Cyber Security Glossary


Cyber Security Glossary of Terms and Concepts

An alphabetical list of cyber security related terms, words, laws, and agency names with explanations. The Ask Cyber Security acronyms page contains an alphabetical lsit of cyber security related acronyms including governmental organizations.

Cyber Security Glossary

ABCDEFGHIJKLMNOPQRSTUWWXZ

Cyber Security Terms That Begin With the Letter B

Acceptable Level of Risk – An authority’s determination of the level of potential harm to an operation, program, or activity that the authority is willing to accept due to the loss of information.

Access – The ability and opportunity to obtain knowledge of classified information. Access requires formal indoctrination and execution of a non-disclosure agreement.

Access Approval – Formal authorization for an individual to have access to classified or sensitive information within a Special Access Program (SAP) or a Controlled Access Program (CAP), including Sensitive Compartmented Information (SCI).

Access Approval Authority (AAA) – Individual responsible for final access approval and/or denial determination.

Access Authority – An entity responsible for monitoring and granting access privileges for other authorized entities.

Access Control – A procedure to identify and/or admit personnel with proper security clearance and required access approval(s) to information or facilities using physical, electronic, and/or human controls.

Access Control List (ACL) – A list of permissions associated with an object. The list specifies who or what is allowed to access the object and what operations are allowed to be performed on the object.

Access Control Mechanism – Security safeguards (i.e., hardware and software features, physical controls, operating procedures, management procedures, and various combinations of these) designed to detect and deny unauthorized access and permit authorized access to an information system.

Access Eligibility Determination – A formal determination that a person meets the personnel security requirements for access to a specified type or types of classif`ied information.

Access Evaluation – The process of reviewing the security qualifications of employees.

Access Level – A category within a given security classification limiting entry or system connectivity to only authorized persons.

Access List – Roster of individuals authorized admittance to a controlled area.

Access National Agency Check with Inquiries (ANACI) – A personnel security investigation for access to classified information conducted by the Office of Personnel Management (OPM), combining a national agency check and written inquiries to law enforcement agencies, former employers and supervisors, references, and schools, and a credit check. ANACIs are only conducted on civilian employees and do not apply to military or contractor personnel.

Access Point – A device that logically connects wireless client devices operating in infrastructure to one another and provides access to a distribution system, if connected, which is typically an organization’s enterprise wired network.

Access Profile – Association of a user with a list of protected objects the user may access.

Access Roster – A database or listing of individuals briefed to a Special Access Program (SAP).

Access Termination – The removal of an individual from access to Special Access Program (SAP) or other program information.

Access Type – Privilege to perform action on an object. Read, write, execute, append, modify, delete, and create are examples of access types.See Write.

Accesses – Indoctrination to classified material that has additional security requirements or caveats. This may be Sensitive Compartmented Information

Accountability – The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports non-repudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action. Principle that an individual is entrusted to safeguard and control equipment, keying material, and information and is answerable to proper authority for the loss or misuse of that equipment or information.

Accreditation – The formal certification by a Cognizant Security Authority (CSA) that a facility, designated area, or information system has met Director of National Intelligence (DNI) security standards for handling, processing, discussing, disseminating or storing Sensitive Compartmented Information (SCI).

Accreditation (of Information Systems (IS)) – The approval to use an Information System (IS) to process classified information in a specified environment at an acceptable level of risk based upon technical, managerial, and procedural safeguards.

Accreditation Package – Product comprised of a System Security Plan (SSP) and a report documenting the basis for the accreditation decision.

Accredited Security Parameter (ASP) – The security classification levels, compartments, and sub-compartments at which an Information

Accrediting Authority – A customer official who has the authority to decide on accepting the security safeguards prescribed or who is responsible for issuing an accreditation statement that records the decision to accept those safeguards.

Acknowledged Special Access Program – A Special Access Program (SAP) that is acknowledged to exist and whose purpose is identified (e.g., the B-2 or F-117 aircraft program) while the details, technologies, materials, techniques, etc., of the program are classified as dictated by their vulnerability to exploitation and the risk of compromise.Program funding is generally unclassified. NOTE: Members of the four Congressional Defense Committees are authorized access to the program.

Acquisition Program – A directed, funded effort that provides a new, improved, or continuing materiel, weapon,

Acquisition Special Access Program – A Special Access Program (SAP) established primarily to protect sensitive research, development, testing, and evaluation or procurement activities in support of sensitive military and intelligence requirements.

Acquisition Systems Protection – The safeguarding of defense systems anywhere in the acquisition process as defined in Department of Defense Directive (DoDD) 5000.1, “The Defense Acquisition System,” the defense technologies being developed that could lead to weapon or defense systems and defense research data. Acquisition Systems Protection integrates all security disciplines, counterintelligence, and other defensive methods to deny foreign collection efforts and prevent unauthorized disclosure to deliver to our forces uncompromised combat effectiveness over the life expectancy of the system.

Activation Data – Private data, other than keys, that are required to access cryptographic modules.

Active Attack – An attack that alters a system or data. An attack on the authentication protocol where the Attacker transmits data to the Claimant, Credential Service Provider, Verifier, or Relying Party. Examples of active attacks include man-in-the-middle, impersonation, and session hijacking.

Active Content – Electronic documents that can carry out or trigger actions automatically on a computer platform without the intervention of a user. Software in various forms that is able to automatically carry out or trigger actions on a computer platform without the intervention of a user.

Active Security Testing – Security testing that involves direct interaction with a target, such as sending packets to a target.

Activities – An assessment object that includes specific protection-related pursuits or actions supporting an information system that involve people (e.g., conducting system backup operations, monitoring network traffic).

Ad Hoc Network – A wireless network that dynamically connects wireless client devices to each other without the use of an infrastructure device, such as an access point or a base station.

Add-on Security – Incorporation of new hardware, software, or firmware safeguards in an operational information system.

Adequate Security – Security commensurate with the risk and the magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of information. Security commensurate with the risk and magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of information. Note:This includes assuring that information systems operate effectively and provide appropriate confidentiality, integrity, and availability, through the use of cost-effective management, personnel, operational, and technical controls.

Administrative Account – A user account with full privileges on a computer.

Administrative Safeguards – Administrative actions, policies, and procedures to manage the selection, development, implementation, and maintenance of security measures to protect electronic health information and to manage the conduct of the covered entity’s workforce in relation to protecting that information.

Advanced Encryption Standard – The Advanced Encryption Standard specifies a U.S. government-approved cryptographic algorithm that can be used to protect electronic data. The AES algorithm is a symmetric block cipher that can encrypt (encipher) and decrypt (decipher) information. This standard specifies the Rijndael algorithm, a symmetric block cipher that can process data blocks of 128 bits, using cipher keys with lengths of 128, 192, and 256 bits.

Advanced Key Processor (AKP) – A cryptographic device that performs all cryptographic functions for a management client node and contains the interfaces to 1) exchange information with a client platform, 2) interact with fill devices, and 3) connect a client platform securely to the primary services node (PRSN).

Advanced Persistent Threats(APT) – An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat: (i) pursues its objectives repeatedly over an extended period of time; (ii) adapts to defenders’ efforts to resist it; and (iii) is determined to maintain the level of interaction needed to execute its objectives.

Anti-spoof – Countermeasures taken to prevent the unauthorized use of legitimate Identification & Authentication (I&A) data, however it was obtained, to mimic a subject different from the attacker.

Antispyware Software – A program that specializes in detecting both malware and non-malware forms of spyware.

Antivirus Software – A program that monitors a computer or network to identify all major types of malware and prevent or contain malware incidents.

Assessment Objective – A set of determination statements that expresses the desired outcome for the assessment of a security control or control enhancement.

Assured Software – Computer application that has been designed, developed, analyzed, and tested using processes, tools, and techniques that establish a level of confidence in it.

Astragal Strip – A narrow strip of material applied over the gap between a pair of doors for protection from unauthorized entry and sound attenuation. See: Sound Attenuation

Asymmetric Keys – Two related keys, a public key and a private key that are used to perform complementary operations, such as encryption and decryption or signature generation and signature verification.

Attack – An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity. Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself.

Attack Sensing and Warning (AS&W) – Detection, correlation, identification, and characterization of intentional unauthorized activity with notification to decision makers so that an appropriate response can be developed.

Attack Signature – A specific sequence of events indicative of an unauthorized access attempt. A characteristic byte pattern used in malicious code or an indicator, or set of indicators, that allows the identification of malicious network activities.

Attribute Authority – An entity, recognized by the Federal Public Key Infrastructure (PKI) Policy Authority or comparable agency body as having the authority to verify the association of attributes to an identity.

Attribute-Based Access Control – Access control based on attributes associated with and about subjects, objects, targets, initiators, resources, or the environment. An access control rule set defines the combination of attributes under which an access may take place.

Attribute-Based Authorization – A structured process that determines when a user is authorized to access information, systems, or services based on attributes of the user and of the information, system, or service.

Audit Review – The assessment of an information system to evaluate the adequacy of implemented security controls, assure that they are functioning properly, identify vulnerabilities, and assist in implementation of new security controls where required.This assessment is conducted annually or whenever significant change has occurred and may lead to recertification of the information system.

Audit Trail – A record showing who has accessed an Information Technology (IT) system and what operations the user has performed during a given period. A chronological record that reconstructs and examines the sequence of activities surrounding or leading to a specific operation, procedure, or event in a security relevant transaction from inception to final result.

Authenticate – To confirm the identity of an entity when that identity is presented. To verify the identity of a user, user device, or other entity.

Authentication – Security measure designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual’s authorization to receive specific categories of information.

Authentication – Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system. The process of establishing confidence of authenticity. Encompasses identity verification, message origin authentication, and message content authentication. A process that establishes the origin of information or determines an entity’s identity. The process of verifying the identity or other attributes claimed by or assumed of an entity (user, process, or device), or to verify the source and integrity of data. The process of establishing confidence in the identity of users or information systems.

Authentication Code – A cryptographic checksum based on an Approved security function (also known as a Message Authentication Code [MAC]).

Authentication Mechanism – Hardware-or software-based mechanisms that force users to prove their identity before accessing data on a device. Hardware or software-based mechanisms that forces users, devices, or processes to prove their identity before accessing data on an information system.

Authentication Mode – A block cipher mode of operation that can provide assurance of the authenticity and, therefore, the integrity of data.

Authentication Period – The maximum acceptable period between any initial authentication process and subsequent reauthentication processes during a single terminal session or during the period data is being accessed.

Authentication Tag – A pair of bit strings associated to data to provide assurance of its authenticity.

Authentication Token – Authentication information conveyed during an authentication exchange.

Authenticity – The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator. See Authentication.

Authority – Person(s) or established bodies with rights and responsibilities to exert control in an administrative sphere.

Authorized User (AU) – Any appropriately cleared individual with a requirement to access a Department of Defense (DoD) Information System (IS) in order to perform or assist in a lawful and authorized Governmental function.

Authorized Vendor – Manufacturer of information assurance equipment authorized to produce quantities in excess of contractual requirements for direct sale to eligible buyers.Eligible buyers are typically U.S. government organizations or U.S. government contractors.

Authorized Vendor Program(AVP) – Program in which a vendor, producing an information systems security (INFOSEC) product under contract to NSA, is authorized to produce that product in numbers exceeding the contracted requirements for direct marketing and sale to eligible buyers.Eligible buyers are typically U.S. government organizations or U.S. government contractors.Products approved for marketing and sale through the AVP are placed on the Endorsed Cryptographic Products List (ECPL).

Authorizing Official – Official with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals.Synonymous with Accreditation Authority. An organizational official acting on behalf of an authorizing official in carrying out and coordinating the required activities associated with security authorization.

Automated Information System (AIS) – A generic term applied to all electronic computing systems. Automated Information Systems (AIS) collect, store, process, create, disseminate, communicate, or control data or information. AIS are composed of computer hardware (e.g., automated data processing equipment and associated devices that may include communication equipment), firmware, an operating system (OS), and other applicable software.

Automated Information System Media Control System – A system of procedures approved by the Program Security Officer (PSO), which provide controls over use, possession, and movement of magnetic media in a Special Access Program Facility (SAPF). The procedures must ensure all magnetic media (classified and unclassified) are adequately protected to avert the unauthorized use, duplication, or removal of the media.The media must be secured in limited access containers or labeled with the identity of the individual responsible for maintaining the material.

Automated Key Transport – The transport of cryptographic keys, usually in encrypted form, using electronic means such as a computer network (e.g., key transport/agreement protocols).

Automated Password Generator – An algorithm which creates random passwords that have no association with a particular user.

Automated Security Monitoring – Use of automated procedures to ensure security controls are not circumvented or the use of these tools to track actions taken by subjects suspected of misusing the information system.

Automatic Remote Rekeying – Procedure to rekey a distant crypto-equipment electronically without specific actions by the receiving terminal operator. See Manual Remote Rekeying.

Autonomous System (AS) – One or more routers under a single administration operating the same routing policy.

Availability – Ensuring timely and reliable access to and use of information. The property of being accessible and useable upon demand by an authorized entity.

Awareness (Information Security) – Activities which seek to focus an individual’s attention on an (information security) issue or set of issues.

Cyber Security Terms That Begin With the Letter B

Backdoor – An undocumented way of gaining access to a computer system. A backdoor is a potential security risk.

Backup – A copy of files and programs made to facilitate recovery, if necessary.

Balanced Magnetic Switch – A type of intrusion detection system sensor which may be installed on any rigid, operable opening (e.g., doors or windows) through which access may be gained to the Special Access Program Facility (SAPF) and Sensitive Compartmented Information (SCI).

Bank Secrecy Act (BSA) – Also known as the Currency and Foreign Transactions Reporting Act, the Bank Secrecy Act (BSA) of 1970 was enacted to reduce the amount of secrecy in the banking system by requiring financial institutions to help identify activities that may amount to money laundering. See: Financial Crimes Enforcement Network (FINCEN)

Banner – Display on an information system that sets parameters for system or data use.

Banner Grabbing – The process of capturing banner information such as application type and version that is transmitted by a remote port when a connection is initiated.

Baseline – Hardware, software, databases, and relevant documentation for an information system at a given point in time.

Baseline Configuration – A set of specifications for a system, or Configuration Item (CI) within a system, that has been formally reviewed and agreed on at a given point in time, and which can be changed only through change control procedures. The baseline configuration is used as a basis for future builds, releases, and/or changes.

Baseline Security – The minimum security controls required for safeguarding an IT system based on its identified needs for confidentiality, integrity, and/or availability protection.

Bastion Host – A special-purpose computer on a network specifically designed and configured to withstand attacks.

Behavioral Outcome – What an individual who has completed the specific training module is expected to be able to accomplish in terms of IT security-related job performance.

Biometric System – An automated system capable of:

Biometrics – Measurable physical characteristics or personal behavioral traits used to identify, or verify the claimed identity, of an individual. Facial images, fingerprints, and handwriting samples are all examples of biometrics.

Bit – A contraction of the term Binary Digit. The smallest unit of information in a binary system of notation. A binary digit having a value of 0 or 1.

Bit Error Rate – Ratio between the number of bits incorrectly received and the total number of bits transmitted in a telecommunications system.

BLACK – A designation applied to telecommunications and Information Systems (IS), including associated areas, circuits, components, and equipment which, when classified plain text signals are being processed therein, require protection during electrical transmission.

Black Core – A communication network architecture in which user data traversing a global Internet Protocol (IP) network is end-to-end encrypted at the IP layer.Related to striped core.

BLACK Equipment – A term applied to equipment that processes only unclassified and/or encrypted information.

BLACK Line – An optical fiber or a metallic wire that carries a BLACK signal or that originates/terminates in a BLACK equipment or system.

Blacklist – A list of email senders who have previously sent span to a user. A list of discrete entities, such as hosts or applications, that have been previously determined to be associated with malicious activity.

Blacklisting – The process of the system invalidating a user ID based on the user’s inappropriate actions.A blacklisted user ID cannot be used to log on to the system, even with the correct authenticator.Blacklisting and lifting of a blacklisting are both security-relevant events. Blacklisting also applies to blocks placed against IP addresses to prevent inappropriate or unauthorized use of Internet resources.

Blended Attack – A hostile action to spread malicious code via multiple methods.

Blinding – Generating network traffic that is likely to trigger many alerts in a short period of time, to conceal alerts triggered by a “real” attack performed simultaneously.

Block – Sequence of binary bits that comprise the input, output, State, and Round Key. The length of a sequence is the number of bits it contains. Blocks are also interpreted as arrays of bytes.

Block Cipher – A symmetric key cryptographic algorithm that transforms a block of information at a time using a cryptographic key. For a block cipher algorithm, the length of the input block is the same as the length of the output block.

Block Cipher Algorithm – A family of functions and their inverses that is parameterized by a cryptographic key; the function maps bit strings of a fixed length to bit strings of the same length.

Blue Team – 1. The group responsible for defending an enterprise’s use of information systems by maintaining its security posture against a group of mock attackers (i.e., the Red Team). Typically the Blue Team and its supporters must defend against real or simulated attacks 1) over a significant period of time, 2) in a representative operational context (e.g., as part of an operational exercise), and 3) according to rules established and monitored with the help of a neutral group refereeing the simulation or exercise (i.e., the White Team). 2.The term Blue Team is also used for defining a group of individuals that conduct operational network vulnerability evaluations and provide mitigation techniques to customers who have a need for an independent technical review of their network security posture.The Blue Team identifies security threats and risks in the operating environment, and in cooperation with the customer, analyzes the network environment and its current state of security readiness.Based on the Blue Team findings and expertise, they provide recommendations that integrate into an overall community security solution to increase the customer’s cyber security readiness posture.Often times a Blue Team is employed by itself or prior to a Red Team employment to ensure that the customer’s networks are as secure as possible before having the Red Team test the systems.

Break-Wire Detector – An Intrusion Detection System (IDS) sensor used with screens and grids, open wiring, and grooved stripping in various arrays and configurations necessary to detect surreptitious and forcible penetrations of movable openings, floors, walls, ceilings, and skylights. An alarm is activated when the wire is broken.

Browsing – Act of searching through information system storage or active content to locate or acquire information, without necessarily knowing the existence or format of information being sought.

Brute Force Password Attack – A method of accessing an obstructed device through attempting multiple combinations of numeric and/or alphanumeric passwords.

Buffer Overflow – A condition at an interface under which more input can be placed into a buffer or data holding area than the capacity allocated, overwriting other information. Attackers exploit such a condition to crash a system or to insert specially crafted code that allows them to gain control of the system.

Buffer Overflow Attack – A method of overloading a predefined amount of space in a buffer, which can potentially overwrite and corrupt data in memory.

Bulk Encryption – Simultaneous encryption of all channels of a multichannel telecommunications link.

Burn Bag – The informal name given to a container (usually a paper bag or some other waste receptacle) that holds sensitive or classified documents which are to be destroyed by fire or pulping after a certain period of time. The most common usage of burn bags is by Government institutions, in the destruction of materials deemed classified.

BUSTER – A computer program that is part of the Computer Security Tool-box. BUSTER is a Microsoft Disk Operating System (MS DOS)-based program used to perform a binary search of a disk or diskette for any word or set of words found in a search definition file by performing a linear search on a disk or diskette, four sectors at a time. BUSTER uses the “LIMITS.TXT” file as it documents search word patterns.

Cyber Security Terms That Begin With the Letter C

Call Back – Procedure for identifying and authenticating a remote information system terminal, whereby the host system disconnects the terminal and reestablishes contact.

Certificate – A set of data that uniquely identifies an entity, contains the entity’s public key and possibly other information, and is digitally signed by a trusted party, thereby binding the public key to the entity. Additional information in the certificate could specify how the key is used and its cryptoperiod. A digitally signed representation of information that 1) identifies the authority issuing it, 2) identifies the subscriber, 3) identifies its valid operational period (date issued / expiration date). In the information assurance (IA) community, certificate usually implies public key certificate and can have the following types: cross certificate � a certificate issued from a CA that signs the public key of another CA not within its trust hierarchy that establishes a trust relationship between the two CAs. encryption certificate � a certificate containing a public key that can encrypt or decrypt electronic messages, files, documents, or data transmissions, or establish or exchange a session key for these same purposes.Key management sometimes refers to the process of storing, protecting, and escrowing the private component of the key pair associated with the encryption certificate. identity certificate � a certificate that provides authentication of the� identity claimed. Within the National Security Systems (NSS) PKI, identity certificates may be used only for authentication or may be used for both authentication and digital signatures. A set of data that uniquely identifies a key pair and an owner that is authorized to use the key pair. The certificate contains the owner’s public key and possibly other information, and is digitally signed by a Certification Authority (i.e., a trusted party), thereby binding the public key to the owner.

Certificate Management – Process whereby certificates (as defined above) are generated, stored, protected, transferred, loaded, used, and destroyed.

Certificate Policy (CP) – A specialized form of administrative policy tuned to electronic transactions performed during certificate management. A Certificate Policy addresses all aspects associated with the generation, production, distribution, accounting, compromise recovery, and administration of digital certificates. Indirectly, a certificate policy can also govern the transactions conducted using a communications system protected by a certificate-based security system. By controlling critical certificate extensions, such policies and associated enforcement technology can support provision of the security services required by particular applications.

Certificate Revocation List (CRL) – A list of revoked public key certificates created and digitally signed by a Certification Authority.

Certificate Status Authority – A trusted entity that provides online verification to a Relying Party of a subject certificate’s trustworthiness, and may also provide additional attribute information for the subject certificate.

Certification – A statement to an accrediting authority of the extent to which an Automated Information System (AIS) or network meets its security criteria. A statement of adequacy provided by a responsible agency for a specific area of concern in support of the validation process.

Certification – A comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. The process of verifying the correctness of a statement or claim and issuing a certificate as to its correctness. Comprehensive evaluation of the technical and nontechnical security safeguards of an information system to support the accreditation process that establishes the extent to which a particular design and implementation meets a set of specified security requirements. See Security Control Assessment.

Certification Authority – .For Public Key Infrastructure (PKI): A trusted third party that issues digital certificates and verifies the identity of the holder of the digital certificate.

Certification Authority (CA) – A trusted entity that issues and revokes public key certificates.

Check Word – Cipher text generated by cryptographic logic to detect failures in cryptography.

Checksum – Value computed on data to detect error or manipulation.

Chief Information Officer (CIO) – Agency official responsible for:

Chief Information Security Officer (CISO) -See Senior Agency Information Security Officer.

Cipher – Series of transformations that converts plaintext to ciphertext using the Cipher Key. Any cryptographic system in which arbitrary symbols or groups of symbols, represent units of plain text, or in which units of plain text are rearranged, or both.

Cipher Block Chaining-Message Authentication Code – A secret-key block-cipher algorithm used to encrypt data and to generate a Message Authentication Code (MAC) to provide assurance that the payload and the associated data are authentic.

Cipher Suite – Negotiated algorithm identifiers. Cipher suites are identified in human-readable form using a pneumonic code.

Cipher Text Auto-Key (CTAK) – Cryptographic logic that uses previous cipher text to generate a key stream.

Ciphertext – Data output from the Cipher or input to the Inverse Cipher. Data in its enciphered form.

Clear – To use software or hardware products to overwrite storage space on the media with nonsensitive data.This process may include overwriting not only the logical storage location of a file(s) (e.g., file allocation table) but also may include all addressable locations.See comments on Clear/Purge Convergence.

Clear Text – Information that is not encrypted.

Clearing – Removal of data from an information system, its storage devices, and other peripheral devices with storage capacity, in such a way that the data may not be reconstructed using common system capabilities (i.e., through the keyboard); however, the data may be reconstructed using laboratory methods.

Client (Application) – A system entity, usually a computer process acting on behalf of a human user, that makes use of a service provided by a server.

Clinger-Cohen Act of 1996 – Also known as Information Technology Management Reform Act. A statute that substantially revised the way that IT resources are managed and procured, including a requirement that each agency design and implement a process for maximizing the value and assessing and managing the risks of IT investments.

Closed Area – An area that meets the requirements of Intelligence Community Directive (ICD) 705, “Sensitive Compartmented Information Facilities,” for safeguarding classified material that, because of its size, nature, or operational necessity, cannot be adequately protected by the normal safeguards or stored during nonworking hours in approved containers. Per the NISPOM, a closed area is one that meets NISPOM requirements for safeguarding classified

Closed Security Environment – Environment providing sufficient assurance that applications and equipment are protected against the introduction of malicious logic during an information system life cycle.Closed security is based upon a system’s developers, operators, and maintenance personnel having sufficient clearances, authorization, and configuration control.

Closed Storage – Storage of classified information within an accredited facility, in General Services Administration-approved secure containers, while the facility is unoccupied by authorized personnel.

Cloud Computing – A model for enabling on-demand network access to a shared pool of configurable IT capabilities/ resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. It allows users to access technology-based services from the network cloud without knowledge of, expertise with, or control over the technology infrastructure that supports them. This cloud model is composed of five essential characteristics (on-demand self-service, ubiquitous network access, location independent resource pooling, rapid elasticity, and measured service); three service delivery models (Cloud Software as a Service [SaaS], Cloud Platform as a Service [PaaS], and Cloud Infrastructure as a Service [IaaS]) and four models for enterprise access (Private cloud, Community cloud, Public cloud, and Hybrid cloud). Note:Both the user’s data and essential security services may reside in and be managed within the network cloud.

Code – System of communication in which arbitrary groups of letters, numbers, or symbols represent units of plain text of varying length.

Code Book – Document containing plain text and code equivalents in a systematic arrangement, or a technique of machine encryption using a word substitution technique.

Code Group – Group of letters, numbers, or both in a code system used to represent a plain text word, phrase, or sentence.

Codec A – Set of equipment that encodes an analogue speech or video signal into digital form for

Coercive Force – A negative or reverse magnetic force applied for the purpose of reducing magnetic flux density (demagnetization). See: Coercivity

Cognizant Security Agency (CSA) – Agencies of the Executive Branch that have been authorized by Executive Order (EO) 12829, “National Industrial Security Program (NISP),” to establish an industrial security program to safeguard classified information under the jurisdiction of those agencies when disclosed or released to U.S. Industry. These agencies include the Department of Defense (DoD), Department of Energy (DOE), Central Intelligence Agency (CIA), and Nuclear Regulatory Commission (NRC).

Cognizant Security Authority (CSA) – The single principal designated by a Senior Official of the Intelligence Community (SOIC) to serve as the responsible official for all aspects of security program management with respect to the protection of intelligence sources and methods and is under SOIC responsibility.

Cognizant Security Office (CSO) – The organizational entity delegated by the Head of a Cognizant Security Agency (CSA) to administer industrial security on behalf of the CSA.

Cold Start – Procedure for initially keying crypto-equipment.

Collision – Two or more distinct inputs produce the same output. � Also see Hash Function.

Commercial COMSEC Evaluation Program (CCEP) – Relationship between NSA and industry in which NSA provides the COMSEC expertise (i.e., standards, algorithms, evaluations, and guidance) and industry provides design, development, and production capabilities to produce a type 1 or type 2 product.Products developed under the CCEP may include modules, subsystems, equipment, systems, and ancillary devices.

Commercial Off-The-Shelf (COTS) – A term for software or hardware, generally technology or computer products, that are ready-made and available for sale, lease, or license to the general public. Commercial off-the-Shelf (COTS) products are often used as alternatives to in-house developments or one-off Government-funded developments. The use of COTS products is being mandated

Commodity Service – An information system service (e.g., telecommunications service) provided by a commercial service provider typically to a large and diverse set of consumers.The organization acquiring and/or receiving the commodity service possesses limited visibility into the management structure and operations of the provider, and while the organization may be able to negotiate service-level agreements, the organization is typically not in a position to require that the provider implement specific security controls.

Common Access Card (CAC) – Standard identification/smart card issued by the Department of Defense that has an embedded integrated chip storing public key infrastructure (PKI) certificates.

Common Misuse Scoring System – A set of measures of the severity of software feature misuse vulnerabilities. A software feature is a functional capability provided by software. A software feature misuse vulnerability is a vulnerability in which the feature also provides an avenue to compromise the security of a system.

Common Operational Picture (COP) – A continuously updated overview of an incident compiled throughout an incident’s lifecycle from data shared between integrated systems for communication, information management, and intelligence and information sharing. The common operational picture (COP) also helps ensure consistency at all levels of incident management across jurisdictions, as well as between various Governmental jurisdictions and private sector and non-Governmental entities that are engaged.

Common Platform Enumeration – A SCAP specification that provides a standard naming convention for operating systems, hardware, and applications for the purpose of providing consistent, easily parsed names that can be shared by multiple parties and solutions to refer to the same specific platform type.

Common Vulnerabilities and Exposures (CVE) – A dictionary of common names for publicly known information system vulnerabilities. An SCAP specification that provides unique, common names for publicly known information system vulnerabilities.

Common Vulnerability Scoring System (CVSS) – An SCAP specification for communicating the characteristics of vulnerabilities and measuring their relative severity.

Common Wall Facility – A facility that shares a building wall, floor, or ceiling with uninspectable areas.

Communications Security (COMSEC) – Measures and controls taken to deny unauthorized persons information derived from telecommunications and to ensure the authenticity of such telecommunications. COMSEC includes cryptosecurity, transmission security, emission security, and physical security of classified material.

Communications Security Monitoring – The act of listening to, copying, or recording transmissions of one’s own official telecommunications in order to analyze the degree of security.

Community of Interest (COI) – A collaborative group of users who exchange information in pursuit of their shared goals, interests, missions, or business processes, and who therefore must have a shared vocabulary for the information they exchange.The group exchanges information within and between systems to include security domains.

Community Risk – Probability that a particular vulnerability will be exploited within an interacting population and adversely impact some members of that population.

Compartmentalization – A nonhierarchical grouping of sensitive information used to control access to data more finely than with hierarchical security classification alone.

Compartmentation – A formal system for restricting access to selected activities or information.The establishment and management of an organization so that information about the personnel, internal organization, or activities of one component is made available to any other component only to the extent required for the performance of assigned duties.

Compartmented Intelligence – National intelligence placed in a Director of National Intelligence (DNI)-approved control system to ensure handling by specifically identified access approved individuals.

Compartmented Mode – Mode of operation wherein each user with direct or indirect access to a system, its peripherals, remote terminals, or remote hosts has all of the following: (1) valid security clearance for the most restricted information processed in the system; (2) formal access approval and signed nondisclosure agreements for that information which a user is to have access; and (3) valid need-to-know for information which a user is to have access.

Comprehensive Testing – A test methodology that assumes explicit and substantial knowledge of the internal structure and implementation detail of the assessment object. Also known as white box testing.

Compromise – Disclosure of information to unauthorized persons, or a violation of the security policy of a system in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object may have occurred. The unauthorized disclosure, modification, substitution, or use of sensitive data (including plaintext cryptographic keys and other CSPs). Disclosure of information to unauthorized persons, or a violation of the security policy of a system in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object may have occurred.

Compromising Emanations (CE) – Unintentional signals that, if intercepted and analyzed, would disclose the information transmitted, received, handled, or otherwise processed by telecommunications or automated information systems equipment.

Computer Abuse – Intentional or reckless misuse, alteration, disruption, or destruction of information processing resources.

Computer Cryptography – Use of a crypto-algorithm program by a computer to authenticate or encrypt/decrypt information.

Computer Forensics – The practice of gathering, retaining, and analyzing computer-related data for investigative purposes in a manner that maintains the integrity of the data.

Computer Incident Response Team – Group of individuals usually consisting of Security Analysts organized to develop, recommend, and coordinate immediate mitigation actions for containment, eradication, and recovery resulting from computer security incidents.Also called a Computer Security Incident Response Team (CSIRT) or a CIRC (Computer Incident Response Center, Computer Incident Response Capability, or Cyber Incident Response Team).

Computer Network – The constituent element of an enclave responsible for connecting computing environments by providing short-haul data transport capabilities such as local or campus area networks, or long-haul data transport capabilities such as operational, metropolitan, or wide area and backbone networks.

Computer Network Attack (CNA) – Actions taken through the use of computer networks to disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves.

Computer Network Defense(CND) – Actions taken to defend against unauthorized activity within computer networks.CND includes monitoring, detection, analysis (such as trend and pattern analysis), and response and restoration activities.

Computer Network Exploitation (CNE) – Enabling operations and intelligence collection capabilities conducted through the use of computer networks to gather data about target or adversary automated information systems or networks. See: Computer Network Attack (CNA); Cyber Operational Preparation of the Environment (C-OPE)

Computer Network Operations – Comprised of computer network attack, computer network defense, and related computer network exploitation enabling operations.

Computer Security (COMPUSEC) – Measures and controls that ensure confidentiality, integrity, and availability of information system assets including hardware, software, firmware, and information being processed, stored, and communicated.

Computer Security Act – The Computer Security Act of 1987, Public Law (PL) No. 100-235 (H.R. 145), was enacted by Congress on January 8, 1988 to improve the security and privacy of sensitive information in Federal computer systems and to establish a minimum acceptable security practices for such systems. The act requires the creation of computer security plans and the appropriate training of system

Computer Security Object (CSO) – A resource, tool, or mechanism used to maintain a condition of security in a computerized environment. These objects are defined in terms of attributes they possess, operations they perform or are performed on them, and their relationship with other objects.

Computer Security Objects – A collection of Computer Security Object names and definitions kept by a registration authority.

Computer Security Subsystem – Hardware or software designed to provide computer security features in a larger system environment.

Computer Security Toolbox – A set of tools (e.g., BUSTER, FLUSH, and Secure Copy) designed specifically to assist Information Assurance Officers (IAOs) and System Administrators (SAs) in performing their duties. The functions within the Toolbox can erase appended data within files; eliminate appended data in free or unallocated space; search for specific words or sets of words for verifying classification; and locate unapproved share programs.It also includes a program which allows you to clear laser toner cartridges and drums. See: BUSTER; FLUSH

Computerized Telephone System (CTS) – A generic term used to describe any telephone system that uses centralized stored program computer technology to provide switched telephone networking features and services. CTSs are commercially referred to by such terms as Computerized Private Branch Exchange (CPBX), Private Branch Exchange (PBX), Private Automatic Branch Exchange (PABX), Electronic Private Automatic Branch Exchange

Computing Environment – Workstation or server (host) and its Operating System (OS), peripherals, and applications.

COMSEC – Communications Security.

COMSEC Equipment – Equipment designed to provide security to telecommunications by converting information to a form unintelligible to an unauthorized interceptor and, subsequently, by reconverting such information to its original form for authorized recipients; also, equipment designed specifically to aid in, or as an essential element of, the conversion process.COMSEC equipment includes crypto-equipment, crypto-ancillary equipment, cryptographic production equipment, and authentication equipment.

COMSEC Manager – Individual who manages the COMSEC resources of an organization.

Connection Approval – Formal authorization to interconnect Information Systems (IS).

Connectivity – Indicates the connection of two systems regardless of the method used physical connection.

Consignee – A person, firm, or Government activity names as the receiver of a shipment; one to whom a shipment is consigned.

Consignor – A person, firm, or Government activity by which articles are shipped.The consignor is usually the shipper.

Constant Surveillance Service – A transportation protective service provided by a commercial carrier qualified by Surface Deployment and Distribution Command (SDDC)

Construction Surveillance Technician (CST) – A citizen of the United States, who is at least 18 years of age, cleared at the TOP SECRET level, experienced in construction and trained in accordance with the Construction Surveillance Technician (CST) Field Guidebook to ensure the security integrity of a site.

Container – The file used by a virtual disk encryption technology to encompass and protect other files.

Contamination – Type of incident involving the introduction of data of one security classification or security category into data of a lower security classification or different security category.

Content Filtering – The process of monitoring communications such as email and Web pages, analyzing them for suspicious content, and preventing the delivery of suspicious content to users.

Continental United States (CONUS) – United States (U.S.) territory, including adjacent territorial waters, located within the North American content between Canada and Mexico.

Contingency Key – Key held for use under specific operational conditions or in support of specific contingency plans. See Reserve Keying Material.

Contingency Plan – Management policy and procedures used to guide an enterprise response to a perceived loss of mission capability. The Contingency Plan is the first plan used by the enterprise risk managers to determine what happened, why, and what to do. It may point to the Continuity of Operations Plan (COOP) or Disaster Recovery Plan for major disruptions. See also Information System Contingency Plan.

Continuity of Operations (COOP) – The degree or state of being continuous in the conduct of functions, tasks, or duties necessary to

Continuity of Operations Plan – A predetermined set of instructions or procedures that describe how an organization’s mission-essential functions will be sustained within 12 hours and for up to 30 days as a result of a disaster event before returning to normal operations.

Continuous Evaluation – A formal program designed to provide information regarding an individual’s continued clearance eligibility or eligibility to occupy a sensitive position. The program evaluates an individual’s post- adjudication activities by applying the same standards of loyalty, trustworthiness, and reliability used during the initial adjudication.

Continuous Monitoring – The process implemented to maintain a current security status for one or more information systems or for the entire suite of information systems on which the operational mission of the enterprise depends. The process includes: 1) The development of a strategy to regularly evaluate selected IA controls/metrics, 2) Recording and evaluating IA relevant events and the effectiveness of the enterprise in dealing with those events, 3) Recording changes to IA controls, or changes that affect IA risks, and 4) Publishing the current security status to enable information-sharing decisions involving the enterprise. Maintaining ongoing awareness to support organizational risk decisions.

Continuous Operation – This condition exists when a Special Access Program Facility (SAPF) is staffed and operated 24-hours a day, 7-days a week.

Continuous Sensitive Compartmented Information Facility (SCIF) Operation – This condition exists when a Sensitive Compartmented Information Facility (SCIF) is staffed and operated 24-hours a day, 7-days a week.

Contracting Officer (CO) – A Government official who, in accordance with departmental or agency procedures, has the authority to enter into and administer contracts and make determinations and findings with respect thereto or any part of such authority. The term also includes the designated representative of the Contracting Officer (CO) acting within the limits of his or her authority.

Contractor – Any industrial, educational, commercial, or other entity that has been granted a Facility Security Clearance (FCL) by a Cognizant Security Agency (CSA).

Contractor Special Security Officer (CSSO) – An individual appointed in writing by a Cognizant Security Authority (CSA) who is responsible for all aspects of Sensitive Compartmented Information (SCI) security at a United States (U.S.) Government contractor facility.

Contractor/Command Program Manager (CPM) – A contractor-designated individual who has overall responsibility for all aspects of a program.

Control – The authority of the agency that originates information, or its successor in function, to regulate access to the information.

Control Information – Information that is entered into a cryptographic module for the purposes of directing the operation of the module.

Controlled Access Area (CAA) – The complete building or facility area under direct physical control that can include one or more limited exclusion areas, controlled BLACK equipment areas, or any combination thereof.

Controlled Access Program (CAP) – Director of National Intelligence (DNI)-approved programs that protect national intelligence. These include: Sensitive Compartmented Information (SCI): Compartments that protect national intelligence concerning or derived from intelligence sources, methods, or analytical processes. Special Access Programs (SAPs): Pertaining to intelligence activities (including special activities, but excluding military, operational, strategic, and tactical programs) and intelligence sources and methods. Restricted Collateral Information: Other than Sensitive Compartmented Information (SCI) and Special Access Programs (SAPs) that impose controls governing access to national intelligence or control procedures beyond those normally provided for access to CONFIDENTIAL, SECRET, or TOP SECRET information, and for which funding is specifically identified.

Controlled Access Program Oversight Committee (CAPOC) – The forum supporting the Director of National Intelligence (DNI) in the management of controlled access programs. This includes the creation and continuation of Controlled Access Programs (CAPs), including Sensitive Compartmented Information (SCI) compartments and other DNI Special Access Programs (SAPs). It includes monitoring of these programs through performance audits and evaluations as necessary.

Controlled Area – Any area or space for which the organization has confidence that the physical and procedural protections provided are sufficient to meet the requirements established for protecting the information and/or information system.

Controlled Unclassified Information (CUI) – A categorical designation that refers to unclassified information that does not meet the standards for National Security Classification pursuant to Executive Order (EO) 13526, “Classified National Security Information,” Reference (e), but is pertinent to the national interests of the United States (U.S) or to the important interests of entities outside the Federal Government and under law or policy requires protection from unauthorized disclosure, special handling safeguards, or prescribed limits on exchange or dissemination. NOTE: The designation Controlled Unclassified Information replaces the term Sensitive but Unclassified. See: Classification

Controlled Unclassified Information (CUI) – A categorical designation that refers to unclassified information that does not meet the standards for National Security Classification under Executive Order 12958, as amended, but is (i) pertinent to the national interests of the United States or to the important interests of entities outside the federal government, and (ii) under law or policy requires protection from unauthorized disclosure, special handling safeguards, or prescribed limits on exchange or dissemination. Henceforth, the designation CUI replaces "Sensitive But Unclassified" (SBU).

Controlling Authority – Official responsible for directing the operation of a cryptonet and for managing the operational use and control of keying material assigned to the cryptonet.

Cookie – A piece of state information supplied by a Web server to a browser, in a response for a requested resource, for the browser to store temporarily and return to the server on any subsequent visits or requests. Data exchanged between an HTTP server and a browser (a client of the server) to store state information on the client side and retrieve it later for server use.

Cooperative Key Generation – Electronically exchanging functions of locally generated, random components, from which both terminals of a secure circuit construct traffic encryption key or key encryption key for use on that circuit. See Per-Call Key.

Cooperative Program Personnel (CPP) – Foreign government personnel assigned to a Program Office (PO) that is hosted by a Department of Defense (DoD) component in accordance with the terms of an International Cooperative Program Agreement, who report to and take direction from a DoD-appointed program manager (or program manager equivalent) for the purpose of carrying out the cooperative project or program. Foreign government representatives described in

Cooperative Remote Rekeying – Synonymous with manual remote rekeying.

Counter with Cipher Block Chaining-Message – A mode of operation for a symmetric key block cipher algorithm. It combines the techniques of the Counter (CTR) mode and the Cipher Block Chaining-Message Authentication Code (CBC-MAC) algorithm to provide assurance of the confidentiality and the authenticity of computer data.

Counterintelligence (CI) – That phase of intelligence covering all activity designed to neutralize the effectiveness of adversary intelligence collection activities. Those activities that are concerned with identifying and counteracting the security threat posed by

Counterintelligence (CI) Assessment – A Department of Defense (DoD) component’s comprehensive analysis or study of a relevant Counterintelligence (CI) topic, event, situation, issue, or development. CI assessments require exhaustive amounts of research and the production timeline can range from days to months. When conducted in support of a Research, Development, and Acquisition (RDA) program with Critical Program Information (CPI), the assessment describes the threat a foreign entity (person, representative, corporation, Government, military, commercial, etc.) represents to the CPI or system assessed. The assessment is multidisciplinary as it includes an analysis of the diverse foreign collection modalities available, the relative effectiveness of each, and capability of the foreign entity to collect information about research efforts, the technology, and/or system under development. The assessment may include the impact to the DoD if the technology is compromised and be complimentary to, integrated with, or independent of the Technology-Targeting Risk Assessment (TTRA) provided by the Defense Intelligence Community (DIC).

Countermeasure – Actions, devices, procedures, or techniques that meet or oppose (i.e., counters) a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken.

Countermeasure (CM) – The employment of devices and/or techniques

Countermeasures – Actions, devices, procedures, techniques, or other measures that reduce the vulnerability of an information system. Synonymous with security controls and safeguards.

Credential – An object or data structure that authoritatively binds an identity (and optionally, additional attributes) to a token possessed and controlled by a Subscriber. Evidence attesting to one’s right to credit or authority. Evidence or testimonials that support a claim of identity or assertion of an attribute and usually are intended to be used more than once.

Credential Service Provider – A trusted entity that issues or registers Subscriber tokens and issues electronic credentials to Subscribers. The CSP may encompass Registration Authorities (RAs) and Verifiers that it operates. A CSP may be an independent third party, or may issue credentials for its own use.

Critical Security Parameter (CSP)Security -related information (e.g., secret and private cryptographic keys, and authentication data such as passwords and Personal Identification Numbers [PINs]) whose disclosure or modification can compromise the security of a cryptographic module.

Criticality – A measure of the degree to which an organization depends on the information or information system for the success of a mission or of a business function.

Criticality Level – Refers to the (consequences of) incorrect behavior of a system. The more serious the expected direct and indirect effects of incorrect behavior, the higher the criticality level.

Cross Site Scripting (XSS) – A vulnerability that allows attackers to inject malicious code into an otherwise benign website. These scripts acquire the permissions of scripts generated by the target website and can therefore compromise the confidentiality and integrity of data transfers between the website and client. Websites are vulnerable if they display user supplied data from requests or forms without sanitizing the data so that it is not executable.

Cross-Certificate – A certificate used to establish a trust relationship between two Certification Authorities.

Cross-Domain Capabilities – The set of functions that enable the transfer of information between security domains in accordance with the policies of the security domains involved.

Cross-Domain Solution (CDS) – A form of controlled interface that provides the ability to manually and/or automatically access and/or transfer information between different security domains.

Cryptographic Hash Function – A function that maps a bit string of arbitrary length to a fixed length bit string.Approved hash functions satisfy the following properties:

Cryptographic Ignition Key (CIK) – Device or electronic key used to unlock the secure mode of crypto-equipment.

Cryptographic Security – Component of COMSEC resulting from the provision of technically sound cryptographic systems and their proper use.

Cryptographic Strength – A measure of the expected number of operations required to defeat a cryptographic mechanism.

Cryptographic Token – A token where the secret is a cryptographic key. A portable, user-controlled physical device (e.g., smart card or PCMCIA card) used to store cryptographic information and possibly also perform cryptographic functions.

Crypto-Ignition Key (CIK) – A device or electronic key used to unlock the secure mode of crypto-equipment. See: Crypto-Equipment

Cryptologic Information System (CIS) – Any Information System (IS) which directly or indirectly supports the cryptologic effort, to include support functions such as administrative and logistics, regardless of manning, location, classification, or original funding citation. This includes strategic, tactical, and support IS; terrestrial, airborne, afloat, in-garrison, and space borne IS; IS dedicated to information handling; and information-handling portions of IS that perform other functions.

Cryptology – The science that deals with hidden, disguised, or encrypted communications. It includes communications security and communications intelligence. The mathematical science that deals with cryptanalysis and cryptography.

Crypto-Security – The component of communications security that results from providing and properly using technically sound cryptosystems.

Custodian – An individual who has possession of, or is otherwise charged with the responsibility for safeguarding classified information.

CVE – Common Vulnerabilities and Exposures.

Cyber Attack – A hostile act using computer or related networks or systems intended to disrupt and/or destroy an adversary’s critical cyber systems, assets, or functions. The intended effects of a cyber attack are not necessarily limited to the targeted computer systems or data themselves�for instance, attacks

Cyber Incident – Actions taken through the use of computer networks that result in an actual or potentially adverse effect on an information system and/or the information residing therein.See Incident.

Cyber Incident (Significant) – A Level 2 or Level 1 Incident on the National Cyber Risk Alert Level (NCRAL) system. A significant cyber incident is likely to cause, or is causing, harm to critical functions and services across the public and private sectors by impairing the confidentiality, integrity, or availability of electronic information, information systems, services, or networks; and/or threatening public health or safety, undermining public confidence, negatively effecting the national economy, or diminishing the security posture of the nation. See: National Cyber Alert System (NCAS); National Cyber Risk Alert Level (NCRAL)

Cyber Infrastructure – Includes electronic information and communications systems and services and the information contained in these systems and services. Information and communications systems and services are composed of all hardware and software that process, store, and communicate information, or any combination of all of these elements. Processing includes the creation, access, modification, and destruction of information. Storage includes paper, magnetic, electronic, and all other media types. Communications include sharing and distribution of information. For example: computer systems; control systems (e.g., supervisory control and data acquisition�SCADA); networks, such as the Internet; and cyber services (e.g., managed security services) are part of cyber infrastructure.

Cyber Operational Preparation of the Environment (C-OPE) – Non-intelligence enabling functions within cyberspace conducted to plan and prepare for potential follow-on military operations. C-OPE includes, but is not limited to, identifying data, system and network configurations, or physical structures connected to or associated with the network or system (to include software, ports, and assigned network address ranges or other identifiers) for the purpose of determining system vulnerabilities; and actions taken to assure future access and/or control of the system, network, or data during anticipated hostilities. NOTE: C-OPE replaces Computer Network Exploitation (CNE) or Computer Network Attack (CNA) when used specifically as an enabling function for another military operation.

Cyber Warfare (CW) – An armed conflict conducted in whole or part by cyber means, or military operations conducted to deny an opposing force the effective use of cyberspace systems and weapons in a conflict. Cyber Warfare (CW) includes cyber attack, cyber defense, and cyber-enabling actions.

Cyber security – The ability to protect or defend the use of cyberspace from cyber attacks.

Cybersecurity Enhancement Act (CSEA) – The Cybersecurity Enhancement Act (CSEA) of 2002 (Section 225 of the Homeland Security Act (HSA)) requires the United States Sentencing Commission to review and amend, as necessary, all guidelines and policy statements applicable to persons convicted or certain computer crimes. Prompted by the September 11, 2001 terrorist attacks, the primary goal of the CSEA was to ensure that elevated regard was given to sentencing of cyber terrorists based upon the grave and serious nature of cyber terrorism, and increase the severity and breadth of sentencing allowed under Federal law for cybercrimes.

Cybersecurity Information Sharing Act of 2012 – This act (S.2102, dated February 13, 2012) was developed to provide the authority to monitor and defend against cyber threats, to improve the sharing of cybersecurity information, and for other purposes.

Cyberspace – A global domain within the information environment consisting of the interdependent network of information systems infrastructures including the Internet, telecommunications networks, computer systems, and embedded processors and controllers.

Cyberspace Operations (CO) – The employment of cyber capabilities where the primary purpose is to achieve objectives in or through cyberspace. Such operations include computer network

Cyberspace Superiority – The degree of dominance in cyberspace by one force that permits the secure, reliable conduct of operations of that force, and its related land, air, sea, and space forces at a given time and sphere of operations without prohibitive interference by an adversary.

Cyclical Redundancy Check – A method to ensure data has not been altered after being sent through a communication channel.

Cyber Security Terms That Begin With the Letter D

Damage Assessment – The analysis of the impact on national security because of the disclosure of classified information to an unauthorized person. See: Functional Damage Assessment; Physical Damage Assessment

Data – A subset of information in an electronic format that allows it to be retrieved or transmitted.

Data Aggregation – The compilation of unclassified individual data systems and data elements resulting in the totality of the information being classified.

Data Asset – 1.Any entity that is comprised of data.For example, a database is a data asset that is comprised of data records. A data asset may be a system or application output file, database, document, or Web page.A data asset also includes a service that may be provided to access data from an application.For example, a service that returns individual records from a database would be a data asset. Similarly, a Web site that returns data in response to specific queries (e.g., www.weather.com) would be a data asset.

Data Element – A basic unit of information that has a unique meaning and subcategories (data items) of distinct value. Examples of data elements include gender, race, and geographic location.

Data Encryption Algorithm (DEA) – The DEA cryptographic engine that is used by the Triple Data Encryption Algorithm (TDEA).

Data Encryption Standard (DES) – Cryptographic algorithm designed for the protection of unclassified data and published by the National Institute of Standards and Technology (NIST) in Federal Information Processing Standard (FIPS) Publication 46 (FIPS 46-3 withdrawn 19 May 2005)

Data Flow Control – Synonymous with information flow control.

Data Integrity – The state that exists when computerized data is the same as that in the source documents and

Data Loss – The exposure of proprietary, sensitive, or classified information through either data theft or data leakage.

Data Mining – The analysis of data for relationships that have not previously been discovered.

Data Origin Authentication – The process of verifying that the source of the data is as claimed and that the data has not been modified.

Data Security – Protection of data from unauthorized (accidental or intentional) modification, destruction, or disclosure.

Data Transfer Device (DTD) – Fill device designed to securely store, transport, and transfer electronically both COMSEC and TRANSEC key, designed to be backward compatible with the previous generation of COMSEC common fill devices, and programmable to support modern mission systems.

DD 254 (Final) – A Contract Security Classification Specification (CSCS) that is issued by a Government Contracting Activity (GCA) or Prime Contractor to extend retention authorization to contractors who wish to retain classified information beyond the terms of the contract as authorized by the DoD 5220.22-M, National Industrial Security Program Operating Manual (NISPOM).

DD 254 (Original) – A Contract Security Classification Specification (CSCS) that is issued by a Government Contracting Activity (GCA) or a Prime Contractor to provide original classification guidance and security requirements on a classified contract. Original DD 254s are issued during the solicitation phase of a contract to provide classification guidance and security requirements to prospective contractors as they formulate their bids. Once the contract is awarded, another Original DD 254 is issued to the contractor who is being awarded the contract.

DD 254 (Revised) – A Contract Security Classification Specification (CSCS) that is issued by a Government Contracting Activity (GCA) or a prime contractor to change classification guidance and security requirements on a classified contract.

Decertification – Revocation of the certification of an information system item or equipment for cause.

Decipher – Convert enciphered text to plain text by means of a cryptographic system.

Decode – Convert encoded text to plain text by means of a code.

Decrypt – Generic term encompassing decode and decipher.

Decryption – The process of transforming ciphertext into plaintext.

The process of changing ciphertext into plaintext using a cryptographic algorithm and key.

Conversion of ciphertext to plaintext through the use of a cryptographic algorithm.

Dedicated Mode – Information systems security mode of operation wherein each user, with direct or indirect access to the system, its peripherals, remote terminals, or remote hosts, has all of the following: 1. valid security clearance for all information within the system, 2. formal access approval and signed nondisclosure agreements for all the information stored and/or processed (including all compartments, subcompartments, and/or special access programs), and 3. valid need-to-know for all information contained within the information system.When in the dedicated security mode, a system is specifically and exclusively dedicated to and controlled for the processing of one particular type or classification of information, either for full-time operation or for a specified period of time.

Defense Information Infrastructure (DII) – The shared or interconnected system of computers, communications, data, applications, security, people, training, and other support structure, serving Department of Defense (DoD) local and worldwide information needs.

Defense Information Systems Network (DISN) – A sub-element of the Defense Information Infrastructure (DII), the Defense Information Systems Network (DISN) is the Department of Defense’s (DoD) consolidated worldwide, enterprise-level telecommunications infrastructure that provides the end-to-end information transfer network for supporting military operations. The DISN, transparent to users, facilitates the management of information resources and is responsive to national security and defense needs under all conditions in the most efficient manner. The DISN is an information transfer network with value-added services for supporting national defense Command, Control, Communication, and Intelligence (C3I) decision support requirements

Defense Office of Hearings and Appeals (DOHA) – The office responsible for making denial and

Defense Personnel Exchange Program (DPEP) – A program under which military and civilian personnel of the Department of Defense (DoD), defense ministries, and/or military services of foreign governments, in accordance with the terms of an international agreement, occupy positions with, and perform functions for a host organization to promote greater understanding, standardization, and interoperability.

Defense Security Service (DSS) – The Defense Security Service (DSS) is an agency of the Department of Defense (DoD) located in Quantico, Virginia, with field offices throughout the United States (U.S.). The Under Secretary of Defense for Intelligence (USD(I)) provides authority, direction, and control over DSS. DSS provides the military services, Defense Agencies, 24 Federal agencies and approximately 13,000 cleared contractor facilities with security support services.

Defense Support of Civil Authorities – Department of Defense (DoD) support, including Federal military forces, DoD career civilian and contractor personnel, and DoD agency and component assets, for domestic emergencies and for designated law enforcement and other activities. DoD provides Defense Support of

Defense Technical Information Center (DTIC) – The repository for research and engineering information for the Department of Defense (DoD). The Defense Technical Information Center (DTIC) Suite of Services is available to DoD personnel, defense contractors, Federal Government personnel and contractors, and selected academic institutions. The general public can also access unclassified, unlimited information, including many full-text downloadable documents, through the public DTIC web site.

Defense Travel Briefing – Formal advisories that alert travelers to the potential for harassment, exploitation, provocation, capture, entrapment, terrorism, or criminal activity.

Defense Treaty Inspection Readiness Program (DTIRP) – A security education and awareness program pertaining to arms control.

Defense-in-Breadth – A planned, systematic set of multidisciplinary activities that seek to identify, manage, and reduce risk of exploitable vulnerabilities at every stage of the system, network, or sub-component life cycle (system, network, or product design and development; manufacturing; packaging; assembly; system integration; distribution; operations; maintenance; and retirement).

Defense-in-Depth – Information security strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and dimensions of the organization.

Defensive Counter-Cyber (DCC) – All defensive countermeasures designed to detect, identify, intercept, and destroy or negate harmful activities attempting to penetrate or attack through cyberspace. Defensive Counter-Cyber (DCC) missions are designed to preserve friendly network integrity, availability, and security, and protect friendly cyber capabilities from attack, intrusion, or other malicious activity by proactively seeking, intercepting, and neutralizing adversarial cyber means which present such threats. DCC operations may include military deception via honeypots and other operations; actions to adversely affect adversary and/or intermediary systems engaged in a hostile act/imminent hostile act; and redirection, deactivation, or removal of malware engaged in a hostile act/imminent hostile act.

Defensive Travel Security Briefing – Formal advisories that alert traveling personnel of the potential for harassment, exploitation,

Degauss – To reduce the magnetization to zero by applying a reverse (coercive) magnetizing force, commonly referred to as demagnetizing. To reduce the correlation between previous and present data to a point that there is no known technique for recovery of the previous data. See: Degausser; Degaussing

Degausser – An electrical device or handheld permanent magnet assembly that generates a coercive magnetic force for degaussing magnetic storage media or other magnetic material. See: Degauss; Degaussing

Degaussing – Procedure using an approved device to reduce the magnetization of a magnetic storage media to zero by applying a reverse (coercive) magnetizing force, rendering any previously stored

Deleted File – A file that has been logically, but not necessarily physically, erased from the operating system, perhaps to eliminate potentially incriminating evidence.Deleting files does not always necessarily eliminate the possibility of recovering all or part of the original data.

Deliberate Compromise of Classified Information – Any intentional act done with the object of conveying classified information to any person not officially authorized to receive the information.

Demilitarized Zone (DMZ) – An interface on a routing firewall that is similar to the interfaces found on the firewall’s protected side. Traffic moving between the DMZ and other interfaces on the protected side of the firewall still goes through the firewall and can have firewall protection policies applied.

A host or network segment inserted as a “neutral zone” between an organization’s private network and the Internet.

Perimeter network segment that is logically between internal and external networks.Its purpose is to enforce the internal network’s Information Assurance policy for external information exchange and to provide external, untrusted sources with restricted access to releasable information while shielding the internal networks from outside attacks.

Denial of Service (DOS) – When an action(s) result in the inability to communicate and/or the inability of an Automated Information System (AIS) or any essential part to perform its designated mission, either by loss or degradation of a signal or operational capability.

Department of Defense (DoD) Directive – A Department of Defense (DoD) issuance that transmits information required by law, the President, or the Secretary of Defense that applies to all branches of DoD on the way they initiate, govern, or regulate actions.DoD Directives establish or describe policy, programs, and organizations; define missions; provide authority; and assign responsibilities.DoD Directives do not prescribe one-time tasks or deadline assignments.

Department of Defense (DoD) Publication – A DoD issuance that implements or supplements DoD Directives and DoD Instructions.DoD Publications provide standard procedures about how users shall manage or operate systems and distribute administrative information. Publications include catalogs, directories, guides, handbooks, indexes, inventories, lists, manuals, modules, pamphlets, plans, regulations, standards, and supplements.

Department of Defense Components (DODC) – Identified as the Office of the Secretary of Defense, the Military Departments, the Chairman of the Joint Chiefs of Staff, the Combatant Commands, the Office of the Inspector General of the Department of Defense, the Defense Agencies, the DoD Field Activities, and all other organizational entities in the Department of Defense.

Department of Defense Information System (DODIS) – Set of information resources organized for the collection, storage, processing, maintenance, use, sharing, dissemination, disposition, display, or transmission of information. Includes Automated Information System (AIS) applications, enclaves, outsourced Information Technology (IT)-based processes, and platform IT interconnections.

Department of Energy (DOE) – The Department of Energy’s (DOE) overarching mission is to advance the national, economic, and energy security of the United States (U.S.), promote scientific and technological innovation in support of that mission, and ensure the environmental cleanup of the national nuclear weapons complex.

Department of Homeland Security (DHS) – In response to the terrorist attacks of September 11, 2001, the Department of Homeland Security

Department of State (DOS) – The Department of State (DOS) is the Federal executive department responsible for international relations Among its stated missions is to advance freedom for the benefit of the American people and the international community by helping to build and sustain a more democratic, secure, and prosperous world composed of well-governed states that respond to the needs of their people, reduce widespread poverty, and act responsibly within the international system. DOS formulates, coordinates, and provides oversight of foreign policy.

Department of the Treasury (TREAS DEPT) – The Department of the Treasury (TREAS DEPT) is the executive agency responsible for promoting economic prosperity and ensuring the financial security of the United

Descriptive Top-Level – A natural language descriptive of a system’s security requirements, an informal design notation, or a combination of the two.

Destroying – Destroying is the process of physically damaging the media to the level that the media is not usable, and that there is no known method of retrieving the data.

Detectable Actions – Physical actions, or whatever can be heard, observed, imaged, or detected by human senses, or by active and/or passive technical sensors, including emissions that can be intercepted.

Determination Authority – A designee of a Senior Official of the Intelligence Community (SOIC) with responsibility for decisions rendered with respect to Sensitive Compartmented Information (SCI) access eligibility or ineligibility.

Deterministic Random Bit Generator (DRBG) – A Random Bit Generator (RBG) that includes a DRBG mechanism and (at least initially) has access to a source of entropy input. The DRBG produces a sequence of bits from a secret initial value called a seed, along with other possible inputs. A DRBG is often called a Pseudorandom Number (or Bit) Generator.

Deterministic Random Bit Generator (DRBG) Mechanism – The portion of an RBG that includes the functions necessary to instantiate and uninstantiate the RBG, generate pseudorandom bits, (optionally) reseed the RBG and test the health of the DRBG mechanism.

Deviation (Personnel Security) – Access eligibility granted or continued despite either a significant gap in coverage or scope in the investigation or an out-of-date investigation. A significant gap for this purpose is defined as either complete lack of coverage for a period of 6 months or more within the most recent 5 years investigated, the lack of a Federal Bureau of Investigation (FBI) name check or technical check, or the lack of one or more relevant investigative scope components (e.g., employment checks, financial review) in its entirety. See: Condition (Personnel Security); Exception (Personnel Security); Waiver (Personnel Security)

Device Distribution Profile – An approval-based Access Control List (ACL) for a specific product that 1) names the user devices in a specific key management infrastructure (KMI) Operating Account (KOA) to which PRSNs distribute the product, and 2) states conditions of distribution for each device.

Device Registration Manager – The management role that is responsible for performing activities related to registering users that are devices.

Dial Back – Synonymous with call back.

Differential Power Analysis – An analysis of the variations of the electrical power consumption of a cryptographic module, using advanced statistical methods and/or other techniques, for the purpose of extracting information correlated to cryptographic keys used in a cryptographic algorithm.

Digital Evidence – Electronic information stored or transferred in digital form.

Digital Forensics – The application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.

Digital Signature – An asymmetric key operation where the private key is used to digitally sign data and the public key is used to verify the signature. Digital signatures provide authenticity protection, integrity protection, and non-repudiation.

A nonforgeable transformation of data that allows the proof of the source (with non-repudiation) and the verification of the integrity of that data.

The result of a cryptographic transformation of data which, when properly implemented, provides the services of:

Digital Signature Algorithm – Asymmetric algorithms used for digitally signing data.

Disaster Recovery Plan (DRP) – A written plan for recovering one or more information systems at an alternate facility in response to a major hardware or software failure or destruction of facilities.

Management policy and procedures used to guide an enterprise response to a major loss of enterprise capability or damage to its facilities.The DRP is the second plan needed by the enterprise risk managers and is used when the enterprise must recover (at its original facilities) from a loss of capability over a period of hours or days.See Continuity of Operations Plan and Contingency Plan.

Disconnection – The termination of an interconnection between two or more IT systems.A disconnection may be planned (e.g., due to changed business needs) or unplanned (i.e., due to an attack or other contingency).

Disk Imaging – Generating a bit-for-bit copy of the original media, including free space and slack space.

Diskette – A metal or plastic disk coated with iron oxide, on which data is stored for use by an Information System (IS). The diskette is circular and rotates inside a square lubricated that allows the read/write head access to the diskette.

Distinguishing Identifier – Information which unambiguously distinguishes an entity in the authentication process.

Distributed Denial of Service – A Denial of Service technique that uses numerous hosts to perform the attack.

DMZ – See Demilitarized Zone.

Document – Any recorded information regardless of its physical form or characteristics, including, without limitation, written or printed matter, data processing cards and tapes, maps, charts, paintings, drawings, photos, engravings, sketches, working notes and papers, reproductions of such things by any means or process, and sound, voice, magnetic or electronic recordings in any form.

Documentary Information – Any information, which is recorded on paper, film, transparency, electronic medium, or any other medium. This includes, but is not limited to printed publications, reports, correspondence, maps, audiotapes, email, spreadsheets, databases and graphical slides, technical drawings, software code, and information embodied in hardware.

Domain – A set of subjects, their information objects, and a common security policy.

An environment or context that includes a set of system resources and a set of system entities that have the right to access the resources as defined by a common security policy, security model, or security architecture. See Security Domain.

Downgrading – A determination by a Declassification Authority that information classified and safeguarded at a specified level shall be classified and safeguarded at a lower level.

Drop Accountability – Procedure under which a COMSEC account custodian initially receipts for COMSEC material, and provides no further accounting for it to its central office of record. Local accountability of the COMSEC material may continue to be required. See Accounting Legend Code.

Dual Citizen – Any person who is simultaneously a citizen of more than one country.

Dual Technology – Passive infrared, microwave, or ultrasonic Intrusion Detection System (IDS) sensors which combine the features of more than one volumetric technology.

Dual-Use Certificate – A certificate that is intended for use with both digital signature and data encryption services.

Duplicate Digital Evidence – A duplicate is an accurate digital reproduction of all data objects contained on the original physical item and associated media.

Dynamic Random-Access Memory (DRAM) – A read-write Random-Access Memory (RAM)

Dynamic Subsystem – A subsystem that is not continually present during the execution phase of an information system. Service-oriented architectures and cloud computing architectures are examples of architectures that employ dynamic subsystems.

Cyber Security Terms That Begin With the Letter E

Easter Egg – Hidden functionality within an application program, which becomes activated when an undocumented, and often convoluted, set of commands and keystrokes are entered. Easter eggs are typically used to display the credits for the development team and are intended to be nonthreatening.

Eavesdropping Attack – An attack in which an Attacker listens passively to the authentication protocol to capture information which can be used in a subsequent active attack to masquerade as the Claimant.

Education (Information Security) – Education integrates all of the security skills and competencies of the various functional specialties into a common body of knowledge . . . and strives to produce IT security specialists and professionals capable of vision and proactive response.

E-Government (e-gov) – The use by the U.S. government of Web-based Internet applications and other information technology.

Egress Filtering – Filtering of outgoing network traffic.

Electrically Erasable Programmable Read-Only Memory (EEPROM) – A Read-Only Memory (ROM) using a technique similar to Erasable Programmable Read-Only Memory (EPROM), but with the capability to discharge data electrically.Usually bytes or words can be erased and reprogrammed individually during system operation. See: Erasable Programmable Read-Only Memory (EPROM)

Electromagnetic Pulse Emanation Standard (TEMPEST) Technical Authority (CTTA) – An experienced, technically-qualified United States (U.S.) Government employee who has met established certification requirements in accordance with the Committee on National

Electronic Attack (EA) – Division of Electronic Warfare (EW) involving the use of electromagnetic energy, directed energy, or anti-radiation weapons to attack personnel, facilities, or equipment with the intent of degrading, neutralizing, or destroying enemy combat capability. EA is considered a form of fires. See: Electronic Protection (EP); Electronic Warfare (EW); Electronic Warfare Support (EWS)

Electronic Authentication – The process of establishing confidence in user identities electronically presented to an information system.

Electronic Business (e-business) – Doing business online.

Electronic Credentials – Digital documents used in authentication that bind an identity or an attribute to a subscriber’s token.

Electronic Evidence – Information and data of investigative value that is stored on or transmitted by an electronic device.

Electronic Intelligence (ELINT) – Technical and geo-location intelligence derived from foreign non-communications transmissions (e.g., radar) by other than nuclear detonations or radioactive sources.

Electronic Key Entry – The entry of cryptographic keys into a cryptographic module using electronic methods such as a smart card or a key-loading device. (The operator of the key may have no knowledge of the value of the key being entered.)

Electronic Key Management System (EKMS) – Interoperable collection of systems being developed by services and agencies of the U.S. government to automate the planning, ordering, generating, distributing, storing, filling, using, and destroying of electronic key and management of other types of COMSEC material.

Electronic Messaging Services – Services providing interpersonal messaging capability; meeting specific functional, management, and technical requirements; and yielding a business-quality electronic mail service suitable for the conduct of official government business.

Electronic Protection (EP) – A division of Electronic Warfare (EW) involving

Electronic Questionnaire for Investigative Processing (e-QIP) – An Office of Personnel Management (OPM) software program for the preparation and electronic submission of security forms for a Personnel Security Investigation (PSI) or suitability determination.

Electronic Security (ELSEC) – Protection resulting from measures designed to deny unauthorized persons information from the interception and analysis of non-communication electromagnetic emissions.

Electronic Signature – The process of applying any mark in electronic form with the intent to sign a data object.See also Digital Signature.

Electronic Surveillance (ES) – Acquisition of a non-public communication by electronic means without the consent of a person who is a party to an electronic communication or, in the case of a person who is visibly present at the place of communication, but not including the use of radio direction-finding equipment solely to determine the location of the transmitter. Electronic Surveillance (ES) may involve consensual interception of electronic

Electronic Transmission (ET) – A transmission system that uses the flow of electric current (usually 4 – 20 milliamperes (ma)) to transmit output or input signals.

Electronic Warfare (EW) – Any military action involving the use of electromagnetic and directed energy to control the electromagnetic spectrum or to attack the enemy. The three major subdivisions within Electronic Warfare (EW) are Electronic Attack (EA), Electronic Protection (EP), and Electronic Warfare Support (EWS). See: Electronic Attack (EA); Electronic Protection (EP); Electronic Warfare Support (EWS)

Electronic Warfare Support (EWS) – The Division of Electronic Warfare (EW) involving actions tasked by, or under direct control of, an operational commander to search for, intercept, identify, and locate or localize sources of intentional and unintentional radiated electromagnetic energy for the purpose of immediate threat recognition, targeting, planning

Electronically Generated Key – Key generated in a COMSEC device by introducing (either mechanically or electronically) a seed key into the device and then using the seed, together with a software algorithm stored in the device, to produce the desired key.

Emanation Security (EMSEC) – Unintentional signals that, if intercepted and analyzed, would disclose the information transmitted, received, handled, or otherwise processed by information systems. Synonymous with Transient Electromagnetic Pulse Emanation Standard (TEMPEST).

Emanation Standard (TEMPEST) Technical Authority (CTTA) – A United States (U.S) Government employee who has met established certification requirements in accordance with the Committee on the National

Emanations Security (EMSEC) – Protection resulting from measures taken to deny unauthorized individuals information derived from intercept and analysis of compromising emissions from crypto-equipment or an information system. See TEMPEST.

Embedded Computer – Computer system that is an integral part of a larger system.

Embedded Cryptographic System – Cryptosystem performing or controlling a function as an integral element of a larger system or subsystem.

Embedded Cryptography – Cryptography engineered into an equipment or system whose basic function is not cryptographic.

Emission Security (EMSEC) – The component of Communications Security (COMSEC) which results from all measures taken to deny unauthorized persons valuable information that might be derived from intercept and analysis of compromising emanations from crypto­equipment and telecommunications systems.

Encipher – Convert plain text to cipher text by means of a cryptographic system.

Enclave – Collection of information systems connected by one or more internal networks under the control of a single authority and security policy. The systems may be structured by physical proximity or by function, independent of location.

Enclave Boundary – Point at which an enclave’s internal network service layer connects to an external network’s service layer, i.e., to another enclave or to a Wide Area Network (WAN).

Encode – Convert plain text to cipher text by means of a code.

Encrypt – Generic term encompassing encipher and encode.

Encrypted Key – A cryptographic key that has been encrypted using an Approved security function with a key encrypting key, a PIN, or a password in order to disguise the value of the underlying plaintext key.

Encrypted Network – A network on which messages are encrypted (e.g., using DES, AES, or other appropriate algorithms) to prevent reading by unauthorized parties.

Encryption – Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.

The process of changing plaintext into ciphertext for the purpose of security or privacy.

Encryption Algorithm – Set of mathematically expressed rules for rendering data unintelligible by executing a series of conversions controlled by a key.

Encryption Certificate – A certificate containing a public key that is used to encrypt electronic messages, files, documents, or data transmissions, or to establish or exchange a session key for these same purposes.

End-to-End Encryption – Communications encryption in which data is encrypted when being passed through a network, but routing information remains visible.

Encryption of information at its origin and decryption at its intended destination without intermediate decryption.

End-to-End Security – Safeguarding information in an information system from point of origin to point of destination.

Enterprise Architecture (EA) – The description of an enterprise’s entire set of information systems:how they are configured, how they are integrated, how they interface to the external environment at the enterprise’s boundary, how they are operated to support the enterprise mission, and how they contribute to the enterprise’s overall security posture.

Enterprise Risk Management – The methods and processes used by an enterprise to manage risks to its mission and to establish the trust necessary for the enterprise to support shared missions.It involves the identification of mission dependencies on enterprise capabilities, the identification and prioritization of risks due to defined threats, the implementation of countermeasures to provide both a static risk posture and an effective dynamic response to active threats; and it assesses enterprise performance against threats and adjusts countermeasures as necessary.

Entrance National Agency Check (ENTNAC) – A Personnel Security Investigation (PSI) scoped and conducted in the same manner as a National Agency Check (NAC) except that a technical fingerprint search of the files of the Federal Bureau of Investigation (FBI) is not conducted.

Entropy – A measure of the amount of uncertainty that an Attacker faces to determine the value of a secret. Entropy is usually stated in bits.

Ephemeral Key – A cryptographic key that is generated for each execution of a key establishment process and that meets other requirements of the key type (e.g., unique to each message or session). In some cases, ephemeral keys are used more than once within a single session (e.g., broadcast applications) where the sender generates only one ephemeral key pair per message, and the private key is combined separately with each recipient’s public key.

Equipment Transient Electromagnetic Pulse Emanation Standard (TEMPEST) Zone – A required secure distance (zone) assigned to equipment based on the Transient Electromagnetic Pulse Emanation Standard (TEMPEST) electric field radiation characteristics of equipment compared to the limits of National Security Telecommunications and Information Systems Security Advisory Memorandum (NSTISSAM) TEMPEST/1-92. See: Facilities Transient Electromagnetic Pulse Emanation Standard (TEMPEST) Zone (FTZ)

Equity – Information originally classified by or under the control of an agency.

Erasable Programmable Read-Only Memory (EPROM) – A Read-Only Memory (ROM) in which stored data can be erased by ultraviolet light or other means and reprogrammed bit by bit with appropriate voltage pulses. In comparison, to Electrically Erasable Programmable Read-Only Memory (EEPROM), Erasable Programmable Read-Only Memory (EPROM) devices must be saved when power is removed.Similar products using a nitride negative-channel metal-oxide semiconductor process are termed Electrically Alterable Read-Only Memory (EAPROM). See: Electrically Erasable Programmable Read-Only Memory (EEPROM)

Erasure – Process intended to render magnetically stored information irretrievable by normal means.

Error Detection Code – A code computed from data and comprised of redundant bits of information designed to detect, but not correct, unintentional changes in the data.

Exempted – Nomenclature and marking indicating information has been determined to fall within an enumerated exemption from automatic declassification under Executive Order (EO) 13526, “Classified National Security Information,” as amended.

Exercise Key – Cryptographic key material used exclusively to safeguard communications transmitted over-the-air during military or organized civil training exercises.

Expected Output – Any data collected from monitoring and assessments as part of the Information Security Continuous Monitoring (ISCM) strategy.

Exploit Code – A program that allows attackers to automatically break into a system.

Exploitable Channel – Channel that allows the violation of the security policy governing an information system and is usable or detectable by subjects external to the trusted computing base.See Covert Channel.

Exploitation – The process of obtaining and taking advantage of intelligence information from any source.

External Information System – An information system service that is implemented outside of the

External Information System (or Component) – An information system or component of an information system that is outside of the authorization boundary established by the organization and for which the organization typically has no direct control over the application of required security controls or the assessment of security control effectiveness.

External Information System Service Provider – A provider of external information system services to an organization through a variety of consumer-producer relationships, including but not limited to: joint ventures; business partnerships; outsourcing arrangements (i.e., through contracts, interagency agreements, lines of business arrangements); licensing agreements; and/or supply chain exchanges.

External Network – A network not controlled by the organization.

External Security Testing – Security testing conducted from outside the organization’s security perimeter.

Extraction Resistance – Capability of crypto-equipment or secure telecommunications equipment to resist efforts to extract key.

Extranet – A private network that uses Web technology, permitting the sharing of portions of an enterprise’s information or operations with suppliers, vendors, partners, customers, or other enterprises.

Extraordinary Security Measure (ESM) – A security measure necessary to adequately

Facility Security Clearance (FCL) – An administrative determination that, from a security viewpoint, a facility is eligible for access to classified information of a certain category and all lower categories.

Cyber Security Terms That Begin With the Letter F

Facility Security Officer (FSO) – A United States (U.S.) citizen employee, who is cleared as part of the Facility Security Clearance (FCL), responsible for supervising and directing security measures necessary for implementing applicable DoD 5220.22-M, National Industrial

Facility Transient Electromagnetic Pulse Emanation Standard (TEMPEST) Zone (FTZ) – A space assignment based on the measured ability of the facility structure to meet the limits of National Security Telecommunications and Information Systems Security Advisory Memorandum (NSTISSAM) Transient Electromagnetic Pulse Emanation Standard (TEMPEST)/1-92. See: Equipment Transient Electromagnetic Pulse Emanation Standard (TEMPEST) Zone (ETZ)

Fail Safe – Automatic protection of programs and/or processing systems when hardware or software failure is detected.

Fail Soft – Selective termination of affected nonessential processing when hardware or software failure is determined to be imminent.

Failover – The capability to switch over automatically (typically without human intervention or warning) to a redundant or standby information system upon the failure or abnormal termination of the previously active system.

Failure Access – Type of incident in which unauthorized access to data results from hardware or software failure.

Failure Control – Methodology used to detect imminent hardware or software failure and provide fail safe or fail soft recovery.

False Acceptance – When a biometric system incorrectly identifies an individual or incorrectly verifies an impostor against a claimed identity

In biometrics, the instance of a security system incorrectly verifying or identifying an unauthorized person.It typically is considered the most serious of biometric security errors as it gives unauthorized users access to systems that expressly are trying to keep them out.

False Acceptance Rate (FAR) – The probability that a biometric system will incorrectly identify an individual or will fail to reject an impostor. The rate given normally assumes passive impostor attempts.

The measure of the likelihood that the biometric security system will incorrectly accept an access attempt by an unauthorized user. A system’s false acceptance rate typically is stated as the ratio of the number of false acceptances divided by the number of identification attempts.

False Positive – An alert that incorrectly indicates that malicious activity is occurring.

False Rejection – When a biometric system fails to identify an applicant or fails to verify the legitimate claimed identity of an applicant.

In biometrics, the instance of a security system failing to verify or identify an authorized person.It does not necessarily indicate a flaw in the biometric system; for example, in a fingerprint-based system, an incorrectly aligned finger on the scanner or dirt on the scanner can result in the scanner misreading the fingerprint, causing a false rejection of the authorized user.

False Rejection Rate (FRR) – The probability that a biometric system will fail to identify an applicant, or verify the legitimate claimed identity of an applicant.

The measure of the likelihood that the biometric security system will incorrectly reject an access attempt by an authorized user. A system’s false rejection rate typically is stated as the ratio of the number of false rejections divided by the number of identification attempts.

Federal Enterprise Architecture – A business-based framework for governmentwide improvement developed by the Office of Management and Budget that is intended to facilitate efforts to transform the federal government to one that is citizen-centered, results-oriented, and market-based.

Federal Information Processing Standard (FIPS) – A standard for adoption and use by federal departments and agencies that has been developed within the Information Technology Laboratory and published by the National Institute of Standards and Technology, a part of the U.S. Department of Commerce.A FIPS covers some topic in information technology in order to achieve a common level of quality or some level of interoperability.

Federal Information Security Management Act (FISMA) – The Federal Information Security Management Act (FISMA) was enacted in 2002 as Title III of the E-Government Act of 2002 (Public Law (PL) 107-347, 116 Stat. 2899). The act recognized the importance of information security to the economic and national security interests of the United States (U.S.). The act requires each Federal agency to develop, document, and implement an agency-wide program to provide information security for the information and Information Systems (IS) that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source.

Federal Information Security Management Act (FISMA) – A statute (Title III, P.L. 107-347) that requires agencies to assess risk to information systems and provide information security protections commensurate with the risk.FISMA also requires that agencies integrate information security into their capital planning and enterprise architecture processes, conduct annual information systems security reviews of all programs and systems, and report the results of those reviews to OMB.

Title III of the E-Government Act requiring each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source.

Federal Information System – An information system used or operated by an executive agency, by a contractor of an executive agency, or by another organization on behalf of an executive agency.

Federal Information Systems Security Educators’ Association – An organization whose members come from federal agencies, industry, and academic institutions devoted to improving the IT security awareness and knowledge within the federal government and its related external workforce.

Federal Public Key Infrastructure Policy Authority (FPKIPA) – The Federal PKI Policy Authority is a federal government body responsible for setting, implementing, and administering policy decisions regarding interagency PKI interoperability that uses the FBCA.

Ferroelectric Random-Access Memory (FRAM) – A trademarked type of non-volatile memory developed by Ramtron International Corporation. FRAM combines the access of speed of Dynamic Random-Access Memory (DRAM) and Static Random-Access Memory (SRAM) with the non- volatility of Read-Only Memory (ROM). Because of its high speed, it is replacing Electrically Erasable Programmable Read-Only Memory (EEPROM) in many devices. See: Dynamic Random-Access Memory (DRAM); Electrically Erasable Programmable Read-Only Memory (EEPROM); Non-Volatile Memory (NVM); Static Random-Access Memory (SRAM)

File Control Block (FCB) – A Microsoft Disk Operating System (MS-DOS) data structure that stores information about an open file. The number of FCBs is configured in CONFIG.SYS with a command “FCBS=x,y” where x (between 1 and 255 inclusive, default 4) specifies the number of file control blocks to allocate and therefore the number of files that MS-DOS can have open at one time. See: Integral File Block

File Encryption – The process of encrypting individual files on a storage medium and permitting access to the encrypted data only after proper authentication is provided.

File Name Anomaly – 1. A mismatch between the internal file header and its external extension; or 2. A file name inconsistent with the content of the file (e.g., renaming a graphics file with a non-graphical extension.

File Protection – Aggregate of processes and procedures designed to inhibit unauthorized access, contamination, elimination, modification, or destruction of a file or any of its contents.

File Security – Means by which access to computer files is limited to authorized users only.

File Series – File units or documents arranged according to a filing system or kept together because they relate to a particular subject or function, result from the same activity, document a specific kind of transaction, take a particular physical form, or

Fill Device – COMSEC item used to transfer or store key in electronic form or to insert key into cryptographic equipment.

Financial Crimes Enforcement Network (FINCEN) – An activity of the Department of the Treasury (TREAS DEPT) that supports law enforcement investigative efforts and fosters interagency and global cooperation against domestic and international financial crimes. The Financial Crimes Enforcement Network (FINCEN) provides United States (U.S.) policymakers with strategic analyses of domestic and worldwide money laundering developments, trends, and patterns. The FINCEN works toward those ends through information collection, analysis, and sharing, as well as technological assistance and implementation of the Bank Secrecy Act (BSA) and other TREAS DEPT authorities. See: Bank Secrecy Act (BSA), Department of the Treasury (TREAS DEPT)

FIPS-Approved Security Method – A security method (e.g., cryptographic algorithm, cryptographic key generation algorithm or key distribution technique, random number generator, authentication technique, or evaluation criteria) that is either a) specified in a FIPS, or b) adopted in a FIPS.

FIREFLY – Key management protocol based on public key cryptography.

Cyber Security Terms That Begin With the Letter G

Firewall – A gateway that limits access between networks in accordance with local security policy.

A hardware/software capability that limits access between networks and/or systems in accordance with a specific security policy.

A device or program that controls the flow of network traffic between networks or hosts that employ differing security postures.

Firewall Control Proxy – The component that controls a firewall’s handling of a call. The firewall control proxy can instruct the firewall to open specific ports that are needed by a call, and direct the firewall to close these ports at call termination.

Firmware – The programs and data components of a cryptographic module that are stored in hardware within the cryptographic boundary and cannot be dynamically written or modified during execution.

Computer programs and data stored in hardware – typically in read-only memory (ROM) or programmable read-only memory (PROM) – such that the programs and data cannot be dynamically written or modified during execution of the programs.

FISMA – See Federal Information Security Management Act.

Fixed COMSEC Facility – COMSEC facility located in an immobile structure or aboard a ship.

Fixed Disk – A magnetic storage device used for high volume date storage and retrieval purposes which is not removable from the computer in which it operates.

Flash Memory – A special type of Electrically Erasable Programmable Read-Only Memory (EEPROM) that can be erased and reprogrammed in blocks instead of one byte at a time. Many modern personal computers have their Basic Input-Output System (BIOS) stored on a flash memory chip so that it can easily update if necessary (Flash BIOS). Flash memory is also popular in modems because it enables the modern manufacturer to support new protocols as they become standardized.

Flooding – An attack that attempts to cause a failure in a system by providing more input than the system can process properly.

FLUSH – A computer program which is part of the Computer Security Toolbox. FLUSH is a Microsoft Disk Operating System (MS-DOS)-based program used to eliminate appended data with a file or files and appended data located in unallocated or free space on a disk or diskette. See: BUSTER; Computer Security Toolbox

Focused Testing – A test methodology that assumes some knowledge of the internal structure and implementation detail of the assessment object. Also known as gray box testing.

Forensically Clean – Digital media that is completely wiped of all data, including nonessential and residual data, scanned for malware, and verified before use.

Forensics – The practice of gathering, retaining, and analyzing computer-related data for investigative purposes in a manner that maintains the integrity of the data.

See Also Computer Forensics.

Freedom of Information Act (FOIA) – A provision that any person has a right, enforceable in court, of access to Federal agency records, except to the extent that such records, or portions thereof, are protected from disclosure by one of nine exemptions.

Frequency Hopping – Repeated switching of frequencies during radio transmission according to a specified algorithm, to minimize unauthorized interception or jamming of telecommunications.

Friendly – An adjective that describes an operation or activity that is carried out by a friend (e.g., friendly fire).

Full Disk Encryption (FDE) – The process of encrypting all the data on the hard disk drive used to boot a computer, including the computer’s operating system, and permitting access to the data only after successful authentication with the full disk encryption product.

Functional Damage Assessment – The estimate of the effect of force to degrade or destroy the functional or operational capability of equipment, infrastructures, and associated Information Systems (IS), and/or supporting applications to perform its intended mission and on the level of success in achieving operational objectives.

Functional Testing – Segment of security testing in which advertised security mechanisms of an information system are tested under operational conditions.

Gateway – Interface providing compatibility between networks by converting transmission speeds, protocols, codes, or security measures.

Gauss – A unit of measure of magnetic flux density. See: Degauss

General Services Administration (GSA) – An independent agency of the United States (U.S.) Government established in 1949 to help manage and support the basic functioning of Federal agencies. The GSA supplies products and communications for U.S. Government offices, provides transportation and office space to Federal employees, and develops Government-wide cost-minimizing policies, among other management tasks.

Global Information Grid (GIG) – Defined as the globally interconnected, end-to­ end set of information capabilities for collecting, processing, storing, disseminating, and managing information on demand to warfighters, policy makers, and support personnel. The GIG includes owned and leased communications and computing systems and services, software (including applications), data, security services, other associated services, and the National Security System (NSS). See: United States Strategic Command (USSTRATCOM)

Global Information Infrastructure – Worldwide interconnections of the information systems of all countries, international and multinational organizations, and international commercial communications.

Global Information Infrastructure (GII) – The information systems of all countries, international and multinational organizations, and

Group Authenticator – Used, sometimes in addition to a sign-on authenticator, to allow access to specific data or functions that may be shared by all members of a particular group.

Guard (System) – A mechanism limiting the exchange of information between information systems or subsystems.

Guessing Entropy – A measure of the difficulty that an Attacker has to guess the average password used in a system. In this document, entropy is stated in bits. When a password has n-bits of guessing entropy then an attacker has as much difficulty guessing the average password as in guessing an n-bit random quantity. The attacker is assumed to know the actual password frequency distribution.

Guest System – Any system that enters the Special Access Program Facility (SAPF) which has not already been certified or accredited by the respective cognizant SAPF authority is considered a guest system.

Cyber Security Terms That Begin With the Letter H

Hacker – Unauthorized user who attempts to or gains access to an information system.

Handshaking Procedures – Dialogue between two information systems for synchronizing, identifying, and authenticating themselves to one another.

Hard Copy Key – Physical keying material, such as printed key lists, punched or printed key tapes, or programmable, read-only memories (PROM).

Hard Disk – A magnetic storage device used for high volume data storage and retrieval purposes, to include ones which are both removable and non-removable from the computers in which they operate.

Hardcopy Document – Any document that is initially published and distributed by the originating component in paper form and that is not stored or transmitted by electrical means.

Hardened Cable Path – A material, container, or facility that provides physical protection for the cable and causes a delay to a perpetrator attempting unauthorized penetration or intrusion. Head of Department of Defense Component The Secretary of Defense (SECDEF); the Secretaries of the Military Departments; the Chairman, Joint Chiefs of Staff (CJCS); the Commanders of Unified and Specified Commands; and the Directors of Defense Agencies.

Hardening – Configuring a host’s operating systems and applications to reduce the host’s security weaknesses.

Hardware – The physical components of an information system. See also Software and Firmware.

Hardwired Key – Permanently installed key.

Hash Function – A mathematical function that maps a string of arbitrary length (up to a predetermined maximum size) to a fixed length string.

A function that maps a bit string of arbitrary length to a fixed length bit string. Approved hash functions are specified in FIPS 180 and are designed to satisfy the following properties: 1. (One-way) It is computationally infeasible to find any input that maps to any new prespecified output, and 2. (Collision resistant) It is computationally infeasible to find any two distinct inputs that map to the same output.

Hash Total – Value computed on data to detect error or manipulation.

Hash Value – The result of applying a cryptographic hash function to data (e.g., a message).

Hash-based Message Authentication Code – A message authentication code that utilizes a keyed hash.

Hash-based Message Authentication Code (HMAC) – A message authentication code that uses a cryptographic key in conjunction with a hash function.

Hashing – The process of using a mathematical algorithm against data to produce a numeric value that is representative of that data.

Hashword – Memory address containing hash total.

High-Impact System – An information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a FIPS 199 potential impact value of high.

An information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a potential impact value of high.

Home Office Facility – The headquarters facility of a multi-facility organization.

Homeland Security Act (HSA) – The Homeland Security Act (HSA) (PL 107-296) was enacted under the under the administration of President George W. Bush on November 25, 2002 in response to the September 11, 2001 terrorist attacks. The HSA provided broad powers to Federal law enforcement agencies to protect citizens and interests from terrorist attacks within the United States (U.S.). The legislation provided for the establishment of the U.S. Department of Homeland Security

Honeypot – A system (e.g., a Web server) or system resource (e.g., a file on a server) that is designed to be attractive to potential crackers and intruders and has no authorized users other than its administrators.

Hot Site – A fully operational offsite data processing facility equipped with hardware and software, to be used in the event of an information system disruption.

Backup site that includes phone systems with the phone lines already connected. Networks will also be in place, with any necessary routers and switches plugged in and turned on. Desks will have desktop PCs installed and waiting, and server areas will be replete with the necessary hardware to support business-critical functions. Within a few hours, a hot site can become a fully functioning element of an organization.

Hybrid Security Control – A security control that is implemented in an information system in part as a common control and in part as a system-specific control. See also Common Control and System-Specific Security Control.

Cyber Security Terms That Begin With the Letter I

IA Architecture – A description of the structure and behavior for an enterprise’s security processes, information security systems, personnel and organizational sub-units, showing their alignment with the enterprise’s mission and strategic plans.

IA Infrastructure – The underlying security framework that lies beyond an enterprise’s defined boundary, but supports its IA and IA-enabled products, its security posture and its risk management plan.

IA Product – Product whose primary purpose is to provide security services (e.g., confidentiality, authentication, integrity, access control, non-repudiation of data); correct known vulnerabilities; and/or provide layered defense against various categories of non-authorized or malicious penetrations of information systems or networks.

IA-Enabled Information Technology Product – Product or technology whose primary role is not security, but which provides security services as an associated feature of its intended operating capabilities.Examples include such products as security-enabled Web browsers, screening routers, trusted operating systems, and security-enabled messaging systems.

IA-Enabled Product – Product whose primary role is not security, but provides security services as an associated feature of its intended operating capabilities.

Note:Examples include such products as security-enabled Web browsers, screening routers, trusted operating systems, and security enabling messaging systems.

Identification – The process of verifying the identity of a user, process, or device, usually as a prerequisite for granting access to resources in an IT system.

The process of discovering the true identity (i.e., origin, initial history) of a person or item from the entire collection of similar persons or items.

An act or process that presents an identifier to a system so that the system can recognize a system entity (e.g., user, process, or device) and distinguish that entity from all others.

Identifier – Unique data used to represent a person’s identity and associated attributes.A name or a card number are examples of identifiers.

A data object – often, a printable, non-blank character string – that definitively represents a specific identity of a system entity, distinguishing that identity from all others.

Identity – A set of attributes that uniquely describe a person within a given context.

The set of physical and behavioral characteristics by which an individual is uniquely recognizable.

The set of attribute values (i.e., characteristics) by which an entity is recognizable and that, within the scope of an identity manager’s responsibility, is sufficient to distinguish that entity from any other entity.

Identity Binding – Binding of the vetted claimed identity to the individual (through biometrics) according to the issuing authority.

Identity Proofing – The process by which a Credentials Service Provider (CSP) and a Registration Authority (RA) collect and verify information about a person for the purpose of issuing credentials to that person. The process of providing sufficient information (e.g., identity history, credentials, documents) to a Personal Identity Verification Registrar when attempting to establish an identity.

Identity Registration – The process of making a person’s identity known to the Personal Identity Verification (PIV) system, associating a unique identifier with that identity, and collecting and recording the person’s relevant attributes into the system.

Identity Token – Smart card, metal key, or other physical object used to authenticate identity.

Identity Validation – Tests enabling an information system to authenticate users or resources.

Identity Verification – The process of confirming or denying that a claimed identity is correct by comparing the credentials (something you know, something you have, something you are) of a person requesting access with those previously proven and stored in the PIV Card of system and associated with the identity being claimed.

The process of confirming or denying that a claimed identity is correct by comparing the credentials (something you know, something you have, something you are) of a person requesting access with those previously proven and stored in the PIV Card or system and associated with the identity being claimed.

Identity-Based Access Control – Access control based on the identity of the user (typically relayed as a characteristic of the process acting on behalf of that user) where access authorizations to specific objects are assigned based on user identity.

Identity-Based Security Policy – A security policy based on the identities and/or attributes of the object (system resource) being accessed and of the subject (user, group of users, process, or device) requesting access.

Imagery Intelligence (IMINT) – Intelligence derived from the exploitation of collection by visual photography, infrared sensors, lasers, electro-optics, and radar sensors such as synthetic aperture radar, wherein images of objects are reproduced optically or electronically on film, electronic display devices, or other media.

Imitative Communications Deception – Introduction of deceptive messages or signals into an adversary’s telecommunications signals.

Imitative Communications Deception – Introduction of deceptive messages or signals into an adversary’s telecommunications signals.See also Communications Deception and Manipulative Communications Deception.

Implant – Electronic device or electronic equipment modification designed to gain unauthorized interception of information-bearing emanations.

Incident – An assessed event of attempted entry, unauthorized entry, and/or attack against a facility, operation, or Automated Information System (AIS).

Incident Response Plan – The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber attacks against an organization’s information system(s).

The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of an incident against an organization’s IT system(s).

Incomplete Parameter Checking – System flaw that exists when the operating system does not check all parameters fully for accuracy and consistency, thus making the system vulnerable to penetration.

Informal Security Policy – Natural language description, possibly supplemented by mathematical arguments, demonstrating the correspondence of the functional specification to the high-level design.

Information Assurance (IA) – Individual who works IA issues and has real-world experience plus appropriate IA training and education commensurate with their level of IA responsibility.

Information Assurance (IA) Control – An objective condition of integrity, availability, or confidentiality achieved through the application of specific safeguards or through the regulation of specific activities that is expressed in a specified format (e.g., a control number, a control name, control text, and a control class). Specific management, personnel, operational, and technical controls are applied to each Department of Defense (DoD) Information System (IS) to achieve an appropriate level of integrity, availability, and confidentiality. See: Certification and Accreditation (C&A); Information Assurance (IA)

Information Assurance (IA) -Enabled Information Technology (IT) Product – Product or technology whose primary role is not security, but provides security services as an associated feature of its intended operating capabilities. Examples include such products as security- enabled web browsers, screening routers, trusted operating systems, and security-enabled messaging systems.

Information Assurance (IA) Product – Product or technology whose primary purpose is to provide security services (e.g., confidentiality, authentication, integrity, access control, non-repudiation of data); correct known vulnerabilities; and/or provide layered defense against various categories of non-authorized or malicious

Information Assurance Component – (IAC) – An application (hardware and/or software) that provides one or more Information Assurance capabilities in support of the overall security and operational objectives of a system.

Information Assurance Officer (IAO) – The individual responsible to the Information Assurance Manager (IAM) for ensuring that Operations Security (OPSEC) is maintained for a specific Information System (IS). The Information Assurance Officer (IAO) may have the responsibility for more than one system. NOTES: The IAO may be referred to as a Network Security Officer (NSO), or a Terminal Area or Information System Security Custodian.

Information Assurance Vulnerability Alert (IAVA) – Notification that is generated when an Information Assurance vulnerability may result in an immediate and potentially severe threat to DoD systems and information; this alert requires corrective action because of the severity of the vulnerability risk.

Information Domain – A three-part concept for information sharing, independent of, and across information systems and security domains that 1) identifies information sharing participants as individual members, 2) contains shared information objects, and 3) provides a security policy that identifies the roles and privileges of the members and the protections required for the information objects.

Information Environment – Aggregate of individuals, organizations, and/or systems that collect, process, or disseminate information, also included is the information itself.

Information Flow Control – Procedure to ensure that information transfers within an information system are not made in violation of the security policy.

Information Integrity – The state that exists when information is unchanged from its source and has not been accidentally or intentionally modified, altered, or destroyed.

Information Management – The planning, budgeting, manipulating, and controlling of information throughout its life cycle.

Information Operation – Any action involving the acquisition, transmission, storage, or transformation of information that enhances the employment of military forces.

Information Security – The result of any system of policies and procedures for identifying, controlling, and protecting from unauthorized disclosure information that executive order or statute protects.

Information Security Architect – Individual, group, or organization responsible for ensuring that the information security requirements necessary to protect the organization’s core missions and business processes are adequately addressed in all aspects of enterprise architecture including reference models, segment and solution architectures, and the resulting information systems supporting those missions and business processes.

Information Security Architecture – An embedded, integral part of the enterprise architecture that describes the structure and behavior for an enterprise’s security processes, information security systems, personnel and organizational sub-units, showing their alignment with the enterprise’s mission and strategic plans.

Information Security Continuous Monitoring (ISCM) Program – A program established to collect information in accordance with pre-established metrics, utilizing information readily available in part through implemented security controls.

Information Security Oversight Office (ISOO) – The Information Security Oversight Office (ISOO) is responsible to the President of the United States (U.S.) for policy and oversight of the Government- wide security classification system and the National Industrial Security Program (NISP). ISSO authority is derived from Executive

Information Security Policy – Aggregate of directives, regulations, rules, and practices that prescribes how an organization manages, protects, and distributes information.

Information Security Program Plan – Formal document that provides an overview of the security requirements for an organization-wide information security program and describes the program management controls and common controls in place or planned for meeting those requirements.

Information Security Risk – The risk to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation due to the potential for unauthorized access, use, disclosure, disruption, modification, or destruction of information and/or information systems. See Risk.

Information Sharing – The requirements for information sharing by an IT system with one or more other IT systems or applications, for information sharing to support multiple internal or external organizations, missions, or public programs.

Information Storage Device (ISD) – The physical storage device used by an Information System (IS) upon which data is recorded.

Information System (IS) – An assembly of computer hardware, software, and firmware configured for the purpose of automating the functions of calculating, computing, sequencing, storing, retrieving, displaying, communicating, or otherwise manipulating data, information and textual material.

Information System Boundary – See Authorization Boundary.

Information System Contingency Plan (ISCP) – Management policy and procedures designed to maintain or restore business operations, including computer operations, possibly at an alternate location, in the event of emergencies, system failures, or disasters.

Information System Life Cycle – The phases through which an information system passes, typically characterized as initiation, development, operation, and termination (i.e., sanitization, disposal and/or destruction).

Information System Security Engineer (ISSE) – The individual responsible for the engineering process that captures and refines information protection requirements and ensures their integration into Information Technology (IT) acquisition processes through purposeful security design or configuration.

Information System-Related Security Risks – Information system-related security risks are those risks that arise through the loss of confidentiality, integrity, or availability of information or information systems and consider impacts to the organization (including assets, mission, functions, image, or reputation), individuals, other organizations, and the Nation. See Risk.

Information Systems Security – Protection of information systems against unauthorized access to or modification of information, whether in storage, processing, or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats.

Information Systems Security (INFOSEC) – Information Systems Security (INFOSEC) is the protection afforded to Information Systems (IS) in order to preserve the availability, integrity,

Information Systems Security Engineer (ISSE) – Individual assigned responsibility for conducting information system security engineering activities.

Information Systems Security Equipment Modification – Modification of any fielded hardware, firmware, software, or portion thereof, under NSA configuration control. There are three classes of modifications: mandatory (to include human safety); optional/special mission modifications; and repair actions. These classes apply to elements, subassemblies, equipment, systems, and software packages performing functions such as key generation, key distribution, message encryption, decryption, authentication, or those mechanisms necessary to satisfy security policy, labeling, identification, or accountability.

Information Systems Security Manager (ISSM) – Individual responsible for the information assurance of a program, organization, system, or enclave.

Information Systems Security Officer (ISSO) – Individual assigned responsibility for maintaining the appropriate operational security posture for an information system or program.

Individual assigned responsibility by the senior agency information security officer, authorizing official, management official, or information system owner for maintaining the appropriate operational security posture for an information system or program.

Information Systems Security Product – Item (chip, module, assembly, or equipment), technique, or service that performs or relates to information systems security.

Information Systems Security Representative (ISSR) – The provider-assigned individual responsibility for the onsite security of the Automated Information System (AIS) processing information for the customer.

Information Technology – Any equipment or interconnected system or subsystem of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the executive agency. For purposes of the preceding sentence, equipment is used by an executive agency if the equipment is used by the executive agency directly or is used by a contractor under a contract with the executive agency which—

Information Type – A specific category of information (e.g., privacy, medical, proprietary, financial, investigative, contractor sensitive, security management), defined by an organization or in some instances, by a specific law, Executive Order, directive, policy, or regulation.

Information Warfare (INFOWAR) – Actions taken to achieve information superiority by adversely affecting an adversary’s information, information-based processes, and/or information systems while defending one’s own information, information-based processes, and/or information systems. Information operations conducted during time of crisis or conflict to achieve or promote

Initial Operating Capability (IOC) – A time when the organizational authoritative entity declares that a system sufficiently meets requirements for formal operational status while the system may not meet all of the original design specifications to be declared fully operational.

Insider Threat – Any circumstance or event with the potential to adversely impact agency operations, including mission, functions, image, or reputation, agency assets, or individuals through an Information System (IS) via internal unauthorized access, destruction, disclosure, modification of information, and/or Denial of Service (DOS). See: Internal Vulnerability

Integral File Block – A distinct component of a file series that should be maintained as a separate unit in order to ensure the integrity of the records. An integral file block may consist of a set of records covering either a specific topic or a range of time, such as a presidential administration or a 5-year retirement schedule within a specific file series that is retired from active use as a group. See: File Control Block (FCB)

Integrity – Quality of an information system reflecting the logical correctness and reliability of the operating system, the logical completeness of the hardware and software implementing the protection mechanisms, and the consistency of the data structures and occurrence of the stored data. NOTE: In a formal security mode, integrity is interpreted more narrowly to mean protection against unauthorized modification or destruction of information.

Integrity Check Value – Checksum capable of detecting modification of an information system.

Intellectual Property – Useful artistic, technical, and/or industrial information, knowledge or ideas that convey ownership and control of tangible or virtual usage and/or representation.

Creations of the mind such as musical, literary, and artistic works; inventions; and symbols, names, images, and designs used in commerce, including copyrights, trademarks, patents, and related rights. Under intellectual property law, the holder of one of these abstract “properties” has certain exclusive rights to the creative work, commercial symbol, or invention by which it is covered.

Intelligence Community (IC) – The Intelligence Community (IC) is a coalition of 17 agencies and organizations within the executive branch that work both independently and collaboratively to gather the intelligence necessary to conduct foreign relations and national security activities. Their primary mission is to collect and convey the essential information the President and members of the policymaking, law enforcement, and military communities require to execute their appointed duties.

The 17 IC member agencies are

  • Defense Intelligence Agency
  • National Geospatial-Intelligence
  • National Reconnaissance Office
  • National Security Agency
  • Military Intelligence Corps
  • Office of Naval Intelligence
  • Air Force Intelligence
  • Coast Guard Intelligence
  • Office of Intelligence and Analysis
  • Central Intelligence Agency
  • Bureau of Intelligence and Research
  • Office of Terrorism and Financial Intelligence
  • Office of National Security Intelligence – Drug Enforcement Administration
  • Intelligence Branch – Federal Bureau of Investigation
  • Office of Intelligence and Counterintelligence

Intelligence Special Access Program – A Special Access Program (SAP) established primarily to protect the planning and execution of especially sensitive intelligence or Counterintelligence (CI) operations or collection activities.

Intercept – Data which is obtained through the passive collection of signals, or, interrupting access, communication, or the flow of a process.

Interconnected Network – A Network Information System (NIS) comprised of two or more separately accredited systems and/or networks.

Interconnection Security – An agreement established between the organizations that own and operate connected IT systems to document the technical requirements of the interconnection.The ISA also supports a Memorandum of Understanding or Agreement (MOU/A) between the organizations.

Interface – Common boundary between independent systems or modules where interactions take place.

Interface Control Document – Technical document describing interface controls and identifying the authorities and responsibilities for ensuring the operation of such controls.This document is baselined during the preliminary design review and is maintained throughout the information system life cycle.

Interim Access Authorization (IAA) – A determination to grant access authorization prior to the receipt and adjudication of the individual’s complicated background investigation.

Interim Approval to Operate (IAO) – Temporary authorization granted by a Designated Approving Authority (DAA) for an Information System (IS) to process classified information in its operational environment based on preliminary results of a security evaluation of the system.

Interim Approval to Test (IATT) – Temporary authorization to test an information system in a specified operational information environment within the time frame and under the conditions or constraints enumerated in the written authorization.

Interim Security Clearance – A security clearance based on the completion of minimum investigative requirements, which is granted on a temporary basis, pending the completion of the full investigative requirements.

Intermediate Certification – A Certification Authority that is subordinate to another CA, and has a CA subordinate to itself.

Internal Network – A network where: (i) the establishment, maintenance, and provisioning of security controls are under the direct control of organizational employees or contractors; or (ii) cryptographic encapsulation or similar security technology provides the same effect. An internal network is typically organization-owned, yet may be organization-controlled while not being organization-owned.

A network where 1) the establishment, maintenance, and provisioning of security controls are under the direct control of organizational employees or contractors; or 2) cryptographic encapsulation or similar security technology implemented between organization-controlled endpoints provides the same effect (at least with regard to confidentiality and integrity). An internal network is typically organization-owned, yet may be organization-controlled while not being organization-owned.

Internal Security Controls – Hardware, firmware, or software features within an information system that restrict access to resources only to authorized subjects.

Internal Security Testing – Security testing conducted from inside the organization’s security perimeter.

Internal Vulnerability – A weakness in an Information System (IS), system security procedures, internal controls, or implementation that could be exploited or triggered by an organic threat source. See: Insider Threat

International Organization – An entity established by recognized governments under an international agreement which, by charter or otherwise, is able to acquire and transfer property, make contracts and agreements, obligate its members, and pursue legal remedies.

Internet – The Internet is the single, interconnected, worldwide system of commercial, governmental, educational, and other computer networks that share (a) the protocol suite specified by the Internet Architecture Board (IAB), and (b) the name and address spaces managed by the Internet Corporation for Assigned Names and Numbers (ICANN).

Internet Protocol (IP) – Standard protocol for transmission of data from source to destinations in packet-switched communications networks and interconnected systems of such networks.

Interoperability – The capability of one system to communicate

Intranet – A private network that is employed within the confines of a given enterprise (e.g., internal to a business or agency).

Intrusion – Unauthorized act of bypassing the security mechanisms of a system.

Intrusion Detection and Prevention System (IDPS) – Software that automates the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents and attempting to stop detected possible incidents.

Intrusion Detection Systems (IDS) – Hardware or software product that gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions (attacks from outside the organizations) and misuse (attacks from within the organizations.)

IDSs which operate on information collected from within an individual computer system.This vantage point allows host-based IDSs to determine exactly which processes and user accounts are involved in a particular attack on the Operating System. Furthermore, unlike network-based IDSs, host-based IDSs can more readily “see” the intended outcome of an attempted attack, because they can directly access and monitor the data files and system processes usually targeted by attacks.

Invalidation – An administrative action that renders a contractor ineligible to receive additional classified information, except that information necessary for completion of essential contracts, as determined by the appropriate Government Contracting Agencies (GCAs).

Inverse Cipher – Series of transformations that converts ciphertext to plaintext using the Cipher Key.

IP Security (IPSEC) – Suite of protocols for securing Internet Protocol (IP) communications at the network layer, layer 3 of the OSI model by authenticating and/or encrypting each IP packet in a data stream. IPsec also includes protocols for cryptographic key establishment.

Isolator – A device or assembly of devices which isolates or disconnects a telephone or Computerized Telephone System (CTS) from all wires which exit the Special Access Program Facility (SAPF) and has been accepted as effective for security purposes by the Telephone Security Group (TSG). See: Computerized Telephone System (CTS); Secure Telephone Unit (STU)-III/Secure Telephone Equipment (STE)

IT Security Architecture – A description of security principles and an overall approach for complying with the principles that drive the system design; i.e., guidelines on the placement and implementation of specific security services within various distributed computing environments.

IT Security Awareness – The purpose of awareness presentations is simply to focus attention on security. Awareness presentations are intended to allow individuals to recognize IT security concerns and respond accordingly.

IT Security Awareness and Training Program – Explains proper rules of behavior for the use of agency IT systems and information. The program communicates IT security policies and procedures that need to be followed.

Explains proper rules of behavior for the use of agency information systems and information.The program communicates IT security policies and procedures that need to be followed (i.e., NSTISSD 501, NIST SP 800-50).

IT Security Education – IT Security Education seeks to integrate all of the security skills and competencies of the various functional specialties into a common body of knowledge, adds a multidisciplinary study of concepts, issues, and principles (technological and social), and strives to produce IT security specialists and professionals capable of vision and proactive response.

IT Security Investment – An IT application or system that is solely devoted to security. For instance, intrusion detection systems (IDS) and public key infrastructure (PKI) are examples of IT security investments.

IT Security Metrics – Metrics based on IT security performance goals and objectives.

IT Security Policy – The “documentation of IT security decisions” in an organization.

NIST SP 800-12 categorizes IT Security Policy into three basic types:

IT Security Training – IT Security Training strives to produce relevant and needed security skills and competencies by practitioners of functional specialties other than IT security (e.g., management, systems design and development, acquisition, auditing).The most significant difference between training and awareness is that training seeks to teach skills, which allow a person to perform a specific function, while awareness seeks to focus an individual’s attention on an issue or set of issues. The skills acquired during training are built upon the awareness foundation, in particular, upon the security basics and literacy material.

IT-Related Risk – The net mission/business impact considering

Cyber Security Terms That Begin With the Letter J

Jamming – An attack in which a device is used to emit electromagnetic energy on a wireless network’s frequency to make it unusable. An attack that attempts to interfere with the reception of broadcast communications.

Cyber Security Terms That Begin With the Letter K

Kerberos – A widely used authentication protocol developed at the Massachusetts Institute of Technology (MIT). In “classic” Kerberos, users share a secret password with a Key Distribution Center (KDC). The user, Alice, who wishes to communicate with another user, Bob, authenticates to the KDC and is furnished a “ticket” by the KDC to use to authenticate with Bob. When Kerberos authentication is based on passwords, the protocol is known to be vulnerable to off-line dictionary attacks by eavesdroppers who capture the initial user-to-KDC exchange.Longer password length and complexity provide some mitigation to this vulnerability, although sufficiently long passwords tend to be cumbersome for users.

A means of verifying the identities of principals on an open network. authentication, trustworthiness, or physical security of hosts while assuming all packets can be read, modified and inserted at will. It uses a trust broker model and symmetric cryptography to provide authentication and authorization of users and systems on the network.

Key – A value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification.

A numerical value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification.

A parameter used in conjunction with a cryptographic algorithm that determines its operation.

Key Bundle – The three cryptographic keys (Key1, Key2, Key3) that are used with a Triple Data Encryption Algorithm (TDEA) mode.

Key Distribution Center (KDC) – COMSEC facility generating and distributing key in electronic form.

Key Escrow – A deposit of the private key of a subscriber and other pertinent information pursuant to an escrow agreement or similar contract binding upon the subscriber, the terms of which require one or more agents to hold the subscriber’s private key for the benefit of the subscriber, an employer, or other party, upon provisions set forth in the agreement.

The processes of managing (e.g., generating, storing, transferring, auditing) the two components of a cryptographic key by two key component holders.

1. The processes of managing (e.g., generating, storing, transferring, auditing) the two components of a cryptographic key by two key component holders. 2. A key recovery technique for storing knowledge of a cryptographic key, or parts thereof, in the custody of one or more third parties called "escrow agents," so that the key can be recovered and used in specified circumstances.

Key Escrow System – A system that entrusts the two components comprising a cryptographic key (e.g., a device unique key) to two key component holders (also called "escrow agents").

Key Establishment – The process by which cryptographic keys are securely established among cryptographic modules using manual transport methods (e.g., key loaders), automated methods (e.g., key transport and/or key agreement protocols), or a combination of automated and manual methods (consists of key transport plus key agreement).

The process by which cryptographic keys are securely established among cryptographic modules using key transport and/or key agreement procedures.See Key Distribution.

Key Exchange – The process of exchanging public keys in order to establish secure communications.

Process of exchanging public keys (and other information) in order to establish secure communications.

Key Expansion – Routine used to generate a series of Round Keys from the Cipher Key.

Key Generation Material – Random numbers, pseudo-random numbers, and cryptographic parameters used in generating cryptographic keys.

Key Management – The activities involving the handling of cryptographic keys and other related security parameters (e.g., IVs and passwords) during the entire life cycle of the keys, including their generation, storage, establishment, entry and output, and zeroization.

Key Management Device – A unit that provides for secure electronic distribution of encryption keys to authorized users.

Key Management Infrastructure – All parts – computer hardware, firmware, software, and other equipment and its documentation; facilities that house the equipment and related functions; and companion standards, policies, procedures, and doctrine that form the system that manages and supports the ordering and delivery of cryptographic material and related information products and services to users.

Key Material Identification Number (KMID) – A unique number automatically assigned to each piece of Secure Telephone Unit (STU)-III/Secure Telephone Equipment (STE) keying material. See: Secure Telephone Unit (STU)-III/Secure Telephone Equipment (STE)

Key Pair – Two mathematically related keys having the properties that (1) one key can be used to encrypt a message that can only be decrypted using the other key, and 2) even knowing one key, it is computationally infeasible to discover the other key.

A public key and its corresponding private key; a key pair is used with a public key algorithm.

Key Production Key (KPK) – Key used to initialize a keystream generator for the production of other electronically generated key.

Key Recovery – Mechanisms and processes that allow authorized parties to retrieve the cryptographic key used for data confidentiality.

Key Resources – Any publicly or privately controlled resources essential to the minimal operations of the economy and Government.

Key Service Unit (KSU) – An electromechanical switching device which controls the routing and operation of an analog telephone system.

Key Stream – Sequence of symbols (or their electrical or mechanical equivalents) produced in a machine or auto-manual cryptosystem to combine with plain text to produce cipher text, control transmission security processes, or produce key.

Key Tag – Identification information associated with certain types of electronic key.

Key Tape – Punched or magnetic tape containing key. Printed key in tape form is referred to as a key list.

Key Transport – The secure transport of cryptographic keys from one cryptographic module o another module.

Key Updating – Irreversible cryptographic process for modifying key.

Key Wrap – A method of encrypting keying material (along with associated integrity information) that provides both confidentiality and integrity protection using a symmetric key algorithm.

Key-Auto-Key (KAK) – Cryptographic logic using previous key to produce key.

Keyed-hash based message authentication code (HMAC) – A message authentication code that uses a cryptographic key in conjunction with a hash function.

Key-Encryption-Key (KEK) – Key that encrypts or decrypts other key for transmission or storage.

Keying Material – Key, code, or authentication information in physical, electronic, or magnetic form.

Keystroke Monitoring – The process used to view or record both the keystrokes entered by a computer user and the computer’s response during an interactive session. Keystroke monitoring is usually considered a special case of audit trails.

Cyber Security Terms That Begin With the Letter L

Labeled Security Protections – Access control protection features of a system that use security labels to make access control decisions.

Laboratory Attack – Use of sophisticated signal recovery equipment in a laboratory environment to recover information from data storage media.

Law Enforcement Sensitive – Law Enforcement Sensitive information is defined as unclassified information of a sensitive and proprietary nature that, if disclosed, could cause harm to law enforcement activities by jeopardizing investigations, compromising operations, or causing life-threatening situations for confidential informants, witnesses, or law enforcement personnel.

Lawful Permanent Resident – Any person not a citizen of the United States (U.S.) who is residing in the U.S. under a legally recognized and lawfully recorded permanent residence as an immigrant.Also known as a “Permanent Resident Alien,” “Resident Alien Permit Holder,” and “Green Card Holder.”

Least Privilege – The security objective of granting users only those accesses they need to perform their official duties.

The principle that a security architecture should be designed so that each entity is granted the minimum system resources and authorizations that the entity needs to perform its function.

Least Trust – The principal that a security architecture should be designed in a way that minimizes 1) the number of components that require trust, and 2) the extent to which each component is trusted.

Level of Concern – Rating assigned to an information system indicating the extent to which protection measures, techniques, and procedures must be applied. High, Medium, and Basic are identified levels of concern.A separate Level-of-Concern is assigned to each information system for confidentiality, integrity, and availability.

Level of Protection – Extent to which protective measures, techniques, and procedures must be applied to information systems and networks based on risk, threat, vulnerability, system interconnectivity considerations, and information assurance needs.Levels of protection are: 1. Basic:information systems and networks requiring implementation of standard minimum security countermeasures. 2. Medium: information systems and networks requiring layering of additional safeguards above the standard minimum security countermeasures. 3. High: information systems and networks requiring the most stringent protection and rigorous security countermeasures.

Likelihood of Occurrence – In Information Assurance risk analysis, a weighted factor based on a subjective analysis of the probability that a given threat is capable of exploiting a given vulnerability.

Limited Access Authorization (LAA) – Authorization for access to CONFIDENTIAL or SECRET information granted to non-United States (U.S.) citizens and immigrant aliens, which is limited to only that information necessary to the successful accomplishment of their assigned duties and based on a background investigation scoped for 10 years.

Limited Background Investigation (LBI) – A Limited Background Investigation (LBI) consists of a Personal Subject Interview; National Agency Check (NAC) plus credit search; personal interviews with employers (3 years), residence and educational sources (3 years); and law enforcement searches (5 years). See: Background Investigation (BI)

Limited Liability Company (LLC) – A type of company, authorized only in certain states, whose owners and managers receive the limited liability and (usually) tax benefits of a corporation without having to conform to the corporation restrictions. An LLC is an unincorporated association, is relatively flexible, and allows for pass-through income taxation.

Limited Maintenance – COMSEC maintenance restricted to fault isolation, removal, and replacement of plug-in assemblies. Soldering or unsoldering usually is prohibited in limited maintenance.See Full Maintenance.

Line Conditioning – Elimination of unintentional signals or noise induced or conducted on a telecommunications or information system signal, power, control, indicator, or other external interface line.

Line Conduction – Unintentional signals or noise induced or conducted on a telecommunications or information system signal, power, control, indicator, or other external interface line.

Line Supervision Class I: Class I line security is achieved through the use of Data Encryption Standard or an algorithm based on the Cipher feedback or Cipher block chaining mode of encryption. Certification by National Institute of Science and Technology (NIST) or another independent testing laboratory is required.

Class II line supervision refers to systems in which the transmission is based on pseudo, random-generated, or digital

Link Encryption – Link encryption encrypts all of the data along a communications path (e.g., a satellite link, telephone circuit, or T1 line). Since link encryption also encrypts routing data, communications nodes need to decrypt the data to continue routing.

Encryption of information between nodes of a communications system.

List-Oriented – Information system protection in which each protected object has a list of all subjects authorized to access it.

Local Access – Access to an organizational information system by a user (or process acting on behalf of a user) communicating through a direct connection without the use of a network.

Local Agency Check (LAC) – An investigative check of local police departments, courts, etc., to determine whether the subject has been involved in criminal conduct. The Local Agency Check (LAC) is a part of all Personnel Security Investigations (PSIs) except the Entrance National Agency Check (ENTNAC). See: Personnel Security Investigation (PSI)

Local Area Network (LAN) – A Local Area Network (LAN) is a group of computers and associated devices that share a common communications line or wireless link. Typically, connected devices share the resources of a single processor or server within a small geographic area. See: Network, Wide Area Network (WAN)

Local Management Device/Key Processor (LMD/KP) – EKMS platform providing automated management of COMSEC material and generating key for designated users.

Local Registration Authority – A Registration Authority with responsibility for a local community.

Logic Bomb – A logic bomb is a program or code fragment which triggers an unauthorized, malicious act when some predefined condition occurs. The most common type is the time bomb, which

Logical Completeness Measure – Means for assessing the effectiveness and degree to which a set of security and access control mechanisms meets security specifications.

Long-Haul Telecommunications – All general purpose and special purpose long-distance facilities and services (including terminal equipment and local circuitry supporting the long-haul service) used to support the electromagnetic and/or optical dissemination, transmission, or reception of information via voice, data, video, integrated telecommunications, wire, or radio to or from the post, camp, base, or station switch and/or main distribution frame (except for trunk lines to the first-serving commercial central office for local communications services).

Low Impact – The loss of confidentiality, integrity, or availability that could be expected to have a limited adverse effect on organizational operations, organizational assets, individuals, other organizations, or the national security interests of the United States; (i.e., 1) causes a degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is noticeably reduced; 2) results in minor damage to organizational assets; 3) results in minor financialloss; or 4) results in minor harm to individuals).

Low Probability of Detection (LPD) – The result of measures used to hide or disguise intentional electromagnetic transmissions.

Low Probability of Intercept – Result of measures to prevent the intercept of intentional electromagnetic transmissions.The objective is to minimize an adversary’s capability of receiving, processing, or replaying an electronic signal.

Low Probability of Intercept (LPI) – Result of measures to prevent the intercept of intentional electromagnetic transmissions.

Low-Impact System – An information system in which all three security objectives (i.e., confidentiality, integrity, and availability) are assigned a FIPS 199 potential impact value of low.

An information system in which all three security properties (i.e., confidentiality, integrity, and availability) are assigned a potential impact value of low.

Cyber Security Terms That Begin With the Letter M

Macro Virus – A virus that attaches itself to documents and uses the macro programming capabilities of the document’s application to execute and propagate.

Magnetic Remanence – Magnetic representation of residual information remaining on a magnetic medium after the medium has been cleared. See Clearing.

Maintenance Hook – Special instructions (trapdoors) in software allowing easy maintenance and additional feature development. Since maintenance hooks frequently allow entry into the code without the usual checks, they are a serious security risk if they are not removed prior to live implementation.

Major Application – An application that requires special attention to security due to the risk and magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of the information in the application. Note: All federal applications require some level of protection.Certain applications, because of the information in them, however, require special management oversight and should be treated as major. Adequate security for other applications should be provided by security of the systems in which they operate.

Major Information System – An information system that requires special management attention because of its importance to an agency mission; its high development, operating, or maintenance costs; or its significant role in the administration of agency programs, finances, property, or other resources.

Malicious Applets – Small application programs that are automatically downloaded and executed and that perform an unauthorized function on an information system.

Malicious Code – Software or firmware that is designed with the intent of having some adverse impact on the confidentiality, integrity, or availability of an Information System (IS). The malicious code may be included in hardware, software, firmware or data. Computer viruses, worms, trojan horses, trapdoors, and logic bombs all fall under the definition of malicious code. Computer viruses pose the primary threat to an IS because of their reproductive capability.

Malicious Code Screening – The process of monitoring Information Systems (IS) for the presence of malicious code. See: Malicious Code

Malicious Logic – Hardware, firmware, or software that is intentionally included or inserted in a system for a harmful purpose.

Malware – A program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim’s data, applications, or operating system or of otherwise annoying or disrupting the victim.

See Malicious Code.See also Malicious Applets and Malicious Logic.

A virus, worm, Trojan horse, or other code-based malicious entity that successfully infects a host.

Management Client (MGC) – A configuration of a client node that enables a KMI external operational manager to manage KMI products and services by either 1) accessing a PRSN, or 2) exercising locally provided capabilities. An MGC consists of a client platform and an advanced key processor (AKP).

Management Controls – The security controls (i.e., safeguards or countermeasures) for an information system that focus on the management of risk and the management of information system security.

Actions taken to manage the development, maintenance, and use of the system, including system-specific policies, procedures and rules of behavior, individual roles and responsibilities, individual accountability, and personnel security decisions.

Management Security Controls – The security controls (i.e., safeguards or countermeasures) for an information system that focus on the management of risk and the management of information systems security.

Mandatory Access Control – Access controls (which) are driven by the results of a comparison between the user’s trust level or clearance and the sensitivity designation of the information.

A means of restricting access to objects based on the sensitivity (as represented by a security label) of the information contained in the objects and the formal authorization (i.e., clearance, formal access approvals, and need-to-know) of subjects to access information of such sensitivity.

Mandatory Access Control (MAC) – A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (i.e., clearance) of users to access information of such sensitivity.

Mandatory Declassification Review – The review for declassification of classified information in response to a request for declassification that meets the requirements under Sections 3.5 and 3.6 of Executive Order (EO) 13526, “Classified National Security Information.”

Mandatory Modification – Change to a COMSEC end-item that NSA requires to be completed and reported by a specified date.See Optional Modification.

Man-in-the-middle Attack – An attack on the authentication protocol run in which the Attacker positions himself in between the Claimant and Verifier so that he can intercept and alter data traveling between them.

Manipulative Communications Deception – Alteration or simulation of friendly telecommunications for the purpose of deception.See Communications Deception and Imitative Communications Deception.

Manual Cryptosystem – Cryptosystem in which the cryptographic processes are performed without the use of crypto-equipment or auto-manual devices.

Manual Key Transport – A non-automated means of transporting cryptographic keys by physically moving a device, document, or person containing or possessing the key or key component.

A nonelectronic means of transporting cryptographic keys.

Manual Remote Rekeying – Procedure by which a distant crypto-equipment is rekeyed electronically, with specific actions required by the receiving terminal operator. Synonymous with cooperative remote rekeying. See also Automatic Remote Keying.

Markings Register – The Controlled Access Program Coordination Office (CAPCO) Register identifies the official classification and control markings, and their authorized abbreviations and portion markings. It provides for the allowable vocabulary for all national intelligence markings and other non-Intelligence Community (IC) markings to control the flow of information. The CAPCO Register provides a list of the human- readable syntax for these markings, regardless of medium (hard-copy, digital, or other).

Masquerading – When an unauthorized agent claims the identity of another agent, it is said to be masquerading. A type of threat action whereby an unauthorized entity gains access to a system or performs a malicious act by illegitimately posing as an authorized entity.

Master Cryptographic Ignition Key – Key device with electronic logic and circuits providing the capability for adding more operational CIKs to a keyset.

Master Crypto-Ignition Key Custodian – An individual at each node in a Community of Interest (COI) who is responsible for controlling and maintaining the Master Crypto-Ignition Key and programming the security features of the Secure Terminal Equipment. See: Community of Interest (COI)

Match/matching – The process of comparing biometric information against a previously stored template(s) and scoring the level of similarity.

Maximum Tolerable Downtime – The amount of time mission/business processes can be disrupted without causing significant harm to the organization’s mission.

Measurement and Signature Intelligence (MASINT) – Scientific and technical intelligence obtained by quantitative and qualitative analysis of data (metric, angle, spatial, wavelength, time dependence, modulation, plasma, and hydromagnetic). This data is derived from specific technical sensors for the purpose of identifying any distinctive features associated with the source, emitter, or sender. This facilitates subsequent identification and or measurement of the same.

Media – Physical devices or writing surfaces including but not limited to magnetic tapes, optical disks, magnetic disks, Large Scale Integration (LSI) memory chips, and printouts (but not including display media) onto which information is recorded, stored, or printed within an information system.

Media Sanitization – A general term referring to the actions taken to render data written on media unrecoverable by both ordinary and extraordinary means.

The actions taken to render data written on media unrecoverable by both ordinary and extraordinary means.

Memorandum of Agreement (MOA) – A written agreement among relevant parties that specifies roles, responsibilities, terms, and conditions for each party to reach a common goal.

Memorandum of Understanding/Agreement – A document established between two or more parties to define their respective responsibilities in accomplishing a particular goal or mission.In this guide, an MOU/A defines the responsibilities of two or more organizations in establishing, operating, and securing a system interconnection.

Memory Component – Considered to be the Lowest Replaceable Unit (LRU) in a hardware device. Memory components reside on boards, modules, and sub-assemblies. A board can be a module, or may consist of several modules and sub­assemblies.

Memory Scavenging – The collection of residual information from data storage.

Merit Systems Protection Board (MSPB) – The Merit Systems Protection Board (MSPB) serves to protect Federal merit systems against partisan political and other prohibited personnel practices and to ensure adequate protection for Federal employees against abuses by agency management. NOTE: The MSPB is one of the successor agencies to the Civil Service Commission (CSC) See: Civil Service Commission (CSC)

Message Authentication Code – A cryptographic checksum on data that uses a symmetric key to detect both accidental and intentional modifications of the data. MACs provide authenticity and integrity protection, but not non-repudiation protection.

Message Digest – The result of applying a hash function to a message. Also known as a “hash value” or “hash output”.

A digital signature that uniquely identifies data and has the property that changing a single bit in the data will cause a completely different message digest to be generated.

A cryptographic checksum, typically generated for a file that can be used to detect changes to the file. Synonymous with hash value/result.

Message Externals – Information outside of the message text, such as the header, trailer, etc.

Message Indicator – Sequence of bits transmitted over a communications system for synchronizing cryptographic equipment.

Metrics – Tools designed to facilitate decision-making and improve performance and accountability through collection, analysis, and reporting of relevant performance-related data.

MIME – See Multipurpose Internet Mail Extensions.

Mimicking – See Spoofing.

Min-Entropy – A measure of the difficulty that an Attacker has to guess the most commonly chosen password used in a system.

Minor Application – An application, other than a major application, that requires attention to security due to the risk and magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of the information in the application.Minor applications are typically included as part of a general support system.

Misnamed Files – A technique used to disguise a file’s content by changing the file’s name to something innocuous or altering its extension to a different type of file, forcing the examiner to identify the files by file signature versus file extension.

Mission Assurance Category – A Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) term primarily used to determine the requirements for availability and integrity.

Mission Critical – Any telecommunications or information system that is defined as a national security system (Federal Information Security Management Act of 2002 FISMA) or processes any information the loss, misuse, disclosure, or unauthorized access to or modification of, would have a debilitating impact on the mission of an agency.

Mission Essential – In the context of information, that information which is an essential portion of a unit’s mandatory wartime capability.

Mission/Business Segment – Elements of organizations describing mission areas, common/shared business services, and organization-wide services. Mission/business segments can be identified with one or more information systems which collectively support a mission/business process.

Mitigation – Ongoing and sustained action to reduce the probability of or lessen the impact of an adverse incident. Includes solutions that contain or resolve risks through analysis of threat activity and vulnerability data, which provide timely and accurate responses to prevent attacks, reduce vulnerabilities, and fix systems.

Mobile Code – Software modules obtained from remote systems, transferred across a network, and then downloaded and executed on local systems without explicit installation or execution by the recipient.

Mobile Code Technologies – Software technologies that provide the mechanisms for the production and use of mobile code (e.g., Java, JavaScript, ActiveX, VBScript).

Mobile Device – Portable cartridge/disk-based, removable storage media (e.g., floppy disks, compact disks, USB flash drives, external hard drives, and other flash memory cards/drives that contain nonvolatile memory).

Portable computing and communications device with information storage capability (e.g., notebook/laptop computers, personal digital assistants, cellular telephones, digital cameras, and audio recording devices).

Mobile Software Agent – Programs that are goal-directed and capable of suspending their execution on one platform and moving to another platform where they resume execution.

Mode of Operation – An algorithm for the cryptographic transformation of data that features a symmetric key block cipher algorithm.

Description of the conditions under which an information system operates based on the sensitivity of information processed and the clearance levels, formal access approvals, and need-to-know of its users. Four modes of operation are authorized for processing or transmitting information -dedicated mode, system high mode, compartmented/partitioned mode, and multilevel mode.

Moderate Impact – The loss of confidentiality, integrity, or availability that could be expected to have a serious adverse effect on organizational operations, organizational assets, individuals, other organizations, or the national security interests of the United States; (i.e., 1) causes a significant degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced; 2) results in significant damage to organizational assets; 3) results in significant financial loss; or 4) results in significant harm to individuals that does not involve loss of life or serious life threatening injuries).

Moderate-Impact System – An information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a FIPS 199 potential impact value of moderate and no security objective is assigned a FIPS 199 potential impact value of high.

An information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a potential impact value of moderate and no security objective is assigned a potential impact value of high.

Modulator-Demodulator (MODEM) – A device for transmitting usually digital data over telephone wires by modulating the data into an audio signal to send it and demodulating an audio signal into data to receive it (abbreviation

Multifactor Authentication – Authentication using two or more factors to achieve authentication. Factors include: (i) something you know (e.g. password/PIN); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something you are (e.g., biometric). See Authenticator.

Multi-Hop Problem – The security risks resulting from a mobile software agent visiting several platforms.

Multilevel Device – Equipment trusted to properly maintain and separate data of different security domains.

Multilevel Mode – Mode of operation wherein all the following statements are satisfied concerning the users who have direct or indirect access to the system, its peripherals, remote terminals, or remote hosts: 1) some users do not have a valid security clearance for all the information processed in the information system; 2) all users have the proper security clearance and appropriate formal access approval for that information to which they have access; and 3) all users have a valid need-to-know only for information to which they have access.

Multilevel Security – The concept of processing information with different classifications and categories that simultaneously permits access by users with different security clearances and denies access to users who lack authorization.

Multiple Security Levels (MSL) – Capability of an information system that is trusted to contain, and maintain separation between, resources (particularly stored data) of different security domains.

Multiple Sources – Two or more source documents, classification guides, or a combination of both.

Multi-Releasable – A characteristic of an information domain where access control mechanisms enforce policy-based release of information to authorized users within the information domain.

Naming Authority – An organizational entity responsible for assigning distinguished names (DNs) and for assuring that each DN is meaningful and unique within its domain.

Cyber Security Terms That Begin With the Letter N

National Cyber Risk Alert Level (NCRAL) – The National Cyber Risk Alert Level (NCRAL) system is designed to inform preparedness, decision making, information sharing, and cyber incident management activities. The Assistant Secretary for the Office of Cybersecurity and Communications (CS&C) determines the alert level in coordination with recommendations from the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and partners. The levels include: Level 1 (Severe):Highly disruptive levels of consequences are occurring or imminent. Level 2 (Substantial): Observed or imminent degradation of critical functions with a

National Information – Nationwide interconnection of communications networks, computers, databases, and consumer electronics that make vast amounts of information available to users. It includes both public and private networks, the Internet, the public switched network, and cable, wireless, and satellite communications.

National Information Assurance Partnership (NIAP) – Joint initiative between the National Security Agency (NSA) and the National Institute of Standards and Technology (NIST) responsible for security testing needs of both Information Technology (IT) consumers and producers and promoting the development of technically sound security requirements for IT products and systems and appropriate measures for evaluating those products and systems.

National Information Infrastructure (NII) – The nationwide interconnection of communications networks, computers, databases, and consumer electronics that make vast amounts of information available to users. The National Information Infrastructure (NII) includes both public and private networks, the Internet, the public switched network, and cable, wireless, and satellite communications.

National Military Strategy for Cyberspace Operations (NMS-CO) – The comprehensive strategy of the United States (U.S) Armed Forces to ensure U.S. military superiority in cyberspace. The National Military Strategy for Cyberspace Operations (NMS-CO) establishes a common understanding of cyberspace and sets forth a military strategic framework that orients and focuses Department of Defense (DoD) actions in

National Security Agency/Central Security Service (NSA/CSS) – The National Security Agency/Central Security Service (NSA/CSS) is the Government’s lead for cryptologic work in Signals Intelligence (SIGINT)/Computer Network Exploitation (CNE), Information Assurance (IA), and network threat operations. The primary operational functions of NSA/CSS include creating and maintaining time-sensitive capabilities to determine and disseminate the configuration and activities of networks of interest; characterizing and reporting cyber foreign threats to networks of interest in accordance with the mission to predict, detect, defeat, and attribute exploitations and attacks; conducting detection 24 hours a day, 7 days a week, alert, and incident response services to defend Department of Defense (DoD) unclassified networks; providing technical assistance, upon request and as appropriate, to Federal entities; and supporting collaborative planning and computer network operations (by NSA/CSS, United States Strategic Command (USSTRATCOM), and the broader community of the United States (U.S.), its allies, and its mission partners).

National Security Information (NSI) – Information that has been determined, pursuant to Executive Order (EO) 13526, “Classified National Security Information,” or any predecessor order, to require protection against unauthorized disclosure. National Security-Related Information Unclassified information related to national defense or foreign relations of the United States (U.S.).

National Vulnerability Database – (NVD) – The U.S. government repository of standards-based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g., FISMA).

Need for Access – A determination that an employee requires access to a particular level of classified information in order to perform or assist in a lawful and authorized Governmental function.

Need To Know Determination – Decision made by an authorized holder of official information that a prospective recipient requires access to specific official information to carry out official duties.

Needs Assessment (IT Security Awareness and Training) – A process that can be used to determine an organization’s awareness and training needs. The results of a needs assessment can provide justification to convince management to allocate adequate resources to meet the identified awareness and training needs.

Need-to-Know Determination – Decision made by an authorized holder of official information that a prospective recipient requires access to specific official information to carry out official duties (DoD Directive 8500.1).

Net-centric Architecture – A complex system of systems composed of subsystems and services that are part of a continuously evolving, complex community of people, devices, information and services interconnected by a network that enhances information sharing and collaboration. Subsystems and services may or may not be developed or owned by the same entity, and, in general, will not be continually present during the full life cycle of the system of systems. Examples of this architecture include service-oriented architectures and cloud computing architectures.

Network – A computing environment with more than one independent processor interconnected to permit communications and sharing of resources. See: Local Area Network (LAN); Wide Area Network (WAN)

Network Access – Access to an organizational information system by a user (or a process acting on behalf of a user) communicating through a network (e.g., local area network, wide area network, Internet).

Network Access Control (NAC) – A feature provided by some firewalls that allows access based on a user’s credentials and the results of health checks performed on the telework client device.

Network Address Translation – A routing technology used by many firewalls to hide internal system addresses from an external network through use of an addressing schema.

Network Front-End – Device implementing protocols that allow attachment of a computer system to a network.

Network Manager (NETMGR) – The individual who has supervisory or management responsibility for an organization, activity, or functional area that owns or operates a network.

Network Operations (NetOps)Activities – Conducted to operate and defend the

Network Resilience – A computing infrastructure that provides continuous business operation (i.e., highly resistant to disruption and able to operate in a degraded mode if damaged), rapid recovery if failure does occur, and the ability to scale to meet rapid or unpredictable demands.

Network Security Officer – An individual formally appointed by a Designated Approving Authority (DAA) to ensure that the provisions of all applicable directives are implemented throughout the life cycle of an Information Systems (IS) network. See: Information Assurance Officer (IAO)

Network Sniffing – A passive technique that monitors network communication, decodes protocols, and examines headers and payloads for information of interest.It is both a review technique and a target identification and analysis technique.

Network System – System implemented with a collection of interconnected components. A network system is based on a coherent security architecture and design.

Network Weaving – Penetration technique in which different communication networks are linked to access an information system to avoid detection and trace-back.

Nonce – A value used in security protocols that is never repeated with the same key. For example, nonces used as challenges in challenge-response authentication protocols generally must not be repeated until authentication keys are changed.Otherwise, there is a possibility of a replay attack. Using a nonce as a challenge is a different requirement than a random challenge, because a nonce is not necessarily unpredictable.

A random or non-repeating value that is included in data exchanged by a protocol, usually for the purpose of guaranteeing the transmittal of live data rather than replayed data, thus detecting and protecting against replay attacks.

Non-Conductive Section – Material, such as canvas or rubber, installed in ducts, vents, or pipes, that is unable to carry audio or radio frequency emanations.

Non-deterministic Random Bit Generator (NRBG) – An RBG that (when working properly) produces outputs that have full entropy. Contrast with a DRBG. Other names for non-deterministic RBGs are True Random Number (or Bit) Generators and, simply, Random Number (or Bit) Generators.

Non-Secure Internet Protocol Router Network (NIPRNET) – Used to exchange sensitive but unclassified information between “internal” users as well as provide users access to the Internet. The NIPRNET is composed of Internet Protocol (IP) routers owned by the Department of Defense (DoD). It was created by the Defense Information Systems Agency (DISA) to supersede the earlier Military Network. See: Unclassified Internet Protocol Router Network

Non-Volatile Memory (NVM) – Computer memory that retains data even when all power sources are disconnected. Examples include Read-Only Memory (ROM), Flash Memory, Ferroelectric Random-Access Memory (FRAM), most types of magnetic computer storage devices (e.g., hard disks, floppy disks, and magnetic tape), optical discs, and early computer storage methods such as paper tape and punched cards. See: Volatile Memory; Non-Volatile Random- Access Memory (NVRAM)

Non-Volatile Random-Access Memory (NVRAM) – Random-Access Memory (RAM) that retains its information when power is turned off (non­volatile). This is in contrast to volatile Dynamic Random-Access Memory (DRAM) and Static Random-Access Memory (SRAM), which both maintain data only for as long as power is applied. See: Dynamic Random-Access Memory (DRAM);

NSA-Approved Cryptography – Cryptography that consists of: (i) an approved algorithm; (ii) an implementation that has been approved for the protection of classified information in a particular environment; and (iii) a supporting key management infrastructure.

Null – Dummy letter, letter symbol, or code group inserted into an encrypted message to delay or prevent its decryption or to complete encrypted groups for transmission or transmission security purposes.

Cyber Security Terms That Begin With the Letter O

Object – A passive entity that contains or receives information.

Passive information system-related entity (e.g., devices, files, records, tables, processes, programs, domains) containing or receiving information.Access to an object implies access to the information it contains.

Passive information system-related entity (e.g., devices, files, records, tables, processes, programs, domains) containing or receiving information Access to an object (by a subject) implies access to the information it contains. See Subject.

Object Identifier – A specialized formatted number that is registered with an internationally recognized standards organization.The unique alphanumeric/numeric identifier registered under the ISO registration standard to reference a specific object or object class. In the federal government PKI, they are used to uniquely identify each of the four policies and cryptographic algorithms supported.

Off-Card – Refers to data that is not stored within the PIV card or computation that is not done by the Integrated Circuit Chip (ICC) of the PIV card.

Offensive Cyberspace Operations (OCO) – Offensive operations to destroy, disrupt, or neutralize adversary cyberspace capabilities both before and after their use against friendly forces, but as close to their source as possible. The goal of Offensive Cyberspace Operations (OCO) is to prevent the employment of adversary cyberspace capabilities prior to employment. This could mean preemptive action against an adversary.

Off-line Attack – An attack where the Attacker obtains some data (typically by eavesdropping on an authentication protocol run, or by penetrating a system and stealing security files) that he/she is able to analyze in a system of his/her own choosing.

Off-line Cryptosystem – Cryptographic system in which encryption and decryption are performed independently of the transmission and reception functions.

On-Card – Refers to data that is stored within the PIV card or computation that is done by the ICC of the PIV card.

One-part Code – Code in which plain text elements and their accompanying code groups are arranged in alphabetical, numerical, or other systematic order, so one listing serves for both encoding and decoding. One-part codes are normally small codes used to pass small volumes of low-sensitivity information.

One-time Cryptosystem – Cryptosystem employing key used only once.

One-time Pad – Manual one-time cryptosystem produced in pad form.

One-time Tape – Punched paper tape used to provide key streams on a one-time basis in certain machine cryptosystems.

One-Way Hash Algorithm – Hash algorithms which map arbitrarily long inputs into a fixed-size output such that it is very difficult (computationally infeasible) to find two different hash inputs that produce the same output. Such algorithms are an essential part of the process of producing fixed-size digital signatures that can both authenticate the signer and provide for data integrity checking (detection of input modification after signature).

Online Attack – An attack against an authentication protocol where the Attacker either assumes the role of a Claimant with a genuine Verifier or actively alters the authentication channel. The goal of the attack may be to gain authenticated access or learn authentication secrets.

Online Certificate Status – An online protocol used to determine the status of a public key certificate.

Online Cryptosystem – Cryptographic system in which encryption and decryption are performed in association with the transmitting and receiving functions.

Open Source Code – Information available to the public, including information with limited distribution or access, including information available by subscription.

Open Vulnerability and Assessment Language (OVAL) – SCAP language for specifying low-level testing procedures used by checklists.

Operating System (OS) Fingerprinting – Analyzing characteristics of packets sent by a target, such as packet headers or listening ports, to identify the operating system in use on the target.

Operational Controls – The security controls (i.e., safeguards or countermeasures) for an information system that primarily are implemented and executed by people (as opposed to systems).

The security controls (i.e., safeguards or countermeasures) for an information system that are primarily implemented and executed by people (as opposed to systems).

Operational Key – Key intended for use over-the-air for protection of operational information or for the production or secure electrical transmission of key streams.

Operational Vulnerability Information – Information that describes the presence of an information vulnerability within a specific operational setting or network.

Operational Waiver – Authority for continued use of unmodified COMSEC end-items pending the completion of a mandatory modification.

Operations and Support – A Special Access Program (SAP) established to protect the planning for, execution of, and support to especially sensitive military operations. An operations and support SAP may protect organizations, property, operational concepts, plans, or activities.

Operations Code – Code composed largely of words and phrases suitable for general communications use.

Operations Security (OPSEC) – Systematic and proven process by which potential adversaries can be denied information about capabilities and intentions by identifying, controlling, and protecting generally unclassified evidence of the planning and execution of sensitive activities. The process involves five steps – identification of critical information, analysis of threats, analysis of vulnerabilities, assessment of risks, and application of appropriate countermeasures.

Operations Security Plan (OSP) – A strategy that analyzes an operation or activity and includes specific Operations Security (OPSEC) measures. See: Operations Security (OPSEC)

Operations Security Working Group (OWG) – A normally formally designated body representing a broad range of line and staff activities within an organization that provides Operations Security (OPSEC) advice and support to leadership and all elements of the organization. See: Operations Security (OPSEC)

Optical Storage Media – Optical mass storage devices that are “written”and “read” by light waves (laser), including

Optional Modification – NSA-approved modification not required for universal implementation by all holders of a COMSEC end-item. This class of modification requires all of the engineering/doctrinal control of mandatory modification but is usually not related to security, safety, TEMPEST, or reliability. See Mandatory Modification.

Oral/Visual Disclosure – To brief orally, to expose to view, or to permit use under United States (U.S.) supervision in order to permit the transfer of knowledge or information, but not to physically transfer documents, material, or equipment to a foreign government or its representatives.

Outside Threat – An unauthorized entity from outside the domain perimeter that has the potential to harm an Information System through destruction, disclosure, modification of data, and/or denial of service.

Outside(r) Threat – An unauthorized entity outside the security domain that has the potential to harm an information system through destruction, disclosure, modification of data, and/or denial of service.

Outsourced Information Technology-based Process – For Department of Defense (DoD) Information Assurance (IA) purposes, an outsourced Information Technology (IT)-based process is a general term used to refer to outsourced business processes supported by private sector Information Systems (IS), outsourced information technologies, or outsourced information services. An outsourced IT-based process performs clearly- defined functions for which there are readily identifiable security considerations and needs that are addressed in both acquisition and operations.

Overt Channel – Communications path within a computer system or network designed for the authorized transfer of data.See Covert Channel.

Overt Collection – The acquisition of information via the public domain.

Overt Operation – An operation conducted openly without concealment.

Overt Testing – Security testing performed with the knowledge and consent of the organization’s IT staff.

Over-The-Air Key Distribution – Providing electronic key via over-the-air rekeying, over-the-air key transfer, or cooperative key generation.

Over-The-Air Key Transfer – Electronically distributing key without changing traffic encryption key used on the secured communications path over which the transfer is accomplished.

Over-The-Air Rekeying (OTAR) – Changing traffic encryption key or transmission security key in remote cryptographic equipment by sending new key directly to the remote cryptographic equipment over the communications path it secures.

Overwrite – A software process that replaces the data previously stored on magnetic storage media with a predetermined set of meaningless data. Overwriting is an acceptable method for clearing for release to environments of equal classification (TOP SECRET/Special Access Program (SAP) to TOP SECRET/SAP, TOP SECRET/SAP to TOP SECRET/ Sensitive Compartmented Information (SCI)). NOTE(S): The effectiveness of the overwrite procedure may be reduced by several factors: ineffectiveness of the overwrite procedures; equipment failure (e.g., misalignment of read/ write heads); or inability to overwrite bad sectors or tracks or information in inter-record gaps. Software overwrite routines may also be corrupted by the hostile computer viruses. Overwriting is not an acceptable method to declassify media.

Overwrite Procedure – A software process that replaces data previously stored on storage media with a predetermined set of meaningless data or random patterns.

Overwrite/Re-recording Verification – An approved procedure to review, display, or check the success of an overwrite procedure. The successful testing and documentation through hardware and random hard-copy readout of the actual overwritten memory sectors.

Cyber Security Terms That Begin With the Letter P

Cyber Security Terms That Begin With the Letter P

Packet Filter – A routing device that provides access control functionality for host addresses and communication sessions.

Packet Sniffer – Software that observes and records network traffic.

Parity – Bit(s) used to determine whether a block of data has been altered.

Partitioned Security Mode – Information systems security mode of operation wherein all personnel have the clearance, but not necessarily formal access approval and need-to-know, for all information handled by an information system.

Pass Phrase – Sequence of characters longer than the acceptable length of a password that is transformed by a password system into a virtual password of acceptable length.

Pass/Fail – A declassification technique that regards information at the full document or folder level. Any exemptible portion of a document or folder may result in failure (exemption) of the entire documents or folders. Documents within exempt folders are exempt from automatic declassification. Documents or folders that contain no exemptible information are passed and therefore declassified. NOTE: Declassified documents may be subject to Freedom of Information Act (FOIA) exemptions other than the security exemption, and the requirements placed by legal authorities governing Presidential records and materials. See: Automatic Declassification; Declassification

Passive Attack – An attack against an authentication protocol where the Attacker intercepts data traveling along the network between the Claimant and Verifier, but does not alter the data (i.e., eavesdropping).

An attack that does not alter systems or data.

Passive Security Testing – Security testing that does not involve any direct interaction with the targets, such as sending packets to a target.

Passive Wiretapping – The monitoring or recording of data while it is being transmitted over a communications link, without altering or affecting the data.

Password – Protected or private character string used to authenticate an identity or to authorize access to data.

Password Cracking – The process of recovering secret passwords stored in a computer system or transmitted over a network.

Password Protected – The ability to protect a file using a password access control, protecting the data contents from being viewed with the appropriate viewer unless the proper password is entered.

The ability to protect the contents of a file or device from being accessed until the correct password is entered.

Password Shadowing – The ability with any Operating System (OS) to physically store passwords and/or encrypted password results in a mass storage area of the system other than in the actual password file itself. This feature in intended to prevent the theft of passwords by hackers. NOTE: Password shadowing is usually a UNIX feature.

Patch – An update to an operating system, application, or other software issued specifically to correct particular problems with the software.

Patch Management – The systematic notification, identification, deployment, installation, and verification of operating system and application software code revisions.These revisions are known as patches, hot fixes, and service packs.

Path Histories – Maintaining an authenticatable record of the prior platforms visited by a mobile software agent, so that a newly visited platform can determine whether to process the agent and what resource constraints to apply.

Payload – The input data to the CCM generation-encryption process that is both authenticated and encrypted.

Peer Entity Authentication – The process of verifying that a peer entity in an association is as claimed.

Penetration Testing – A test methodology in which assessors, using all available documentation (e.g., system design, source code, manuals) and working under specific constraints, attempt to circumvent the security features of an information system.

A test methodology in which assessors, typically working under specific constraints, attempt to circumvent or defeat the security features of an information system.

Security testing in which evaluators mimic real-world attacks in an attempt to identify ways to circumvent the security features of an application, system, or network. Penetration testing often involves issuing real attacks on real systems and data, using the same tools and techniques used by actual attackers. Most penetration tests involve looking for combinations of vulnerabilities on a single system or multiple systems that can be used to gain more access than could be achieved through a single vulnerability.

Per-Call Key – Unique traffic encryption key generated automatically by certain secure telecommunications systems to secure single voice or data transmissions. See Cooperative Key Generation.

Periodic Reinvestigation (PR) – An investigation conducted every 5 years for the purpose of updating a previously completed background or special background investigation. The scope consists of a personal interview, National Agency Check (NAC), Local Agency Check (LAC), credit bureau checks, employment records, employment references, and developed character references, and normally will not exceed the most recent 5-year period.

Periods Processing – The processing of various levels of classified and unclassified information at distinctly different times. Under the concept of periods processing, the system must be purged of all information from one processing period before transitioning to the next.

Peripheral – Any devices which are part of an Information System (IS), such as printers, hard and floppy disk drives, and video display terminals. See: Peripheral Device

Peripheral Device – Any device attached to the network that can store, print, display, or enhance data, such as a disk and/or tape, printer and/or plotter, an optical scanner, a video camera, a punched-card reader, a monitor, or card punch. See: Peripheral

Perishable Data – Information whose value can decrease substantially during a specified time.A significant decrease in value occurs when the operational circumstances change to the extent that the information is no longer useful.

Permuter – Device used in cryptographic equipment to change the order in which the contents of a shift register are used in various nonlinear combining circuits.

Personal Computer (PC) – A Personal Computer (PC) is a system based on a microprocessor and comprised of internal memory (Read-Only Memory (ROM) and Random- Access Memory (RAM)), input and/or output, and associated circuitry. The PC system typically includes one or more read/write devices for removable magnetic storage media (e.g., floppy diskettes, tape cassettes, hard disk cartridges), a keyboard, Cathode Ray Tube or plasma display, and a printer.

Personal Digital Assistant (PDA) – Personal Digital Assistants (PDAs) are mint processors with computing power that are generally smaller than laptop, notebook, or netbook computers.

Personal Financial Statement (PFS) – Form used as part of a personnel security investigation to provide a summary of a person’s total monthly income, debt payments, expenses, and the net remainder of income.

Personal Firewall – A utility on a computer that monitors network activity and blocks communications that are unauthorized.

Phishing – Tricking individuals into disclosing sensitive personal information through deceptive computer-based means.

Deceiving individuals into disclosing sensitive personal information through deceptive computer-based means.

A digital form of social engineering that uses authentic-looking—but bogus—emails to request information from users or direct them to a fake Web site that requests information.

Physical Damage Assessment – The estimate of the quantitative extent of physical damage based upon observed or interpreted damage.

Physical Security (PHYSEC) – The application of physical barriers and control

Physical Security Waiver – An exemption from specific standards for physical security for Sensitive Compartmented Information Facilities (SCIF) as outlined in Intelligence Community Directive (ICD) 705, “Sensitive Compartmented Information Facilities.”

Physically Isolated Network – A network that is not connected to entities or systems outside a physically controlled space.

Piconet – A small Bluetooth network created on an ad hoc basis that includes two or more devices.

PII Confidentiality Impact Level – The PII confidentiality impact level—low, moderate, or high—indicates the potential harm that could result to the subject individuals and/or the organization if PII were inappropriately accessed, used, or disclosed.

Plaintext – Data input to the Cipher or output from the Inverse Cipher.

Intelligible data that has meaning and can be understood without the application of decryption.

Unencrypted information.

Plaintext Key – An unencrypted cryptographic key.

Plan of Action and Milestones – A document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks, and scheduled completion dates for the milestones.

Platform Information Technology (IT) Interconnection – For Department of Defense (DoD) Information Assurance (IA) purposes, platform Information Technology (IT) interconnection refers to network access to platform IT.Platform IT refers to computer resources, both hardware and software, that are physically part of, dedicated to, or essential in real time to the mission performance of special purpose systems such as weapons, training simulators, diagnostic test and maintenance equipment, calibration equipment, equipment used in the research and development of weapons systems, medical technologies, transport vehicles, buildings, and utility distribution systems such as water and electric. Platform IT interconnection has readily identifiable security considerations and needs that must be

Policy Approving Authority – First level of the PKI Certification Management Authority that approves the security policy of each PCA.

Policy Certification Authority – Second level of the PKI Certification Management Authority that formulates the security policy under which it and its subordinate CAs will issue public key certificates.

Policy Mapping – Recognizing that, when a CA in one domain certifies a CA in another domain, a particular certificate policy in the second domain may be considered by the authority of the first domain to be equivalent (but not necessarily identical in all respects) to a particular certificate policy in the first domain.

Policy-Based Access Control – A form of access control that uses an authorization policy that is flexible in the types of evaluated parameters (e.g., identity, role, clearance, operational need, risk, and heuristics).

Port – A physical entry or exit point of a cryptographic module that provides access to the module for physical signals, represented by logical information flows (physically separated ports do not share the same physical pin or wire).

Port Scanning – Using a program to remotely determine which ports on a system are open (e.g., whether systems allow connections through those ports).

Portable Computer System – Any computer system, including Portable Electronic Devices (PEDs) and Portable Computing Devices (PCDs), specifically designed for portability and to be hand carried by an individual. Examples include grids, laptops, cellular telephones, two-way pagers, palm-sized computing devices, two-way radios with functions including audio, video, data, recording or playback features, personal digital assistants, palmtops, notebooks, data diaries, and watches with communications software and synchronization hardware.

Portable Electronic Device (PED) – Any nonstationary electronic apparatus with singular or multiple capabilities of recording, storing, and/or transmitting data, voice, video, or photo images.This includes but is not limited to laptops, personal digital assistants, pocket personal computers, palmtops, MP3 players, cellular telephones, thumb drives, video cameras, and pagers.

Portal – A high-level remote access architecture that is based on a server that offers teleworkers access to one or more applications through a single centralized interface.

Positive Control Material – Generic term referring to a sealed authenticator system, permissive action link, coded switch system, positive enable system, or nuclear command and control documents, material, or devices.

Potential Impact – The loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect; a serious adverse effect, or a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.

The loss of confidentiality, integrity, or availability that could be expected to have a limited (low) adverse effect, a serious (moderate) adverse effect, or a severe or catastrophic (high) adverse effect on organizational operations, organizational assets, or individuals.

Potential Threat – An estimate of the present and future resource allocations and capabilities of an adversary to gain information. See: Threat Assessment

Practice Statement – A formal statement of the practices followed by an authentication entity (e.g., RA, CSP, or Verifier).It usually describes the policies and practices of the parties and can become legally binding. SOURCE:SP 800-63

Prediction Resistance – Prediction resistance is provided relative to time T if there is assurance that an adversary who has knowledge of the internal state of the DRBG at some time prior to T would be unable to distinguish between observations of ideal random bitstrings and bitstrings output by the DRBG at or subsequent to time T. The complementary assurance is called Backtracking Resistance.

Preparedness – Actions that involve a combination of planning, resources, training, exercising, and organizing to build, sustain, and improve operational capabilities. It is the process of identifying the personnel, training, and equipment needed for a wide range of potential incidents, and developing jurisdiction-specific plans for delivering capabilities when needed for an incident.

Preproduction Model – Version of INFOSEC equipment employing standard parts and suitable for complete evaluation of form, design, and performance. Preproduction models are often referred to as beta models.

Prevention – Actions to avoid an incident or to intervene to stop an incident from occurring. Prevention involves actions to protect lives and property that may include such countermeasures as: deterrence operations; heightened inspections; improved surveillance and security operations; investigations to determine the full nature and source of the threat; public health and agricultural surveillance and testing processes; immunizations, isolation, or quarantine; and, as appropriate, specific law enforcement operations aimed at deterring, preempting, interdicting, or disrupting illegal activity and apprehending potential perpetrators and bringing them to justice.

Primary Services Node (PRSN) – A Key Management Infrastructure core node that provides the users’ central point of access to KMI products, services, and information.

Principal – An entity whose identity can be authenticated.

Principal Disclosure Authority (PDA) – Oversees compliance with Department of Navy

Print Suppression – Eliminating the display of characters in order to preserve their secrecy.

Privacy – Restricting access to subscriber or Relying Party information in accordance with federal law and agency policy.

Privacy Data – Any record that is contained in a system of records, as defined in the reference and information the disclosure of which would constitute an unwarranted invasion of personal privacy (DoD Directive 8500.1).

Privacy Impact Assessment (PIA) – An analysis of how information is handled: 1) to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; 2) to determine the risks and effects of collecting, maintaining, and disseminating information in identifiable form in an electronic information system; and 3) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks.

Privacy System – Commercial encryption system that affords telecommunications limited protection to deter a casual listener, but cannot withstand a technically competent cryptanalytic attack.

Private Key – The secret part of an asymmetric key pair that is typically used to digitally sign or decrypt data.

A cryptographic key, used with a public key cryptographic algorithm, that is uniquely associated with an entity and is not made public. In an asymmetric (public) cryptosystem, the private key is associated with a public key. Depending on the algorithm, the private key may be used, for example, to:

Private Key – A cryptographic key used with a public key cryptographic algorithm, which is uniquely associated with an entity, and not made public; it is used to generate a digital signature; this key is mathematically linked with a corresponding public key.

A cryptographic key, used with a public key cryptographic algorithm, that is uniquely associated with an entity and is not made public.

In an asymmetric cryptography scheme, the private or secret key of a key pair which must be kept confidential and is used to decrypt messages encrypted with the public key or to digitally sign messages, which can then be validated with the public key.

Privilege – A right granted to an individual, a program, or a process.

Privilege Management – The definition and management of policies and processes that define the ways in which the user is provided access rights to enterprise systems. It governs the management of the data that constitutes the user’s privileges and other attributes, including the storage, organization and access to information in directories.

Privileged Access – Explicitly authorized access of a specific user,

Privileged Account – An information system account with approved authorizations of a privileged user.

An information system account with authorizations of a privileged user.

Privileged Accounts – Individuals who have access to set “access rights” for users on a given system.Sometimes referred to as system or network administrative accounts.

Privileged Command – A human-initiated command executed on an information system involving the control, monitoring, or administration of the system including security functions and associated security-relevant information.

Privileged Process – A computer process that is authorized (and, therefore, trusted) to perform security-relevant functions that ordinary processes are not authorized to perform.

Probability of Occurrence – See Likelihood of Occurrence.

Product Source Node (PSN) – The Key Management Infrastructure core node that provides central generation of cryptographic key material.

Production Model – INFOSEC equipment in its final mechanical and electrical form.

Profile – A collection and/or display (e.g., a written or graphical description) of the signatures and patterns of an individual or organization.

Profiling – Measuring the characteristics of expected activity so that changes to it can be more easily identified.

Program Access Request – A formal request used to nominate an individual for program access.

Program Channels or Program Security Channels – A method or means expressly authorized for the handling or transmission of classified or unclassified Special Access Program (SAP) information whereby the information is provided to indoctrinated persons.

Program Office (PO) – The office that manages, executes, and controls a Special Access Program (SAP) in a Department of Defense (DoD) component.

Program Protection Survey – A survey, conducted during each acquisition phase, to assess the effectiveness of the countermeasures prescribed in the program protection plan at a specific point in time.

Program Security Officer (PSO) – The Government official who administers the security policies for the Special Access Program (SAP).

Program Sensitive Information – Unclassified information that is associated with the program. Material or information that, while not directly describing the program or aspects of the program, could indirectly disclose the actual nature of the program to a non-program-briefed individual.

Programmable Read-Only Memory (PROM) – A form of digital memory where the setting of each bit is locked by a fuse or antifuse. PROM is used to store programs permanently. These types of memories are frequently seen in video game consoles, mobile phones, Radio- Frequency Identification (RFID) tags, implantable medical devices, High-Definition Multimedia Interfaces (HDMIs) and in many other consumer and automotive electronics products.

Project/Program Manager (PM) – The single individual responsible for a project or program who manages all daily aspects of the project or program.

Promiscuous Mode – A configuration setting for a network interface card that causes it to accept all incoming packets that it sees, regardless of their intended destinations.

Proprietary Information (PROPIN) – Material and information relating to or associated with a company’s products, business, or activities, including but not limited to financial information; data or statements; trade secrets; product research and development; existing and future product designs and performance specifications; marketing plans or techniques; schematics; client lists; computer programs; processes; and know-how that has been clearly identified and properly marked by the company as proprietary information, trade secrets, or company confidential information. The information must have been developed by the company and not be available to the government or to the public without restriction from another source.

Protected Distribution System (PDS) – A wire line or fiber-optic telecommunications system that includes terminals and adequate acoustic, electrical, electromagnetic, and physical safeguards to permit its use for the unencrypted transmission of classified information.

Protected Information – Includes sensitive, critical, and/or classified information.

Protection – Actions or measures taken to cover or shield from exposure, injury, or destruction. Protection includes actions to deter the threat, mitigate the vulnerabilities, or minimize the consequences associated with a terrorist attack or other incident. Protection can include a wide range of activities, such as hardening facilities; building resiliency and redundancy; incorporating hazard resistance into initial facility design; initiating active or passive countermeasures; installing security systems; promoting workforce surety, training, and exercises; and implementing cybersecurity measures, among various others. See: Protective Measures

Protection PhilosophyInformal description of the overall design of an information system delineating each of the protection mechanisms employed. Combination of formal and informal techniques, appropriate to the evaluation class, used to show the mechanisms are adequate to enforce the security policy.

Protection Profile – Common Criteria specification that represents an implementation-independent set of security requirements for a category of Target of Evaluations (TOE) that meets specific consumer needs.

Protective Distribution System – Wire line or fiber optic system that includes adequate safeguards and/or countermeasures (e.g., acoustic, electric, electromagnetic, and physical) to permit its use for the transmission of unencrypted information.

Protective Measures – Those actions, procedures, or designs implemented to safeguard protected information. See: Protection

Protective Packaging – Packaging techniques for COMSEC material that discourage penetration, reveal a penetration has occurred or was attempted, or inhibit viewing or copying of keying material prior to the time it is exposed for use.

Protective Security Service – A transportation protective service provided by a cleared commercial carrier and qualified by the Military Surface Deployment and Distribution Command (MSDDC) to transport SECRET shipments.

Protective Technologies – Special tamper-evident features and materials employed for the purpose of detecting tampering and deterring attempts to compromise, modify, penetrate, extract, or substitute information processing equipment and keying material.

Protocol – Set of rules and formats, semantic and syntactic, permitting information systems to exchange information.

Protocol Data Unit – A unit of data specified in a protocol and consisting of protocol information and, possibly, user data.

Protocol Entity – Entity that follows a set of rules and formats (semantic and syntactic) that determines the communication behavior of other entities.

Provider – The contractor, Government support organization, or both, that provides the process on behalf of the customer.

Proxy – A proxy is an application that breaks the connection between client and server. The proxy accepts certain types of traffic entering or leaving a network and processes it and forwards it. This effectively closes the straight path between the internal and external networks making it more difficult for an attacker to obtain internal addresses and other details of the organization’s internal network.Proxy servers are available for common Internet services; for example, a Hyper Text Transfer Protocol (HTTP) proxy used for Web access, and a Simple Mail Transfer Protocol (SMTP) proxy used for email.

An application that “breaks” the connection between client and server. The proxy accepts certain types of traffic entering or leaving a network and processes it and forwards it.

Note:This effectively closes the straight path between the internal and external networks, making it more difficult for an attacker to obtain internal addresses and other details of the organization’s internal network. Proxy servers are available for common Internet services; for example, a Hyper Text Transfer Protocol (HTTP) proxy used for Web access, and a Simple Mail Transfer Protocol (SMTP) proxy used for email.

Proxy Agent – A software application running on a firewall or on a dedicated proxy server that is capable of filtering a protocol and routing it between the interfaces of the device.

Proxy Server – A server that services the requests of its clients by forwarding those requests to other servers.

Pseudonym – A false name.

1. A subscriber name that has been chosen by the subscriber that is not verified as meaningful by identity proofing. 2. An assigned identity that is used to protect an individual’s true identity.

Pseudorandom number generator – An algorithm that produces a sequence of bits that are uniquely determined from an initial value called a seed. The output of the PRNG “appears” to be random, i.e., the output is statistically indistinguishable from random values. A cryptographic PRNG has the additional property that the output is unpredictable, given that the seed is not known.

Public Domain (PD) – In open view; before the public at large and not in private or employing secrecy or other protective measures.

Public Key – A cryptographic key used with a public key cryptographic algorithm, uniquely associated with an entity, and which may be made public; it is used to verify a digital signature; this key is mathematically linked with a corresponding private key.

A cryptographic key used with a public key cryptographic algorithm that is uniquely associated with an entity and that may be made public.

A cryptographic key that may be widely published and is used to enable the operation of an asymmetric cryptography scheme. This key is mathematically linked with a corresponding private key. Typically, a public key can be used to encrypt, but not decrypt, or to validate a signature, but not to sign.

Public Key (Asymmetric) Cryptographic Algorithm – A cryptographic algorithm that uses two related keys, a public key and a private key.The two keys have the property that deriving the private key from the public key is computationally infeasible.

Public Key Certificate – A digital document issued and digitally signed by the private key of a Certificate authority that binds the name of a Subscriber to a public key. The certificate indicates that the Subscriber identified in the certificate has sole control and access to the private key.

A set of data that unambiguously identifies an entity, contains the entity’s public key, and is digitally signed by a trusted third party (certification authority).

A set of data that uniquely identifies an entity, contains the entity’s public key, and is digitally signed by a trusted party, thereby binding the public key to the entity.

See Also Certificate.

Public Key Cryptography – Encryption system that uses a public-private key pair for encryption and/or digital signature.

Public Key Enabling (PKE) – The incorporation of the use of certificates for security services such as authentication, confidentiality, data integrity, and non-repudiation.

Public Key Infrastructure – An architecture which is used to bind public keys to entities, enable other entities to verify public key bindings, revoke such bindings, and provide other services critical to managing public keys.

A Framework that is established to issue, maintain, and revoke public key certificates.

A support service to the PIV system that provides the cryptographic keys needed to perform digital signature-based identity verification and to protect communications and storage of sensitive verification system data within identity cards and the verification system.

The framework and services that provide for the generation, production, distribution, control, accounting, and destruction of public key certificates.Components include the personnel, policies, processes, server platforms, software, and workstations used for the purpose of administering certificates and public-private key pairs, including the ability to issue, maintain, recover, and revoke public key certificates.

Public Key Infrastructure (PKI) – An enterprise-wide service (i.e., data integrity, user identification and authentication, user non-repudiation, data confidentiality, encryption, and digital signature) that supports digital signatures and other public key-based security mechanisms for Department of Defense (DoD) functional enterprise programs, including generation, production, distribution, control, and accounting of public key certificates. A PKI provides the means to bind public keys to their owners and helps in the distribution of reliable public keys in large heterogeneous networks.

Purge – Rendering sanitized data unrecoverable by laboratory attack methods.

Purging – The removal of data from an Information System (IS), its storage devices, or other peripheral devices with storage capacity in such a way that the data may not be reconstructed. Note: An IS must be disconnected from any external network before a purge. See: Sanitization

Cyber Security Terms That Begin With the Letter Q

Quantitative Assessment – Use of a set of methods, principles, or rules for assessing risks based on the use of numbers where the meanings and proportionality of values are maintained inside and outside the context of the assessment.

Quarantine – Store files containing malware in isolation for future disinfection or examination.

Cyber Security Terms That Begin With the Letter R

Radio Frequency Identification (RFID) – A form of automatic identification and data capture (AIDC) that uses electric or magnetic fields at radio frequencies to transmit information.

Random Bit Generator (RBG) – A device or algorithm that outputs a sequence of binary bits that appears to be statistically independent and unbiased. An RBG is either a DRBG or an NRBG.

Random Number Generator – Random Number Generators (RNGs) used for cryptographic applications typically produce a sequence of zero and one bits that may be combined into sub-sequences or blocks of random numbers. There are two basic classes: deterministic and nondeterministic. A deterministic RNG consists of an algorithm that produces a sequence of bits from an initial value called a seed. A nondeterministic RNG produces output that is dependent on some unpredictable physical source that is outside human control.

Random Procurement – Method of acquiring materials for use in new construction or modification to an existing Sensitive Compartmented Information Facility (SCIF) or secure work area from existing local off-the-shelf stock by TOP SECRET, cleared United States (U.S.) citizens. Procurement of material will be unannounced, made without referral and immediately transported by the procurer to a Secure Storage Area (SSA).Random procurement may also be used for the acquisition of equipment, material, or supplies to be used in a SCIF or secure area.

Random Selection – The process of selecting a portion of building materials from a bulk shipment, procured for non­ specific general construction use. NOTE: Random selection is not authorized for Sensitive Compartmented Information Facilities (SCIFs) or secure work areas.

Randomizer – Analog or digital source of unpredictable, unbiased, and usually independent bits. Randomizers can be used for several different functions, including key generation or to provide a starting state for a key generator.

Read – Fundamental operation in an information system that results only in the flow of information from an object to a subject.

Read Access – Permission to read information in an information system.

Recovery – The development, coordination, and execution of service and site restoration plans; the reconstitution of government operations and services; individual, private sector, nongovernmental, and public assistance programs to provide housing and

Recovery Point Objective – The point in time to which data must be recovered after an outage.

Recovery Procedures – Actions necessary to restore data files of an information system and computational capability after a system failure.

Recovery Time Objective – The overall length of time an information system’s components can be in the recovery phase before negatively impacting the organization’s mission or mission/business functions.

Recycled – Recycled is the end state for Information System (IS) storage devices processed in such a way as to make them ready for reuse to adapt them to a new use, or to reclaim constituent materials of value (i.e., smelting).

RED – In cryptographic systems, refers to information or messages that contain sensitive or classified information that is not encrypted.

RED Equipment – A term applied to equipment that processes unencrypted National Security Information (NSI) that requires protection during electrical or electronic processing. See: RED; RED/BLACK Concept

RED Line – An optical fiber or a metallic wire that carries a

RED Optical Fiber Line – An optical fiber that carries a RED signal or that originates or terminates in a RED equipment or system.

Red Signal – Any electronic emission (e.g., plain text, key, key stream, subkey stream, initial fill, or control signal) that would divulge national security information if recovered.

Red Team – A group of people authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s security posture.The Red Team’s objective is to improve enterprise Information Assurance by demonstrating the impacts of successful attacks and by demonstrating what works for the defenders (i.e., the Blue Team) in an operational environment.

RED Wire Line – A metallic wire that carries a RED signal or that originates or terminates in a RED equipment or system. See: RED; RED/BLACK Concept

Red/Black Concept – Separation of electrical and electronic circuits, components, equipment, and systems that handle unencrypted information (Red), in electrical form, from those that handle encrypted information (Black) in the same form.

Redaction – For purposes of declassification, the removal of exempted information from copies of a document.

Reference Monitor – The security engineering term for IT functionality that—

Register – The official list of authorized security control markings and abbreviated forms of such markings for use by all elements of the Intelligence Community (IC) for classified and unclassified information. Also known as the Controlled Access Program Coordination Office (CAPCO) Register.

Registration – The process through which a party applies to become a subscriber of a Credentials Service Provider (CSP) and a Registration Authority validates the identity of that party on behalf of the CSP.

The process through which an Applicant applies to become a Subscriber of a CSP and an RA validates the identity of the Applicant on behalf of the CSP.

Registration Authority (RA) – A trusted entity that establishes and vouches for the identity of a Subscriber to a CSP. The RA may be an integral part of a CSP, or it may be independent of a CSP, but it has a relationship to the CSP(s).

Regrade – To raise or lower, as determined appropriate, the classification assigned to an item of information.

Reimbursable Suitability Investigation – Focused investigation to provide additional specific information to resolve developed issues.

Reinstatement – A process whereby a person whose access authorization has been terminated or revoked is permitted to have access to classified information again.

Rekey (a certificate) – To change the value of a cryptographic key that is being used in a cryptographic system application; this normally entails issuing a new certificate on the new public key.

Remanence – Residual information remaining on storage media after clearing. See Magnetic Remanence and Clearing.

Remote Access – Access to an organizational information system by a user (or an information system acting on behalf of a user) communicating through an external network (e.g., the Internet).

Access by users (or information systems) communicating external to an information system security perimeter.

The ability for an organization’s users to access its nonpublic computing resources from external locations other than the organization’s facilities.

Access to an organization’s nonpublic information system by an authorized user (or an information system) communicating through an external, non-organization-controlled network (e.g., the Internet).

Remote Maintenance Maintenance Activities conducted by individuals communicating external to an information system security perimeter. Maintenance activities conducted by individuals communicating through an external network (e.g., the Internet).

Remote Rekeying – Procedure by which a distant crypto-equipment is rekeyed electrically. See Automatic Remote Rekeying and Manual Remote Rekeying.

Remote Terminal – A device for communication with an Automated Information System (AIS) from a location that is not within the central computer facility.

Removable Hard Disk – A hard disk contained in a removable cartridge-type casing.

Removable Media – Portable electronic storage media such as magnetic, optical, and solid-state devices, which can be inserted into and removed from a computing device, and that is used to store text, video, audio, and image information.Such devices have no independent processing capabilities. Examples include hard disks, floppy disks, zip drives, compact disks (CDs), thumb drives, pen drives, and similar USB storage devices.

Portable electronic storage media such as magnetic, optical, and Solid-state devices, which can be inserted into and removed from a computing device, and that is used to store text, video, audio, and image information. Examples include hard disks, floppy disks, zip drives, compact disks, thumb drives, pen drives, and similar USB storage devices.

Renew (a certificate) – The act or process of extending the validity of the data binding asserted by a public key certificate by issuing a new certificate.

Replay Attacks – An attack that involves the capture of transmitted authentication or access control information and its subsequent retransmission with the intent of producing an unauthorized effect or gaining unauthorized access.

Repository – A database containing information and data relating to certificates as specified in a CP; may also be referred to as a directory.

Representative of a Foreign Interest – A citizen or national of the United States (U.S.) who is acting as a representative of a foreign government, an agency of a foreign government, or a representative of a foreign government.

Residual Risk – The remaining potential risk after all IT security measures are applied. There is a residual risk associated with each threat.

Portion of risk remaining after security measures have been applied.

Residue – Data left in storage after information-processing operations are complete, but before degaussing or overwriting has taken place.

Resilience – The ability to quickly adapt and recover from any known or unknown changes to the environment through holistic implementation of risk management, contingency, and continuity planning.

The ability to continue to: (i) operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (ii) recover to an effective operational posture in a time frame consistent with mission needs.

Resource Encapsulation – Method by which the reference monitor mediates accesses to an information system resource.Resource is protected and not directly accessible by a subject. Satisfies requirement for accurate auditing of resource usage.

Responder – The entity that responds to the initiator of the authentication exchange.

Response – Immediate actions to save lives, protect property and the environment, and meet basic human

Response Force – Personnel, not including those on fixed security posts, appropriately equipped and trained, whose duties include initial or follow up response to situations which threaten the security of the Special Access Program Facility (SAPF). This includes local law enforcement support or other external forces as noted in agreements. See: Response

Responsibility to Provide – An information distribution approach whereby relevant essential information is made readily available and discoverable to the broadest possible pool of potential users.

Responsible Individual – A trustworthy person designated by a sponsoring organization to authenticate individual applicants seeking certificates on the basis of their affiliation with the sponsor.

Restricted Area (RA) – A controlled access area established to safeguard classified material, that because of its size or nature, cannot be adequately protected during working hours by the usual safeguards, but that is capable of being stored during non-working hours in an approved repository or secured by other methods approved by the Cognizant Security Agency (CSA).

Restricted Data (RD) – All data concerning design, manufacture, or utilization of atomic weapons; or, the production of special nuclear material; or, the use of special nuclear material in the production of energy, but shall not include data declassified or removed from the Restricted Data category under Section

Revocation – An adjudicative decision to permanently withdraw an individual’s clearance(s) based on a personnel security investigation, other relevant information, or both, that a cleared person is no longer eligible for access to classified information.

Revocation of Facility Security Clearance (FCL) – Administrative action that is taken to terminate all classified activity of a contractor because the contractor refuses, is unwilling, or has consistently demonstrated an inability to protect classified information.

Revoke a Certificate – To prematurely end the operational period of a certificate effective at a specific date and time.

RFID – See Radio Frequency Identification.

Rijndael – Cryptographic algorithm specified in the Advanced Encryption Standard (AES).

Risk Analysis – A method by which individual vulnerabilities are compared to perceived or actual security threat scenarios in order to determine the likelihood of compromise of critical information. See: Risk; Risk Management

Risk Assessment – A written evaluation supporting the adjudicative process, especially when a significant exception to a personnel security standard is being considered.

Risk Avoidance – A security philosophy which postulates that adversaries are all-knowing and highly competent, against which risks are avoided by maximizing defenses and minimizing vulnerabilities.

Risk Executive – An individual or group within an organization that helps to ensure that: (i) security risk-related considerations for individual information systems, to include the authorization decisions for those systems, are viewed from an organization-wide perspective with regard to the overall strategic goals and objectives of the organization in carrying out its missions and business functions; and (ii) managing risk from individual information systems is consistent across the organization, reflects organizational risk tolerance, and is considered along with other organizational risks affecting mission/business success.

Risk Management – The process of managing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system, and includes: (i) the conduct of a risk assessment; (ii) the implementation of a risk mitigation strategy; and (iii) employment of techniques and procedures for the continuous monitoring of the security state of the information system.

The process of managing risks to organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system, and includes:

Risk Mitigation – Prioritizing, evaluating, and implementing the appropriate risk-reducing controls/countermeasures recommended from the risk management process.

Risk Monitoring – Maintaining ongoing awareness of an organization’s risk environment, risk management program, and associated activities to support risk decisions.

Risk Response – Accepting, avoiding, mitigating, sharing, or transferring risk to organizational operations (i.e., mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation.

Risk Response Measure – A specific action taken to respond to an identified risk.

Risk Tolerance – The level of risk an entity is willing to assume in order to achieve a potential desired result.

The defined impacts to an enterprise’s information systems that an entity is willing to accept.

Risk-Adaptable Access Control – A form of access control that uses an authorization policy that takes into account operational need, risk, and heuristics.

Robust Security Network (RSN) – A wireless security network that only allows the creation of Robust Security Network Associations (RSNAs).

Robust Security Network Association (RSNA) – A logical connection between communicating IEEE 802.11 entities established through the IEEE 802.11i key management scheme, also known as the four-way handshake.

Robustness – A characterization of the strength of a security function, mechanism, service, or solution, and the assurance (or confidence) that it is implemented

Robustness – The ability of an Information Assurance entity to operate correctly and reliably across a wide range of operational conditions, and to fail gracefully outside of that operational range.

Rogue Device – An unauthorized node on a network.

Role – A group attribute that ties membership to function. When an entity assumes a role, the entity is given certain rights that belong to that role. When the entity leaves the role, those rights are removed.The rights given are consistent with the functionality that the entity needs to perform the expected tasks.

Role-Based Access Control – A model for controlling access to resources where permitted actions on resources are identified with roles rather than with individual subject identities.

Root Cause Analysis – A principle-based, systems approach for the identification of underlying causes associated with a particular set of risks.

Root Certification Authority – In a hierarchical Public Key Infrastructure, the Certification Authority whose public key serves as the most trusted datum (i.e., the beginning of trust paths) for a security domain.

Rootkit – A set of tools used by an attacker after gaining root-level access to a host to conceal the attacker’s activities on the host and permit the attacker to maintain root-level access to the host through covert means.

Round Key – Round keys are values derived from the Cipher Key using the Key Expansion routine; they are applied to the State in the Cipher and Inverse Cipher.

Routine Changes – Changes which have a minimal effect on the overall Transient Electromagnetic Pulse Emanation Standard (TEMPEST) security of the Special Access Program Facility (SAPF). Adding a different type of electronic information processing equipment (unless the equipment added is known to have an unusually large TEMPEST profile), movement of the equipment within the facility, and minor installation changes are examples of routine changes.

Rule-Based Security Policy – A security policy based on global rules imposed for all subjects. These rules usually rely on a comparison of the sensitivity of the objects being accessed and the possession of corresponding attributes by the subjects requesting access.

A security policy based on global rules imposed for all subjects. These rules usually rely on a comparison of the sensitivity of the objects being accessed and the possession of corresponding attributes by the subjects requesting access. (DAC).

Ruleset – A table of instructions used by a controlled interface to determine what data is allowable and how the data is handled between interconnected systems.

A set of directives that govern the access control functionality of a firewall. The firewall uses these directives to determine how packets should be routed between its interfaces.

Cyber Security Terms That Begin With the Letter S

S/MIME – A set of specifications for securing electronic mail. Secure/ Multipurpose Internet Mail Extensions (S/MIME) is based upon the widely used MIME standard and describes a protocol for adding cryptographic security services through MIME encapsulation of digitally signed and encrypted objects. The basic security services offered by S/MIME are authentication, non-repudiation of origin, message integrity, and message privacy. Optional security services include signed receipts, security labels, secure mailing lists, and an extended method of identifying the signer’s certificate(s).

Sabotage – The willful destruction of Government property with the intent to cause injury, destruction, defective production of national defense, or war materials by either an act of commission or omission.

Salt – A non-secret value that is used in a cryptographic process, usually to ensure that the results of computations for one instance cannot be reused by an Attacker.

Sandboxing – A method of isolating application modules into distinct fault domains enforced by software. The technique allows untrusted programs written in an unsafe language, such as C, to be executed safely within the single virtual address space of an application. Untrusted machine interpretable code modules are transformed so that all memory accesses are confined to code and data segments within their fault domain. Access to system resources can also be controlled through a unique identifier associated with each domain.

A restricted, controlled execution environment that prevents potentially malicious software, such as mobile code, from accessing any system resources except those for which the software is authorized.

Sanitizing – The removal of information from the media or equipment such that data recovery using any known technique or analysis is prevented. Sanitizing shall include the removal of data from the media, as well as the removal of all classified labels, markings, and activity logs. Properly sanitized media may be subsequently declassified upon observing the organization’s respective verification and review procedures. See: Purging

S-box – Nonlinear substitution table used in several byte substitution transformations and in the Key Expansion routine to perform a one-for-one substitution of a byte value.

SCADA – See Supervisory Control and Data Acquisition.

Scanning – Sending packets or requests to another system to gain information to be used in a subsequent attack.

Scattered Castles – The Intelligence Community (IC) security clearance repository and the Director of National Intelligence’s (DNI) authoritative source for clearance and access information for all IC, military services, Department of Defense (DoD) civilians, and contractor personnel. NOTE: DoD information is furnished by the Joint Personnel Adjudication System (JPAS). See: Joint Personnel Adjudication System (JPAS)

Scatternet – A chain of piconets created by allowing one or more Bluetooth devices to each be a slave in one piconet and act as the master for another piconet simultaneously. A scatternet allows several devices to be networked over an extended distance.

Scavenging – Searching through object residue to acquire data.

Scheduled Records – All records that fall under a National Archives and Records Administration (NARA)-approved records control schedule are considered to be scheduled records.

Scope – The time period to be covered and the sources of information to be contacted during the prescribed course of a Personnel Security Investigation (PSI).

Scoping Guidance – A part of tailoring guidance providing organizations with specific policy/regulatory-related, technology-related, system component allocation-related, operational/environmental-related, physical infrastructure-related, public access-related, scalability-related, common control-related, and security objective-related considerations on the applicability and implementation of individual security controls in the security control baseline.

Specific factors related to technology, infrastructure, public access, scalability, common security controls, and risk that can be considered by organizations in the applicability and implementation of individual security controls in the security control baseline.

Sealed Disk Drive – A fixed hard disk drive in which the heads and platters are encased in the same, sealed unit. See: Hard Disk

SECRET – The designation applied to classified information which the unauthorized disclosure could reasonably be expected to cause serious damage to national security.

Secret Key – A cryptographic key that is used with a secret-key (symmetric) cryptographic algorithm that is uniquely associated with one or more entities and is not made public. The use of the term “secret” in this context does not imply a classification level, but rather implies the need to protect the key from disclosure.

A cryptographic key that is used with a symmetric cryptographic algorithm that is uniquely associated with one or more entities and is not made public. The use of the term “secret” in this context does not imply a classification level, but rather implies the need to protect the key from disclosure.

A cryptographic key that must be protected from unauthorized disclosure to protect data encrypted with the key. The use of the term “secret” in this context does not imply a classification level; rather, the term implies the need to protect the key from disclosure or substitution.

A cryptographic key that is uniquely associated with one or more entities.The use of the term “secret” in this context does not imply a classification level, but rather implies the need to protect the key from disclosure or substitution.

A cryptographic key, used with a secret key cryptographic algorithm, that is uniquely associated with one or more entities and should not be made public.

Secret Key (symmetric) Cryptographic Algorithm – A cryptographic algorithm that uses a single secret key for both encryption and decryption.

A cryptographic algorithm that uses a single key (i.e., a secret key) for both encryption and decryption.

Secret Seed – A secret value used to initialize a pseudorandom number generator.

Secure Communication Protocol – A communication protocol that provides the appropriate confidentiality, authentication, and content-integrity protection.

Secure Communications – Telecommunications deriving security through use of NSA-approved products and/or Protected Distribution Systems.

Secure Copy – A computer program which is part of the Computer Security Toolbox. Secure Copy is a Microsoft Disk Operating System (MS-DOS)-based program used to eliminate appended data within a file or files while transferring the same from a source disk or diskette to a target disk or diskette. See: Computer Security Toolbox

Secure Data Device (SDD) – Secure Data Devices (SDDs) protect classified

Secure DNS (SECDNS) – Configuring and operating DNS servers so that the security goals of data integrity and source authentication are achieved and maintained.

Secure Erase – An overwrite technology using firmware-based process to overwrite a hard drive.Is a drive command defined in the ANSI ATA and SCSI disk drive interface specifications, which runs inside drive hardware.It completes in about 1/8 the time of 5220 block erasure.

Secure Hash Algorithm (SHA) – A hash algorithm with the property that is computationally infeasible 1) to find a message that corresponds to a given message digest, or 2) to find two different messages that produce the same message digest.

Secure Hash Standard – This Standard specifies secure hash algorithms -SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224 and SHA-512/256 -for computing a condensed representation of electronic data (message). When a message of any length less than 264 bits (for SHA-1, SHA-224 and SHA-256) or less than 2128 bits (for SHA-384, SHA-512, SHA-512/224 and SHA-512/256) is input to a hash algorithm, the result is an output called a message digest. The message digests range in length from 160 to 512 bits, depending on the algorithm. Secure hash algorithms are typically used with other cryptographic algorithms, such as digital signature algorithms and keyed-hash message authentication codes, or in the generation of random numbers (bits).

The hash algorithms specified in this Standard are called secure because, for a given algorithm, it is computationally infeasible 1) to find a message that corresponds to a given message digest, or 2) to find two different messages that produce the same message digest. Any change to a message will, with a very high probability, result in a different message digest. This will result in a verification failure when the secure hash algorithm is used with a digital signature algorithm or a keyed-hash message authentication algorithm.

Specification for a secure hash algorithm that can generate a condensed message representation called a message digest.

Secure Socket Layer (SSL) – A protocol used for protecting private information during transmission via the Internet. Note: SSL works by using a public key to encrypt data that’s transferred over the SSL connection.Most Web browsers support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with “https:” instead of “http:.”

Secure State – Condition in which no subject can access any object in an unauthorized manner.

Secure Subsystem – Subsystem containing its own implementation of the reference monitor concept for those resources it controls. Secure subsystem must depend on other controls and the base operating system for the control of subjects and the more primitive system objects.

Secure Telephone Unit (STU)-III/Secure Telephone Equipment (STE) – Telephonic system and associated equipment using a ciphering engine to allow for encrypted transmission of voice and other audio and/or digital data over the public telephone network. Secure Telephone Unit (STU)-III/Secure Telephone Equipment (STE) operate by taking an audio signal and digitizing it into a serial data stream, usually 8,000 bits per second. This is then mixed with a “keying stream” of data created by an internal ciphering algorithm.This mixed data is then passed through an internal Codec to convert it back to audio so it can be passed over the telephonic system. NOTE: STU-III/STE is endorsed by the National Security Agency for protecting classified, sensitive, or unclassified United States (U.S.) Government

Secure Working Area – An accredited facility or area that is used for handling, discussing, or processing, but not for storage of Special Access Program (SAP) information.

Secure/Multipurpose Internet Mail Extensions (S/MIME) – A set of specifications for securing electronic mail. S/MIME is based upon the widely used MIME standard [MIME] and describes a protocol for adding cryptographic security services through MIME encapsulation of digitally signed and encrypted objects. The basic security services offered by S/MIME are authentication, non-repudiation of origin, message integrity, and message privacy. Optional security services include signed receipts, security labels, secure mailing lists, and an extended method of identifying the signer’s certificate(s).

Security Assertion Markup Language (SAML) – An XML-based security specification developed by the Organization for the Advancement of Structured Information Standards (OASIS) for exchanging authentication (and authorization) information between trusted entities over the Internet.

A framework for exchanging authentication and authorization information.Security typically involves checking the credentials presented by a party for authentication and authorization.SAML standardizes the representation of these credentials in an XML format called “assertions,” enhancing the interoperability between disparate applications.

A protocol consisting of XML-based request and response message formats for exchanging security information, expressed in the form of assertions about subjects, between online business partners.

Security Attribute – A security-related quality of an object. Security attributes may be represented as hierarchical levels, bits in a bit map, or numbers. Compartments, caveats, and release markings are examples of security attributes.

An abstraction representing the basic properties or characteristics of an entity with respect to safeguarding information; typically associated with internal data structures (e.g., records, buffers, files) within the information system which are used to enable the implementation of access control and flow control policies; reflect special dissemination, handling, or distribution instructions; or support other aspects of the information security policy.

Security Authorization – See Authorization (to operate).

Security Automation Domain – An information security area that includes a grouping of tools, technologies, and data.

Security Banner – A banner at the top or bottom of a computer screen that states the overall classification of the system in large, bold type. Also can refer to the opening screen that informs users of the security implications of accessing a computer resource.

Security Categorization – The process of determining the security category for information or an information system.See Security Category.

The process of determining the security category for information or an information system. Security categorization methodologies are described in CNSS Instruction 1253 for national security systems and in FIPS 199 for other than national security systems.

Security Category – The characterization of information or an information system based on an assessment of the potential impact that a loss of confidentiality, integrity, or availability of such information or information system would have on organizational operations, organizational assets, or individuals.

The characterization of information or an information system based on an assessment of the potential impact that a loss of confidentiality, integrity, or availability of such information or information system would have on organizational operations, organizational assets, individuals, other organizations, and the Nation.

Security Classification Guides Security – Classification Guides are issued for each system, plan, program or project in which classified

Security Clearance – An administrative authorization for access to national security information up to a stated classification level (TOP SECRET, SECRET, CONFIDENTIAL). NOTE: A security clearance does not, by itself, allow access to controlled access programs. See: Access Approval; Collateral Information; Controlled Access Program (CAP); Special Access Program (SAP)

Security Cognizance – The Defense Security Service (DSS) office assigned responsibility for the discharge of industrial security responsibilities.

Security Compromise – The disclosure of classified information to persons not authorized access thereto.

Security Control Assessment – The testing and/or evaluation of the management, operational, and technical security controls in an information system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.

The testing and/or evaluation of the management, operational, and technical security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system and/or enterprise.

Security Control Assessor – The individual, group, or organization responsible for conducting a security control assessment.

Security Control Baseline – The set of minimum security controls defined for a low-impact, moderate-impact, or high-impact information system.

One of the sets of minimum security controls defined for federal information systems in NIST Special Publication 800-53 and CNSS Instruction 1253.

Security Control Effectiveness – The measure of correctness of implementation (i.e., how consistently the control implementation complies with the security plan) and how well the security plan meets organizational needs in accordance with current risk tolerance.

Security Control Enhancements – Statements of security capability to 1) build in additional, but related, functionality to a basic control; and/or 2) increase the strength of a basic control.

Statements of security capability to: (i) build in additional, but related, functionality to a security control; and/or (ii) increase the strength of the control.

Security Control Inheritance – A situation in which an information system or application receives protection from security controls (or portions of security controls) that are developed, implemented, assessed, authorized, and monitored by entities other than those responsible for the system or application; entities either internal or external to the organization where the system or application resides. See Common Control.

Security Controls – The management, operational, and technical controls (i.e., safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information.

Security Controls Baseline – The set of minimum security controls defined for a low-impact, moderate-impact, or high-impact information system.

Security Countermeasures – Actions, devices, procedures, and/or techniques to reduce security risk.

Security Domain – A set of subjects, their information objects, and a common security policy.

A collection of entities to which applies a single security policy executed by a single authority.

A domain that implements a security policy and is administered by a single authority.

Security Engineering – An interdisciplinary approach and means to enable the realization of secure systems.It focuses on defining customer needs, security protection requirements, and required functionality early in the systems development life cycle, documenting requirements, and then proceeding with design, synthesis, and system validation while considering the complete problem.

Security Environment Changes – Changes which have a detrimental effect on the facility. Changes to the inspectable space, addition of a radio transmitter or a modem for external communications, removal or reduction of an existing Transient Electromagnetic Pulse Emanation Standard (TEMPEST) countermeasure (Radio Frequency Interference Shielding, Filters, Control/Inspectable space, etc.) would be changes to the security environment.

Security Environment Threat List (SETL) – A list of countries with United States (U.S.) Diplomatic Missions compiled by the Department of State (DOS) and updated semi-annually. The listed countries are evaluated based on transnational terrorism; political violence; human intelligence; technical threats; and criminal threats. The following four threat levels are based on these evaluations:

Critical: A definite threat to U.S. assets based on an adversary’s capability, intent to attack, and targeting conducted on a recurring basis.

High: A credible threat to U.S. assets based

Security Fault Analysis (SFA) – An assessment, usually performed on information system hardware, to determine the security properties of a device when hardware fault is encountered.

Security Features Users Guide – Guide or manual explaining how the security mechanisms in a specific system work.

Security Filter – A secure subsystem of an information system that enforces security policy on the data passing through it.

Security Functions – The hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based.

Security Goals – The five security goals are confidentiality, availability, integrity, accountability, and assurance.

Security Impact Analysis – The analysis conducted by an organizational official to determine the extent to which changes to the information system have affected the security state of the system.

Security Incident – A security compromise, infraction, or violation.

Security Information and Event Management (SIEM) Tool – Application that provides the ability to gather security data from information system components and present that data as actionable information via a single interface.

Security Infraction – A security incident that is not in the best interest of security and does not involve the loss, compromise, or suspected compromise of classified information.

Security Inspection – Examination of an information system to determine compliance with security policy, procedures, and practices.

Security Kernel – Hardware, firmware, and software elements of a trusted computing base implementing the reference monitor concept. Security kernel must mediate all accesses, be protected from modification, and be verifiable as correct.

Security Label – The means used to associate a set of security attributes with a specific information object as part of the data structure for that object.

A marking bound to a resource (which may be a data unit) that names or designates the security attributes of that resource.

Information that represents or designates the value of one or more security relevant-attributes (e.g., classification) of a system resource.

Security Level – A hierarchical indicator of the degree of sensitivity to a certain threat.It implies, according to the security policy being enforced, a specific level of protection.

Security Management Dashboard – A tool that consolidates and communicates information relevant to the organizational security posture in near real-time to security management stakeholders.

Security Markings – Human-readable indicators applied to a document, storage media, or hardware component to designate security classification, categorization, and/or handling restrictions applicable to the information contained therein.For intelligence information, these could include compartment and sub-compartment indicators and handling restrictions.

Security Mechanism – A device designed to provide one or more security services usually rated in terms of strength of service and assurance of the design.

Security Net Control Station – Management system overseeing and controlling implementation of network security policy.

Security Objective – Confidentiality, integrity, or availability.

Security Officer – When used alone, includes both Contractor Program Security Officers (CPSOs) and activity security officers at Government facilities.

Security Perimeter – See Authorization Boundary. A physical or logical boundary that is defined for a system, domain, or enclave, within which a particular security policy or security architecture is applied.

Security Plan – Formal document that provides an overview of the security requirements for an information system or an information security program and describes the security controls in place or planned for meeting those requirements.

See ‘System Security Plan’ or ‘Information Security Program Plan.’

Security Policy – The set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. A complete security policy will necessarily address many concerns beyond the scope of computers and communications.

Security Policy Automation Network (SPAN) – A wide area network (WAN) sponsored by the Office of the Under Secretary of Defense (OUSD) (Policy Support) consisting of a Department of Defense (DoD)-wide SECRET classified network and a separately supported unclassified network that supports communications with foreign among DoD activities on foreign disclosure, export control, and international arms control and cooperation.

Security Policy Board (SPB) – The Board established by the President to consider, coordinate, and recommend policy directives for United States (U.S.) security policies, procedures, and practices.

Security Posture – The security status of an enterprise’s networks, information, and systems based on IA resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and to react as the situation changes.

Security Profile – The approved aggregate of hardware and software and administrative controls used to protect the system.

Security Program Plan – Formal document that provides an overview of the security requirements for an organization-wide information security program and describes the program management security controls and common security controls in place or planned for meeting those requirements.

Security Range – Highest and lowest security levels that are permitted in or on an information system, system component, subsystem, or network.

Security Requirements Baseline – Description of the minimum requirements necessary for an information system to maintain an acceptable level of risk.

Security Requirements -Requirements – Requirements levied on an information system that are derived from applicable laws, Executive Orders, directives, policies, standards, instructions, regulations, or procedures, or organizational mission/business case needs to ensure the confidentiality, integrity, and availability of the information being processed, stored, or transmitted.

Security Requirements Traceability Matrix (SRTM) – Matrix that captures all security requirements linked to potential risks and addresses all applicable C&A requirements. It is, therefore, a correlation statement of a system’s security features and compliance methods for each security requirement.

Security Safeguards – Protective measures and controls prescribed to meet the security requirements specified for an information system. Safeguards may include security features, management constraints, personnel security, and security of physical structures, areas, and devices.

Security Specification – Detailed description of the safeguards required to protect an information system.

Security Strength – A measure of the computational complexity associated with recovering certain secret and/or security-critical information concerning a given cryptographic algorithm from known data (e.g. plaintext/ciphertext pairs for a given encryption algorithm).

A number associated with the amount of work (that is, the number of operations) that is required to break a cryptographic algorithm or system.Sometimes referred to as a security level.

Security Tag – Information unit containing a representation of certain security-related information (e.g., a restrictive attribute bit map).

Security Target – Common Criteria specification that represents a set of security requirements to be used as the basis of an evaluation of an identified Target of Evaluation (TOE).

Security Test & Evaluation – Examination and analysis of the safeguards required to protect an information system, as they have been applied in an operational environment, to determine the security posture of that system.

Security Testing – Process to determine that an information system protects data and maintains functionality as intended.

Security Violation – Any knowing, willful, or negligent action that could reasonably be expected to result in an unauthorized disclosure of classified information; or, any knowing, willful, or negligent action to classify or continue the classification of information contrary to the requirements of Executive Order (EO) 13526, “Classified National Security Information,” or its implementing directives; or, any knowing, willful, or negligent action to create or continue a special access program contrary to the requirements of EO 13526.

Security/Suitability Investigations Index (SSII) – The Office of Personnel Management (OPM) database for personnel security investigations.

Security-in-Depth (SID) – A determination made by the cognizant security agency/authority that a facility’s security program consists of layered and complementary security controls sufficient to deter and detect unauthorized entry and movement within the facility.

Security-Relevant Change – Any change to a system’s configuration, environment, information content, functionality, or users which has the potential to change the risk imposed upon its continued operations.

Security-Relevant Event – An occurrence (e.g., an auditable event or flag) considered to have potential security implications to the system or its environment that may require further action (noting, investigating, or reacting).

Security-Relevant Information – Any information within the information system that can potentially impact the operation of security functions in a manner that could result in failure to enforce the system security policy or maintain isolation of code and data.

Seed Key – Initial key used to start an updating or key generation process.

Self-Inspection – The internal review and evaluation of individual agency activities and the agency as a whole with respect to the implementation of the program

Semi-Quantitative Assessment – Use of a set of methods, principles, or rules for assessing risk based on bins, scales, or representative numbers whose values and meanings are not maintained in other contexts.

Senior Agency Information Security – Official responsible for carrying out the Chief Information Officer responsibilities under the Federal Information Security Management Act (FISMA) and serving as the Chief Information Officer’s primary liaison to the agency’s authorizing officials, information system owners, and information system security officers.

Sensitive Information – Information, the loss, misuse, or unauthorized access to or modification of, that could adversely affect the national interest or the conduct of federal programs, or the privacy to which individuals are entitled under 5 U.S.C. Section 552a (the Privacy Act), but that has not been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy.

Information, the loss, misuse, or unauthorized access to or modification of, that could adversely affect the national interest or the conduct of federal programs, or the privacy to which individuals are entitled under 5 U.S.C. Section 552a (the Privacy Act), but that has not been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy. (Systems that are not national security systems, but contain sensitive information, are to be protected in accordance with the requirements of the Computer Security Act of 1987 [P.L.100-235].)

Sensitive Position – Any position so designated within the Department of Defense (DoD), the occupant of which could bring about, by virtue of the nature of the position, a materially adverse effect on national security. NOTE: All civilian positions are critical-sensitive, noncritical-sensitive, or non-sensitive.

Service – authorization boundary of the organizational information system (i.e., a service that is used by, but not a part of, the organizational information system) and for which the organization typically has no direct control over the application of required security controls or the assessment of security control effectiveness.

Service-Level Agreement – Defines the specific responsibilities of the service provider and sets the customer expectations.

Shared Secret – A secret used in authentication that is known to the Claimant and the Verifier.

Shielded Enclosure – Room or container designed to attenuate electromagnetic radiation, acoustic signals, or emanations.

Short Title – Identifying combination of letters and numbers assigned to certain COMSEC materials to facilitate handling, accounting, and controlling.

Signal Flags – The Intelligence Community (IC) database containing information used to assist security and counterintelligence professionals conducting National Agency Checks (NACs) on individuals applying for positions with IC organizations.

Signals Intelligence (SIGINT) – A category of intelligence comprising either individually or in combination all communications intelligence, electronic intelligence, and foreign instrumentation signals intelligence, however transmitted.

Signature – A recognizable, distinguishing pattern associated with an attack, such as a binary string in a virus or a particular set of keystrokes used to gain unauthorized access to a system.

A recognizable, distinguishing pattern. See also Attack Signature or Digital Signature.

Signature Certificate – A public key certificate that contains a public key intended for verifying digital signatures rather than encrypting data or performing any other cryptographic functions.

Signature Generation – Uses a digital signature algorithm and a private key to generate a digital signature on data.

The process of using a digital signature algorithm and a private key to generate a digital signature on data.

Signature Validation – The (mathematical) verification of the digital signature and obtaining the appropriate assurances (e.g., public key validity, private key possession, etc.).

Signature Verification – The use of a digital signature algorithm and a public key to verify a digital signature on data.

The process of using a digital signature algorithm and a public key to verify a digital signature on data.

Signed Data – Data on which a digital signature is generated.

Significant Derogatory Information – Information that could justify an unfavorable administrative action, or prompt an adjudicator to seek additional investigation or clarification.

Single Point Keying – Means of distributing key to multiple, local crypto equipment or devices from a single fill point.

Single Scope Background Investigation (SSBI) – The only Personnel Security Investigation (PSI)

Single Scope Background Investigation-Periodic Reinvestigation (SSBI-PR) – A periodic personnel security reinvestigation consisting for TOP SECRET clearances and/ or critical sensitive or special sensitive positions consisting of the elements prescribed in Standard C of Intelligence Community (IC) Policy Guidance 704.1, “Investigative Standards for Background Investigations for Access to Classified Information.” Initiated at any time following the completion of, but not later than 5 years, from the date of the previous investigation or reinvestigation.

Single-Hop Problem – The security risks resulting from a mobile software agent moving from its home platform to another platform.

Site Information Assurance Manager (IAM) – The single Information Systems (IS) security focal point for a defined site. The Site Information Assurance Manager (IAM) supports two organizations: User Organization and Technical Organization, and is responsible for managing the baseline and ensuring that changes to the site baseline are properly controlled.

Site Security Manager (SSM) (Construction) – A United States (U.S.) citizen, at least 18 years of age, cleared at the TOP SECRET level and approved for Sensitive Compartmented Information (SCI), and is responsible for security where a Sensitive Compartmented Information Facility (SCIF) is under construction.

Situational Awareness – Within a volume of time and space, the perception of an enterprise’s security posture and its threat environment; the comprehension/meaning of both taken together (risk); and the projection of their status into the near future.

Skimming – The unauthorized use of a reader to read tags without the authorization or knowledge of the tag’s owner or the individual in possession of the tag.

Smart Card – A credit card-sized card with embedded integrated circuits that can store, process, and communicate information.

Sniffer – See Packet Sniffer or Passive Wiretapping.

Social Engineering – An attempt to trick someone into revealing information (e.g., a password) that can be used to attack systems or networks.

A general term for attackers trying to trick people into revealing sensitive information or performing certain actions, such as downloading and executing files that appear to be benign but are actually malicious.

The process of attempting to trick someone into revealing information (e.g., a password).

An attempt to trick someone into revealing information (e.g., a password) that can be used to attack an enterprise.

Software – Computer programs and associated data that may be dynamically written or modified during execution.

Software Assurance – Level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, and that the software functions in the intended manner.

Software System Test and Evaluation Process – Process that plans, develops, and documents the qualitative/quantitative demonstration of the fulfillment of all baseline functional performance, operational, and interface requirements.

Software-Based Fault Isolation – A method of isolating application modules into distinct fault domains enforced by software. The technique allows untrusted programs written in an unsafe language, such as C, to be executed safely within the single virtual address space of an application. Untrusted machine interpretable code modules are transformed so that all memory accesses are confined to code and data segments within their fault domain. Access to system resources can also be controlled through a unique identifier associated with each domain.

Sound Attenuation – Diminution of the intensity of sound energy propagating in a medium, caused by absorption, spreading, and scattering.

Sound Masking System – An electronic system used to create background noise to mask conversations and counter audio-surveillance threats.

Sound Transmission Class – The rating used in architectural considerations of sound transmission loss such as those involving walls, ceilings, and/or floors.

Source Document – An existing document that contains classified

Spam – The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.

Unsolicited bulk commercial email messages.

Electronic junk mail or the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.

Spam Filtering Software – A program that analyzes emails to look for characteristics of spam, and typically places messages that appear to be spam in a separate email folder.

Special Activity – An activity or associated support function conducted in support of national foreign policy objectives abroad that is planned and executed so that the role of the Government is neither apparent nor acknowledged publicly. Special activities are not intended to influence United States (U.S.) political processes, public opinion, policies, or media, and do not include diplomatic activities or the collection and production of intelligence or related support functions.

Special Background Investigation (SBI) – A Personnel Security Investigation (PSI) consisting

Special Character – Any non-alphanumeric character that can be rendered on a standard American-English keyboard. Special chracters include Greek letters such as Omega (Ω), left double quotation marks (“) and the US Dollar sign ($) and the Euro (€). There are many other special characters including math operators, arrows, and hearts.

Special Investigative Inquiry (SII) – A supplemental Personnel Security Investigation (PSI) of limited scope conducted to prove or disprove relevant allegations that have arisen concerning a person upon whom a personnel security determination has been previously made and who, at the time of the allegation, holds a security clearance or otherwise occupies a position that requires a personnel security determination.

Special Program Document Control Center – The component’s activity assigned responsibility by the Information System Security Representative (SSR) for the management, control, and accounting of all documents and magnetic media received or generated as a result of the special program activity.

Special Program Review Group (SPRG) – The committee responsible for developing the Air Force Special Access Required (SAR) programs resource requirements, including the Program Objective Memorandum (POM), Budget Estimate Submission (BES), and the President’s Budget.

Specification – An assessment object that includes document-based artifacts (e.g., policies, procedures, plans, system security requirements, functional specifications, and architectural designs) associated with an information system.

Spillage – Security incident that results in the transfer of classified or CUI information onto an information system not accredited (authorized) for the appropriate security level.

Split Knowledge – A procedure by which a cryptographic key is split into n multiple key components, individually providing no knowledge of the original key, which can be subsequently combined to recreate the original cryptographic key. If knowledge of k (where k is less than or equal to n) components is required to construct the original key, then knowledge of any k-1 key components provides no information about the original key other than, possibly, its length.

A process by which a cryptographic key is split into multiple key components, individually sharing no knowledge of the original key, that can be subsequently input into, or output from, a cryptographic module by separate entities and combined to recreate the original cryptographic key.

1. Separation of data or information into two or more parts, each part constantly kept under control of separate authorized individuals or teams so that no one individual or team will know the whole data. 2. A process by which a cryptographic key is split into multiple key components, individually sharing no knowledge of the original key, which can be subsequently input into, or output from, a cryptographic module by separate entities and combined to recreate the original cryptographic key.

Spoofing -IP spoofing refers to sending a network packet that appears to come from a source other than its actual source.

Spread Spectrum – Telecommunications techniques in which a signal is transmitted in a bandwidth considerably greater than the frequency content of the original information. Frequency hopping, direct sequence spreading, time scrambling, and combinations of these techniques are forms of spread spectrum.

Spyware – Software that is secretly or surreptitiously installed into an information system to gather information on individuals or organizations without their knowledge; a type of malicious code.

SSL – See Secure Sockets Layer.

Stand-Alone Automated Information System (AIS) – A stand-alone Automated Information System (AIS) may include desktop, laptop, and notebook personal computers, and any other hand­ held electronic device containing classified information. NOTE: Stand-alone AIS by definition are not connected to any Local Area Network (LAN) or other type of network. See: Stand-Alone System

Stand-Alone System – An Information System (IS) operating independent

Standard Practice Procedures – A document(s) prepared by a contractor that implements the applicable requirements of the DoD 5220.22-M, “National Industrial Security Program Operating Manual (NISPOM),” for the contractor’s operations and involvement with classified information at the contractor’s facility.

Start-Up KEK – Key-encryption-key held in common by a group of potential communicating entities and used to establish ad hoc tactical networks.

State – Intermediate Cipher result that can be pictured as a rectangular array of bytes.

Statement of Reason (SOR) – A letter from a Central Adjudication Facility (CAF) to a subject, notifying of the CAF’s intent to deny or revoke security clearance or eligibility, and the reasons for the proposed action.

Static Key – A key that is intended for use for a relatively long period of time and is typically intended for use in many instances of a cryptographic key establish scheme

Static Random-Access Memory (SRAM) – A read-write Random-Access Memory (RAM) that uses either four transistors or two resistors to form a passive-load flip-flop, or six transistors to form a flip- flop with dynamic loads for each cell in an array. Once data is loaded into the flip-flop storage elements, the flip-flop will indefinitely remain in that state until the information is intentionally changed or the power to the memory circuit is shut off. See: Dynamic Random-Access Memory (DRAM); Ferroelectric Random-Access Memory (FRAM)

Steganography – The art and science of communicating in a way that hides the existence of the communication. For example, a child pornography image can be hidden inside another graphic image file, audio file, or other file format.

The art, science, and practice of communicating in a way that hides the existence of the communication.

Storage Object – Object supporting both read and write accesses to an information system.

Strength of Mechanism (SoM) – A scale for measuring the relative strength of a security mechanism.

Striped Core – A network architecture in which user data traversing a core IP network is decrypted, filtered and re-encrypted one or more times. Note:The decryption, filtering, and re-encryption are performed within a “Red gateway”; consequently, the core is “striped” because the data path is alternately Black, Red, and Black.

Strong Authentication – The requirement to use multiple factors for authentication and advanced technology, such as dynamic passwords or digital certificates, to verify an entity’s identity.

Subassembly – Major subdivision of an assembly consisting of a package of parts, elements, and circuits that perform a specific function.

Subject Matter Expert (SME) – An expert in a particular field who contributes or verifies the accuracy of specific information needed by the project team.

Subject Security Level – Sensitivity label(s) of the objects to which the subject has both read and write access.Security level of a subject must always be dominated by the clearance level of the user associated with the subject.

Subordinate Certification – In a hierarchical PKI, a Certification Authority whose certificate signature key is certified by another CA, and whose activities are constrained by that other CA.

Subscriber – A party who receives a credential or token from a CSP (Credentials Service Provider) and becomes a claimant in an authentication protocol.

A party who receives a credential or token from a CSP (Credentials Service Provider).

Subsidiary – A corporation in which another corporation owns at least a majority of its voting securities.

Substantial Issue Information – Any information or aggregate of information that raises a significant question about the prudence of granting access eligibility. NOTE: Substantial issue information constitutes the basis for granting access eligibility with waiver or condition, or for denying or revoking access eligibility. See: Issue Information (Personnel Security); Minor Issue Information

Subsystem – A major subdivision or component of an information system consisting of information, information technology, and personnel that perform one or more specific functions.

Suite A – A specific set of classified cryptographic algorithms used for the protection of some categories of restricted mission-critical information.

Suite B – A specific set of cryptographic algorithms suitable for protecting national security systems and information throughout the U.S. government and to support interoperability with allies and coalition partners.

Superencryption – Process of encrypting encrypted information. Occurs when a message, encrypted off-line, is transmitted over a secured, online circuit, or when information encrypted by the originator is multiplexed onto a communications trunk, which is then bulk encrypted.

Superior Certification Authority – In a hierarchical PKI, a Certification Authority who has certified the certificate signature key of another CA, and who constrains the activities of that CA.

Supersession – Scheduled or unscheduled replacement of COMSEC material with a different edition.

Supervisory Control and Data Acquisition (SCADA) – A generic name for a computerized system that is capable of gathering and processing data and applying operational controls over long distances. Typical uses include power transmission and distribution and pipeline systems. SCADA was designed for the unique communication challenges (delays, data integrity, etc.) posed by the various media that must be used, such as phone lines, microwave, and satellite. Usually shared rather than dedicated.

Networks or systems generally used for industrial controls or to manage infrastructure such as pipelines and power systems.

Supplementation – The process of adding security controls or control enhancements to a security control baseline from NIST Special Publication 800-53 or CNSS Instruction 1253 in order to adequately meet the organization’s risk management needs.

Supplementation (Assessment Procedures) – The process of adding assessment procedures or assessment details to assessment procedures in order to adequately meet the organization’s risk management needs.

Supply Chain – A system of organizations, people, activities, information, and resources, possibly international in scope, that provides products or services to consumers.

Supply Chain Attack – Attacks that allow the adversary to utilize implants or other vulnerabilities inserted prior to installation in order to infiltrate data, or manipulate information technology hardware, software, operating systems, peripherals (information technology products) or services at any point during the life cycle.

Supporting Information Assurance (IA) Infrastructure – Collection of interrelated processes, systems, and networks that provide a continual flow of

Suppression Measure – Action, procedure, modification, or device that reduces the level of, or inhibits the generation of, compromising emanations in an information system.

Surface Deployment and Distribution Command (SDDC) – A major command of the United States (U.S.) Army, and the U.S. Transportation Command’s (TRANSCOM) component command responsible for designated domestic land transportation as well as common-user water terminal and traffic management service to deploy, employ, sustain, and redeploy U.S. forces on a global basis.

Surreptitious Entry – Unauthorized entry in a manner which leaves no readily discernible evidence.

Surrogate Access – See Discretionary Access Control.

Surveillance – The systematic observation of aerospace, surface or subsurface areas, places, persons, or things, by visual, aural, photographic, or other means.

Survivability – The capability of a system to withstand a man-made or natural hostile environment without suffering an abortive impairment of its ability to accomplish its dedicated mission.

Suspicious Contact – Efforts by any individual, regardless of nationality, to obtain illegal or unauthorized access to classified information or to compromise a cleared

Syllabary – List of individual letters, combination of letters, or syllables, with their equivalent code groups, used for spelling out words or proper names not present in the vocabulary of a code.A syllabary may also be a spelling table.

Symmetric Encryption Algorithm – Encryption algorithms using the same secret key for encryption and decryption.

Symmetric Key – A cryptographic key that is used to perform both the cryptographic operation and its inverse, for example to encrypt and decrypt, or create a message authentication code and to verify the code.

A single cryptographic key that is used with a secret (symmetric) key algorithm.

Synchronous Crypto-Operation – Encryption algorithms using the same secret key for encryption and decryption.

System – An assembly of computer and/or communications hardware, software, and firmware configured for the purpose of classifying, sorting, calculating, computing, summarizing, transmitting and receiving, storing, and retrieving data with a minimum of human intervention.

System Administrator (SA) – A person who manages the technical aspects of a system.

Individual responsible for the installation and maintenance of an information system, providing effective information system utilization, adequate security parameters, and sound implementation of established Information Assurance policy and procedures.

System Assets – Any software, hardware, data, administrative, physical, communications, or personnel resource within an information system.

System Development – Methodologies developed through software engineering to manage the complexity of system development. Development methodologies include software engineering aids and high-level design analysis tools.

System Development Life Cycle – The scope of activities associated with a system, encompassing the system’s initiation, development and acquisition, implementation, operation and maintenance, and ultimately its disposal that instigates another system initiation.

System High – Highest security level supported by an information system.

System High Mode – Information systems security mode of operation wherein each user, with direct or indirect access to the information system, its peripherals, remote terminals, or remote hosts, has all of the following – a valid security clearance for all information within an information system; b. formal access approval and signed nondisclosure agreements for all the information stored and/or processed (including all compartments, subcompartments and/or special access programs); and c. valid need-to-know for some of the information contained within the information system.

System Indicator – Symbol or group of symbols in an off-line encrypted message identifying the specific cryptosystem or key used in the encryption.

System Integrity – The quality that a system has when it performs its intended function in an unimpaired manner, free from unauthorized manipulation of the system, whether intentional or accidental.

Attribute of an information system when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.

System Interconnection – The direct connection of two or more IT systems for the purpose of sharing data and other information resources.

System Low – Lowest security level supported by an information system.

System Of Records – A group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual.

System Owner – Person or organization having responsibility for the development, procurement, integration, modification, operation and maintenance, and/or final disposition of an information system.

System Profile – Detailed security description of the physical structure, equipment component, location, relationships, and general operating environment of an information system.

System Security – See Information System Security.

System Security Authorization Agreement (SSAA) – A formal document that fully describes the planned security tasks required to meet system or network security requirements. The package must contain all information necessary to allow the Designated Approving Authority (DAA) to make an official management determination for authorization for a system or site to operate in a particular security mode of operation; with a prescribed set of safeguards; against a defined threat with stated vulnerabilities and countermeasures; in a given operational environment; under a stated operational concept; with stated interconnections to external systems; and at an acceptable level of risk.

System Security Engineering (SSE) – The efforts to help achieve maximum security and survivability of a system during its life cycle and interfacing with other program elements to ensure security functions are effectively integrated into the total system engineering effort.

System Security Plan – Formal document that provides an overview of the security requirements for the information system and describes the security controls in place or planned for meeting those requirements.

The formal document prepared by the information system owner (or common security controls owner for inherited controls) that provides an overview of the security requirements for the system and describes the security controls in place or planned for meeting those requirements. The plan can also contain as supporting appendices or as references, other key security-related documents such as a risk assessment, privacy impact assessment, system interconnection agreements, contingency plan, security configurations, configuration management plan, and incident response plan.

System Security Plan (SSP) – Formal document that provides an overview of the security requirements for the information system and describes the security controls in place

System Software – Computer programs that control, monitor, or facilitate use of the Information System (IS) (e.g., operating systems, programming languages, communication, input-output control, sorts, security packages and other utility-type programs). Also includes off-the-shelf application packages obtained from manufacturers and commercial vendors, such as word processing, spreadsheets, database management, graphics, and computer-aided design.

Systematic Declassification Review – The review for declassification of classified information contained in records that have been determined by the Archivist to have permanent historical value in accordance with Title 44, United States Code (U.S.C), Section 2103.

Systems (PEO-EIS) – The Program Executive Office (PEO), Enterprise

Systems Security Engineering – See Information Systems Security Engineering.

Systems Security Officer – See Information Systems Security Officer.

System-Specific Security Control – A security control for an information system that has not been designated as a common security control or the portion of a hybrid control that is to be implemented within an information system.

Cyber Security Terms That Begin With the Letter T

Tabletop Exercise – A discussion-based exercise where personnel with roles and responsibilities in a particular IT plan meet in a classroom setting or in breakout groups to validate the content of the plan by discussing their roles during an emergency and their responses to a particular emergency situation.A facilitator initiates the discussion by presenting a scenario and asking questions based on the scenario.

Tactical Approval to Operate (T-ATO) – Cognizant Security Authority (CSA)-delegated authority to an operational element to allow a Tactical Sensitive Compartmented Information Facility (T-SCIF) to be functional before formal accreditation is received. NOTE: The Tactical Approval to Operate (T-ATO) may not exceed one year in duration.

Tactical Data – Information that requires protection from disclosure and modification for a limited duration as determined by the originator or information owner.

Tactical Edge – The platforms, sites, and personnel (U. S. military, allied, coalition partners, first responders) operating at lethal risk in a battle space or crisis environment characterized by 1) a dependence on information systems and connectivity for survival and mission success, 2) high threats to the operational readiness ofboth information systems and connectivity, and 3) users are fully engaged, highly stressed, and dependent on the availability, integrity, and transparency of their information systems.

Tactical Sensitive Compartmented Information Facility (T-SCIF) – An area, room, group of rooms, building, or installation accredited for Sensitive Compartmented Information (SCI)-level processing, storage, and discussion that is used for operational exigencies (actual or simulated) for a specified period of time not exceeding 1 year.

Tactical Special Access Program Facility (T-SAPF) – An accredited area used for actual or simulated war operations for a specified period of time.

Tailored Security Control Baseline – A set of security controls resulting from the application of tailoring guidance to the security control baseline. See Tailoring.

Tailoring – The process by which a security control baseline is modified based on: (i) the application of scoping guidance; (ii) the specification of compensating security controls, if needed; and (iii) the specification of organization-defined parameters in the security controls via explicit assignment and selection statements.

Tampering – An intentional event resulting in modification of a system, its intended behavior, or data.

Target Of Evaluation (TOE) – In accordance with Common Criteria, an information system, part of a system or product, and all associated documentation, that is the subject of a security evaluation.

Tear Line – A place in an intelligence report (usually denoted by a series of dashes) at which the sanitized version of a more highly classified or controlled report begins.

Technical Controls – The security controls (i.e., safeguards or countermeasures) for an information system that are primarily implemented and executed by the information system through mechanisms contained in the hardware, software, or firmware components of the system.

Technical Data – Information, other than software, which is required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance, or modification of defense articles. This includes information in the form of blueprints, drawings, photographs, plans, instructions and documentation. Specific examples include: Classified information relating to defense articles and services; information covered by an invention secrecy order; and software directly related to defense articles. NOTE: This definition does not include information concerning general scientific, mathematical, or engineering principles commonly taught in schools, colleges, and universities or information in public domain. It also does not include basic marketing information on function or purpose or general system descriptions of defense articles.

Technical Non-repudiation – The contribution of public key mechanisms to the provision of technical evidence supporting a non-repudiation security service.

Technical Reference Model(TRM) – A component-driven, technical framework that categorizes the standards and technologies to support and enable the delivery of service components and capabilities.

Technical Security – A security discipline dedicated to detecting, neutralizing, and/or exploiting a wide variety of hostile and foreign penetration technologies.

Technical Security Controls – Security controls (i.e., safeguards or countermeasures) for an information system that are primarily implemented and executed by the information system through mechanisms contained in the hardware, software, or firmware components of the system.

Technical Surveillance Countermeasures (TSCM) – Physical, electronic, and visual techniques used to detect and counter technical surveillance devices, technical security hazards, and related physical security deficiencies. See: Countermeasure (CM)

Technical Surveillance Countermeasures (TSCM) Inspection – A Government-sponsored comprehensive physical and electronic examination of an area by trained and specially equipped security personnel to detect or counter technical surveillance penetrations or hazards. See: Technical Surveillance Countermeasures (TSCM)

Technical Surveillance Countermeasures (TSCM) Surveys and Evaluations – A physical, electronic, and visual examination to detect technical surveillance devices, technical security hazards, and attempts at clandestine penetration. See: Technical Surveillance Countermeasures (TSCM)

Technical Threat Analysis – A continual process of compiling and examining all available information concerning potential technical surveillance activities by intelligence collection groups which could target personnel,

Technical Vulnerability – Detailed description of a weakness to include the implementable steps (such as code) necessary to exploit that weakness.

Technology – The information and know-how (whether in tangible form, such as models, prototypes, drawings, sketches, diagrams, blueprints, or manuals, or in intangible form, such as training or technical services) that can be used to design, produce, manufacture, utilize, or reconstruct goods, including computer software and technical data, but not the goods themselves, or the technical information and know-how that can be used to design, produce, manufacture, use, or reconstruct goods, including technical data and computer software.

Technology Control Plan (TCP) – The document that identifies and describes sensitive program information; the risks involved in foreign access to the information; the participation in the program or foreign sales of the resulting system; and the development of access controls and protective measures as necessary to protect the United States (U.S.) technological or operational advantage represented by the system.

Technology Critical – Technologies that would make a significant contribution to the military potential of any country or combination of countries and that may prove detrimental to the security of the United States (U.S.), consisting of:

Arrays of design and manufacturing know-how, including technical data

Keystone manufacturing, inspection, and test equipment

Keystone materials

Goods accompanied by sophisticated operation, application, or maintenance know-how NOTE: Also referred to as Militarily Critical Technology (MCT).

Technology Transfer – Transferring, exporting, or disclosing defense articles, defense services, or defense technical data covered by the United States Munitions List (USML) to any foreign person or entity in the United States (U.S.) or abroad.

Telecommunications – Preparation, transmission, communication or related processing of information (e.g., writing, images, sounds, or other data) by electrical, electromagnetic, electromechanical, electro­optical, or electronic means.

Telecommunications – Preparation, transmission, communication, or related processing of information (writing, images, sounds, or other data) by electrical, electromagnetic, electromechanical, electro-optical, or electronic means.

Telemetry Intelligence (TELINT) – Technical and intelligence information derived from intercept, processing, and analysis of foreign telemetry. Telemetry Intelligence (TELINT) is a subcategory of Foreign Instrumentation Signals Intelligence (FISINT). See: Foreign Instrumentation Signals Intelligence (FISINT)

Telework – Any arrangement in which an employee performs officially assigned duties at an alternative worksite on a regular, recurring, or ad hoc basis, not including while on official travel.

Telework – The ability for an organization’s employees and contractors to perform work from locations other than the organization’s facilities.

Tempest – A name referring to the investigation, study, and control of unintentional compromising emanations from telecommunications and automated information systems equipment.

TEMPEST Test – Laboratory or on-site test to determine the nature of compromising emanations associated with an information system.

TEMPEST Zone – Designated area within a facility where equipment with appropriate TEMPEST characteristics (TEMPEST zone assignment) may be operated.

Temporary Access Eligibility – Access based on the completion of minimum investigative requirements under exceptional circumstances where official functions must be performed prior to completion of the investigation and adjudication process. Temporary eligibility for

Temporary Records – Federal records approved for disposal, either immediately or after a specified retention period. See: Disposable Records

Test – A type of assessment method that is characterized by the process of exercising one or more assessment objects under specified conditions to compare actual with expected behavior, the results of which are used to support the determination of security control effectiveness over time.

Test Key – Key intended for testing of COMSEC equipment or systems.

Threat – Any circumstance or event with the potential to adversely impact agency operations (including mission, functions, image, or reputation), agency assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or Denial of Service (DOS).

Threat Analysis – An Operations Security (OPSEC) process which examines an adversary’s technical and operational capabilities, motivation, and intentions, designed to detect and exploit vulnerabilities

Threat Assessment – Formal description and evaluation of threat to an information system.

Process of formally evaluating the degree of threat to an information system or enterprise and describing the nature of the threat.

Threat Event – An event or situation that has the potential for causing undesirable consequences or impact.

Threat Monitoring – The analysis, assessment, and review of Information System (IS) audit trails and other data collected for the purpose of searching out system events that may constitute violations or attempted violations of data or system security.

Threat Scenario – A set of discrete threat events, associated with a specific threat source or multiple threat sources, partially ordered in time.

Threat Shifting – Response from adversaries to perceived safeguards and/or countermeasures (i.e., security controls), in which the adversaries change some characteristic of their intent to do harm in order to avoid and/or overcome those safeguards/countermeasures.

Threat Source – The intent and method targeted at the intentional exploitation of a vulnerability or a situation and method that may accidentally trigger a vulnerability.Synonymous with Threat Agent.

The intent and method targeted at the intentional exploitation of a vulnerability or a situation and method that may accidentally exploit a vulnerability.

Time Bomb – Resident computer program that triggers an unauthorized act at a predefined time.

Time-Compliance Date – Date by which a mandatory modification to a COMSEC end-item must be incorporated if the item is to remain approved for operational use.

Time-Dependent Password – Password that is valid only at a certain time of day or during a specified interval of time.

TOE Security Functions (TSF) – Set consisting of all hardware, software, and firmware of the TOE that must be relied upon for the correct enforcement of the TOE Security Policy (TSP).

TOE Security Policy (TSP) – Set of rules that regulate how assets are managed, protected, and distributed within the TOE.

Token – Something that the Claimant possesses and controls (typically a key or password) that is used to authenticate the Claimant’s identity.

Something that the claimant possesses and controls (such as a key or password) that is used to authenticate a claim. See also Cryptographic Token.

TOP SECRET – The designation applied to information of which the unauthorized disclosure of could reasonably be expected to cause exceptionally grave damage to national security.

Total Risk – The potential for the occurrence of an adverse event if no mitigating action is taken (i.e., the potential for any applicable threat to exploit a system vulnerability).

Tracking Cookie – A cookie placed on a user’s computer to track the user’s activity on different Web sites, creating a detailed profile of the user’s behavior.

Tradecraft Identity – An identity used for the purpose of work-related interactions that may or may not be synonymous with an individual’s true identity.

Traditional INFOSEC Program – Program in which NSA acts as the central procurement agency for the development and, in some cases, the production of INFOSEC items. This includes the Authorized Vendor Program.Modifications to the INFOSEC end-items used in products developed and/or produced under these programs must be approved by NSA.

Traffic Analysis – A form of passive attack in which an intruder observes information about calls (although not necessarily the contents of the messages) and makes inferences, e.g., from the source and destination numbers, or frequency and length of the messages.

The analysis of patterns in communications for the purpose of gaining intelligence about a system or its users. It does not require examination of the content of the communications, which may or may not be decipherable. For example, an adversary may be able to detect a signal from a reader that could enable it to infer that a particular activity is occurring (e.g., a shipment has arrived, someone is entering a facility) without necessarily learning an identifier or associated data.

Gaining knowledge of information by inference from observable characteristics of a data flow, even if the information is not directly available (e.g., when the data is encrypted). These characteristics include the identities and locations of the source(s) and destination(s) of the flow, and the flow’s presence, amount, frequency, and duration of occurrence.

Traffic Encryption Key (TEK) – Key used to encrypt plain text or to superencrypt previously encrypted text and/or to decrypt cipher text.

Traffic Padding – Generation of mock communications or data units to disguise the amount of real data units being sent.

Traffic-Flow Security (TFS) – Techniques to counter Traffic Analysis.

Training (Information Security) – Training strives to produce relevant and needed (information) security skills and competencies.

Training Effectiveness – A measurement of what a given student has learned from a specific course or training event.

Training Effectiveness Evaluation – Information collected to assist employees and their supervisors in assessing individual students’ subsequent on-the-job performance, to provide trend data to assist trainers in improving both learning and teaching, and to be used in return-on-investment statistics to enable responsible officials to allocate limited resources in a thoughtful, strategic manner among the spectrum of IT security awareness, security literacy, training, and education options for optimal results among the workforce as a whole.

Tranquility – Property whereby the security level of an object cannot change while the object is being processed by an information system.

Transferred Records – Records transferred to Agency storage facilities or a Federal records center.

Transient Electromagnetic Pulse Emanation Standard (TEMPEST) – The investigation, study, and control of compromising emanations from telecommunications and Information Systems (IS) equipment. Certified Equipment/System Equipment or systems that have complied with the national requirements of National Security Telecommunications and Information Systems Security Advisory Memorandum (NSTISSAM) TEMPEST/1-92 Level I or previous editions.

Transient Electromagnetic Pulse Emanation Standard (TEMPEST) Zoned Equipment – Equipment that has been evaluated and assigned an equipment zone corresponding to the level in National Security Telecommunications and Information Systems Security Advisory Memorandum (NSTISSAM) TEMPEST/1-92. This equipment must be installed according to the NSTISSAM and Headquarters (HQ)-Level specialized installation instructions.

Transmission – The sending of information from one place to another by radio, microwave, laser, or other non-connective methods, as well as by cable, wire, or other connective medium. Transmission also includes movement involving the actual transfer of custody and responsibility for a document or other classified material from one authorized addressee to another.

Transmission – The state that exists when information is being electronically sent from one location to one or more other locations.

Transmission Security – Measures (security controls) applied to transmissions in order to prevent interception, disruption of reception, communications deception, and/or derivation of intelligence by analysis of transmission characteristics such as signal parameters or message externals.

Transmission Security (TRANSEC) – The component of Communications Security

Transport Layer Security (TLS) – An authentication and security protocol widely implemented in browsers and Web servers.

Trap door – Operating System (OS) and applications that usually have safeguards to prevent unauthorized personnel from accessing or modifying programs.

Triple DES – An implementation of the Data Encryption Standard (DES) algorithm that uses three passes of the DES algorithm instead of one as used in ordinary DES applications.Triple DES provides much stronger encryption than ordinary DES but it is less secure than AES.

Trojan Horse – A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.

Trust Anchor – A public key and the name of a certification authority that is used to validate the first certificate in a sequence of certificates. The trust anchor’s public key is used to verify the signature on a certificate issued by a trust anchor certification authority. The security of the validation process depends upon the authenticity and integrity of the trust anchor. Trust anchors are often distributed as self-signed certificates.

An established point of trust (usually based on the authority of some person, office, or organization) from which an entity begins the validation of an authorized process or authorized (signed) package. A "trust anchor" is sometimes defined as just a public key used for different purposes (e.g., validating a Certification Authority, validating a signed software package or key, validating the process [or person] loading the signed software or key).

A public or symmetric key that is trusted because it is directly built into hardware or software, or securely provisioned via out-of-band means, rather than because it is vouched for by another trusted entity (e.g. in a public key certificate).

Trust List – The collection of trusted certificates used by Relying Parties to authenticate other certificates.

Trusted Agent – Entity authorized to act as a representative of an agency in confirming Subscriber identification during the registration process. Trusted Agents do not have automated interfaces with Certification Authorities.

Trusted Certificate – A certificate that is trusted by the Relying Party on the basis of secure and authenticated delivery.The public keys included in trusted certificates are used to start certification paths.

Trusted Channel – A channel where the endpoints are known and data integrity is protected in transit.Depending on the communications protocol used, data privacy may be protected in transit. Examples include SSL, IPSEC, and secure physical connection.

Trusted Computer System (TCS) – A system that employs sufficient hardware and software integrity measures to allow its use for processing sensitive or classified information.

Trusted Computing Base (TCB) – Totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination responsible for enforcing a security policy.

Trusted Distribution – Method for distributing trusted computing base (TCB) hardware, software, and firmware components that protects the TCB from modification during distribution.

Trusted Foundry – Facility that produces integrated circuits with a higher level of integrity assurance.

Trusted Identification Forwarding – Identification method used in information system networks whereby the sending host can verify an authorized user on its system is attempting a connection to another host.The sending host transmits the required user authentication information to the receiving host.

Trusted Path – A mechanism by which a person at a terminal can communicate directly with the trusted computing base. This mechanism can only be activated by the person or the trusted computing base and cannot be imitated by untrusted software.

Trusted Path – A mechanism by which a user (through an input device) can communicate directly with the security functions of the information system with the necessary confidence to support the system security policy. This mechanism can only be activated by the user or the security functions of the information system and cannot be imitated by untrusted software.

A means by which an operator and a target of evaluation security function can communicate with the necessary confidence to support the target of evaluation security policy.

Trusted Platform Module (TPM) Chip – A tamper-resistant integrated circuit built into some computer motherboards that can perform cryptographic operations (including key generation) and protect small amounts of sensitive information, such as passwords and cryptographic keys.

Trusted Process – Process that has been tested and verified to operate only as intended.

Trusted Recovery – Ability to ensure recovery without compromise after a system failure.

Trusted Software – Software portion of a trusted computing base (TCB).

Trusted Timestamp – A digitally signed assertion by a trusted authority that a specific digital object existed at a particular time.

Trustworthiness – The attribute of a person or organization that provides confidence to others of the qualifications, capabilities, and reliability of that entity to perform specific tasks and fulfill assigned responsibilities.

The attribute of a person or enterprise that provides confidence to others of the qualifications, capabilities, and reliability of that entity to perform specific tasks and fulfill assigned responsibilities.

Security decisions with respect to extended investigations to determine and confirm qualifications, and suitability to perform specific tasks and responsibilities.

Trustworthy System – Computer hardware, software and procedures that—

TSEC – Telecommunications Security.

TSEC Nomenclature – System for identifying the type and purpose of certain items of COMSEC material.

Tunneling – Technology enabling one network to send its data via another network’s connections.Tunneling works by encapsulating a network protocol within packets carried by the second network.

Two-Part Code – Code consisting of an encoding section, in which the vocabulary items (with their associated code groups) are arranged in alphabetical or other systematic order, and a decoding section, in which the code groups (with their associated meanings) are arranged in a separate alphabetical or numeric order.

Two-Person Control (TPC) – Continuous surveillance and control of positive control material at all times by a minimum of two authorized individuals, each capable of detecting incorrect and unauthorized procedures with respect to the task being performed and each familiar with established security and safety requirements.

Two-Person Integrity – A provision that prohibits one person from working alone.

Two-Person Integrity (TPI) – System of storage and handling designed to prohibit individual access by requiring the presence of at least two authorized individuals, each capable of detecting incorrect or unauthorized security procedures with respect to the task being performed. See No-Lone Zone.

Type 1 Key – Generated and distributed under the auspices of NSA for use in a cryptographic device for the protection of national security information.

Type 1 Product – Cryptographic equipment, assembly or component classified or certified by NSA for encrypting and decrypting national security information when appropriately keyed.Developed using established NSA business processes and containing NSA-approved algorithms.Used to protect systems requiring the most stringent protection mechanisms.

Type 1 Products – Classified or controlled cryptographic items endorsed by the National Security Agency (NSA) for securing classified and sensitive United States (U.S.) Government information, when

Type 2 Key – Generated and distributed under the auspices of NSA for use in a cryptographic device for the protection of unclassified information.

Type 2 Product – Cryptographic equipment, assembly, or component certified by NSA for encrypting or decrypting sensitive information when appropriately keyed. Developed using established NSA business processes and containing NSA-approved algorithms.Used to protect systems requiring protection mechanisms exceeding best commercial practices including systems used for the protection of unclassified information.

Type 3 Key – Used in a cryptographic device for the protection of unclassified sensitive information, even if used in a Type 1 or Type 2 product.

Type 3 Product – Unclassified cryptographic equipment, assembly, or component used, when appropriately keyed, for encrypting or decrypting unclassified sensitive U.S. government or commercial information, and to protect systems requiring protection mechanisms consistent with standard commercial practices. Developed using established commercial standards and containing NIST-approved cryptographic algorithms/modules or successfully evaluated by the National Information Assurance Partnership (NIAP).

Type 4 Key – Used by a cryptographic device in support of its Type 4 functionality, i.e., any provision of key that lacks U.S. government endorsement or oversight.

Type 4 Product – Unevaluated commercial cryptographic equipment, assemblies, or components that neither NSA nor NIST certify for any government usage. These products are typically delivered as part of commercial offerings and are commensurate with the vendor’s commercial practices.These products may contain either vendor proprietary algorithms, algorithms registered by NIST, or algorithms registered by NIST and published in a FIPS.

Type Accepted Telephone – Any telephone whose design and construction conforms to the design standards for Telephone Security Group (TSG)-approved telephone sets.

Type Accreditation – A form of accreditation that is used to authorize multiple instances of a major application or general support system for operation at approved locations with the same type of computing environment. In situations where a major application or general support system is installed at multiple locations, a type accreditation will satisfy C&A requirements only if the application or system consists of a common set of tested and approved hardware, software, and firmware.

Type Certification – The certification acceptance of replica information systems based on the comprehensive evaluation of the technical and nontechnical security features of an information system and other safeguards, made as part of and in support of the formal approval process, to establish the extent to which a particular design and implementation meet a specified set of security requirements.

Cyber Security Terms That Begin With the Letter U

U.S. Controlled Facility – Base or building to which access is physically controlled by U.S. individuals who are authorized U.S. government or U.S.government contractor employees.

U.S. Controlled Space – Room or floor within a facility that is not a U.S. controlled facility, access to which is physically controlled by U.S. individuals who are authorized U.S. government or U.S. government contractor employees. Keys or combinations to locks controlling entrance to U.S. controlled spaces must be under the exclusive control of U.S. individuals who are U.S. government or U.S. government contractor employees.

Umbrella Special Access Program (SAP) – An approved Department of Defense (DoD) Special Access Program (SAP) that contains compartments for specific projects within the overall program. While there is no formal requirement to obtain separate approval for each individual project under the umbrella SAP, each project must be consistent with the Special Access Program Oversight Committee (SAPOC)-approved scope of the umbrella SAP. The nickname, program description, and accomplishments of each significant project will be reported in the annual Special Access Program report. NOTE: An individual participant’s access can be afforded across-the-board at the umbrella level or specific individual project access can be granted on a limited or non-umbrella level.

Unacknowledged Special Access Program (SAP) – The existence of the Special Access Program (SAP) is protected as special access and the details, technologies, materials, techniques, etc., of the program are classified as dictated by their vulnerability to exploitation and the risk of compromise. Program funding is often unacknowledged, classified, or not directly linked to the program.The four Congressional Defense Committees normally have access to the unacknowledged SAP.

Unauthorized Access -Unauthorized Access – Occurs when a user, legitimate or unauthorized, accesses a resource that the user is not permitted to use.

Any access that violates the stated security policy.

Unauthorized Person – A person not authorized to have access to specific classified information.

Unclassified Internet Protocol Router Network – Used to exchange sensitive but unclassified information between “internal” users as well as

Uncontrolled Access Area (UAA) – The space in and around a building where no personnel access controls are exercised.

Unified Network – A connected collection of systems or networks that are accredited under a single System Security Plan (SSP); as a single entity; and by a single Cognizant Security Authority (CSA). A unified network can be as simple as a small standalone Local Area Network (LAN) operating at Protection Level 1, following a single security policy, accredited as a single entity, and administered by a single Information System Security Officer (ISSO). The network can be as complex as a collection of hundreds of LANs separated over a wide area but still following a single security policy accredited as a single CSA. The perimeter of each network encompasses all its hardware, software, and attached devices, and its boundary extends to all of its users.

United States Computer Emergency Readiness Team (US-CERT) – The Department of Homeland Security (DHS United States Computer Emergency Readiness Team (US-CERT) is responsible for analyzing and reducing cyber threats and vulnerabilities, disseminating cyber threat warning information, and coordinating incident response activities.

United States Cyber Command (USCYBERCOM) – The United States Cyber Command (USCYBERCOM) plans, coordinates, integrates, synchronizes, and conducts activities to direct the operations and defense of specified Department

United States Government Configuration Baseline – The United States Government Configuration Baseline (USGCB) provides security configuration baselines for Information Technology products widely deployed across the federal agencies. The USGCB baseline evolved from the federal Desktop Core Configuration mandate. The USGCB is a Federal government-wide initiative that provides guidance to agencies on what should be done to improve and maintain an effective configuration settings focusing primarily on security.

United States Strategic Command (USSTRATCOM) – The United States Strategic Command (USSTRATCOM) directs the operation and defense of the Global Information Grid (GIG) to assure timely and secure net-centric capabilities across strategic, operational, and tactical boundaries in support of the Department of Defense’s (DoD) full spectrum of warfighting, intelligence, and business missions. See: Global Information Grid (GIG)

Unscheduled Records – Federal records whose final disposition has not been approved.

Unsigned data – Data included in an authentication token, in addition to a digital signature.

Untrusted Process – Process that has not been evaluated or examined for correctness and adherence to the security policy. It may include incorrect or malicious code that attempts to circumvent the security mechanisms.

Update (key) – Automatic or manual cryptographic process that irreversibly modifies the state of a COMSEC key.

Upgrade – A determination that certain classified information, in the interest of national security, requires a higher degree of protection against unauthorized disclosure than currently provided, coupled with a changing of the classification designation to reflect such a higher degree.

US-CERT – A partnership between the Department of Homeland Security and the public and private sectors, established to protect the nation’s Internet infrastructure. US-CERT coordinates defense against and responses to cyber attacks across the nation.

User – Individual or (system) process authorized to access an information system.

Individual, or (system) process acting on behalf of an individual, authorized to access an information system.

An individual or a process (subject) acting on behalf of the individual that accesses a cryptographic module in order to obtain cryptographic services.

User ID – Unique symbol or character string used by an information system to identify a specific user.

User Identification – A unique symbol or character string that is used by an Information System (IS) to uniquely identify a specific user.

User Initialization – A function in the life cycle of keying material; the process whereby a user initializes its cryptographic application (e.g., installing and initializing software and hardware).

User Partnership Program (UPP) – Partnership between the NSA and a U.S. government agency to facilitate development of secure information system equipment incorporating NSA-approved cryptography.The result of this program is the authorization of the product or system to safeguard national security information in the user’s specific application.

User Registration – A function in the life cycle of keying material; a process whereby an entity becomes a member of a security domain.

User Representative (COMSEC) – Individual authorized by an organization to order COMSEC keying material and interface with the keying system, provide information to key users, and ensure the correct type of key is ordered.

User Representative (Risk Management) – The person that defines the system’s operational and functional requirements, and who is responsible for ensuring that user operational interests are met throughout the systems authorization process.

Users – Any person who interacts directly with an Automated Information System (AIS) or a network system. This includes both those persons who are authorized to interact with the system and those people who interact without authorization (e.g., active/passive wiretapping).

Cyber Security Terms That Begin With the Letter V

Valid Data Element – A payload, an associated data string, or a nonce that satisfies the restrictions of the formatting function.

Validation – The process of demonstrating that the system under consideration meets in all respects the specification of that system.

Confirmation (through the provision of strong, sound, objective evidence) that requirements for a specific intended use or application have been fulfilled (e.g., a trustworthy credential has been presented, or data or information has been formatted in accordance with a defined set of rules, or a specific process has demonstrated that an entity under consideration meets, in all respects, its defined attributes or requirements).

Variant – One of two or more code symbols having the same plain text equivalent.

Vault – A room(s) used for the storing, handling, discussing, and/or processing of Special Access Program (SAP) information and constructed to afford maximum protection against unauthorized entry.

Vendor – The manufacturer or sellers of the Automated Information System (AIS) equipment and/or software used on the special program.

Verification – Confirmation, through the provision of objective evidence, that specified requirements have been fulfilled (e.g., an entity’s requirements have been correctly defined, or an entity’s attributes have been correctly presented; or a procedure or function performs as intended and leads to the expected outcome).

Verified Name – A Subscriber’s name that has been verified by identity proofing.

Verifier – An entity that verifies the Claimant’s identity by verifying the Claimant’s possession and control of a token using an authentication protocol. To do this, the Verifier may also need to validate credentials that link the token and identity and check their status.

An entity which is or represents the entity requiring an authenticated identity. A verifier includes the functions necessary for engaging in authentication exchanges.

Verifier Impersonation Attack – A scenario where the Attacker impersonates the Verifier in an authentication protocol, usually to capture information that can be used to masquerade as a Claimant to the real Verifier.

Violation – Any knowing, willful, or negligent action that could reasonably be expected to result in an unauthorized disclosure of classified information; or, any knowing, willful, or negligent action to classify or continue the classification of information contrary to the requirements of Executive Order (EO) 13526, “Classified National Security Information,” or its implementing directives; or, any knowing, willful, or negligent action to create or continue a special access program contrary to the requirements of EO 13526.

Virtual Machine (VM) – Software that allows a single host to run one or more guest operating systems.

Virtual Private Network (VPN) – A virtual network, built on top of existing physical networks, that provides a secure communications tunnel for data and other information transmitted between networks.

Protected information system link utilizing tunneling, security controls (see Information Assurance), and endpoint address translation giving the impression of a dedicated line

Virus – A malicious computer program that is designed to replicate itself by copying itself into the other programs stored in a computer. The intent of the virus is varying levels of negative effects, such as causing a program to operate incorrectly or corrupting a computer’s memory. See: Malicious Code

Volatile Memory – Computer memory that does not retain data after removal of all electrical power sources and/ or when reinserted into a similarly configured Automated Information System (AIS). In contrast to Non-Volatile Memory (NVM), volatile memory retains data as long as the power supply is on, but if the power supply is removed or interrupted, the stored memory is lost. See: Non-Volatile Memory (NVM); Non-Volatile Random-Access Memory (NVRAM)

Voting Securities – Any securities that presently entitle the owner or holder thereof to vote for the election of directors of the issuer or, with respect to unincorporated entities, individuals exercising similar functions.

Vulnerability – Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.

A weakness in a system, application, or network that is subject to exploitation or misuse.

Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source.

Vulnerability Assessment – Formal description and evaluation of the vulnerabilities in an information system.

Systematic examination of an information system or product to determine the adequacy of security measures, identify security deficiencies, provide data from which to predict the effectiveness of proposed security measures, and confirm the adequacy of such measures after implementation.

Cyber Security Terms That Begin With the Letter W

Waived Special Access Program (SAP) – A. An unacknowledged Special Access Program (SAP) to which access is extremely limited in accordance with the statutory authority of Section 119E of 10 United States Code (U.S.C), Reference
b. The unacknowledged SAP protections also apply to Waived SAPs. Only the Chairman, Senior Minority member, and, by agreement, their Staff Directors of the four Congressional Defense Committees normally have access to program material.

Waiver (Personnel Security) – Access eligibility granted or continued despite the presence of substantial issue information that would normally preclude access. See: Condition (Personnel Security), Deviation (Personnel Security); Exception (Personnel Security)

Warm Site – An environmentally conditioned workspace that is partially equipped with information systems and telecommunications equipment to support relocated operations in the event of a significant disruption.

Backup site which typically contains the data links and preconfigured equipment necessary to rapidly start operations, but does not contain live data.Thus commencing operations at a warm site will (at a minimum) require the restoration of current data.

Web Bug – A tiny image, invisible to a user, placed on Web pages in such a way to enable third parties to track use of Web servers and collect information about the user, including IP address, host name, browser type and version, operating system name and version, and cookies.

Malicious code, invisible to a user, placed on Web sites in such a way that it allows third parties to track use of Web servers and collect information about the user, including IP address, host name, browser type and version, operating system name and version, and Web browser cookie.

Web Content Filtering Software – A program that prevents access to undesirable Web sites, typically by comparing a requested Web site address to a list of known bad Web sites.

Web Risk Assessment – Processes for ensuring Web sites are in compliance with applicable policies.

White Team – 1. The group responsible for refereeing an engagement between a Red Team of mock attackers and a Blue Team of actual defenders of their enterprise’s use of information systems.In an exercise, the White Team acts as the judges, enforces the rules of the exercise, observes the exercise, scores teams, resolves any problems that may arise, handles all requests for information or questions, and ensures that the competition runs fairly and does not cause operational problems for the defender’s mission.The White Team helps to establish the rules of engagement, the metrics for assessing results and the procedures for providing operational security for the engagement. The White Team normally has responsibility for deriving lessons-learned, conducting the post engagement assessment, and promulgating results.

Whitelist – A list of discrete entities, such as hosts or applications that are known to be benign and are approved for use within an organization and/or information system.

Wide Area Network (WAN) – A computer network that services a large area. Wide Area Networks (WANs) typically span large

Wi-Fi Protected Access-2 (WPA2) – The approved Wi-Fi Alliance interoperable implementation of the IEEE 802.11i security standard.For federal government use, the implementation must use FIPS-approved encryption, such as AES.

Wiki – Web applications or similar tools that allow identifiable users to add content (as in an Internet forum) and allow anyone to edit that content collectively.

Wired Equivalent Privacy (WEP) – A security protocol, specified in the IEEE 802.11 standard, that is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN. WEP is no longer considered a viable encryption mechanism due to known vulnerabilities

Wireless Application Protocol (WAP) – 1. A standard that defines the way in which Internet communications and other advanced services are provided on wireless mobile devices.

2. A device that acts as a conduit to connect wireless communication devices together to allow them to communicate and create a wireless network.

Wireless Local Area Network – A group of wireless networking devices within a limited geographic area, such as an office building, that exchange data through radio communications.The security of each WLAN is heavily dependent on how well each WLAN component—including client devices, APs, and wireless switches—is secured throughout the WLAN lifecycle, from initial WLAN design and deployment through ongoing maintenance and monitoring.

Wireless Technology – Technology that permits the transfer of information between separated points without physical connection.

Note: Currently wireless technologies use infrared, acoustic, radio frequency, and optical.

Work Factor – Estimate of the effort or time needed by a potential perpetrator, with specified expertise and resources, to overcome a protective measure.

Working Group (CMIWG) – An Intelligence Community (IC) forum under the purview of the Director of National Intelligence (DNI) Classification and Control Markings (CCM) branch. The Classification Markings and Implementation Working Group (CMIWG), comprised of IC and non-IC members, are responsible for coordinating changes to the Controlled Access Program Coordination Office (CAPCO) Authorized

Working Paper(s) – A draft classified document, portion of a classified document, or material accumulated or created while preparing a finished document.

Workstation – A high-performance, microprocessor-based platform that uses specialized software applicable to the work environment.

Worm – A self-propagating, self-contained malicious program that uses networking mechanisms to spread itself

Write – Fundamental operation in an information system that results only in the flow of information from a subject to an object. See Access Type.

Write Access – Permission to write to an object in an information system.

Write-Blocker – A device that allows investigators to examine media while preventing data writes from occurring on the subject media.

Write-Protect – A term used to indicate that there is a machine hardware capability which may be manually used to protect some storage media from accidental or unintentional overwrite by inhibiting the write capability of the system.

Cyber Security Terms That Begin With the Letter X

X.509 Certificate – The X.509 public-key certificate or the X.509 attribute certificate, as defined by the ISO/ITU-T X.509 standard. Most commonly, an X.509 certificate refers to the X.509 public-key certificate.

X.509 Public Key Certificate – A digital certificate containing a public key for entity and a name for the entity, together with some other information that is rendered unforgeable by the digital signature of the certification authority that issued the certificate, encoded in the format defined in the

Zero Fill – To fill unused storage locations in an information system with the representation of the character denoting "0."

Zeroization – A method of erasing electronically stored data, cryptographic keys, and CSPs by altering or deleting the contents of the data storage to prevent recovery of the data. A method of erasing electronically stored data, cryptographic keys, and Credentials Service Providers (CSPs) by altering or deleting the contents of the data storage to prevent recovery of the data.

Cyber Security Terms That Begin With the Letter Z

Zeroize – To remove or eliminate the key from a cryptographic equipment or fill device. Overwrite a memory location with data consisting entirely of bits with the value zero so that the data is destroyed and not recoverable. This is often contrasted with deletion methods that merely destroy reference to data within a file system rather than the data itself.

Zombie – A program that is installed on a system to cause it to attack other systems.

Zone Of Control – Three-dimensional space surrounding equipment that processes classified and/or sensitive information within which TEMPEST exploitation is not considered practical or where legal authority to identify and remove a potential TEMPEST exploitation exists.