepresent units of plain text of varying length.

code book Document containing plain text and codeequivalents in a systematic arrangement, or atechnique of machine encryption using a wordsubstitution technique.

code group Group of letters, numbers, or both in a codesystem used to represent a plain text word, phrase,or sentence.


11

code vocabulary Set of plain text words, numerals, phrases, orsentences for which code equivalents are assignedin a code system.

cold start Procedure for initially keying crypto-equipment.

collaborative computing Applications and technology (e.g. , whiteboarding,group conferencing) that allow two or moreindividuals to share information real time in aninter- or intra-enterprise environment.

command authority Individual responsible for the appointment of userrepresentatives for a department, agency, ororganization and their key ordering privileges.

Commercial COMSEC Relationship between NSA and industry in whichEvaluation Program (CCEP) NSA provides the COMSEC expertise (i.e.,

standards, algorithms, evaluations, and guidance)and industry provides design, development, andproduction capabilities to produce a type 1 or type2 product. Products developed under the CCEPmay include modules, subsystems, equipment,systems, and ancillary devices.

Common Criteria Provides a comprehensive, rigorous method forspecifying security function and assurancerequirements for products and systems.(International Standard ISO/IEC 5408, CommonCriteria for Information Technology SecurityEvaluation [ITSEC])

common fill device One of a family of devices developed to read-in,transfer, or store key.

communications cover Concealing or altering of characteristiccommunications patterns to hide information thatcould be of value to an adversary.

communications deception Deliberate transmission, retransmission, oralteration of communications to mislead anadversary's interpretation of the communications.(See imitative communications deception andmanipulative communications deception.)

communications profile Analytic model of communications associated withan organization or activity. The model is preparedfrom a systematic examination of communications


12

content and patterns, the functions they reflect,and the communications security measuresapplied.

communications security Measures and controls taken to deny unauthorized(COMSEC) individuals information derived from

telecommunications and to ensure the authenticityof such telecommunications. Communicationssecurity includes cryptosecurity, transmissionsecurity, emission security, and physical securityof COMSEC material.

community risk Probability that a particular vulnerability will beexploited within an interacting population andadversely impact some members of thatpopulation.

compartmentalization A nonhierarchical grouping of sensitive informationused to control access to data more finely thanwith hierarchical security classification alone.

compartmented mode Mode of operation wherein each user with direct orindirect access to a system, its peripherals, remoteterminals, or remote hosts has all of the following:(a) valid security clearance for the most restrictedinformation processed in the system; (b) formalaccess approval and signed nondisclosureagreements for that information which a user is tohave access; and (c) valid need-to-know forinformation which a user is to have access.

compromise Type of incident where information is disclosed tounauthorized individuals or a violation of thesecurity policy of a system in which unauthorizedintentional or unintentional disclosure,modification, destruction, or loss of an object mayhave occurred.

compromising emanations Unintentional signals that, if intercepted andanalyzed, would disclose the informationtransmitted, received, handled, or otherwiseprocessed by information systems equipment. (SeeTEMPEST.)

computer abuse Intentional or reckless misuse, alteration,disruption, or destruction of informationprocessing resources.


13

computer cryptography Use of a crypto-algorithm program by a computerto authenticate or encrypt/decrypt information.

computer security Measures and controls that ensure confidentiality,integrity, and availability of IS assets includinghardware, software, firmware, and informationbeing processed, stored, and communicated.

computer security incident See incident.

computer security subsystem Hardware/software designed to provide computersecurity features in a larger system environment.

computing environment Workstation or server (host) and its operatingsystem, peripherals, and applications.

COMSEC account Administrative entity, identified by an accountnumber, used to maintain accountability, custody,and control of COMSEC material.

COMSEC account audit Examination of the holdings, records, andprocedures of a COMSEC account ensuring allaccountable COMSEC material is properly handledand safeguarded.

COMSEC aid COMSEC material that assists in securingtelecommunications and is required in theproduction, operation, or maintenance of COMSECsystems and their components. COMSEC keyingmaterial, callsign/frequency systems, andsupporting documentation, such as operating andmaintenance manuals, are examples of COMSECaids.

COMSEC assembly Group of parts, elements, subassemblies, orcircuits that are removable items of COMSECequipment.

COMSEC boundary Definable perimeter encompassing all hardware,firmware, and software components performingcritical COMSEC functions, such as keygeneration, handling, and storage.

COMSEC chip set Collection of NSA approved microchips.

COMSEC control program Computer instructions or routines controlling oraffecting the externally performed functions of key


14

generation, key distribution, messageencryption/decryption, or authentication.

COMSEC custodian Individual designated by proper authority to beresponsible for the receipt, transfer, accounting,safeguarding, and destruction of COMSEC materialassigned to a COMSEC account.

COMSEC demilitarization Process of preparing COMSEC equipment fordisposal by extracting all CCI, classified, orCRYPTO marked components for their securedestruction, as well as defacing and disposing ofthe remaining equipment hulk.

COMSEC element Removable item of COMSEC equipment, assembly,or subassembly; normally consisting of a singlepiece or group of replaceable parts.

COMSEC end-item Equipment or combination of components readyfor use in a COMSEC application.

COMSEC equipment Equipment designed to provide security totelecommunications by converting information to aform unintelligible to an unauthorized interceptorand, subsequently, by reconverting suchinformation to its original form for authorizedrecipients; also, equipment designed specifically toaid in, or as an essential element of, the conversionprocess. COMSEC equipment includes crypto-equipment, crypto-ancillary equipment,cryptoproduction equipment, and authenticationequipment.

COMSEC facility Authorized and approved space used forgenerating, storing, repairing, or using COMSECmaterial.

COMSEC incident See incident.

COMSEC insecurity COMSEC incident that has been investigated,evaluated, and determined to jeopardize thesecurity of COMSEC material or the securetransmission of information.

COMSEC manager Individual who manages the COMSEC resources ofan organization.


15

COMSEC material Item designed to secure or authenticatetelecommunications. COMSEC material includes,but is not limited to key, equipment, devices,documents, firmware, or software that embodies ordescribes cryptographic logic and other items thatperform COMSEC functions.

COMSEC Material Logistics and accounting system through whichControl System (CMCS) COMSEC material marked "CRYPTO" is

distributed, controlled, and safeguarded. Includedare the COMSEC central offices of record,cryptologistic depots, and COMSEC accounts.COMSEC material other than key may be handledthrough the CMCS.

COMSEC modification See information systems security equipmentmodification.

COMSEC module Removable component that performs COMSECfunctions in a telecommunications equipment orsystem.

COMSEC monitoring Act of listening to, copying, or recordingtransmissions of one's own officialtelecommunications to analyze the degree ofsecurity.

COMSEC profile Statement of COMSEC measures and materialsused to protect a given operation, system, ororganization.

COMSEC survey Organized collection of COMSEC andcommunications information relative to a givenoperation, system, or organization.

COMSEC system data Information required by a COMSEC equipment orsystem to enable it to properly handle and controlkey.

COMSEC training Teaching of skills relating to COMSEC accounting,use of COMSEC aids, or installation, use,maintenance, and repair of COMSEC equipment.

concept of operations (CONOP) Document detailing the method, act, process, oreffect of using an IS.


16

confidentiality Assurance that information is not disclosed tounauthorized individuals, processes, or devices.

configuration control Process of controlling modifications to hardware,firmware, software, and documentation to ensurethe IS is protected against improper modificationsprior to, during, and after system implementation.

configuration management Management of security features and assurancesthrough control of changes made to hardware,software, firmware, documentation, test, testfixtures, and test documentation throughout thelife cycle of an IS.

confinement channel See covert channel.

contamination Type of incident involving the introduction of dataof one security classification or security categoryinto data of a lower security classification ordifferent security category.

contingency key Key held for use under specific operationalconditions or in support of specific contingencyplans. (See reserve keying material.)

continuity of operations plan Plan for continuing an organization’s (usually a(COOP) headquarters element) essential functions at an

alternate site and performing those functions forthe duration of an event with little or no loss ofcontinuity before returning to normal operations.

controlled access area Physical area (e.g., building, room, etc.) to whichonly authorized personnel are granted unrestrictedaccess. All other personnel are either escorted byauthorized personnel or are under continuoussurveillance.

controlled access protection Minimum set of security functionality that enforcesaccess control on individual users and makes themaccountable for their actions through loginprocedures, auditing of security-relevant events,and resource isolation.

controlled cryptographic item Secure telecommunications or information(CCI) handling equipment, or associated cryptographic

component, that is unclassified but governed by aspecial set of control requirements. Such items are


17

marked "CONTROLLED CRYPTOGRAPHIC ITEM"or, where space is limited, "CCI."

controlled interface Mechanism that facilitates the adjudication ofdifferent interconnected system security policies(e.g., controlling the flow of information into or outof an interconnected system).

controlled space Three-dimensional space surrounding ISequipment, within which unauthorized individualsare denied unrestricted access and are eitherescorted by authorized individuals or are undercontinuous physical or electronic surveillance.

controlling authority Official responsible for directing the operation of acryptonet and for managing the operational useand control of keying material assigned to thecryptonet.

cooperative key generation Electronically exchanging functions of locallygenerated, random components, from which bothterminals of a secure circuit construct trafficencryption key or key encryption key for use onthat circuit. (See per-call key.)

cooperative remote rekeying Synonymous with manual remote rekeying.

correctness proof A mathematical proof of consistency between aspecification and its implementation.

countermeasure Action, device, procedure, technique, or othermeasure that reduces the vulnerability of an IS.

covert channel Unintended and/or unauthorized communicationspath that can be used to transfer information in amanner that violates an IS security policy. (Seeovert channel and exploitable channel.)

covert channel analysis Determination of the extent to which the securitypolicy model and subsequent lower-level programdescriptions may allow unauthorized access toinformation.

covert storage channel Covert channel involving the direct or indirectwriting to a storage location by one process andthe direct or indirect reading of the storage locationby another process. Covert storage channels


18

typically involve a finite resource (e.g., sectors on adisk) that is shared by two subjects at differentsecurity levels.

covert timing channel Covert channel in which one process signalsinformation to another process by modulating itsown use of system resources (e.g., centralprocessing unit time) in such a way that thismanipulation affects the real response timeobserved by the second process.

credentials Information, passed from one entity to another,used to establish the sending entity's access rights.

critical infrastructures System and assets, whether physical or virtual, sovital to the U.S. that the incapacity or destructionof such systems and assets would have adebilitating impact on security, national economicsecurity, national public health or safety, or anycombination of those matters. [CriticalInfrastructures Protection Act of 2001, 42 U.S.C.5195c(e)]

cross domain solution Information assurance solution that provides theability to access or transfer information betweentwo or more security domains. (See multi levelsecurity.)

cryptanalysis Operations performed in converting encryptedmessages to plain text without initial knowledge ofthe crypto-algorithm and/or key employed in theencryption.

CRYPTO Marking or designator identifying COMSEC keyingmaterial used to secure or authenticatetelecommunications carrying classified or sensitiveU.S. Government or U.S. Government-derivedinformation.

crypto-alarm Circuit or device that detects failures oraberrations in the logic or operation of crypto-equipment. Crypto-alarm may inhibittransmission or may provide a visible and/oraudible alarm.

crypto-algorithm Well-defined procedure or sequence of rules orsteps, or a series of mathematical equations used


19

to describe cryptographic processes such asencryption/decryption, key generation,authentication, signatures, etc.

crypto-ancillary equipment Equipment designed specifically to facilitateefficient or reliable operation of crypto-equipment,without performing cryptographic functions itself.

crypto-equipment Equipment that embodies a cryptographic logic.

cryptographic Pertaining to, or concerned with, cryptography.

cryptographic component Hardware or firmware embodiment of thecryptographic logic. A cryptographic componentmay be a modular assembly, a printed wiringassembly, a microcircuit, or a combination of theseitems.

cryptographic initialization Function used to set the state of a cryptographiclogic prior to key generation, encryption, or otheroperating mode.

cryptographic logic The embodiment of one (or more) crypto-algorithm(s) along with alarms, checks, and otherprocesses essential to effective and secureperformance of the cryptographic process(es).

cryptographic randomization Function that randomly determines the transmitstate of a cryptographic logic.

cryptography Art or science concerning the principles, means,and methods for rendering plain informationunintelligible and for restoring encryptedinformation to intelligible form.

crypto-ignition key (CIK) Device or electronic key used to unlock the securemode of crypto-equipment.

cryptology Field encompassing both cryptography andcryptanalysis.

cryptonet Stations holding a common key.

cryptoperiod Time span during which each key setting remainsin effect.


20

cryptosecurity Component of COMSEC resulting from theprovision of technically sound cryptosystems andtheir proper use.

cryptosynchronization Process by which a receiving decryptingcryptographic logic attains the same internal stateas the transmitting encrypting logic.

cryptosystem Associated INFOSEC items interacting to provide asingle means of encryption or decryption.

cryptosystem analysis Process of establishing the exploitability of acryptosystem, normally by reviewing transmittedtraffic protected or secured by the system understudy.

cryptosystem evaluation Process of determining vulnerabilities of acryptosystem.

cryptosystem review Examination of a cryptosystem by the controllingauthority ensuring its adequacy of design andcontent, continued need, and proper distribution.

cryptosystem survey Management technique in which actual holders ofa cryptosystem express opinions on the system'ssuitability and provide usage information fortechnical evaluations.

cyclic redundancy check Error checking mechanism that checks dataintegrity by computing a polynomial algorithmbased checksum.

D

data aggregation Compilation of unclassified individual datasystems and data elements that could result in thetotality of the information being classified or ofbeneficial use to an adversary.

data encryption standard (DES) Cryptographic algorithm, designed for theprotection of unclassified data and published bythe National Institute of Standards and Technology(NIST) in Federal Information Processing Standard(FIPS) Publication 46. (FIPS 46-3 withdrawn 19


21

May 2005) (See Triple DES) and CNSS AdvisoryIA/02-04 Revised March 2005)

data flow control Synonymous with information flow control.

data integrity Condition existing when data is unchanged fromits source and has not been accidentally ormaliciously modified, altered, or destroyed.

data origin authentication Corroborating the source of data is as claimed.

data security Protection of data from unauthorized (accidental orintentional) modification, destruction, ordisclosure.

data transfer device (DTD) Fill device designed to securely store, transport,and transfer electronically both COMSEC andTRANSEC key, designed to be backwardcompatible with the previous generation ofCOMSEC common fill devices, and programmableto support modern mission systems.

decertification Revocation of the certification of an IS item orequipment for cause.

decipher Convert enciphered text to plain text by means of acryptographic system.

decode Convert encoded text to plain text by means of acode.

decrypt Generic term encompassing decode and decipher.

dedicated mode IS security mode of operation wherein each user,with direct or indirect access to the system, itsperipherals, remote terminals, or remote hosts, hasall of the following: a. valid security clearance forall information within the system; b. formalaccess approval and signed nondisclosureagreements for all the information stored and/orprocessed (including all compartments,subcompartments, and/or special accessprograms); and c. valid need-to-know for allinformation contained within the IS. When in thededicated security mode, a system is specificallyand exclusively dedicated to and controlled for theprocessing of one particular type or classification of


22

information, either for full-time operation or for aspecified period of time.

default classification Temporary classification reflecting the highestclassification being processed in an IS. Defaultclassification is included in the caution statementaffixed to an object.

defense-in-depth IA strategy integrating people, technology, andoperations capabilities to establish variablebarriers across multiple layers and dimensions ofnetworks. Synonymous with security-in-depth.

degaussing Procedure that reduces the magnetic flux to virtualzero by applying a reverse magnetizing field. Alsocalled demagnetizing.

delegated development program INFOSEC program in which the Director, NSA,delegates, on a case by case basis, the developmentand/or production of an entire telecommunicationsproduct, including the INFOSEC portion, to a leaddepartment or agency.

denial of service Any action or series of actions that prevents anypart of an IS from functioning.

descriptive top-level specification Top-level specification written in a natural(C.F.D.) language (e.g., English), an informal design

notation, or a combination of the two. Descriptivetop-level specification, required for a class B2 andB3 (as defined in the Orange Book, Department ofDefense Trusted Computer System EvaluationCriteria, DoD 5200.28-STD) information system,completely and accurately describes a trustedcomputing base. (See formal top-levelspecification.)

designated approval authority Official with the authority to formally assume(DAA) responsibility for operating a system at an

acceptable level of risk. This term is synonymouswith authorizing official, designated accreditingauthority, and delegated accrediting authority.

dial back Synonymous with call back.

digital signature Cryptographic process used to assure messageoriginator authenticity, integrity, and


23

nonrepudiation. Synonymous with electronicsignature.

digital signature algorithm Procedure that appends data to, or performs a(C.F.D.) cryptographic transformation of, a data unit. The

appended data or cryptographic transformationallows reception of the data unit and protectsagainst forgery, e.g., by the recipient.

direct shipment Shipment of COMSEC material directly from NSAto user COMSEC accounts.

disaster recovery plan Provides for the continuity of system operationsafter a disaster.

discretionary access control Means of restricting access to objects based on the(DAC) identity and need-to-know of users and/or groups

to which the object belongs. Controls arediscretionary in the sense that a subject with acertain access permission is capable of passingthat permission (directly or indirectly) to any othersubject. (See mandatory access control.)

distinguished name Globally unique identifier representing anindividual’s identity.

DMZ (Demilitarized Zone) Perimeter network segment that is logicallybetween internal and external networks. Itspurpose is to enforce the internal network’s IApolicy for external information exchange and toprovide external, untrusted sources with restrictedaccess to releasable information while shielding theinternal networks from outside attacks. A DMZ isalso called a “screened subnet.”

domain System or group of systems operating under acommon security policy.

drop accountability Procedure under which a COMSEC accountcustodian initially receipts for COMSEC material,and provides no further accounting for it to itscentral office of record. Local accountability of theCOMSEC material may continue to be required.(See accounting legend code.)


24

E

electronically generated key Key generated in a COMSEC device by introducing(either mechanically or electronically) a seed keyinto the device and then using the seed, togetherwith a software algorithm stored in the device, toproduce the desired key.

Electronic Key Management Interoperable collection of systems being developedSystem (EKMS) by services and agencies of the U.S. Government to

automate the planning, ordering, generating,distributing, storing, filling, using, and destroyingof electronic key and management of other types ofCOMSEC material.

electronic messaging services Services providing interpersonal messagingcapability; meeting specific functional,management, and technical requirements; andyielding a business-quality electronic mail servicesuitable for the conduct of official governmentbusiness.

electronic security Protection resulting from measures designed to(ELSEC) (C.F.D.) deny unauthorized individuals information derived

from the interception and analysis ofnoncommunications electromagnetic radiations.

electronic signature See digital signature.

embedded computer (C.F.D.) Computer system that is an integral part of alarger system.

embedded cryptography Cryptography engineered into an equipment or(C.F.D.) system whose basic function is not cryptographic.

embedded cryptographic system Cryptosystem performing or controlling a function(C.F.D.) as an integral element of a larger system or

subsystem.

emissions security (EMSEC) Protection resulting from measures taken to denyunauthorized individuals information derived fromintercept and analysis of compromisingemanations from crypto-equipment or an IS. (SeeTEMPEST.)


25

encipher Convert plain text to cipher text by means of acryptographic system.

enclave Collection of computing environments connectedby one or more internal networks under the controlof a single authority and security policy, includingpersonnel and physical security.

enclave boundary Point at which an enclave’s internal networkservice layer connects to an external network’sservice layer, i.e., to another enclave or to a WideArea Network (WAN).

encode Convert plain text to cipher text by means of acode.

encrypt Generic term encompassing encipher and encode.

encryption algorithm Set of mathematically expressed rules for renderingdata unintelligible by executing a series ofconversions controlled by a key.

end-item accounting Accounting for all the accountable components of aCOMSEC equipment configuration by a singleshort title.

end-to-end encryption Encryption of information at its origin anddecryption at its intended destination withoutintermediate decryption.

end-to-end security Safeguarding information in an IS from point oforigin to point of destination.

endorsed for unclassified Unclassified cryptographic equipment thatcryptographic item (EUCI) embodies a U.S. Government classified(C.F.D.) cryptographic logic and is endorsed by NSA for the

protection of national security information. (Seetype 2 product.)

endorsement NSA approval of a commercially developed product(C.F.D.) for safeguarding national security information.

entrapment Deliberate planting of apparent flaws in an IS forthe purpose of detecting attempted penetrations.


26

environment Aggregate of external procedures, conditions, andobjects affecting the development, operation, andmaintenance of an IS.

erasure Process intended to render magnetically storedinformation irretrievable by normal means.

evaluation assurance level (EAL) Set of assurance requirements that represent apoint on the Common Criteria predefinedassurance scale.

event Occurrence, not yet assessed, that may affect theperformance of an IS.

executive state One of several states in which an IS may operate,(C.F.D.) and the only one in which certain privileged

instructions may be executed. Such privilegedinstructions cannot be executed when the systemis operating in other states. Synonymous withsupervisor state.

exercise key Key used exclusively to safeguard communicationstransmitted over-the-air during military ororganized civil training exercises.

exploitable channel Channel that allows the violation of the securitypolicy governing an IS and is usable or detectableby subjects external to the trusted computingbase. (See covert channel.)

extraction resistance Capability of crypto-equipment or securetelecommunications equipment to resist efforts toextract key.

extranet Extension to the intranet allowing selected outsideusers access to portions of an organization’sintranet.

F

fail safe Automatic protection of programs and/orprocessing systems when hardware or softwarefailure is detected.

fail soft Selective termination of affected nonessential


27

(C.F.D.) processing when hardware or software failure isdetermined to be imminent.

failure access Type of incident in which unauthorized access todata results from hardware or software failure.

failure control Methodology used to detect imminent hardware orsoftware failure and provide fail safe or fail softrecovery.

file protection Aggregate of processes and procedures designed toinhibit unauthorized access, contamination,elimination, modification, or destruction of a file orany of its contents.

file security Means by which access to computer files is limitedto authorized users only.

fill device COMSEC item used to transfer or store key inelectronic form or to insert key into a crypto-equipment.

FIREFLY Key management protocol based on public keycryptography.

firewall System designed to defend against unauthorizedaccess to or from a private network.

firmware Program recorded in permanent or semipermanentcomputer memory.

fixed COMSEC facility COMSEC facility located in an immobile structureor aboard a ship.

flaw Error of commission, omission, or oversight in anIS that may allow protection mechanisms to bebypassed.

flaw hypothesis methodology System analysis and penetration technique inwhich the specification and documentation for anIS are analyzed to produce a list of hypotheticalflaws. This list is prioritized on the basis of theestimated probability that a flaw exists, on the easeof exploiting it, and on the extent of control orcompromise it would provide. The prioritized list isused to perform penetration testing of a system.


28

flooding Type of incident involving insertion of a largevolume of data resulting in denial of service.

formal access approval Process for authorizing access to classified orsensitive information with specified accessrequirements, such as Sensitive CompartmentedInformation (SCI) or Privacy Data, based on thespecified access requirements and a determinationof the individual’s security eligibiity and need-to-know.

formal development Software development strategy that proves securitymethodology design specifications.

formal method Mathematical argument which verifies that thesystem satisfies a mathematically describedsecurity policy.

formal proof Complete and convincing mathematical argument(C.F.D.) presenting the full logical justification for each

proof step and for the truth of a theorem or set oftheorems.

formal security policy Mathematically precise statement of a securitypolicy.

formal top-level specification Top-level specification written in a formal(C.F.D.) mathematical language to allow theorems, showing

the correspondence of the system specification toits formal requirements, to be hypothesized andformally proven.

formal verification Process of using formal proofs to demonstrate the(C.F.D.) consistency between formal specification of a

system and formal security policy model (designverification) or between formal specification and itshigh-level program implementation(implementation verification).

frequency hopping Repeated switching of frequencies during radiotransmission according to a specified algorithm, tominimize unauthorized interception or jamming oftelecommunications.

front-end security filter Security filter logically separated from the(C.F.D.) remainder of an IS to protect system integrity.

Synonymous with firewall.


29

full maintenance Complete diagnostic repair, modification, andoverhaul of COMSEC equipment, including repairof defective assemblies by piece part replacement.(See limited maintenance.)

functional proponent See network sponsor.(C.F.D.)

functional testing Segment of security testing in which advertisedsecurity mechanisms of an IS are tested underoperational conditions.

G

gateway Interface providing a compatibility betweennetworks by converting transmission speeds,protocols, codes, or security measures.

Global Information Grid The globally interconnected, end-to-end set ofinformation capabilities, associated processes, andpersonnel for collecting, processing, storing,disseminating, and managing information ondemand to war fighters, policy makers, andsupport personnel. (DoD Directive 8100.1, 19Sept. 2002)

global information Worldwide interconnections of the informationinfrastructure (GII) systems of all countries, international and

multinational organizations, and internationalcommercial communications.

guard Mechanism limiting the exchange of informationbetween systems.


30

H

hacker Unauthorized user who attempts to or gains accessto an IS.

handshaking procedures Dialogue between two IS’s for synchronizing,identifying, and authenticating themselves to oneanother.

hard copy key Physical keying material, such as printed key lists,punched or printed key tapes, or programmable,read-only memories (PROM).

hardwired key Permanently installed key.

hash total Value computed on data to detect error ormanipulation. (See checksum.)

hashing Computation of a hash total.

hashword Memory address containing hash total.

high assurance guard (HAG) Device comprised of both hardware and softwarethat is designed to enforce security rules duringthe transmission of X.400 message and X.500directory traffic between enclaves of differentclassification levels (e.g., UNCLASSIFIED andSECRET).

I

IA architecture Activity that aggregates the functions of developingIA operational, system, and technical architectureproducts for the purpose of specifying andimplementing new or modified IA capabilitieswithin the IT environment. (DoD Directive 8100.1,19 Sept 2002)

IA-enabled information Product or technology whose primary role is nottechnology product security, but which provides security services as

an associated feature of its intended operatingcapabilities. Examples include such products assecurity-enabled web browsers, screening routers,


31

trusted operating systems, and security-enabledmessaging systems.

identification Process an IS uses to recognize an entity.

identity token Smart card, metal key, or other physical objectused to authenticate identity.

identity validation Tests enabling an IS to authenticate users orresources.

imitative communications Introduction of deceptive messages or signals intodeception an adversary's telecommunications signals. (See

communications deception and manipulativecommunications deception.)

impersonating Form of spoofing.

implant Electronic device or electronic equipmentmodification designed to gain unauthorizedinterception of information-bearing emanations.

inadvertent disclosure Type of incident involving accidental exposure ofinformation to an individual not authorized access.

incident (IS) Assessed occurrence having actual orpotentially adverse effects on an IS.

(COMSEC) Occurrence that potentially jeopardizesthe security of COMSEC material or the secureelectrical transmission of national securityinformation.

incomplete parameter checking System flaw that exists when the operating systemdoes not check all parameters fully for accuracyand consistency, thus making the systemvulnerable to penetration.

indicator Recognized action, specific, generalized, ortheoretical, that an adversary might be expected totake in preparation for an attack.

individual accountability Ability to associate positively the identity of a userwith the time, method, and degree of access to anIS.


32

informal security policy Natural language description, possiblysupplemented by mathematical arguments,demonstrating the correspondence of thefunctional specification to the high-level design.

information assurance (IA) Measures that protect and defend information andinformation systems by ensuring their availability,integrity, authentication, confidentiality, and non-repudiation. These measures include providing forrestoration of information systems by incorporatingprotection, detection, and reaction capabilities.

information assurance manager See information systems security manager.(IAM)

information assurance officer See information systems security officer.(IAO)

information assurance product Product or technology whose primary purpose is toprovide security services (e.g., confidentiality,authentication, integrity, access control, non-repudiation of data) correct known vulnerabilities;and/or provide layered defense against variouscategories of non-authorized or maliciouspenetrations of information systems or networks.Examples include such products as data/networkencryptors, firewalls, and intrusion detectiondevices.

information environment Aggregate of individuals, organizations, or systemsthat collect, process, or disseminate information,also included is the information itself.

information flow control Procedure to ensure that information transferswithin an IS are not made from a higher securitylevel object to an object of a lower security level.

information operations (IO) Actions taken to affect adversary information andISs while defending one’s own information and ISs.

information owner Official with statutory or operational authority forspecified information and responsibility forestablishing the controls for its generation,collection, processing, dissemination, and disposal.


33

information security policy Aggregate of directives, regulations, rules, andpractices that prescribe how an organizationmanages, protects, and distributes information.

information system (IS) Set of information resources organized for thecollection, storage, processing, maintenance, use,sharing, dissemination, disposition, display, ortransmission of information.

information systems security Protection of information systems against(INFOSEC) unauthorized access to or modification of

information, whether in storage, processing ortransit, and against the denial of service toauthorized users, including those measuresnecessary to detect, document, and counter suchthreats.

information systems security Process that captures and refines informationengineering (ISSE) protection requirements and ensures their

integration into IT acquisiton processes throughpurposeful security design or configuration.

information systems security Modification of any fielded hardware, firmware,equipment modification software, or portion thereof, under NSA

configuration control. There are three classes ofmodifications: mandatory (to include humansafety); optional/special mission modifications;and repair actions. These classes apply toelements, subassemblies, equipment, systems, andsoftware packages performing functions such askey generation, key distribution, messageencryption, decryption, authentication, or thosemechanisms necessary to satisfy security policy,labeling, identification, or accountability.

information systems security Individual responsible for a program, organization,manager (ISSM) system, or enclave’s information assurance

program.

information systems Individual responsible to the ISSM for ensuring thesecurity officer (ISSO) appropriate operational IA posture is maintained

for a system, program, or enclave.

information systems security Item (chip, module, assembly, or equipment),product technique, or service that performs or relates to

information systems security.


34

initialize Setting the state of a cryptographic logic prior tokey generation, encryption, or other operatingmode.

inspectable space Three dimensional space surrounding equipmentthat process classified and/or sensitive informationwithin which TEMPEST exploitation is notconsidered practical or where legal authority toidentify and remove a potential TEMPESTexploitation exists. Synonymous with zone ofcontrol.

integrity Quality of an IS reflecting the logical correctnessand reliability of the operating system; the logicalcompleteness of the hardware and softwareimplementing the protection mechanisms; and theconsistency of the data structures and occurrenceof the stored data. Note that, in a formal securitymode, integrity is interpreted more narrowly tomean protection against unauthorized modificationor destruction of information.

integrity check value Checksum capable of detecting modification of anIS.

interconnection security Written management authorization to interconnectagreement information systems based upon acceptance of risk

and implementation of established controls.

interface Common boundary between independent systemsor modules where interactions take place.

interface control document Technical document describing interface controlsand identifying the authorities and responsibilitiesfor ensuring the operation of such controls. Thisdocument is baselined during the preliminarydesign review and is maintained throughout the ISlifecycle.

interim approval to operate Temporary authorization granted by a DAA for an(IATO IS to process information based on preliminary

results of a security evaluation of the system.

Interim approval to test (IATT) Temporary authorization to test an informationsystem in a specified operational informationenvironment within the timeframe and under the


35

conditions or constraints enumerated in thewritten authorization.

internal security controls Hardware, firmware, or software features within anIS that restrict access to resources only toauthorized subjects.

internetwork private line Network cryptographic unit that provides secureinterface (C.F.D.) connections, singularly or in simultaneous

multiple connections, between a host and apredetermined set of corresponding hosts.

internet protocol (IP) Standard protocol for transmission of data fromsource to destinations in packet-switchedcommunications networks and interconnectedsystems of such networks.

intrusion Unauthorized act of bypassing the securitymechanisms of a system.

K

key Usually a sequence of random or pseudorandombits used initially to set up and periodically changethe operations performed in crypto-equipment forthe purpose of encrypting or decrypting electronicsignals, or for determining electronic counter-countermeasures patterns, or for producing otherkey.

key-auto-key (KAK) Cryptographic logic using previous key to producekey.

key distribution center (KDC) COMSEC facility generating and distributing key inelectrical form.

key-encryption-key (KEK) Key that encrypts or decrypts other key fortransmission or storage.

key exchange Process of exchanging public keys (and otherinformation) in order to establish securecommunications.


36

key list Printed series of key settings for a specificcryptonet. Key lists may be produced in list, pad,or printed tape format.

key management infrastructure Framework and services that provide the(KMI) generation, production, storage, protection,

distribution, control, tracking, and destruction forall cryptographic key material, symmetric keys aswell as public keys and public key certificates.

key pair Public key and its corresponding private key asused in public key cryptography.

key production key (KPK) Key used to initialize a keystream generator for theproduction of other electronically generated key.

key recovery Mechanisms and processes that allow authorizedparties to retrieve the cryptographic key used fordata confidentiality.

key stream Sequence of symbols (or their electrical ormechanical equivalents) produced in a machine orauto-manual cryptosystem to combine with plaintext to produce cipher text, control transmissionsecurity processes, or produce key.

key tag Identification information associated with certaintypes of electronic key.

key tape Punched or magnetic tape containing key. Printedkey in tape form is referred to as a key list.

key updating Irreversible cryptographic process for modifyingkey.

keying material Key, code, or authentication information inphysical or magnetic form.

L

label See security label.

labeled security protections Elementary-level mandatory access control(C.F.D.) protection features and intermediate-level

discretionary access control features in a TCB that


37

uses sensitivity labels to make access controldecisions.

laboratory attack Use of sophisticated signal recovery equipment in alaboratory environment to recover information fromdata storage media.

least privilege Principle requiring that each subject be grantedthe most restrictive set of privileges needed for theperformance of authorized tasks. Application ofthis principle limits the damage that can resultfrom accident, error, or unauthorized use of an IS.

level of concern Rating assigned to an IS indicating the extent towhich protection measures, techniques, andprocedures must be applied. High, Medium, andBasic are identified levels of concern. A separateLevel-of-Concern is assigned to each IS forconfidentiality, integrity, and availability.

level of protection Extent to which protective measures, techniques,and procedures must be applied to ISs andnetworks based on risk, threat, vulnerability,system interconnectivity considerations, andinformation assurance needs. Levels of protectionare: 1. Basic: IS and networks requiringimplementation of standard minimum securitycountermeasures. 2. Medium: IS and networksrequiring layering of additional safeguards abovethe standard minimum security countermeasures.3. High: IS and networks requiring the moststringent protection and rigorous securitycountermeasures.

limited maintenance COMSEC maintenance restricted to fault isolation,removal, and replacement of plug-in assemblies.Soldering or unsoldering usually is prohibited inlimited maintenance. (See full maintenance.)

line conditioning Elimination of unintentional signals or noiseinduced or conducted on a telecommunications orIS signal, power, control, indicator, or otherexternal interface line.

line conduction Unintentional signals or noise induced orconducted on a telecommunications or IS signal,


38

power, control, indicator, or other externalinterface line.

link encryption Encryption of information between nodes of acommunications system.

list-oriented IS protection in which each protected object has alist of all subjects authorized to access it.

local authority Organization responsible for generating andsigning user certificates.

Local Management Device/ EKMS platform providing automatedKey Processor (LMD/KP) management of COMSEC material and generating

key for designated users.

lock and key protection system Protection system that involves matching a key or(C.F.D.) password with a specific access requirement.

logic bomb Resident computer program triggering anunauthorized act when particular states of an ISare realized.

logical completeness measure Means for assessing the effectiveness and degree towhich a set of security and access controlmechanisms meets security specifications.

long title Descriptive title of a COMSEC item.

low probability of detection Result of measures used to hide or disguiseintentional electromagnetic transmissions.

low probability of intercept Result of measures to prevent the intercept ofintentional electromagnetic transmissions.

M

magnetic remanence Magnetic representation of residual informationremaining on a magnetic medium after themedium has been cleared. (See clearing.)

maintenance hook Special instructions (trapdoors) in softwareallowing easy maintenance and additional featuredevelopment. Since maintenance hooks frequentlyallow entry into the code without the usual checks,


39

they are a serious security risk if they are notremoved prior to live implementation.

maintenance key Key intended only for in-shop use.

malicious applets Small application programs automaticallydownloaded and executed that perform anunauthorized function on an IS.

malicious code Software or firmware intended to perform anunauthorized process that will have adverse impacton the confidentiality, integrity, or availability of anIS. (See trogan horse.)

malicious logic Hardware, software, or firmware capable ofperforming an unauthorized function on an IS.

mandatory access control Means of restricting access to objects(MAC) based on the sensitivity of the information

contained in the objects and the formalauthorization (i.e., clearance, formal accessapprovals, and need-to-know) of subjects to accessinformation of such sensitivity. (See discretionaryaccess control.)

mandatory modification Change to a COMSEC end-item that NSA requiresto be completed and reported by a specified date.(See optional modification.)

manipulative communications Alteration or simulation of friendlydeception telecommunications for the purpose of deception.

(See communications deception and imitativecommunications deception.)

manual cryptosystem Cryptosystem in which the cryptographic processesare performed without the use of crypto-equipmentor auto-manual devices.

manual remote rekeying Procedure by which a distant crypto-equipment isrekeyed electrically, with specific actions requiredby the receiving terminal operator. Synonymouswith cooperative remote rekeying. (Also seeautomatic remote keying.)

masquerading See spoofing.


40

master crypto-ignition key Key device with electronic logic and circuitsproviding the capability for adding moreoperational CIKs to a keyset.

memory scavenging The collection of residual information from datastorage.

message authentication code Data associated with an authenticated messageallowing a receiver to verify the integrity of themessage.

message externals Information outside of the message text, such asthe header, trailer, etc.

message indicator Sequence of bits transmitted over acommunications system for synchronizing crypto-equipment. Some off-line cryptosystems, such asthe KL-51 and one-time pad systems, employmessage indicators to establish decryption startingpoints.

mimicking See spoofing.

mobile code Software modules obtained from remote systems,transferred across a network, and thendownloaded and executed on local systems withoutexplicit installation or execution by the recipient.

mode of operation Description of the conditions under which an ISoperates based on the sensitivity of informationprocessed and the clearance levels, formal accessapprovals, and need-to-know of its users. Fourmodes of operation are authorized for processing ortransmitting information: dedicated mode, system-high mode, compartmented/partitioned mode, andmultilevel mode.

multilevel device Equipment trusted to properly maintain andseparate data of different security categories.

multilevel mode INFOSEC mode of operation wherein all thefollowing statements are satisfied concerning theusers who have direct or indirect access to thesystem, its peripherals, remote terminals, orremote hosts: a. some users do not have a validsecurity clearance for all the information processedin the IS; b. all users have the proper security


41

clearance and appropriate formal access approvalfor that information to which they have access; andc. all users have a valid need-to-know only forinformation to which they have access.

multilevel security (MLS) Concept of processing information with differentclassifications and categories that simultaneouslypermits access by users with different securityclearances and denies access to users who lackauthorization. (See cross domain solution.)

multi-security level (MSL) Capability to process information of differentsecurity classifications or categories by usingperiods processing or peripheral sharing.

mutual suspicion Condition in which two ISs need to rely upon eachother to perform a service, yet neither trusts theother to properly protect shared data.

N

National Information Assurance Joint initiative between NSA and NIST responsiblePartnership (NIAP) for security testing needs of both IT consumers and

producers and promoting the development oftechnically sound security requirements for ITproducts and systems and appropriate measuresfor evaluating those products and systems.

National Information Nationwide interconnection of communicationsInfrastructure (NII) networks, computers, databases, and consumer

electronics that make vast amounts of informationavailable to users. It includes both public andprivate networks, the internet, the public switchednetwork, and cable, wireless, and satellitecommunications.

national security information Information that has been determined, pursuant to(NSI) Executive Order 12958 (as amended) (Ref b.) or

any predecessor order, to require protectionagainst unauthorized disclosure.


42

national security system Any information system (including anytelecommunications system) used or operated byan agency or by a contractor of any agency, orother organization on behalf of an agency, thefunction, operation, or use of which: I. involvesintelligence activities; II. involves cryptologicactivities related to national security; III. involvescommand and control of military forces; IV.involves equipment that is an integral part of aweapon or weapon system; or V. subject tosubparagraph (B), is critical to the directfulfillment of military or intelligence missions; or isprotected at all times by procedures established forinformation that have been specifically authorizedunder criteria established by an Executive Order oran Act of Congress to be kept classified in theinterest of national defense or foreign policy.

(B). Does not include a system that is to be usedfor routine administrative and businessapplications (including payroll, finance, logistics,and personnel management applications).(Title 44 U.S. Code Section 3542, FederalInformation Security Management Act of 2002.)

need-to-know Necessity for access to, or knowledge or possessionof, specific official information required to carry outofficial duties.

need to know determination Decision made by an authorized holder of officialinformation that a prospective recipient requiresaccess to specific official information to carry outofficial duties.

network IS implemented with a collection of interconnectednodes.

network front-end Device implementing protocols that allowattachment of a computer system to a network.

network reference monitor See reference monitor.

network security See information systems security.

network security officer See information systems security officer.


43

network sponsor Individual or organization responsible for statingthe security policy enforced by the network,designing the network security architecture toproperly enforce that policy, and ensuring thenetwork is implemented in such a way that thepolicy is enforced.

network system System implemented with a collection ofinterconnected components. A network system isbased on a coherent security architecture anddesign.

network weaving Penetration technique in which differentcommunication networks are linked to access anIS to avoid detection and trace-back.

no-lone zone Area, room, or space that, when staffed, must beoccupied by two or more appropriately clearedindividuals who remain within sight of each other.(See two-person integrity.)

nonrepudiation Assurance the sender of data is provided with proofof delivery and the recipient is provided with proofof the sender's identity, so neither can later denyhaving processed the data.

null Dummy letter, letter symbol, or code groupinserted into an encrypted message to delay orprevent its decryption or to complete encryptedgroups for transmission or transmission securitypurposes.

O

object Passive entity containing or receiving information.Access to an object implies access to theinformation it contains.

object reuse Reassignment and re-use of a storage mediumcontaining one or more objects after ensuring noresidual data remains on the storage medium.

official information All information in the custody and control of a U.S.Government department or agency that was


44

acquired by U.S. Government employees as a partof their official duties or because of their officialstatus and has not been cleared for public release.

off-line cryptosystem Cryptosystem in which encryption and decryptionare performed independently of the transmissionand reception functions.

one-part code Code in which plain text elements and theiraccompanying code groups are arranged inalphabetical, numerical, or other systematic order,so one listing serves for both encoding anddecoding. One-part codes are normally smallcodes used to pass small volumes of low-sensitivityinformation.

one-time cryptosystem Cryptosystem employing key used only once.

one-time pad Manual one-time cryptosystem produced in padform.

one-time tape Punched paper tape used to provide key streamson a one-time basis in certain machinecryptosystems.

on-line cryptosystem Cryptosystem in which encryption and decryptionare performed in association with the transmittingand receiving functions.

open storage Storage of classified information within anaccredited facility, but not in General ServicesAdministration approved secure containers, whilethe facility is unoccupied by authorized personnel.

operational key Key intended for use over-the-air for protection ofoperational information or for the production orsecure electrical transmission of key streams.

operational vulnerability Information that describes the presence of ainformation vulnerability within a specific operational setting or

network.

operational waiver Authority for continued use of unmodifiedCOMSEC end-items pending the completion of amandatory modification.


45

operations code Code composed largely of words and phrasessuitable for general communications use.

operations security (OPSEC) Systematic and proven process by which potentialadversaries can be denied information aboutcapabilities and intentions by identifying,controlling, and protecting generally unclassifiedevidence of the planning and execution of sensitiveactivities. The process involves five steps:identification of critical information, analysis ofthreats, analysis of vulnerabilities, assessment ofrisks, and application of appropriatecountermeasures.

optional modification NSA-approved modification not required foruniversal implementation by all holders of aCOMSEC end-item. This class of modificationrequires all of the engineering/doctrinal control ofmandatory modification but is usually not relatedto security, safety, TEMPEST, or reliability. (Seemandatory modification.)

organizational maintenance Limited maintenance performed by a userorganization.

organizational registration Entity within the PKI that authenticates theauthority (ORA) identity and the organizational affiliation of the

users.

over-the-air key distribution Providing electronic key via over-the-air rekeying,over-the-air key transfer, or cooperative keygeneration.

over-the-air key transfer Electronically distributing key without changingtraffic encryption key used on the securedcommunications path over which the transfer isaccomplished.

over-the-air rekeying (OTAR) Changing traffic encryption key or transmissionsecurity key in remote crypto-equipment bysending new key directly to the remote crypto-equipment over the communications path itsecures.

overt channel Communications path within a computer systemor network designed for the authorized transfer ofdata. (See covert channel.)


46

overwrite procedure Process of writing patterns of data on top of thedata stored on a magnetic medium.

P

parity Bit(s) used to determine whether a block of datahas been altered.

partitioned security mode IS security mode of operation wherein all personnelhave the clearance, but not necessarily formalaccess approval and need-to-know, for allinformation handled by an IS.

password Protected/private string of letters, numbers, andspecial characters used to authenticate an identityor to authorize access to data.

penetration See intrusion.

penetration testing Security testing in which evaluators attempt tocircumvent the security features of a system basedon their understanding of the system design andimplementation.

per-call key Unique traffic encryption key generatedautomatically by certain securetelecommunications systems to secure single voiceor data transmissions. (See cooperative keygeneration.)

periods processing Processing of various levels of classified andunclassified information at distinctly differenttimes. Under the concept of periods processing,the system must be purged of all information fromone processing period before transitioning to thenext.

perimeter Encompasses all those components of the systemthat are to be accredited by the DAA, and excludesseparately accredited systems to which the systemis connected.


47

permuter Device used in crypto-equipment to change theorder in which the contents of a shift register areused in various nonlinear combining circuits.

plain text Unencrypted information.

policy approving authority (PAA) First level of the PKI Certification ManagementAuthority that approves the security policy of eachPCA.

policy certification authority (PCA) Second level of the PKI Certification ManagementAuthority that formulates the security policy underwhich it and its subordinate CAs will issue publickey certificates.

positive control material Generic term referring to a sealed authenticatorsystem, permissive action link, coded switchsystem, positive enable system, or nuclearcommand and control documents, material, ordevices.

preproduction model Version of INFOSEC equipment employingstandard parts and suitable for completeevaluation of form, design, and performance.Preproduction models are often referred to as betamodels.

principal accrediting authority Senior official with authority and responsibility for(PAA) all intelligence systems within an agency.

print suppression Eliminating the display of characters in order topreserve their secrecy.

privacy system Commercial encryption system that affordstelecommunications limited protection to deter acasual listener, but cannot withstand a technicallycompetent cryptanalytic attack.

privileged user Individual who has access to system control,monitoring, or administration functions (e.g.,system administrator, system ISSO, maintainers,system programmers, etc.)

probe Type of incident involving an attempt to gatherinformation about an IS for the apparent purposeof circumventing its security controls.


48

production model INFOSEC equipment in its final mechanical andelectrical form.

proprietary information Material and information relating to or associatedwith a company's products, business, or activities,including but not limited to financial information;data or statements; trade secrets; product researchand development; existing and future productdesigns and performance specifications; marketingplans or techniques; schematics; client lists;computer programs; processes; and know-how thathas been clearly identified and properly marked bythe company as proprietary information, tradesecrets, or company confidential information. Theinformation must have been developed by thecompany and not be available to the Governmentor to the public without restriction from anothersource.

protected distribution systems Wire line or fiber optic distribution system used to(PDS) transmit unencrypted classified national security

information through an area of lesser classificationor control.

protection philosophy Informal description of the overall design of an ISdelineating each of the protection mechanismsemployed. Combination of formal and informaltechniques, appropriate to the evaluation class,used to show the mechanisms are adequate toenforce the security policy.

protection profile Common Criteria specification that represents animplementation-independent set of securityrequirements for a category of Target ofEvaluations (TOE) that meets specific consumerneeds.

protection ring One of a hierarchy of privileged modes of an IS that(C.F.D.) gives certain access rights to user programs and

processes that are authorized to operate in a givenmode.

protective packaging Packaging techniques for COMSEC material thatdiscourage penetration, reveal a penetration hasoccurred or was attempted, or inhibit viewing orcopying of keying material prior to the time it isexposed for use.


49

protective technologies Special tamper-evident features and materialsemployed for the purpose of detecting tamperingand deterring attempts to compromise, modify,penetrate, extract, or substitute informationprocessing equipment and keying material.

protocol Set of rules and formats, semantic and syntactic,permiting ISs to exchange information.

proxy Software agent that performs a function oroperation on behalf of another application orsystem while hiding the details involved.

public domain software Software not protected by copyright laws of anynation that may be freely used without permissionof, or payment to, the creator, and that carries nowarranties from, or liabilities to the creator.

public key certificate Contains the name of a user, the public keycomponent of the user, and the name of the issuerwho vouches that the public key component isbound to the named user.

public key cryptography (PKC) Encryption system using a linked pair of keys.What one key encrypts, the other key decrypts.

public key infrastructure (PKI) Framework established to issue, maintain, andrevoke public key certificates accommodating avariety of security technologies, including the useof software.

purging Rendering stored information unrecoverable. (Seesanitize.)


50

Q

QUADRANT Short name referring to technology that providestamper-resistant protection to crypto-equipment.

R

randomizer Analog or digital source of unpredictable,unbiased, and usually independent bits.Randomizers can be used for several differentfunctions, including key generation or to provide astarting state for a key generator.

read Fundamental operation in an IS that results onlyin the flow of information from an object to asubject.

read access Permission to read information in an IS.

real time reaction Immediate response to a penetration attempt thatis detected and diagnosed in time to preventaccess.

recovery procedures Actions necessary to restore data files of an IS andcomputational capability after a system failure.

RED Designation applied to an IS, and associated areas,circuits, components, and equipment in whichunencrypted national security information is beingprocessed.

RED/BLACK concept Separation of electrical and electronic circuits,components, equipment, and systems that handlenational security information (RED), in electricalform, from those that handle non-national securityinformation (BLACK) in the same form.

Red team Interdisciplinary group of individuals authorized toconduct an independent and focused threat-basedeffort as a simulated adversary to expose andexploit system vulnerabilities for the purpose ofimproving the security posture of informationsystems.


51

RED signal Any electronic emission (e.g., plain text, key, keystream, subkey stream, initial fill, or control signal)that would divulge national security information ifrecovered.

reference monitor Concept of an abstract machine that enforcesTarget of Evaluation (TOE) access control policies.

release prefix Prefix appended to the short title of U.S.-producedkeying material to indicate its foreign releasability."A" designates material that is releasable to specificallied nations and "U.S." designates materialintended exclusively for U. S. use.

remanence Residual information remaining on storage mediaafter clearing. (See magnetic remanence andclearing.)

remote access Access for authorized users external to an enclaveestablished through a controlled access point atthe enclave boundary.

remote rekeying Procedure by which a distant crypto-equipment isrekeyed electrically. (See automatic remoterekeying and manual remote rekeying.)

repair action NSA-approved change to a COMSEC end-item thatdoes not affect the original characteristics of theend-item and is provided for optional applicationby holders. Repair actions are limited to minorelectrical and/or mechanical improvements toenhance operation, maintenance, or reliability.They do not require an identification label,marking, or control but must be fully documentedby changes to the maintenance manual.

reserve keying material Key held to satisfy unplanned needs. (Seecontingency key.)

residual risk Portion of risk remaining after security measureshave been applied.

residue Data left in storage after information processingoperations are complete, but before degaussing oroverwriting has taken place.


52

resource encapsulation Method by which the reference monitor mediatesaccesses to an IS resource. Resource is protectedand not directly accessible by a subject. Satisfiesrequirement for accurate auditing of resourceusage.

risk Possibility that a particular threat will adverselyimpact an IS by exploiting a particularvulnerability.

risk analysis Examination of information to identify the risk toan IS.

risk assessment Process of analyzing threats to and vulnerabilitiesof an IS, and the potential impact resulting fromthe loss of information or capabilities of a system.This analysis is used as a basis for identifyingappropriate and cost-effective securitycountermeasures.

risk index Difference between the minimum clearance or(C.F.D.) authorization of IS users and the maximum

sensitivity (e.g.; classification and categories) ofdata processed by the system.

risk management Process of managing risks to agency operations(including mission, functions, image, orreputation), agency assets, or individuals resultingfrom the operation of an information system. Itincludes risk assessment; cost-benefit analysis; theselection, implementation, and assessment ofsecurity controls; and the formal authorization tooperate the system. The process considerseffectiveness, efficiency, and constraints due tolaws, directives, policies, or regualations. (NISTSpecial Pub 800-53)


53

S

safeguard 1.) Protection included to counteract a known orexpected condition. 2.) Incorporatedcountermeasure or set of countermeasures withina base release.

safeguarding statement Statement affixed to a computer output or printoutthat states the highest classification beingprocessed at the time the product was producedand requires control of the product, at that level,until determination of the true classification by anauthorized individual. Synonymous with banner.

sanitize Process to remove information from media suchthat data recovery is not possible. It includesremoving all classified labels, markings, andactivity logs. (See purging.)

scavenging Searching through object residue to acquire data.

secure communications Telecommunications deriving security through useof type 1 products and/or PDSs.

secure hash standard Specification for a secure hash algorithm that cangenerate a condensed message representationcalled a message digest.

secure state Condition in which no subject can access anyobject in an unauthorized manner.

secure subsystem Subsystem containing its own implementation ofthe reference monitor concept for those resourcesit controls. Secure subsystem must depend onother controls and the base operating system forthe control of subjects and the more primitivesystem objects.

security controls Management, operational, and technical controls(i.e., safeguards or countermeasures) prescribedfor an information system to protect theconfidentiality, integrity, and availability of thesystem and its information. (NIST Special Pub800-53)


54

security fault analysis Assessment, usually performed on IS hardware, to(SFA) determine the security properties of a device when

hardware fault is encountered.

security features users guide Guide or manual explaining how the security(SFUG) (C.F.D.) mechanisms in a specific system work.

security filter IS trusted subsystem that enforces security policyon the data passing through it.

security in depth Synonymous with defense in depth.

security inspection Examination of an IS to determine compliance withsecurity policy, procedures, and practices.

security kernel Hardware, firmware, and software elements of atrusted computing base implementing thereference monitor concept. Security kernel mustmediate all accesses, be protected frommodification, and be verifiable as correct.

security label Information representing the sensitivity of asubject or object, such as UNCLASSIFIED or itshierarchical classification (CONFIDENTIAL,SECRET, TOP SECRET) together with anyapplicable nonhierarchical security categories(e.g., sensitive compartmented information, criticalnuclear weapon design information).

security net control station Management system overseeing and controllingimplementation of network security policy.

security perimeter Boundary where security controls are in effect toprotect assets.

security range Highest and lowest security levels that arepermitted in or on an IS, system component,subsystem, or network.

security requirements Types and levels of protection necessary forequipment, data, information, applications, andfacilities to meet IS security policy.

security requirements baseline Description of the minimum requirementsnecessary for an IS to maintain an acceptable levelof security.


55

security safeguards Protective measures and controls prescribed tomeet the security requirements specified for an IS.Safeguards may include security features,management constraints, personnel security, andsecurity of physical structures, areas, and devices.(See accreditation.)

security specification Detailed description of the safeguards required toprotect an IS.

security target Common Criteria specification that represents aset of security requirements to be used as the basisof an evaluation of an identified Target ofEvaluation (TOE).

security test and evaluation Examination and analysis of the safeguards(ST&E) required to protect an IS, as they have been

applied in an operational environment, todetermine the security posture of that system.

security testing Process to determine that an IS protects data andmaintains functionality as intended.

seed key Initial key used to start an updating or keygeneration process.

sensitive compartmented Classified information concerning or derived frominformation (SCI) intelligence sources, methods, or analytical

processes, which is required to be handled withinformal access control systems established by theDirector of Central Intelligence.

sensitive compartmented Accredited area, room, or group of rooms,information facility (SCIF) buildings, or installation where SCI may be stored,

used, discussed, and/or processed.

sensitive information Information, the loss, misuse, or unauthorizedaccess to or modification of, that could adverselyaffect the national interest or the conduct of federalprograms, or the privacy to which individuals areentitled under 5 U.S.C. Section 552a (the PrivacyAct), but that has not been specifically authorizedunder criteria established by an Executive Order oran Act of Congress to be kept classified in theinterest of national defense or foreign policy.(Systems that are not national security systems,but contain sensitive information, are to be


56

protected in accordance with the requirements ofthe Computer Security Act of 1987 (P.L.100-235).)

sensitivity label Information representing elements of the securitylabel(s) of a subject and an object. Sensitivitylabels are used by the trusted computing base(TCB) as the basis for mandatory access controldecisions.

shielded enclosure Room or container designed to attenuateelectromagnetic radiation, acoustic signals, oremanations.

short title Identifying combination of letters and numbersassigned to certain COMSEC materials to facilitatehandling, accounting, and controlling.

simple security property Bell-La Padula security model rule allowing a(C.F.D.) subject read access to an object, only if the

security level of the subject dominates the securitylevel of the object.

single point keying Means of distributing key to multiple, local crypto-equipment or devices from a single fill point.

sniffer Software tool for auditing and identifying networktraffic packets.

software assurance Level of confidence that software is free fromvulnerabilities, either intentionally designed intothe software or accidentally inserted at anytimeduring its lifecycle, and that the software functionsin the intended manner.

software system test and Process that plans, develops, and documents theevaluation process quantitative demonstration of the fulfillment of all

baseline functional performance, operational, andinterface requirements.

special access program (SAP) Sensitive program, approved in writing by a headof agency with original top secret classificationauthority, that imposes need-to-know and accesscontrols beyond those normally provided for accessto Confidential, Secret, or Top Secret information.The level of controls is based on the criticality ofthe program and the assessed hostile intelligence


57

threat. The program may be an acquisitionprogram, an intelligence program, or an operationsand support program. (Joint Pub 1-02, 12 Apr2001)

special access program Facility formally accredited by an appropriatefacility (SAPF) agency in accordance with DCID 6/9 in which SAP

information may be procesed.

spillage See classified information spillage.

split knowledge Separation of data or information into two or moreparts, each part constantly kept under control ofseparate authorized individuals or teams so thatno one individual or team will know the wholedata.

spoofing Unauthorized use of legitimate Identification andAuthentication (I&A) data, however it was obtained,to mimic a subject different from the attacker.Impersonating, masquerading, piggybacking, andmimicking are forms of spoofing.

spread spectrum Telecommunications techniques in which a signalis transmitted in a bandwidth considerably greaterthan the frequency content of the originalinformation. Frequency hopping, direct sequencespreading, time scrambling, and combinations ofthese techniques are forms of spread spectrum.

start-up KEK Key-encryption-key held in common by a group ofpotential communicating entities and used toestablish ad hoc tactical networks.

storage object Object supporting both read and write accesses toan IS.

strong authentication Layered authentication approach relying on two ormore authenticators to establish the identity of anoriginator or receiver of information.

subassembly Major subdivision of an assembly consisting of apackage of parts, elements, and circuits thatperform a specific function.


58

subject Generally an individual, process, or device causinginformation to flow among objects or change to thesystem state.

subject security level Sensitivity label(s) of the objects to which thesubject has both read and write access. Securitylevel of a subject must always be dominated by theclearance level of the user associated with thesubject.

superencryption Process of encrypting encrypted information.Occurs when a message, encrypted off-line, istransmitted over a secured, on-line circuit, or wheninformation encrypted by the originator ismultiplexed onto a communications trunk, whichis then bulk encrypted.

supersession Scheduled or unscheduled replacement of aCOMSEC aid with a different edition.

supervisor state Synonymous with executive state of an operating(C.F.D.) system.

suppression measure Action, procedure, modification, or device thatreduces the level of, or inhibits the generation of,compromising emanations in an IS.

surrogate access See discretionary access control.

syllabary List of individual letters, combination of letters, or(C.F.D.) syllables, with their equivalent code groups, used

for spelling out words or proper names not presentin the vocabulary of a code. A syllabary may alsobe a spelling table.

symmetric key Encryption methodology in which the encryptorand decryptor use the same key, which must bekept secret.

synchronous crypto-operation Method of on-line crypto-operation in whichcrypto-equipment and associated terminals havetiming systems to keep them in step.

system administrator (SA) Individual responsible for the installation andmaintenance of an IS, providing effective ISutilization, adequate security parameters, and


59

sound implementation of established IA policy andprocedures.

system assets Any software, hardware, data, administrative,physical, communications, or personnel resourcewithin an IS.

system development Methodologies developed through softwaremethodologies engineering to manage the complexity of system

development. Development methodologies includesoftware engineering aids and high-level designanalysis tools.

system high Highest security level supported by an IS.(C.F.D.)

system high mode IS security mode of operation wherein each user,with direct or indirect access to the IS, itsperipherals, remote terminals, or remote hosts, hasall of the following: a. valid security clearance forall information within an IS; b. formal accessapproval and signed nondisclosure agreements forall the information stored and/or processed(including all compartments, subcompartmentsand/or special access programs); and c. validneed-to- know for some of the informationcontained within the IS.

system indicator Symbol or group of symbols in an off-lineencrypted message identifying the specificcryptosystem or key used in the encryption.

system integrity Attribute of an IS when it performs its intendedfunction in an unimpaired manner, free fromdeliberate or inadvertent unauthorizedmanipulation of the system.

system low Lowest security level supported by an IS.(C.F.D.)

system profile Detailed security description of the physicalstructure, equipment component, location,relationships, and general operating environmentof an IS.

system security See information systems security.


60

system security engineering See information systems security engineering.

system security officer See information system security officer.

system security plan Document fully describing the plannedsecurity tasks and controls required to meetsystem security requirements.

T

tampering Unauthorized modification altering the properfunctioning of INFOSEC equipment.

target of evaluation IT product or system and its associated(TOE) administrator and user guidance documentation

that is the subject of an evaluation.

technical controls Security controls (i.e., safeguards orcountermeasures) for an information system thatare primarily implemented and executed by theinformation system through mechanismscontained in the hardware, software, or firmwarecomponents of the system. (NIST Special Pub 800-53.)

technical vulnerability information Detailed description of a vulnerability to includethe implementable steps (such as code) necessaryto exploit that vulnerability.

telecommunications Preparation, transmission, communication, orrelated processing of information (writing, images,sounds, or other data) by electrical,electromagnetic, electromechanical, electro-optical,or electronic means.

TEMPEST Short name referring to investigation, study, andcontrol of compromising emanations from ISequipment.

TEMPEST test Laboratory or on-site test to determine the natureof compromising emanations associated with an IS.


61

TEMPEST zone Designated area within a facility where equipmentwith appropriate TEMPEST characteristics(TEMPEST zone assignment) may be operated.

test key Key intended for testing of COMSEC equipment orsystems.

threat Any circumstance or event with the potential toadversely impact an IS through unauthorizedaccess, destruction, disclosure, modification ofdata, and/or denial of service.

threat analysis Examination of information to identify theelements comprising a threat.

threat assessment Formal description and evaluation of threat to anIS.

threat monitoring Analysis, assessment, and review of audit trailsand other information collected for the purpose ofsearching out system events that may constituteviolations of system security.

ticket-oriented IS protection system in which each subject(C.F.D.) maintains a list of unforgeable bit patterns called

tickets, one for each object a subject is authorizedto access. (See list-oriented.)

time bomb Resident computer program that triggers anunauthorized act at a predefined time.

time-compliance date Date by which a mandatory modification to aCOMSEC end-item must be incorporated if theitem is to remain approved for operational use.

time-dependent password Password that is valid only at a certain time of dayor during a specified interval of time.

TOE Security Functions (TSF) Set consisting of all hardware, software, andfirmware of the TOE that must be relied upon forthe correct enforcement of the TSP.

TOE Security Policy (TSP) Set of rules that regulate how assets are managed,protected, and distributed within the TOE.

traditional INFOSEC program Program in which NSA acts as the centralprocurement agency for the development and, in


62

some cases, the production of INFOSEC items.This includes the Authorized Vendor Program.Modifications to the INFOSEC end-items used inproducts developed and/or produced under theseprograms must be approved by NSA.

traffic analysis (TA) Study of communications patterns.

traffic encryption key (TEK) Key used to encrypt plain text or to superencryptpreviously encrypted text and/or to decrypt ciphertext.

traffic-flow security (TFS) Measure used to conceal the presence of validmessages in an on-line cryptosystem or securecommunications system.

traffic padding Generation of spurious communications or dataunits to disguise the amount of real data unitsbeing sent.

tranquility Property whereby the security level of an objectcannot change while the object is being processedby an IS.

transmission security Component of COMSEC resulting from the(TRANSEC) application of measures designed to protect

transmissions from interception and exploitationby means other than cryptanalysis.

trap door Synonymous with back door.

triple DES Product cipher that, like DES, operates on 64-bitdata blocks. There are several forms, each of whichuses the DES cipher 3 times. Some forms use two56-bit keys, some use three. (See NIST FIPS 46-3and CNSSAM IA/02-04)

trojan horse Program containing hidden code allowing theunauthorized collection, falsification, ordestruction of information. (See malicious code.)

trusted channel Means by which a TOE Security Function (TSF)and a remote trusted IT product can communicatewith necessary confidence to support the TOESecurity Policy (TSP).


63

trusted computer system IS employing sufficient hardware and softwareassurance measures to allow simultaneousprocessing of a range of classified or sensitiveinformation.

trusted computing base (TCB) Totality of protection mechanisms within acomputer system, including hardware, firmware,and software, the combination responsible forenforcing a security policy.

trusted distribution Method for distributing trusted computing base(TCB) hardware, software, and firmwarecomponents that protects the TCB frommodification during distribution.

trusted foundry Facility where both classified and unclassifiedparts can be produced with an extra level ofassurance that the parts have not been tampered.

trusted identification Identification method used in IS networks wherebyforwarding the sending host can verify an authorized user on

its system is attempting a connection to anotherhost. The sending host transmits the requireduser authentication information to the receivinghost.

trusted path Means by which a user and a TOE SecurityFunction (TSF) can communicate with necessaryconfidence to support the TOE Security Policy(TSP).

trusted process Process that has privileges to circumvent thesystem security policy and has been tested andverified to operate only as intended.

trusted recovery Ability to ensure recovery without compromiseafter a system failure.

trusted software Software portion of a trusted computing base(TCB).

TSEC nomenclature System for identifying the type and purpose ofcertain items of COMSEC material.

tunneling Technology enabling one network to send its datavia another network’s connections. Tunneling


64

works by encapsulating a network protocol withinpackets carried by the second network.

two-part code Code consisting of an encoding section, in whichthe vocabulary items (with their associated codegroups) are arranged in alphabetical or othersystematic order, and a decoding section, in whichthe code groups (with their associated meanings)are arranged in a separate alphabetical or numericorder.

two-person control Continuous surveillance and control of positivecontrol material at all times by a minimum of twoauthorized individuals, each capable of detectingincorrect and unauthorized procedures withrespect to the task being performed, and eachfamiliar with established security and safetyrequirements.

two-person integrity (TPI) System of storage and handling designed toprohibit individual access to certain COMSECkeying material by requiring the presence of atleast two authorized individuals, each capable ofdetecting incorrect or unauthorized securityprocedures with respect to the task beingperformed. (See no-lone zone.)

type certification The certification acceptance of replica informationsystems based on the comprehensive evaluation ofthe technical and non-technical security featuresof an IS and other safeguards, made as part of andin support of the accreditation process, to establishthe extent to which a particular design andimplementation meet a specified set of securityrequirements.

Type 1 key Generated and distributed under the auspices ofNSA for use in a cryptographic device for theprotection of classified and sensitive nationalsecurity information.

Type 1 product Cryptographic equipment, assembly or componentclassified or certified by NSA for encrypting anddecrypting classified and sensitive nationalsecurity information when appropriately keyed.Developed using established NSA business


65

processes and containing NSA approvedalgorithms. Used to protect systems requiring themost stringent protection mechanisms.

Type 2 key Generated and distributed under the auspices ofNSA for use in a cryptographic device for theprotection of unclassified national securityinformation.

Type 2 product Cryptographic equipment, assembly, or componentcertified by NSA for encrypting or decryptingsensitive national security information whenappropriately keyed. Developed using establishedNSA business processes and containing NSAapproved algorithms. Used to protect systemsrequiring protection mechanisms exceeding bestcommercial practices including systems used forthe protection of unclassified national securityinformation.

Type 3 key Used in a cryptographic device for the protection ofunclassified sensitive information, even if used in aType 1 or Type 2 product.

Type 3 product Unclassified cryptographic equipment, assembly,or component used, when appropriately keyed, forencrypting or decrypting unclassified sensitive U.S.Government or commercial information, and toprotect systems requiring protection mechanismsconsistent with standard commercial practices.Developed using established commercial standardsand containing NIST approved cryptographicalgorithms/modules or successfully evaluated bythe National Information Assurance Partnership(NIAP).

Type 4 key Used by a cryptographic device in support of itsType 4 functionality; i.e., any provision of key thatlacks U.S. Government endorsement or oversight.

Type 4 product Unevaluated commercial cryptographic equipment,assemblies, or components that neither NSA norNIST certify for any Government usage. Theseproducts are typically delivered as part ofcommercial offerings and are commensurate withthe vendor’s commercial practices. These products


66

may contain either vendor proprietary algorithms,algorithms registered by NIST, or algorithmsregistered by NIST and published in a FIPS.

U

unauthorized disclosure Type of event involving exposure of information toindividuals not authorized to receive it.

unclassified Information that has not been determinedpursuant to E.O. 12958 or any predecessor orderto require protection against unauthorizeddisclosure and that is not designated as classified.

untrusted process Process that has not been evaluated or examinedfor adherence to the security policy. It may includeincorrect or malicious code that attempts tocircumvent the security mechanisms.

updating Automatic or manual cryptographic process thatirreversibly modifies the state of a COMSEC key,equipment, device, or system.

user Individual or process authorized to access an IS.

(PKI) Individual defined, registered, and bound toa public key structure by a certification authority(CA).

user ID Unique symbol or character string used by an IS toidentify a specific user.

User Partnership Program Partnership between the NSA and a U.S.(UPP) Government agency to facilitate development of

secure IS equipment incorporating NSA-approvedcryptography. The result of this program is theauthorization of the product or system tosafeguard national security information in theuser’s specific application.

user representative Individual authorized by an organization to orderCOMSEC keying material and interface with thekeying system, provide information to key users,and ensure the correct type of key is ordered.


67

U.S.-controlled facility Base or building to which access is physicallycontrolled by U.S. individuals who are authorizedU.S. Government or U.S. Government contractoremployees.

U.S.-controlled space Room or floor within a facility that is not a U.S.-controlled facility, access to which is physicallycontrolled by U.S. individuals who are authorizedU.S. Government or U.S. Government contractoremployees. Keys or combinations to lockscontrolling entrance to U.S.-controlled spaces mustbe under the exclusive control of U.S. individualswho are U.S. Government or U.S. Governmentcontractor employees.

U.S. person U.S. citizen or a permanent resident alien, anunincorporated association substantially composedof U.S. citizens or permanent resident aliens, or acorporation incorporated in U.S., except for acorporation directed and controlled by a foreigngovernment or governments.

V

validated products list List of validated products that have beensuccessfully evaluated under the NationalInformation Assurance Partnership (NIAP)Common Criteria Evaluation and ValidationScheme (CCEVS).

validation Process of applying specialized security test andevaluation procedures, tools, and equipmentneeded to establish acceptance for joint usage ofan IS by one or more departments or agencies andtheir contractors.

variant One of two or more code symbols having the sameplain text equivalent.

verification Process of comparing two levels of an ISspecification for proper correspondence (e.g.,security policy model with top-level specification,top-level specification with source code, or sourcecode with object code).


68

virtual private network (VPN) Protected IS link utilizing tunneling, securitycontrols (see information assurance), and end-point address translation giving the impression of adedicated line.

virus Self-replicating, malicious code that attaches itselfto an application program or other executablesystem component and leaves no obvious signs ofits presence.

vulnerability Weakness in an IS, system security procedures,internal controls, or implementation that could beexploited.

vulnerability analysis Examination of information to identify theelements comprising a vulnerability.

vulnerability assessment Formal description and evaluation ofvulnerabilities of an IS.

W

web risk assessment Process for ensuring websites are in compliancewith applicable policies.

wireless technology Permits the active or passive transfer ofinformation between separated points withoutphysical connection. Active information transfermay entail a transmit and/or receive emanation ofenergy, whereas passive information transferentails a receive-only capability. Currentlywireless technologies use IR, acoustic, RF, andoptical but, as technology evolves, wireless couldinclude other methods of transmission.

work factor Estimate of the effort or time needed by a potentialperpetrator, with specified expertise and resources,to overcome a protective measure.

worm See malicious code.


69

write Fundamental operation in an IS that results onlyin the flow of information from a subject to anobject. (See access type.)

write access Permission to write to an object in an IS.

Z

zero fill To fill unused storage locations in an IS with therepresentation of the character denoting "0."

zeroize To remove or eliminate the key from a crypto-equipment or fill device.

zone of control Synonymous with inspectable space.

70

SECTION II

COMMONLY USED ABBREVIATIONS AND ACRONYMS

ACL Access Control List

AES Advanced Encryption Standard

AIG Address Indicator Group(C.F.D.)

AIN Advanced Intelligence Network

AK Automatic Remote Rekeying

AKD/RCU Automatic Key Distribution/Rekeying Control Unit

ALC Accounting Legend Code

AMS 1. Auto-Manual System2. Autonomous Message Switch

ANDVT Advanced Narrowband Digital Voice Terminal

ANSI American National Standards Institute

APC Adaptive Predictive Coding

APU Auxiliary Power Unit

ASCII American Standard Code for InformationInterchange

ASSIST Program Automated Information System Security IncidentSupport Team Program

ATM Asynchronous Transfer Mode

AUTODIN Automatic Digital Network

AVP Authorized Vendor Program

C2 Command and Control

C3 Command, Control, and Communications

71

C3I Command, Control, Communications andIntelligence

C4 Command, Control, Communications andComputers

CA 1. Controlling Authority2. Cryptanalysis3. COMSEC Account4. Command Authority5. Certification Authority

C&A Certification and Accreditation

CAW Certificate Authority Workstation

CC Common Criteria

CCEP Commercial COMSEC Evaluation Program

CCEVS Common Criteria Evaluation and ValidationScheme

CCI Controlled Cryptographic Item

CCO Circuit Control Officer

CDS Cross Domain Solution

CEOI Communications Electronics Operating Instruction

CEPR Compromising Emanation PerformanceRequirement

CER 1. Cryptographic Equipment Room2. Communication Equipment Room

CERT Computer Security Emergency Response Team

CFD Common Fill Device

CIAC Computer Incident Assessment Capability

CIK Crypto-Ignition Key

CIRT Computer Security Incident Response Team

CKG Cooperative Key Generation

72

CMCS COMSEC Material Control System

CNA Computer Network Attack

CND Computer Network Defense

CNSS Committee on National Security Systems

CNSSAM Committee on National Security Systems AdvisoryMemorandum

CNSSD Committee on National Security Systems Directive

CNSSI Committee on National Security SystemsInstruction

CNSSP Committee on Nationa Security Systems Policy

COMPUSEC Computer Security

COMSEC Communications Security

CONOP Concept of Operations

COOP Continunity of Operations Plan

COR 1. Central Office of Record (COMSEC)2. Contracting Officer Representative

COTS Commercial-off-the-shelf

CPU Central Processing Unit

CRC Cyclic Redundancy Check

CRL Certificate Revocation List

Crypt/Crypto Cryptographic-related

CSE Communications Security Element

CSS 1. COMSEC Subordinate Switch2. Constant Surveillance Service (Courier)3. Continuous Signature Service (Courier)4. Coded Switch System

CSSO Contractor Special Security Officer

73

CSTVRP Computer Security Technical Vulnerability ReportProgram

CTAK Cipher Text Auto-Key

CT&E Certification Test and Evaluation

CTTA Certified TEMPEST Technical Authority

CUP COMSEC Utility Program

DAA 1. Designated Accrediting Authority2. Delegated Accrediting Authority3. Designated Approval Authority

DAC Discretionary Access Control

DAMA Demand Assigned Multiple Access

DCID Director Central Intelligence Directive

DCS 1. Defense Communications System2. Defense Courier Service

DDS Dual Driver Service (courier)

DES Data Encryption Standard

DISN Defense Information System Network

DITSCAP DoD Information Technology Security Certificationand Accreditation Process

DMA Direct Memory Access

DMS Defense Message System

DSA Digital Signature Algorithm

DSN Defense Switched Network

DSVT Digital Subscriber Voice Terminal

DTLS Descriptive Top-Level Specification

DTD Data Transfer Device

DTS Diplomatic Telecommunications Service

74

DUA Directory User Agent

EAM Emergency Action Message

ECCM Electronic Counter-Countermeasures

ECM Electronic Countermeasures

ECPL Endorsed Cryptographic Products List(a section in the Information SystemsSecurity Products and Services Catalogue)

EDAC Error Detection and Correction

EFD Electronic Fill Device

EFTO Encrypt For Transmission Only(C.F.D.)

EKMS Electronic Key Management System

ELINT Electronic Intelligence

E Model Engineering Development Model

EMSEC Emission Security

EPL Evaluated Products List (a section in theINFOSEC Products and Services Catalogue)

ERTZ Equipment Radiation TEMPEST Zone

ETPL Endorsed TEMPEST Products List

FDIU Fill Device Interface Unit

FIPS Federal Information Processing Standard

FOCI Foreign Owned, Controlled or Influenced

FOUO For Official Use Only

FSRS Functional Security Requirements Specification

FSTS Federal Secure Telephone Service

FTS Federal Telecommunications System

FTAM File Transfer Access Management

75

FTLS Formal Top-Level Specification

GCCS Global Command and Control System

GETS Government Emergency TelecommunicationsService

GOTS Government-off-the-Shelf

GPS Global Positioning System

GTS Global Telecommunications Service

GWEN Ground Wave Emergency Network

IA Information Assurance

I&A Identification and Authentication

IATO Interim Approval to Operate

IBAC Identity Based Access Control

IC Intelligence Community

ICU Interface Control Unit

IDS Intrusion Detection System

IEMATS Improved Emergency Message AutomaticTransmission System

IFF Identification, Friend or Foe

IFFN Identification, Friend, Foe, or Neutral

ILS Integrated Logistics Support

INFOSEC Information Systems Security

IO Information Operations

IP Internet Protocol

IPM Interpersonal Messaging

IPSO Internet Protocol Security Option

IS Information System

76

ISDN Integrated Services Digital Network

ISO International Standards Organization

ISSE Information Systems Security Engineering

ISSM Information Systems Security Manager

ISSO Information Systems Security Officer

IT Information Technology

ITAR International Traffic in Arms Regulation

ITSEC Information Technology Security EvaluationCriteria

KAK Key-Auto-Key

KDC Key Distribution Center

KEK Key Encryption Key

KG Key Generator

KMC Key Management Center

KMI Key Management Infrastructure

KMID Key Management Identification Number

KMODC Key Management Ordering and Distribution Center

KMP Key Management Protocol

KMS Key Management System

KP Key Processor

KPK Key Production Key

KSD Key Storage Device

LEAD Low-Cost Encryption/Authentication Device

LMD Local Management Device

LMD/KP Local Management Device/Key Processor

77

LOCK Logical Co-Processing Kernel

LPC Linear Predictive Coding

LPD Low Probability of Detection

LPI Low Probability of Intercept

LRIP Limited Rate Initial Preproduction

LSI Large Scale Integration

MAC 1. Mandatory Access Control2. Message Authentication Code

MAN 1. Mandatory Modification2. Metropolitan Area Network

MER Minimum Essential Requirements

MHS Message Handling System

MI Message Indicator

MIB Management Information Base

MINTERM Miniature Terminal

MISSI Multilevel Information Systems Security Initiative

MLS Multilevel Security

MSE Mobile Subscriber Equipment

NACAM National COMSEC Advisory Memorandum

NACSI National COMSEC Instruction

NACSIM National COMSEC Information Memorandum

NAK Negative Acknowledge

NCCD Nuclear Command and Control Document

NCS 1. National Communications System2. National Cryptologic School3. Net Control Station

NCSC National Computer Security Center

78

NISAC National Industrial Security Advisory Committee

NIST National Institute of Standards and Technology

NLZ No-Lone Zone

NSA National Security Agency

NSD National Security Directive

NSDD National Security Decision Directive

NSEP National Security Emergency Preparedness

NSI National Security Information

NSTAC National Security TelecommunicationsAdvisory Committee

NSTISSAM National Security Telecommunications andInformation Systems SecurityAdvisory/Information Memorandum

NSTISSC National Security Telecommunications andInformation Systems Security Committee

NSTISSD National Security Telecommunications andInformation Systems Security Directive

NSTISSI National Security Telecommunications andInformation Systems Security Instruction

NSTISSP National Security Telecommunications andInformation Systems Security Policy

NTCB Network Trusted Computing Base

NTIA National Telecommunications and InformationAdministration

NTISSAM National Telecommunications and InformationSystems Security Advisory/InformationMemorandum

NTISSD National Telecommunications and InformationSystems Security Directive

79

NTISSI National Telecommunications and InformationSystems Security Instruction

NTISSP National Telecommunications and InformationSystems Security Policy

OADR Originating Agency’s Determination Required

OPCODE Operations Code

OPSEC Operations Security

ORA Organizational Registration Authority

OTAD Over-the-Air Key Distribution

OTAR Over-the-Air Rekeying

OTAT Over-the-Air Key Transfer

OTP One-Time Pad

OTT One-Time Tape

PAA (PKI) Policy Approving Authority(IC) Principal Accreditating Authority

PAL Permissive Action Link

PC Personal Computer

PCA Policy Certification Authority

PCIPB President’s Critical Infrastructure Protection Board

PCMCIA Personal Computer Memory Card InternationalAssociation

PDA Personal Digital Assistant

PDR Preliminary Design Review

PDS 1. Protected Distribution Systems2. Practices Dangerous to Security

PES Positive Enable System

PKC Public Key Cryptography

80

PKI Public Key Infrastructure

PKSD Programmable Key Storage Device

P model Preproduction Model

PNEK Post-Nuclear Event Key

PPL Preferred Products List (a section in the INFOSECProducts and Services Catalogue)

PRBAC (C.F.D.) Partition Rule Base Access Control

PROPIN Proprietary Information

PWDS Protected Wireline Distribution System

RAMP Rating Maintenance Program

SA System Administrator

SABI Secret and Below Interoperability(C.F.D.)

SAO Special Access Office

SAP 1. System Acquisition Plan2. Special Access Program

SARK SAVILLE Advanced Remote Keying

SBU Sensitive But Unclassified

SCI Sensitive Compartmented Information

SCIF Sensitive Compartmented Information Facility

SDNS Secure Data Network System

SDR System Design Review

SFA Security Fault Analysis

SHA Secure Hash Algorithm

SFUG Security Features Users Guide(C.F.D.)

SI Special Intelligence

81

SISS Subcommittee on Information Systems Security

SMU Secure Mobile Unit

SPK Single Point Key(ing)

SRR Security Requirements Review

SSO Staff Security Officer

SSP System Security Plan

ST&E Security Test and Evaluation

STE Secure Terminal Equipment

STS Subcommittee on Telecommunications Security

STU Secure Telephone Unit

TA Traffic Analysis

TACTERM Tactical Terminal

TAG TEMPEST Advisory Group

TCB Trusted Computing Base

TCP/IP Transmission Control Protocol/Internet Protocol

TED Trunk Encryption Device

TEK Traffic Encryption Key

TEP TEMPEST Endorsement Program

TFM Trusted Facility Manual

TFS Traffic Flow Security

TLS Top-Level Specification

TOE Target of Evaluation

TPC Two-Person Control

TPEP Trusted Products Evaluation Program

TPI Two-Person Integrity

82

TRANSEC Transmission Security

TRB Technical Review Board

TRI-TAC Tri-Service Tactical Communications System

TSABI Top Secret and Below Interoperability(C.F.D.)

TSCM Technical Surveillance Countermeasures

TSEC Telecommunications Security

TTAP Trust Technology Assessment Program

UA User Agent

UIS User Interface System

UPP User Partnership Program

VPN Virtual Private Network

83

SECTION III

REFERENCES

(and other useful documents)

a. National Security Directive 42, National Policy for the Security ofNational Security Telecommunications and Information Systems, 5 July 1990.

b. Executive Order 12958, National Security Information, datedApril 1995, as amended.

c. Executive Order 12333, United States Intelligence Activities, dated4 December 1981.

d. Public Law 100-235, Computer Security Act of 1987, dated8 January 1988.

e. Title 10 United States Codes Section 2315.

f. Title 44 United States Code Section 3502(2), Public Law 104-13,Paperwork Reduction Act of 1995, dated 22 May 1995.

g. Information Technology Management Reform Act of 1996 (within PublicLaw 104-106, DoD Authorization Act of 1996).

h. Federal Information Processing Standards Publication 46-2, DataEncryption Standard, dated 30 December 1993.

i. Federal Information Processing Standards Publication 140 SecurityRequirments for Cryptographic Modules, dated 10 October 2001.

j. Title 40 United States Code Section 11103 (formerly1452), NationalSecurity System Defined.

k. Title 5 United States Code Section 552a, The Privacy Act, RecordsMaintained on Individuals.

l. Executive Order (E.O.) 13231, Critical Infrastructure Protection in theInformation Age, 16 October 2001.

m. P.L. 107-347, E-Government Act of 2002, Title III, Federal InformationSecurity Management Act (FISMA) of 2002, dated 17 December 2002. (Title 44 Section3542)

84

n. International Standard of Common Criteria for Information TechnologySecurity Evaluation 15408, dated August 1999

o. DoD Directive 8100.1, “Global Information Grid (GIG) OverarchingPolicy,” September 19, 2002)

Documents

National Information Assurance (IA) - Joint Interoperability Test