Category : Various Text files
Archive   : GLOS1.ZIP
Filename : GLOS1.ASC

 
Output of file : GLOS1.ASC contained in archive : GLOS1.ZIP


DRAFT

NTISS


ADVISORY MEMORANDUM

GLOSSARY OF COMPUTER SECURITY TERMINOLOGY



September 11, 1987



DRAFT




TABLE OF CONTENTS







Page

FOREWORD.................................................ii

ACRONYMS.................................................iii-vi

REFERENCES...............................................vii-x

GLOSSARY OF COMPUTER SECURITY TERMINOLOGY................1-125




* Work performed under the auspices of the U.S. Department of
Energy by the Lawrence Livermore National Laboratory under
Contract No. W-7405-Eng-48.


i



FOREWORD



This glossary is intended as a handy reference and a
practical guide to the specialized terminology used in the field
of computer security. It is largely composed of definitions
taken from official documents of United States Government
departments and agencies. Other sources for terms and
definitions include documents from private organizations and
individuals.

Where two or more organizations define and use a term
differently, multiple definitions are listed. There is no
significance to the order in which terms having multiple
definitions are listed. Where definitions are essentially the
same or identical, one version is included and reference is made
to the other organizations using the same definition. The first
reference listed after a definition is the source document.

All entries within the glossary are listed in strict
alphabetical order, without regard to spaces, hyphens, or other
separation characters. Thus, the entry for CONTROLLED ACCESS
AREA can be found before the definition for CONTROLLED
ACCESSIBILITY.

It is hoped that this multiple source document will provide
insight into the different ways computer security terminology is
being used. Eventually there will be a convergence, and single
definitions will appear. We are working towards this as a goal.
This glossary serves a valuable purpose in the interim.

Questions pertaining to this glossary and requests for
additional copies should be directed to the Executive Secretary,
National Telecommunications and Information Systems Security
Committee (NTISSC), Fort George G. Meade, MD, 20755-6000.



WILLIAM E. ODOM
Lieutenant General, USA



ii




Acronyms Used Within This Document



ADP Automatic Data Processing, Automated Data Processing

AFR Air Force Regulation

AIS Automated Information System

ALE Annual Loss Expectancy

AR Army Regulation

ATT American Telephone and Telegraph

BBS Bulletin Board System or Bulletin Board Software

CAA Controlled Access Area

COMINT Communications Intelligence

COMPUSEC Computer Security

COMSEC Communications Security

CPU Central Processing Unit

CSTVRP Computer Security Technical Vulnerability Reporting
Program

CSSO Computer System Security Officer

DAA Designated Approving Authority

DCID Director Central Intelligence Directive

DOD Department of Defense

DODD Department of Defense Directive

DOE Department of Energy

DON Department of the Navy

DTLS Descriptive Top Level Specification

EEFI Essential Elements of Friendly Information

iii
EFT Electronic Funds Transfer

EPL Evaluated Products List

FIPS PUB Federal Information Processing Standard Publication

FTLS Formal Top Level Specification

FOIA Freedom Of Information Act

FOUO For Official Use Only

FRD Formerly Restricted Data

GAO General Accounting Office

HDM Hierarchical Development Methodology

IAC Information Analysis Center

IBM International Business Machines

I/O Input Output

IPC Interprocess Communication

ISRD Information System Requirements Document

ISSO Information System Security Officer

LIMDIS Limited Distribution

LLNL Lawrence Livermore National Laboratory

MTR Mitre Corporation

NATO North Atlantic Treaty Organization

NCSC National Computer Security Center

NKSR Non-Kernel Security Related Software

NOFORN Not Releasable to Foreign Nationals

NSA National Security Agency

NSDD National Security Decision Directive

NSI National Security Information

NTIS National Technical Information Service

iv
NTISS National Telecommunications and Information Systems
Security

NTISSC National Telecommunications and Information Systems
Security Committee

NTISSD National Telecommunications and Information Systems
Security Directive

OEM Original Equipment Manufacturer

OMB CIRC Office of Management and Budget Circular

OPI Office of Primary Interest

OPNAVINST Office of Navy Operations Instruction

OPSEC Operations Security

ORCON Originator Controlled

OUSDR&E Office of the Under Secretary of Defense for Research
and Engineering

PCS Physical Control Space, Physically Controlled Space

PDS Protected Distribution System

PROPIN Proprietary Information

PSOS Provably Secure Operating System

RAM Random Access Memory

RD Restricted Data

REL Releasable only to those mentioned

ROM Read Only Memory

SAISS Subcommittee on Automated Information Systems Security

SCI Sensitive Compartmented Information, Sensitive
Compartmented Intelligence

SIOP-ESI Single Integrated Operational Plan-Extremely Sensitive
Information

SOIC Senior Official of the Intelligence Community

SON Statement of Need

v
SOW Statement of Work

SRI SRI International

SSO System Security Officer

SSSG Systems Security Steering Group

ST&E Security Test and Evaluation

STI Scientific and Technical Information

STS Subcommittee on Telecommunications Security

TCB Trusted Computing Base

US United States

USAF United States Air Force

USC United States Code

USER ID User Identification

WNINTEL Warning Notice--Intelligence Sources or Methods
Involved




vi


REFERENCES

The following documents are the original sources for the
definitions appearing within this glossary:



(AFR 205-16) Air Force Regulation 205-16, (draft).

(AFR 700-10) Air Force Regulation 700-10, "Information
System Security," of 3/15/85.

(AR 380-380) Army Regulation 380-380, "Automation
Security," of 3/8/85.

(A-123) Office of Management and Budget Circular
A-123, "Internal Control Systems," of
10/28/81.

(A-130) Office of Management and Budget Circular
A-130, "Management of Federal Information
Resources," of 12/12/85.

(BBD) "The Bulletin Board Dictionary", anon., no
date.

(CSC-STD-001-83) CSC-STD-001-83, "DOD Trusted Computer System
Evaluation Criteria," of 8/15/83.

(CSC-STD-002-85) CSC-STD-002-85, "DOD Password Management
Guideline," of 4/12/85.

(CSC-STD-003-85) CSC-STD-003-85, "DOD Computer Security
Requirements," of 6/25/85.

(CSC-STD-004-85) CSC-STD-004-85, "Technical Rationale Behind
CSC-STD-003-85," of 6/25/85.

(CSC-STD-005-85) CSC-STD-005-85, "DOD Magnetic Remanence
Security Guideline," of 11/15/85. (*)


----------
(*) Extract made by permission of originating organization.





vii
(DCID 1/16) Director of Central Intelligence Directive
1/16, "Security Policy on Intelligence
Information in Automated Data Processing
Systems and Networks, Computer Security
Manual," of 1/4/83. (*)

(DCID 1/16, Sup.) Supplement to DCID 1/16 titled: "Uniform
Safeguards for the Protection of 'Critical
Systems' Processing Intelligence
Information," of 12/84. (*)

(DOD 5200.1-R) Department of Defense Directive 5200.1-R,
"Information Security Program Regulation," of
6/86.

(DODD 2040.2) Department of Defense Directive 2040.2,
"International Transfers of Technology,
Goods, Services and Munitions," of 1/17/84.

(DODD 3200.12) Department of Defense Directive 3200.12, "DOD
Scientific and Technical Information
Programs," of 2/15/83.

(DODD 5200.28) Department of Defense Directive 5200.28,
(draft).

(DODD 5200.28M) Department of Defense Directive 5200.28M,
"ADP Security Manual," of 1/73.

(DODD 5200.28-STD) Department of Defense Standard 5200.28-STD,
"Department of Defense Trusted Computer
System Evaluation Criteria," of 12/85.

(DODD 5215.1) Department of Defense Directive 5215.1,
"Computer Security Evaluation Center," of
10/25/82.

(DODD 5230.24) Department of Defense Directive 5230.24,
"Distribution Statements on Technical
Documents," of 11/20/84.

(DODD 5230.25) Department of Defense Directive 5230.25,
"Withholding of Unclassified Technical Data
from Public Disclosure," of 11/6/84.

(DODD 7040.6) Department of Defense Directive 7040.6,
"Internal Control Systems," of 3/24/82.

(DODI 5215.2) Department of Defense Instruction 5215.2,
"Computer Security Technical Vulnerability
Reporting Program (CSTVRP)," of 9/2/86.

----------
(*) Extract made by permission of originating organization.




viii


(DOE 1360.2A) Department of Energy Order 1360.2A, "Computer
Security Program for Unclassified Computer
Systems and Sensitive Unclassified
Information," (draft), received 9/30/86.

(DOE 5635.1A) Department of Energy Order 5635.1A,
"Control of Classified Documents and
Information," (draft).

(DOE 5636.2A) Department of Energy Order 5636.2A,
"Security Requirements for Classified
Automated Data Processing Systems,"
(draft).

(ed.) The editors.

(EO 12356) Executive Order 12356, "National Security

Information," of 4/2/82.

(FIPS PUB 39) Federal Information Processing Standards
Publication 39, "Glossary for Computer
Systems Security," National Bureau of
Standards, of 2/15/76.

(FIPS PUB 112) Federal Information Processing Standards
Publication 112, "Password Usage," National
Bureau of Standards, of 5/30/85.

(GAO) General Accounting Office, "Survey of
Computer and Telecommunications Based
Information Systems Security in the Civil
Sector of the Federal Government," no date.

(JCS PUB 22) Joint Chiefs of Staff Publication 22,
"WWMCCS ADP System Security Manual," of
1/80.

(JL) Llaurado, J.G., "Breaches of Computer
Security," International Journal of
Bio-Medical Computing, v. 14, no. 2, pp.
87-93, of 3/83.

(MS) Michael Shain, private communication, of
1/9/87.


-----------
(*) Extract made by permission of originating organization.




ix
(MTR-8201) Mitre Corporation Technical Report
MTR-8201, "Trusted Computer
Systems-Glossary," of 3/81. (*)

(NACSIM 5203) NACSIM 5203, "Guidelines for Facility
Design and Red/Black Installation," of
6/30/82.

(NCSC-9) NCSC-9, "National Communications Security
(COMSEC) Glossary," of 9/1/82.

(NCSC-TG-004) National Computer Security Center,
"National Computer Security Center Computer
Security Glossary of Terms," (draft),
received 7/24/87.

(NSDD-145) National Security Decision Directive 145,
"National Policy on Telecommunications and
Automated Information Systems Security," of
12/17/84.

(NTISSD-901) National Telecommunications and Information
Systems Security Directive No. 901,
"National Telecommunications and
Information Systems Security Issuances," of
9/25/85.

(OPNAVINST 5239.1A) Office of Navy Operations Instruction
5239.1A, "Department of the Navy Automatic
Data Processing Security Program," of
3/8/82.

(PC/PCIE) Prevention Committee, President's Council
on Integrity and Efficiency, "Computers:
Crimes, Clues, and Controls," (NTIS no.
PB86-221850), of 3/86.

(TC) Conlon, Theresa, "Parker's Guide to
Hackers' Lexicon," Computer Decisions, of
7/15/85.

(WB) Banks, William W., et al., "Security
Checklist for Computer Based Information
Systems for the Air Force Logistics
Command," Lawrence Livermore National
Laboratory, (LLNL no. UCAR-10135), of
10/85. (*)


----------
(*) Extract made by permission of originating organization.

x




Glossary of Computer Security Terminology


ABORTED Disconnection which does not follow established
CONNECTION procedures. This may occasionally result from a
bad phone connection, but more typically results
when the user "hangs up" without attempting to
issue the disconnect commands. Note: Some
systems are sensitive to aborted connections,
and do not detect the disconnect and reset for
the next user. Continued aborts are considered
[improper], and may result in a warning or
revocation of access privileges. (BBD)

ACCEPTABLE 1) An assessment by the appropriate approving
LEVEL authority that a system meets the minimum
OF RISK requirements of applicable security directives.
(NCSC-TG-004)

2) A judicious and carefully considered assessment
by the appropriate Designated Approving
Authority (DAA) that an automatic data
processing (ADP) activity or network meets the
minimum requirements of applicable security
directives. The assessment should take into
account the value of ADP assets; threats and
vulnerabilities; countermeasures and their
efficacy in compensating for vulnerabilities;
and operational requirements. (OPNAVINST
5239.1A)

ACCEPTANCE 1) Indicates a facility or system generally meets
technical and performance standards but may
have minor exceptions which do not keep the
facility from meeting operational and security
requirements. (AFR 700-10)

2) The condition that exists when a facility or
system generally meets technical performance
standards and security requirements.
(NCSC-TG-004)

ACCEPTANCE The final inspection to determine if a facility
INSPECTION or system meets the certified technical and
performance standards. Note: this inspection is
held immediately after facility and software
testing and is the basis for commissioning or
accepting the information system. (NCSC-TG-004;
AFR 700-10)

ACCESS 1) A specific type of interaction between a
subject and an object that results in the flow
of information from one to the other.
(CSC-STD-001-83; AR 380-380; DCID 1/16, Sup.;
JCS PUB 22; NCSC-TG-004)

2) The ability and the means to approach,
communicate with (input to or receive output
from), or otherwise make use of any material or
component in an ADP system or network. (DCID
1/16; DODD 5200.28M)

3) A specific type of interaction between a
subject (i.e., person, process or input device)
and an object (i.e., an AIS resource such as a
record, file, program, output device) that
results in the flow of information from one to
the other. (DODD 5200.28)

4) The ability and the means necessary to approach,
to store or retrieve data, to communicate with,
or to make use of any resource of an ADP
system. (FIPS PUB 39)

5) The ability and the means to approach,
communicate with (input to or receive output
from), or otherwise make use of any material or
component in an ADP system. Personnel only
receiving output products from the ADP system
and not inputting to or otherwise interacting
with the system (i.e., no "hands on" or other
direct input or inquiry capability) are not
considered to have ADP system access and are
accordingly not subject to the personnel
security requirements. Such output products,
however, shall either be reviewed prior to
dissemination or otherwise determined to be
properly identified as to content and
classification. (OPNAVINST 5239.1A; AFR 205-16;
AFR 700-10)

ACCESS CATEGORY One of the classes to which a user, program or
process in a system may be assigned on the basis
of the resources that each is authorized to use.
(NCSC-TG-004; AR 380-380; FIPS PUB 39)

ACCESS CONTROL 1) The process of limiting access to the resources
of a system to authorized users, programs,
processes or other systems (in networks). (AR
380-380)

2) The process of limiting access to information or
to resources of an ADP system to only authorized
users. (DOE 5636.2A)

3) The process of limiting access to resources to
authorized users, programs, processes, or other
networks. (NCSC-TG-004; FIPS PUB 39)

4) Synonymous with CONTROLLED ACCESS and CONTROLLED
ACCESSIBILITY.

ACCESS CONTROL A list of subjects which are authorized to have
LIST access to some object. (MTR-8201)

ACCESS CONTROL Hardware and software features, physical
MEASURES controls, operating procedures, management
procedures, and various combinations of these
designed to detect or prevent unauthorized
access to an ADP system and to enforce access
control. (DOE 5636.2A)

ACCESS CONTROL Hardware or software features, operating
MECHANISM(S) procedures, management procedures, and various
combinations of these designed to detect and
prevent unauthorized access and to permit
authorized access to an automated system. (AR
380-380; FIPS PUB 39; NCSC-TG-004)

ACCESS CONTROL A list of personnel, users, and so forth, that
ROSTER documents the degree of access and control for
each person. (AFR 205-16)

ACCESS LEVEL 1) The hierarchical portion of the security level
used to identify the sensitivity of data and the
clearance or authorization of users. Note: The
access level, in conjunction with the
non-hierarchical categories, forms the
sensitivity label of an object. (NCSC-TG-004)

2) See SECURITY LEVEL, CATEGORY, and SENSITIVITY
LABEL.

ACCESS LIST A catalog of users, programs, and/or processes
and the specifications of access categories to
which each is assigned. (NCSC-TG-004; AR
380-380; FIPS PUB 39)

ACCESS MODE A distinct operation recognized by the pro-
tection mechanisms as a possible operation on an
object. Read, write and append are possible
modes of access to a file, while execute is an
additional mode of access to a program.
(MTR-8201)

ACCESS PASSWORD A password used to authorize access to data and
distributed to all those who are authorized
similar access to that data. (FIPS PUB 112)

ACCESS PERIOD A segment of time, generally expressed on a
daily or weekly basis, during which access
rights prevail. (FIPS PUB 39; NCSC-TG-004)

ACCESS PORT A logical or physical identifier that a computer
uses to distinguish different terminal
input/output data streams. (CSC-STD-002-85;
NCSC-TG-004)

ACCESS TO The function of providing to members of the
INFORMATION public, upon their request, the government
information to which they are entitled under
law. (A-130)

ACCESS TYPE The nature of an access right to a particular
device, program, or file (such as read, write,
execute, append, modify, delete, and create).
(NCSC-TG-004; AR 380-380; FIPS PUB 39)

ACCOUNTABILITY 1) The quality or state which enables violations or
attempted violations of ADP system security to
be traced to individuals who may then be held
responsible. (FIPS PUB 39; AR 380-380)

2) The property that enables activities on a system
to be traced to individuals who may then be held
responsible for their actions. (NCSC-TG-004;
DODD 5200.28; DOE 5636.2A)

ACCOUNTABILITY A set of records, often referred to as an audit
INFORMATION trail, that collectively provide documentary
evidence of the processing or other actions
related to the security of an ADP system. (DOE
5636.2A)

ACCREDITATION 1) Official authorization, by the appropriate DAA,
to place an automated system into operational
use. This authorization is a statement that the
level of residual risk in operating the system
is sufficiently low to allow operation for a
specified use. Accreditation is site specific
and dependent on meeting local security measures
and procedures. (AFR 205-16)

2) The official authorization granted to an
information system to process sensitive
information in its operational environment
based on comprehensive security evaluation of
the system's hardware, firmware, and software
security design, configuration and
implementation and of the other system
procedural, administrative, physical, TEMPEST,
personnel and communications security
controls. (AFR 700-10; CSC-STD-001-83)

3) The authorization and approval granted to a
system or network to process classified or
sensitive data. Accreditation will be made on
the basis of certification by a competent
authority that designated technical personnel
have verified that specified technical
requirements for achieving adequate data
security have been met. (AR 380-380)

4) A formal declaration by the responsible SOIC, or
his designee, as appropriate, that the ADP
system or network provides an acceptable level
of protection for processing and/or storing
intelligence information. An accreditation
should state the operating mode and other
parameters peculiar to the ADP system or network
being accredited. (DCID 1/16, Sup.)

5) The documented authorization, by the designated
authority, granted to an organization or
individual to operate an ADP system or network
in a specific environment to process, store,
transfer or provide access to classified
information. (DOE 5636.2A)

6) The authorization and approval, granted to an
ADP system or network to process sensitive data
in an operational environment, and made on the
basis of a certification by designated technical
personnel of the extent to which design and
implementation of the system meet pre-specified
technical requirements for achieving adequate
data security. (FIPS PUB 39)

7) A formal declaration by an approving authority
that a system is approved to operate in a
particular security mode using a prescribed set
of safeguards.
Note: Accreditation is the official management
authorization for operation of a system and is
based on the certification process as well as
other management considerations. The
accreditation statement affixes security
responsibility with the approving authority and
shows that due care has been taken for
security. Also called APPROVAL TO OPERATE.
(NCSC-TG-004; DODD 5200.28; JCS PUB 22)

8) A policy decision by the responsible DAA
resulting in a formal declaration that
appropriate security countermeasures have been
properly implemented for the ADP activity or
network, so that the activity or network is
operating at an acceptable level of risk. The
accreditation should state the mode of operation
and any operating limitations applicable to the
ADP activity or network. (OPNAVINST 5239.1A)

9) See APPROVAL TO OPERATE and APPROVAL/
ACCREDITATION.

ACCREDITATION 1) An official designated to accredit systems
AUTHORITY for the processing, use, storage, and production
of sensitive defense material. (AR 380-380)

2) See DESIGNATED APPROVING AUTHORITY.

ACTIVE The attaching of an unauthorized device, such
WIRETAPPING as a computer terminal, to a communications
circuit for the purpose of obtaining access to
data through the generation of false signals, or
by altering the communications of legitimate
users. (FIPS PUB 39)

ACTIVITY A security model rule stating that once an
object is made inactive, it cannot be accessed
until it is made active again. (MTR-8201)

ADD-ON SECURITY 1) The retrofitting of protection mechanisms,
implemented by hardware or software, after the
ADP system has become operational. (AR 380-380;
FIPS PUB 39)

2) The retrofitting of protection mechanisms,
implemented by hardware or software.
(NCSC-TG-004)

ADDRESS SPACE The virtual memory that can be addressed by a
process. The maximum size of a process address
space is usually a function of the underlying
hardware. (MTR-8201)

AD HOC QUERY A method which allows the user in a data base
environment to dynamically create his own view
of the data and the method of retrieval for the
information without intervention. (AR 380-380)

ADMINISTRATIVE 1) The management constraints and supplemental
SECURITY controls established to provide an acceptable
level of protection for data. (NCSC-TG-004)

2) The management constraints; operational,
administrative, and accountability procedures;
and supplemental controls established to
provide an acceptable level of protection for
data. (OPNAVINST 5239.1A; DOE 5636.2A; FIPS PUB
39)

3) Synonymous with PROCEDURAL SECURITY.

ADP FACILITY One or more rooms, generally contiguous,
containing the elements of an ADP system. (DOE
5636.2A)

ADP SECURITY Measures required to protect against
unauthorized (accidental or intentional)
disclosure, modification, or destruction of
ADP systems and data, and denial of service to
process data. ADP security includes
consideration of all hardware/software
functions, characteristics, and/or features;
operational procedures, accountability
procedures, and access controls at the central
computer facility, remote computer, and
terminal facilities; management constraints;
physical structures and devices; and personnel
and communication controls needed to provide an
acceptable level of risk for the ADP system and
for the data or information contained in the
system. (OPNAVINST 5239.1A)

ADP SECURITY Documents which describe an activity's ADP
DOCUMENTATION security posture and include risk assessment
plan and reports, security test and evaluation
plans and reports, Inspector General inspection
reports and findings, incident reports,
contingency plans and test results, and
standard operating procedures. (OPNAVINST
5239.1A)

ADP SECURITY Individuals assigned and functioning as
STAFF action officials for ADP security within their
respective organization. (OPNAVINST 5239.1A)

ADP STORAGE MEDIA The physical substance(s) used by an ADP system
upon which data is recorded. (CSC-STD-005-85)

ADP SYSTEM 1) The central computer facility and any remote
processors, terminals, or other input/
output/storage devices connected to it by
communications links. Generally, all of the
components of an ADP system will be under the
authority of one SOIC or his designee. (DCID
1/16, Sup.)

2) An assembly of computer hardware, firmware,
telecommunications, interconnections with other
ADP equipment (e.g., networks), and the entire
collection of software that is executed on that
hardware. Included in this definition are word
processors, microprocessors, personal computers,
controllers, automated office support systems
(AOSS), or other stand-alone or special computer
systems. (DOE 5636.2A)

ADP SYSTEM 1) Includes all hardware/software functions,
SECURITY characteristics, and features, operational
procedures, accountability procedures, and
access controls at the central computer
facility, remote computer and terminal
facilities, and, the management constraints,
physical structures, and devices; personnel and
communication controls needed to provide an
acceptable level of protection for classified
material to be contained in the computer
system. (DODD 5200.28M)

2) All of the technological safeguards and
managerial procedures established and applied to
computer hardware, software, and data in order
to ensure the protection of organizational
assets and individual privacy. (FIPS PUB 39)

AFFIRM A formal methodology developed at the University
of Southern California Information Sciences
Institute (USC-ISI) for the specification and
verification of abstract data types,
incorporating algebraic specification techniques
and hierarchical development. (MTR-8201)

AGGREGATION Individual data systems and data elements may
be determined to be unclassified and to be of a
specific sensitivity category. When those data
are combined with other data, the totality of
the information may be classified or in a higher
sensitivity category, with higher protection
requirements. (AFR 205-16)

AIS See AUTOMATED INFORMATION SYSTEMS.

AIS SECURITY 1) The totality of security safeguards needed to
provide an acceptable level of protection for
an AIS and for data handled by an AIS. (DODD
5200.28)

2) See AUTOMATED INFORMATION SYSTEMS SECURITY, and
COMPUTER SECURITY.

ANALYSIS See COST-ANALYSIS, CRYPTOANALYSIS, and RISK
ANALYSIS.

ANNUAL LOSS The ALE of an ADP system or activity is the
EXPECTANCY (ALE) expected yearly dollar value loss from the harm
to the system or activity by attacks against
its assets. (OPNAVINST 5239.1A)

AOSS Automated office support systems including
stand-alone microprocessors, word processors and
terminals connected to mainframes. (DOE
5636.2A)

APPLICATION Those portions of a system, including portions
of the operating system, that are not
responsible for enforcing the security policy.
(CSC-STD-003-85; CSC-STD-004-85)

APPLICATION Routines and programs designed by, or for
SOFTWARE system users and customers. Through the use
(FUNCTIONAL) of available automated system equipment and
basic software, application software completes
specific, mission-oriented tasks, jobs, or
functions. It can be either general purpose
packages, such as demand deposit accounting,
payroll, machine tool control, and so forth,
or specific application programs tailored to
complete a single or limited number of user
functions, for example, base-level personnel,
depot maintenance, missile or satellite
tracking, and so forth. Except for general
purpose packages that are acquired directly from
software vendors or from the original equipment
manufacturers (OEM), this type of software is
generally developed by the user either with
in-house resources or through contract
services. (AFR 205-16)

APPROVAL/ The official authorization that is granted to
ACCREDITATION an ADP system to process sensitive information
in its operational environment, based upon
comprehensive security evaluation of the
system's hardware, firmware, and software
security design, configuration, and
implementation and of the other system
procedural, administrative, physical, TEMPEST,
personnel, and communications security
controls. (CSC-STD-001-83)

APPROVAL TO 1) Concurrence by the DAA that a satisfactory level
OPERATE of security has been provided (minimum
requirements are met and there is an acceptable
level of risk). It authorizes the operation of
an automated system or network at a computer
facility. Approval results from an analysis of
the computer facility, automated system, and
automatic data system certifications and the
operational environment of the automated system
entity by the DAA. (AFR 205-16)

2) See ACCREDITATION.

APPROVED Synonymous with PROTECTED DISTRIBUTION SYSTEM.
CIRCUIT

APPROVING See DESIGNATED APPROVING AUTHORITY.
AUTHORITY

ARREST The discovery of user activity not necessary to
the normal processing of data which might lead
to a violation of system security and force
termination of the processing. (OPNAVINST
5239.1A; AR 380-380; DODD 5200.28M)

ASSESSMENT An analysis of system vulnerabilities.
(NCSC-TG-004)

ASSET Any software, data, hardware, administrative,
physical, communications, or personnel
resource within an ADP system or activity.
(OPNAVINST 5239.1A)

ASSURANCE 1) A measure of confidence that the security
features and architecture of an AIS accurately
mediate and enforce the security policy. If the
security features of an AIS are relied upon to
handle sensitive information and restrict user
access, the features must be tested to ensure
that the security policy is uncircumventably
enforced during AIS operation. (DODD 5200.28)

2) The hardware, firmware, and software mechanisms
of a system that can be evaluated to provide
sufficient assurance that the system enforces
the defined security policy, labeling,
identification and auditing capabilities.
Note: These mechanisms consist of system
architecture, system integrity, security
testing, design specification and verification,
configuration management, trusted recovery and
trusted distribution. (NCSC-TG-004)

ASYNCHRONOUS [An] asynchronous attack [...] is an attempt to
ATTACK exploit the interval between a defensive act and
the attack in order to render inoperative the
effect of the defensive act. For instance, an
operating task may be interrupted at once
following the checking of a stored parameter;
the user regains control and malevolently
changes the parameter; the operating system
regains control and [continues] processing using
the maliciously altered parameter. (JL)

ATTACK 1) The act of aggressively trying to bypass
security controls on a system.
Note: The fact that an attack is made does not
necessarily mean that it will succeed. The
degree of success depends on the vulnerability
of the system or activity and the effectiveness
of existing countermeasures. (NCSC-TG-004)

2) The realization of a threat. How often a threat
is realized depends on such factors as the
location, type, and value of information being
processed. Thus, short of moving the system or
facility or radically changing its mission,
there is usually no way that the level of
protection can affect the frequency of attack.
The exceptions to this are certain human threats
where effective security measures can have a
deterrent effect. The fact that an attack is
made does not necessarily mean that it will
succeed. The degree of success depends on the
vulnerability of the system or activity and the
effectiveness of existing countermeasures.
(OPNAVINST 5239.1A)

ATTENTION In TCB design, a character that, when entered
CHARACTER from a terminal, tells the TCB that the user
wants a secure communications path from the
terminal to some trusted code, in order to
provide a secure service for the user, such as
logging in or logging out. (MTR-8201)

AUDIT 1) To conduct an independent review and examination
of system records and activities in order to
test for adequacy of system controls, to ensure
compliance with established policy and
operational procedures, and to recommend any
indicated changes in controls, policy, or
procedures. (DODD 5200.28)

2) To conduct the independent review and
examination of system records and activities in
order to test for adequacy of system controls,
to ensure compliance with established policy and
operational procedures, and to recommend any
indicated changes in controls, policy, or
procedures.

a. Internal Security Audit. An audit
conducted by personnel responsible to the
management of the organization being
audited.

b. External Security Audit. An audit
conducted by an organization independent of
the one being audited. (OPNAVINST 5239.1A;
AR 380-380; FIPS PUB 39)

AUDIT TRAIL 1) An automated or manual set of records that
collectively provide documentary evidence of
processing used to aid in tracing system
activities. (AFR 205-16)

2) A chronological record of activities which will
enable the reconstruction, review, and
examination of the sequence of environments and
activities concerning each event in a
transaction. (AR 380-380)

3) A set of records that collectively provide
documentary evidence of processing used to aid
in tracing from original transactions forward to
related records and reports, and/or backwards
from records and reports to their component
source transactions. (CSC-STD-001-83)

4) A chronological record of system activities
which is sufficient to enable the
reconstruction, review, and examination of the
sequence of environments and activities
surrounding or leading to an operation, a
procedure, or an event in the path of a
transaction from its inception to output of
final results. (DODD 5200.28; FIPS PUB 39)

5) A set of manually and/or automatically produced
records that provide documentary evidence of
system use. (NCSC-TG-004)

6) A chronological record of system activities
which is sufficient to enable the
reconstruction, review, and examination of the
sequence of events leading towards a particular
final result. (OPNAVINST 5239.1A)

AUTHENTICATE To establish the validity of a claimed
identity. (CSC-STD-001-83; NCSC-TG-004)

AUTHENTICATION 1) The process of positively validating a claimed
identity. (AFR 205-16)

2) The act of identifying or verifying the
eligibility of a station, originator, or
individual to access information. This measure
is designed to provide protection against
fraudulent transmissions by establishing the
validity of a transmission, message, station,
or originator. (AR 380-380)

3) A positive identification, with a degree of
certainty sufficient for permitting certain
rights or privileges to the person or thing
positively identified. (DCID 1/16; DCID 1/16,
Sup.)

4) The act of verifying the claimed identity of an
individual, station or originator. (DOE
5636.2A)

5) a. The act of identifying or verifying the
eligibility of a station, originator, or
individual to access specific categories of
information.
b. A measure designed to provide protection
against fraudulent transmissions by
establishing the validity of a transmission,
message, station, or originator. (FIPS PUB
39)

6) Verification of the identity and authorization
of a process or user. (JCS PUB 22)

7) Measures designed to provide protection against
fraudulent transmission and imitative
communications deception by establishing the
validity of transmission, message, station, or
individual. (NCSC-9)

AUTHENTICATION Authentication period is the maximum acceptable
PERIOD period between any initial authentication
process and subsequent reauthentication
processes during a single terminal session or
during the period data is being accessed. (FIPS
PUB 112)

AUTHENTICATION The actions involving (1) obtaining an
PROCESS identifier and a personal password from an ADP
system user; (2) comparing the entered password
with the stored, valid password that was issued
to, or selected by, the person associated with
that identifier; and (3) authenticating the
identity if the entered password and the stored
password are the same. (Note: If the
enciphered password is stored, the entered
password must be enciphered and compared with
the stored ciphertext or the ciphertext must be
deciphered and compared with the entered
password.) (FIPS PUB 112)

AUTHENTICATION A cryptosystem or a cryptographic process used
SYSTEM for authentication. (NCSC-9)

AUTHENTICATOR 1) The means used to identify or verify the
eligibility of a station, originator or
individual to access specific categories of
information. The authenticator may be a
symbol, sequence of symbols, or series of
prearranged bits that are usually inserted at a
predetermined point within a message or
transmission for the purpose of authentication.
(AR 380-380)

2) a) The means used to identify or verify the
eligibility of a station, originator, or
individual to access specific categories of
information.
b) A symbol, a sequence of symbols, or a series
of bits that are arranged in a predetermined
manner and are usually inserted at a
predetermined point within a message or
transmission for the purpose of an
authentication of the message or
transmission. (FIPS PUB 39)

3) A symbol or group of symbols, or a series of
bits selected or derived in a prearranged manner
and usually inserted at a predetermined point
within a message or transmission for the purpose
of attesting to the validity of the message or
transmission. (NCSC-9)

4) The means used to confirm the identity or to
verify the eligibility of a station, originator,
or individual. (NCSC-TG-004)

AUTHORIZATION 1) The privilege granted to an individual by a
designated official to access information based
upon the individual's clearance and
need-to-know. (DOE 5636.2A)

2) Granting access rights to a user or a process.
The right to use a file, program, or terminal
given to a user by a responsible official (i.e.,
WASSO (World Wide Military Command and Control
Systems Automatic Data Processing System
Security Officer), File OPR (Office of Primary
Reporting), etc.) prior to task processing.
(JCS PUB 22)

3) The granting of access rights to a user,
program, or process. (NCSC-TG-004; AR 380-380;
FIPS PUB 39)

AUTHORIZATION The actions involving (1) obtaining an access
PROCESS password from an ADP system user (whose identity
has already been authenticated, perhaps using a
personal password); (2) comparing the access
password with the password associated with the
protected data; and (3) authorizing access to
the data if the entered password and the stored
password are the same [see note under
AUTHENTICATION PROCESS]. (FIPS PUB 112)

AUTOMATED DATA See COMPUTER SECURITY.
PROCESSING
SECURITY

AUTOMATED 1) An assembly of computer hardware, software,
INFORMATION and firmware configured to collect,
SYSTEM(S) (AIS) communicate, compute, disseminate, and/or
control data. (DODD 5200.28)

2) Systems that create, prepare, or manipulate
information in electronic form for purposes
other than device control; including computers,
word processing systems, other electronic
information handling systems, and associated
equipment. (NCSC-TG-004)

3) Automated Information Systems means systems
which create, prepare, or manipulate information
in electronic form for purposes other than
telecommunication, and includes computers, word
processing systems, other electronic information
handling systems, and associated equipment.
(NSDD-145)

AUTOMATED 1) The totality of security safeguards used to
INFORMATION provide a defined level of protection for a
SYSTEMS system and for the data it handles.
SECURITY (NCSC-TG-004)

2) See COMPUTER SECURITY.

AUTOMATED 1) The use of automated procedures to ensure that
SECURITY automation security controls are not
MONITORING circumvented. (AR 380-380; NCSC-TG-004)

2) The use of automated procedures to ensure that
the security controls implemented within an ADP
system are not circumvented. (FIPS PUB 39)

AUTOMATED 1) All security features needed to provide an
SYSTEM SECURITY acceptable level of protection for hardware;
software; and classified, sensitive unclassified
or critical data, material, or processes in the
system. It includes:

a. All hardware and software functions,
characteristics and features.
b. Operational procedures.
c. Accountability procedures.
d. Access controls at all computer facilities
(includes those housing mainframes,
terminals, minicomputers, or
microcomputers).
e. Management constraints.
f. Physical protection.
g. Control of compromising emanations
(TEMPEST).
h. Personnel and communications security
(COMSEC).
i. Other security disciplines. (AFR 205-16)

2) See COMPUTER SECURITY.

AUTOMATIC An assembly of computer hardware, firmware,
DATA PROCESSING and software, configured for the purpose of
(ADP) SYSTEM calculating, computing, sorting, transmitting,
receiving, storing and retrieving data with a
minimum of human intervention. (CSC-STD-005-85;
CSC-STD-001-83)

AUTOMATION 1) The measures employed to protect automation
SECURITY and the information handled from both hostile
and benign threats and to safeguard against
unauthorized exploitation through espionage,
sabotage, theft, fraud, misappropriation, or
misuse. Automation security applies to all ADP
systems and applies to the global aspects of the
security problem. Therefore, it encompasses the
security management, hardware, software,
procedural, communications, personnel, physical
and environmental, and all other security
aspects contributing to the protection of
automated systems (hardware and software), site,
activity, facility, or operation as a potential
target. (AR 380-380)

2) See COMPUTER SECURITY.

AVAILABILITY That computer security characteristic that
ensures the computer resources will be
available to authorized users when they need
them. This characteristic protects against
denial of service. (AFR 205-16)

BACKDOOR See TRAP DOOR.

BACKUP PLAN See CONTINGENCY PLANS.

BACKUP The provisions made for the recovery of data
PROCEDURES files and program libraries, and for restart or
replacement of ADP equipment after a system
failure or disaster. (AR 380-380; FIPS PUB 39)

BANDWIDTH A characteristic of a communication channel that
is the amount of information that can be passed
through it in a given amount of time, usually
expressed in bits per second. (CSC-STD-001-83)

BASIC SOFTWARE Routines and programs designed to extend or
(NONFUNCTIONAL) facilitate the use of particular automated
equipment. As a rule, the vendor provides basic
software. It is usually essential for the
system operation. Examples of basic software
are executive and operating systems, diagnostic
programs, compilers, assemblers, utility
routines such as sort-merge and input or output
conversion routines, file management programs,
and data management programs. Data management
programs are commonly linked to or under the
control of the executive or operating system
programs. (AFR 205-16)

BBS Bulletin Board System or Bulletin Board
Software. (BBD)

BELL-LAPADULA A formal state transition model of computer
MODEL security policy that describes a set of access
control rules. In this formal model, the
entities in a computer system are divided into
abstract sets of subjects and objects. The
notion of a secure state is defined, and it is
proven that each state transition preserves
security by moving from secure state to secure
state, thereby inductively proving that the
system is secure. A system state is defined as
"secure" if the only permitted access modes of
subjects to objects are in accordance with a
specific security policy. In order to
determine whether or not a specific access mode
is allowed, the clearance of a subject is
compared to the classification of the object,
and a determination is made as to whether the
subject is authorized for the specific access
mode. See *-PROPERTY. (NCSC-TG-004;
CSC-STD-001-83)

BENIGN 1) A nonhostile envelope protected from external
ENVIRONMENT hostile elements by physical, personnel, and
procedural security countermeasures. In this
environment, the ADP system is protected at the
system's highest level. All users are cleared
for the highest level but a need-to-know is not
required for all data. Reliance is placed on
the ADP system for routing and need-to-know
separation of data. (AR 380-380; JCS PUB 22)

2) A nonhostile environment protected from external
hostile elements by physical, personnel, and
procedural security countermeasures.
(NCSC-TG-004)

BETWEEN-THE-LINES Access obtained through active wiretapping
ENTRY by an unauthorized user to a momentarily
inactive terminal of a legitimate user assigned
to a communications channel. (AR 380-380;
NCSC-TG-004; FIPS PUB 39)

BEYOND A1 A level of trust defined by the DoD Trusted
Computer System Evaluation Criteria that is
beyond the current state-of-the-art technology.
It includes all the A1-level features plus
features not required at the A1 level. These
additional features may vary from
system-to-system. Note: This term is often used
to describe capabilities not yet available,
specifically, code verification. (NCSC-TG-004)

BIOMETRIC The use of specific quantities that reflect
unique personal characteristics (such as a
fingerprint, an eye blood vessel print, or a
voice print) to validate the identity of users.
(WB)

BLACK Refers to unclassified information or equipment
and wire lines that handle encrypted classified
information. (AFR 205-16)

BOUNDS CHECKING 1) Testing of computer program results for access
to storage outside authorized limits. (AR
380-380; FIPS PUB 39)

2) Verifying a computer program address for access
to storage outside authorized limits.
(NCSC-TG-004)

3) Synonymous with MEMORY BOUNDS CHECKING.

BOUNDS REGISTER A hardware register which holds an address
specifying a storage boundary. (FIPS PUB 39; AR
380-380)

BREACH 1) The result of a successful attack.
(NCSC-TG-004)

2) The successful and repeatable defeat of
security controls with or without an arrest,
which if carried to consummation, could result
in a penetration of the system. Examples of
breaches are:

a. Operation of user code in master mode.
b. Unauthorized acquisition of identification
password or file access passwords.
c. Accessing a file without using prescribed
operating system mechanisms.
d. Unauthorized access to tape library.
(OPNAVINST 5239.1A; AR 380-380; DODD
5200.28M; JCS PUB 22)

BREVITY CODE/ A code which has the sole purpose of shortening
BREVITY LIST messages rather than the concealment of their
content. (NCSC-9)

BREVITY LISTS 1) A pseudo code system that is used to reduce the
length of time required to transmit information
by use of a few characters in place of long
routine sentences. (AR 380-380)

2) A code system that is used to reduce the
length of time required to transmit information
by the use of a few characters to represent
long, stereotyped sentences. (FIPS PUB 39)

BROWSING 1) The act of searching through storage to locate
or acquire information without necessarily
knowing of the existence or the format of the
information being sought. (OPNAVINST 5239.1A;
AR 380-380; FIPS PUB 39; NCSC-TG-004)

2) An unstructured search through storage in hope
of obtaining otherwise inaccessible
information. (JCS PUB 22)

3) Browsing is the unauthorized looking through,
identifying, and exploiting of data that are
available but are supposed to be unknown. (JL)

CALL BACK 1) A procedure for identifying a terminal dialing
into a system by disconnecting the caller and
reestablishing the connection by the computer
system dialing the telephone number of the
calling terminal. (AR 380-380; NCSC-TG-004)

2) Procedure where the system (after identifying
the caller) disconnects the call, and dials the
caller's computer. Used in an attempt to ensure
both the identity and location of the caller.
(BBD)

3) Synonymous with DIAL BACK.

CAPABILITY In a computer system, an unforgeable ticket that
is accepted by the system as incontestable proof
that the presenter has authorized access to the
object named by the ticket. It is often
interpreted by the operating system and the
hardware as an address for the object. Each
capability also contains authorization
information identifying the nature of the access
mode (for example read mode, write mode).
(MTR-8201)

CATEGORY(IES) 1) Restrictive labels that have been applied to
classified or unclassified data as a means of
increasing the protection of and further
restricting access to the data. Examples
include Sensitive Compartmented Information
(SCI), Proprietary Information (PROPIN), and
NATO. Individuals may be given access to this
information only if they have been granted
formal access authorization. (AFR 205-16)

2) A grouping of classified or unclassified but
sensitive information to which an additional
restrictive label is applied to signify that
personnel are granted access to the information
only if they have appropriate authorization.
(CSC-STD-003-85)

3) A grouping of classified or unclassified but
sensitive information, to which an additional
restrictive label is applied (e.g., proprietary,
compartmented information). (CSC-STD-004-85)

4) A grouping of classified or unclassified
sensitive information to which an additional
restrictive label is applied to signify that
personnel are granted access to the information
only if they have formal access approval or
other appropriate authorization (e.g.,
proprietary information, For Official Use Only
(FOUO), compartmented information). (DODD
5200.28)

5) A grouping of information to which an additional
restrictive label is applied to signify that
personnel are granted access to the information
only if they have appropriate authorization
(e.g., Restricted Data [RD]). (DOE 5636.2A)

6) A restrictive label that has been applied to
classified or unclassified data as a means of
increasing the protection of the data and
further restricting access to the data.
(NCSC-TG-004)

CAUTION 1) A statement affixed to computer outputs which
STATEMENT contains the highest classification being
processed at the time the product was produced
and a requirement that any data not requested
be controlled at that level and returned
immediately to the originating computer center.
(AR 380-380)

2) See SAFEGUARDING STATEMENT.

CENTRAL COMPUTER One or more computers with their peripherals and
FACILITY storage units, central processing units, and
communications equipment in a single controlled
area. This does not include remote computer
facilities, peripheral devices, or terminals
which are located outside the single controlled
area even though they are connected to the
central computer facility by approved
communication links. (DCID 1/16; AR 380-380)

CERTIFICATION 1) A statement that specifies the extent to which
the security measures meet specifications.
Certification is based on the results of the
risk analysis performed. It does not
necessarily imply a guarantee that the
described system is impenetrable. It is an
input to the security approval process. (AFR
205-16)

2) A statement based on detailed technical analysis
that specifies the extent to which the security
measures in the system or facility meet the
security requirements. Certification is based
on the results of the risk analysis performed.
It does not necessarily imply a guarantee that
the described system is impenetrable. It is an
input to the security accreditation process.
(AFR 700-10)

3) The technical evaluation of a system's security
features, made as part of and in support of the
approval/accreditation process, that establishes
the extent to which a particular computer
system's design and implementation meet a set of
specified security requirements.
(CSC-STD-001-83)

4) The technical evaluation of an AIS's security
features and other safeguards, made as part of
and in support of the accreditation process,
that establishes the extent to which a
particular AIS design and implementation meet a
set of specified security requirements. (DODD
5200.28)

5) An individual's formal written assurance that,
based on evaluation of security tests, the
classified ADP system and its environment meet
the approved security specifications outlined by
the ADP Security Plan. (DOE 5636.2A)

6) The technical evaluation, made as part of and in
support of the accreditation process, that
established the extent to which the design and
implementation of a computer system or network
meet prespecified security requirements. (FIPS
PUB 39; AR 380-380)

7) The decision attesting to the system's ability
to meet the specified security requirements.
This decision is in support of the accreditation
process and is based on a technical evaluation.
(NCSC-TG-004)

8) The technical process evaluation, made as part
of and in support of the accreditation process,
whereby a procedure, program, system,
component, or system is shown to be secure;
i.e., that the security design specifications
are correct and have been properly implemented.
Certification is performed by independent
technical personnel according to an acceptable
standard of proof such that the level of
security protection is identified with regard to
a procedure, program, system component, or
system. (OPNAVINST 5239.1A)

CERTIFICATION AND A program designed to ensure that critical
ACCREDITATION decisions regarding the adequacy of Automated
PROGRAM Information System security safeguards are made
by authorized managers using reliable technical
information. (NCSC-TG-004)

CHANNEL An information transfer path within a system.
May also refer to the mechanism by which the
path is effected. (CSC-STD-001-83)

CIPHER SYSTEM A cryptosystem in which the cryptographic
treatment is applied to plain text elements of
equal length. (AR 380-380; FIPS PUB 39; NCSC-9)

CIPHER TEXT 1) Unintelligible text or signals produced through
the use of cipher systems. (AR 380-380; FIPS
PUB 39)

2) Enciphered information. (NCSC-9)

CLASSIFICATION A determination that information requires, in
the interest of national security, a specific
degree of protection against unauthorized
disclosure together with a designation
signifying that such a determination has been
made. Data classification is used along with
categories in the calculation of risk index.
(CSC-STD-004-85)

CLASSIFIED All of the technological safeguards and
COMPUTER managerial procedures established and applied to
SECURITY ADP facilities and ADP systems (including
PROGRAM computer hardware, software, and data) in order
to ensure the protection of classified
information. (DOE 5636.2A)

CLASSIFIED 1) Information classified pursuant to DODD 5200.1-R
DATA/ in one of the designated security classification
INFORMATION categories. (DODD 5200.28)

2) Top Secret, Secret, and Confidential information
of all categories (RD, FRD, NSI, etc.),
including intelligence information, for which

the Department is responsible and requires
safeguarding in the interest of national
security and defense. (DOE 5636.2A)

3) Official data which has been determined to
require protection in the interests of
national security. (OPNAVINST 5239.1A)

CLASSIFIED Official information which requires protection
DEFENSE against unauthorized disclosures in the interest
INFORMATION of the national security and which has been so
designated in accordance with the provision of
Executive Order 12356: Top Secret, Secret,
Confidential. (AR 380-380)

CLEARING 1) The overwriting of classified information on
magnetic media such that the media may be
reused. (This does not lower the classification
level of the media.) (DOE 5636.2A)

2) See CLEARING ADP MEDIA, and CLEARING MAGNETIC
MEDIA.

CLEARING ADP 1) A procedure used to erase the classified
MEDIA information stored on the media, but lacking the
totality of a declassification procedure.
(CSC-STD-005-85)

2) See CLEARING and CLEARING MAGNETIC MEDIA.

CLEARING 1) A procedure used to erase the sensitive
MAGNETIC information stored on the media, but lacking the
MEDIA totality of a declassification procedure.
(NCSC-TG-004)

2) See CLEARING and CLEARING ADP MEDIA.

CLOSED SECURITY 1) An environment that includes those systems in
ENVIRONMENT which both of the following conditions hold
true:
a. Application developers (including
maintainers) have sufficient clearances and
authorizations to provide an acceptable
presumption that they have not introduced
malicious logic. Sufficient clearance is
defined as follows: where the maximum
classification of data to be processed is
Confidential or below, developers are
cleared and authorized to the same level as
the most sensitive data; where the maximum
classification of data to be processed is
Secret or above, developers have at least
a Secret clearance.
b. Configuration control provides sufficient
assurance that applications are protected
against the introduction of malicious
logic prior to and during operation of
system applications. (CSC-STD-003-85;
CSC-STD-004-85)

2) An environment in which both of the following
conditions hold true:
a. Application developers (including
maintainers) have sufficient clearances and
authorizations to provide acceptable
presumption that they have not introduced
malicious logic.
b. Configuration control provides sufficient
assurance that applications and the
equipment are protected against the
introduction of malicious logic prior to
and during the operation of system
applications. (NCSC-TG-004)

CLOSED SHOP A computer operations area set up such that
physical access controls restrict programmers,
and others who do not have a need to be present,
from being in the area. (WB)

CODE Any system of communication in which arbitrary
groups of letters, numbers, or symbols represent
units of plain text of varying length. Coding
has three distinctly different applications:

a. In the broadest sense, coding is a means of
converting information into a form suitable
for communications or encryption; e.g.,
coded speech, Morse code, teletypewriter
codes, etc. No security is provided.

b. Brevity lists are codes which are used to
reduce the length of time necessary to
transmit information; e.g., long,
stereotyped sentences may be reduced to a
few characters which are transmitted. No
security is provided.
c. A cryptosystem in which the cryptographic
equivalents (usually called code groups)
typically consisting of letters or digits
(or both) in otherwise meaningless
combinations are substituted for plain text
information elements which are primarily
words, phrases, or sentences. Security is
provided. (NCSC-9)

CODE GROUP A group of letters or numbers, or both, assigned
in a code system to represent a plaintext
element which may be a word, phrase or
sentence. (NCSC-9)

CODE SYSTEM 1) a) Any system of communication in which groups
of symbols are used to represent plain text
elements of varying length.
b) In the broadest sense, a means of converting
information into a form suitable for
communications or encryption, for example,
coded speech, Morse Code, teletype-writer
codes.
c) A cryptographic system in which cryptographic
equivalents (usually called code groups)
typically consisting of letters, digits, or
both in meaningless combinations are
substituted for plain text elements which
may be words, phrases, or sentences.
(FIPS PUB 39)

2) See BREVITY LISTS.

COERCIVE FORCE A negative or reverse magnetic force applied for
the purpose of reducing magnetic flux density.
(CSC-STD-005-85)

COERCIVITY The measure of the amount of coercive force
required to reduce magnetic flux density to
zero. Often used to represent the ease with
which magnetic ADP media can be degaussed.
(CSC-STD-005-85)

COMINT Communications Intelligence. (CSC-STD-004-85)

COMMUNICATIONS 1) Protective measures taken to deny unauthorized
SECURITY persons information derived from
(COMSEC) telecommunications of the U.S. Government
related to national security and to ensure the
authenticity of such communications. Such
protection results from the application of
security measures (including cryptosecurity,
transmission security, and emission security) to
electrical systems generating, handling,
processing, or using national security or
national security-related information. It also
includes the application of physical security
measures to communications security information
or materials. (AR 380-380; NCSC-9)

2) The protection resulting from all measures
designed to deny unauthorized persons
information of value that might be derived from
the possession and study of telecommunications,
or to mislead unauthorized persons in their
interpretation of the results of such possession
and study. (DOE 5636.2A)

3) The protection that insures the authenticity of
telecommunications and that results from the
application of measures taken to deny
unauthorized persons information of value which
might be derived from the acquisition of
telecommunications. (FIPS PUB 39)

4) Protective measures taken to deny unauthorized
persons information derived from
telecommunications and to ensure the
authenticity of such communications.
(NCSC-TG-004)

5) The protection resulting from all measures
designed to deny unauthorized persons
information of value which might be derived from
the possession and study of telecommunications,
or to mislead unauthorized persons in their
interpretation of the results of such possession
and study. Also called COMSEC. Communications
security includes cryptosecurity, transmission
security, emission security, and physical
security of communications security materials
and information. (OPNAVINST 5239.1A; AFR
700-10)

COMPARTMENTAL- The isolation of the operating system, user
IZATION programs, and data files from one another in
main storage in order to provide protection
against unauthorized or concurrent access by
other users or programs. This term also refers
to the division of sensitive data into small,
isolated blocks for the purpose of reducing risk
to the data. (AR 380-380; FIPS PUB 39)


COMPARTMENTED Any information for which the responsible Office
INFORMATION of Primary Interest (OPI) requires an individual
needing access to that information to possess a
special authorization. (CSC-STD-004-85)

COMPARTMENTED Includes only that intelligence material having
INTELLIGENCE/ special controls indicating restrictive handling
SENSITIVE for which systems of compartmentalization of
COMPARTMENTED handling are formally established. SI and TK
INFORMATION are two types of SCI. (OPNAVINST 5239.1A; DODD
(SCI) 5200.28M)

COMPARTMENTED 1) The mode of operation which allows the system to
SECURITY process two or more types of compartmented
MODE information (information requiring a special
authorization) or any one type of compartmented
information with other than compartmented
information. In this mode, all system users
need not be cleared for all types of
compartmented information processed, but must
be fully cleared for at least Top Secret
information for unescorted access to the
computer. (CSC-STD-003-85)

2) The mode of operation that allows the system to
process two or more types of compartmented
information, or any one type of compartmented
information with non-compartmented information.
Note: In this mode, all system users need not be
cleared for all types of compartmented
information processed, but they must be fully
cleared for at least the highest level of
information for unescorted access to the
computer and peripherals. (NCSC-TG-004)

3) Utilization of a resource-sharing computer
system for the concurrent processing and storage
of: (1) two or more types of SCI or (2) one type
of SCI with other than SCI. For DON purposes,
the compartmented mode should be considered
equivalent to multilevel mode. (OPNAVINST
5239.1A)

COMPETENT Authority recognized by the DAA as having
AUTHORITY sufficient knowledge (individually or corporate-
ly) to make a valid determination. (AFR 205-16)

COMPONENT See COMPUTER SECURITY SUBSYSTEM.

COMPROMISE 1) The disclosure of classified data to persons who
are not authorized to receive such data. (DOE
5636.2A)

2) An unauthorized disclosure or loss of sensitive
information. (FIPS PUB 39)

3) [Passwords] Disclosing a password, or part of a
password, to someone not authorized to know,
have or use the password. (FIPS PUB 112)

4) The known or suspected exposure of clandestine
personnel, installations or other assets, or of
classified information or material, to an
unauthorized person. (NCSC-9)

5) A violation of the security policy of a system
such that unauthorized disclosure, modification,
or destruction of sensitive information may have
occurred. (NCSC-TG-004)

6) An unauthorized disclosure or loss of sensitive
defense data. (OPNAVINST 5239.1A; AR 380-380)

COMPROMISING 1) Electromagnetic emanations that may convey data
EMANATIONS and that, if intercepted and analyzed, may
compromise sensitive information being processed
by any ADP system. (FIPS PUB 39)

2) Unintentional intelligence-bearing signals
which, if intercepted and analyzed, disclose
national security information transmitted,
received, handled or otherwise processed by any
information-processing system. (NCSC-9)

3) Unintentional data related or intelligence-
bearing signals which, if intercepted and
analyzed, disclose the classified information
transmission received, handled or otherwise
processed by any information processing
equipment. TEMPEST is an unclassified short
name referring to investigations and studies of
compromising emanations. It is sometimes used
synonymously for the "compromising emanations."
(OPNAVINST 5239.1A; AFR 205-16; AFR 700-10; AR
380-380; NCSC-TG-004; DOE 5636.2A)

COMPUSEC See COMPUTER SECURITY.

COMPUTER A machine capable of accepting, performing
calculations on or otherwise manipulating or
storing data. It usually consists of arithmetic
and logical units and a control unit, and may
have input and output devices and storage
devices. (DODD 5200.28)

COMPUTER ABUSE 1) Willful or negligent unauthorized activity that
affects the availability, confidentiality, or
integrity of computer resources. Computer abuse
includes fraud, embezzlement, theft, malicious
damage, unauthorized use, denial of service, and
misappropriation. Levels of computer abuse are:

a. Minor abuse - acts that represent
management problems, such as, printing
calendars or running games, that do not
impact system availability for authorized
applications;
b. Major abuse - unauthorized use (possibly
criminal), denial of service, and multiple
instances of minor abuse to include waste;
c. Criminal act - fraud, embezzlement, theft,
malicious damage, misappropriation,
conflict of interest, and unauthorized
access to classified data. (AFR 205-16)

2) The misuse, destruction, alteration, or
disruption of data processing resources. The
key aspects of computer related abuse are that
it is intentional and improper and it may not
involve the violation of a specific law.
(NCSC-TG-004)

COMPUTER CRIME Fraud, embezzlement, unauthorized access, and
other "white collar" crimes committed with the
aid of or directly involving a computer system
and/or network. (GAO)

COMPUTER The use of a crypto-algorithm in a computer,
CRYPTOGRAPHY microprocessor or microcomputer to perform
encryption/decryption to protect information or
to authenticate users, sources, or information.
(NCSC-TG-004; NCSC-9)

COMPUTER FACILITY Physical resources that include structures or
parts of structures to house and support
capabilities. For small computers, stand-alone
systems, and word processing equipment, it is
the physical area where the computer is used.
(AFR 205-16)

COMPUTER FRAUD Computer-related crimes involving deliberate
misrepresentation or alteration of data in order
to obtain something of value (usually for
monetary gain). A computer system must have
been involved in the perpetration or cover-up of
the act, or series of acts. A computer system
might have been involved through improper
manipulation of (1) input data; (2) output or
results; (3) applications programs; (4) data
files; (5) computer operations; (6)
communications; or (7) computer hardware,
systems software, or firmware. (NCSC-TG-004)


COMPUTER 1) A complex consisting of two or more
NETWORK interconnected computers. (AR 380-380)

2) See NETWORK.

COMPUTER 1) The protection of the information and physical
SECURITY assets of a computer system. The protection of
(COMPUSEC) information aims to prevent the unauthorized
disclosure, manipulation, destruction or
alteration of data. The protection of physical
assets implies security measures against theft,
destruction or misuse of equipment, i.e.,
processors, peripherals, data storage media,
communication lines and interfaces. (MS)

2) The protection resulting from all measures
designed to prevent deliberate or inadvertent
unauthorized disclosure, acquisition,
manipulation, modification, or loss of
information contained in a computer system, as
well as measures designed to prevent denial of
authorized use of the system. (NCSC-9)

3) See ADP SECURITY, ADP SYSTEM SECURITY, AUTOMATED
DATA PROCESSING SECURITY, AUTOMATED INFORMATION
SYSTEMS SECURITY, AUTOMATED SYSTEM SECURITY,
AUTOMATION SECURITY, CLASSIFIED COMPUTER
SECURITY PROGRAM, DATA SECURITY, INFORMATION
SECURITY, INFORMATION SYSTEM SECURITY, and
OPERATIONAL DATA SECURITY.

COMPUTER SECURITY An adverse event associated with an ADP
INCIDENT system(s): (1) that is a failure to comply with
Departmental security regulations or directives;
(2) that results in suspected or actual
compromise of classified information; or (3)
that results in the misuse, loss or damage of
government property or information. (DOE
5636.2A)

COMPUTER SECURITY A device designed to provide limited
SUBSYSTEM computer security features in a larger system
environment. (NCSC-TG-004)

COMPUTER A program that focuses on technical
SECURITY vulnerabilities in commercially available
TECHNICAL hardware, firmware and software products
VULNERABILITY acquired by DoD. CSTVRP provides for the
REPORTING reporting, cataloging, and discreet
PROGRAM dissemination of technical vulnerability and
(CSTVRP) corrective measure information to DoD components
on a need-to-know basis. (NCSC-TG-004)

COMSEC See COMMUNICATIONS SECURITY.

CONCEALMENT A method of achieving confidentiality in which
SYSTEM sensitive information is hidden by embedding it
in irrelevant data. (NCSC-TG-004; AR 380-380;
FIPS PUB 39)

CONFIDENTIALITY 1) That computer security characteristic that
ensures individuals are given access to computer
resources based on security clearance and
need-to-know. This characteristic protects
against compromise and inadvertent disclosure.
(AFR 205-16)

2) A concept that applies to data that must be held
in confidence and that describes the status and
degree of protection that must be provided for
individuals or organizations. (AR 380-380; FIPS
PUB 39)

CONFIGURATION 1) Management of changes made to a system's
CONTROL hardware, software, firmware, and documentation
throughout the development and operational life
of the system. (CSC-STD-003-85; CSC-STD-004-85;
DOE 5636.2A)

2) The process of controlling modifications to the
system's hardware, firmware, software, and
documentation that provides sufficient assurance
the system is protected against the introduction
of improper modification prior to, during, and
after system implementation. (NCSC-TG-004)

CONFIGURATION 1) Process of controlling modifications to the
MANAGEMENT system's hardware, firmware, software, and
documentation which provides sufficient
assurance the system is protected against the
introduction of improper modification before,
during, and after system implementation. (AFR
205-16)

2) The management of changes made to a system's
hardware, software, firmware, and documentation
throughout the development and operational life
of the system. (NCSC-TG-004)

3) The use of procedures appropriate for control-
ling changes to a system's hardware and software
structure for the purpose of insuring that such
changes will not lead to decreased data
security. (OPNAVINST 5239.1A)

CONFINEMENT 1) Allowing a process executing a borrowed program
(in general, an arbitrary program) to have
access to data, while ensuring that the data
cannot be misused, altered, destroyed or
released. (MTR-8201)

2) The problem of preventing a program from leaking
sensitive data. (NCSC-TG-004)

CONFINEMENT See COVERT CHANNEL.
CHANNEL

CONFINEMENT See STAR PROPERTY (*-PROPERTY).
PROPERTY

CONTAINED "Contained" refers to a state of being within
limits, as within system bounds, regardless of
purpose or functions, and includes any state of
storage, use, or processing. (OPNAVINST
5239.1A; AR 380-380; DODD 5200.28M)

CONTAINER A repository of data in a system. (MTR-8201)

CONTAMINATION 1) The introduction of data of one sensitivity and
need-to-know with data of a lower sensitivity or
different need-to-know. This can result in the
contaminating data not receiving the required
level of protection. (AFR 205-16)

2) The intermixing of data at different sensitivity
and need-to-know levels. The lower level data
is said to be contaminated by the higher level
data. This can result in the contaminating data
not receiving the required level of protection.
(NCSC-TG-004)

CONTINGENCY Management of all the actions to be taken
MANAGEMENT before, during, and after a disaster (emergency
condition), along with documented, tested
procedures which, if followed, will ensure the
availability of critical ADP systems and which
will facilitate maintaining the continuity of
operations in an emergency situation. (DOE
5636.2A)

CONTINGENCY A plan for emergency response, backup
PLAN(S) operations, and post-disaster recovery
maintained by an ADP activity as a part of its
security program. A comprehensive, consistent
statement of all the actions to be taken before,
during, and after a disaster, along with
documented, tested procedures that, if followed,
will ensure the availability of critical
resources and that will facilitate maintaining
the continuity of operations in an emergency
situation. (NCSC-TG-004; OPNAVINST 5239.1A)

CONTINUITY OF The maintenance of essential services for an
OPERATIONS information system after a major failure at an
information center. The failure may result from
natural causes (such as fire, flood or
earthquakes) or from deliberate events (such as
sabotage). (GAO)

CONTROLLABLE Controlled sharing in which the scope or domain
ISOLATION of authorization can be reduced to an
arbitrarily small set or sphere of activity.
(FIPS PUB 39; AR 380-380)

CONTROLLED ACCESS Synonymous with ACCESS CONTROL.

CONTROLLED ACCESS Either part or all of an environment where all
AREA types and aspects of an access are checked and
controlled. (AFR 205-16)

CONTROLLED Synonymous with ACCESS CONTROL.
ACCESSIBILITY

CONTROLLED AREA 1) Any area, building, or structure specifically
designated by the installation commander
requiring limited entry for the protection of
Air Force personnel or resources. (AFR 205-16)

2) An area or space to which access is physically
controlled. (NCSC-9)

3) An area within which uncontrolled movement does
not permit access to classified information and
which is designed for the principal purpose of
providing administrative control, safety, or a
buffer area of security restrictions for
Limited Exclusion Areas. This area may be
protected by physical security measures, such
as sentries and fences. (OPNAVINST 5239.1A)

CONTROLLED 1) A mode of operation where internal security
SECURITY controls prevent inadvertent disclosure.
MODE Personnel, physical, and administrative controls
prevent attempts to gain unauthorized access.
The system may have users with access to the
system who have neither the security clearance
nor need-to-know for all classified information
in the system. Access shall be limited to users
with a minimal security clearance of one less
than the highest classified information
processed. (AFR 205-16)

2) An automated system is operating in the
controlled security mode when at least some
users with access to the system have neither the
required security clearance nor a need-to-know
for all classified material contained in the
system. However, the separation and control of
users and classified material are not
accomplished by the operating system as in the
Multilevel Security Mode. Instead, it is
accomplished by the implementation of security
measures which reduce or eliminate most system
software vulnerabilities. (AR 380-380)

3) The mode of operation that is a type of multi-
level security mode in which a more limited
amount of trust is placed in the hardware/
software base of the system, with the resultant
restrictions on the classification levels and
clearance levels that may be supported.
(CSC-STD-003-85)

4) The mode of operation that is a type of
multilevel security mode in which a more limited
amount of trust is placed in the hardware and
software base of the system, with resultant
restrictions on the classification levels and
clearance levels that may be supported. The
system may have users who possess neither the
security clearance nor the need-to-know for all
information in the system; however access shall
be limited to users with a minimal clearance
level of one less than the highest
classification processed. (NCSC-TG-004)

5) An ADP system is operating in the controlled
security mode when at least some personnel
(users) with access to the system have neither a
security clearance nor a need-to-know for all
classified material then contained in the ADP
system. However, the separation and control of
users and classified material on the basis,
respectively, of security clearance and security
classification is not essentially under
operating system control as in the multilevel
security mode. (OPNAVINST 5239.1A)

CONTROLLED The condition that exists when access control
SHARING is applied to all users and components of a
system. (NCSC-TG-004; AR 380-380; FIPS PUB 39)

CONTROLLED SPACE The three-dimensional space surrounding
equipment that processes national security
information within which unauthorized personnel
are 1) denied unrestricted access and 2) enter
escorted by authorized personnel or under
continual physical or electronic surveillance.
(AFR 700-10)

CONTROL ZONE 1) The space, expressed in feet of radius,
surrounding equipment processing classified
information which is under sufficient physical
and technical control to preclude a successful
hostile intercept attack. (AR 380-380)

2) The space, expressed in feet of radius,
surrounding equipment processing sensitive
information that is under sufficient physical
and technical control to preclude an
unauthorized entry or compromise. (NCSC-TG-004)

COPY PROTECTED 1) Software distributed on diskettes rendered
"uncopyable" by physical means. (BBD)

2) See UNPROTECT.

CORRECTNESS 1) In a strict sense, the property of a system that
is guaranteed as a result of formal verification
activities. Correctness is not an absolute
property of a system, rather it implies the
mutual consistency of a specification and its
implementation. (MTR-8201)

2) See VERIFICATION.

CORRECTNESS PROOF A mathematical proof of consistency between a
specification and its implementation. It may
apply at the security model-to-formal
specification level, at the formal
specification-to-HOL code level, at the compiler
level or at the hardware level. For example, if
a system has a verified design and
implementation, then its overall correctness
rests with the correctness of the compiler and
hardware. Once a system is proved correct, it
can be expected to perform as specified, but not
necessarily as anticipated if the specifications
are incomplete or inappropriate. (MTR-8201)

COST-RISK 1) The assessment of the costs of potential risk of
ANALYSIS loss or compromise without data protection
versus the cost of providing data protection.
(FIPS PUB 39; AR 380-380)

2) The assessment of the costs of providing data
protection for an automated information system
versus the cost of losing or compromising the
data. (NCSC-TG-004)

COUNTERMEASURE 1) That form of military science which by the use
of devices and techniques has as its objective
the impairment of the operational effectiveness
of enemy activity. (AR 380-380)

2) A security feature or control (e.g., hardware,
software, personnel, physical, communications or
administrative) designed to reduce or eliminate
security threats to the ADP system. (JCS PUB
22)

3) Any action, device, procedure, technique, or
other measure that reduces the vulnerability of
a system. (NCSC-TG-004; OPNAVINST 5239.1A)

COVERT CHANNEL 1) A communication channel that allows a process
to transfer information in a manner that
violates the system's security policy. (CSC-
STD-001-83; CSC-STD-004-85)

2) A communications channel that allows two
cooperating processes to transfer information in
a manner that violates the system's security
policy. (NCSC-TG-004)

COVERT STORAGE A covert channel that involves the direct or
CHANNEL indirect writing of a storage location by one
process and the direct or indirect reading of
the storage location by another process.
Covert storage channels typically involve a
finite resource (e.g., sectors on a disk) that
is shared by two subjects at different security
levels. (NCSC-TG-004; CSC-STD-001-83)

COVERT TIMING A covert channel in which one process signals
CHANNEL information to another by modulating its own use
of system resources (e.g., CPU time) in such a
way that this manipulation affects the real
response time observed by the second process.
(CSC-STD-001-83; NCSC-TG-004)

CRITERIA See DOD TRUSTED COMPUTER SYSTEM EVALUATION
CRITERIA.

CRITICALITY A concept related to the mission the automated
system supports and the degree that the mission
is dependent upon the system. This degree of
dependence corresponds to the effect on the
mission in the event of denial of service,
modification, or destruction of data or
software. (AFR 205-16)

CRITICAL Technologies that consist of (a) arrays of
TECHNOLOGY design and manufacturing know-how (including
technical data); (b) keystone manufacturing,
inspection, and test equipment; (c) keystone
materials; and (d) goods accompanied by
sophisticated operation, application, or
maintenance know-how that would make a
significant contribution to the military
potential of any country or combination of
countries and that may prove detrimental to the
security of the United States. (Also referred to
as military critical technology). (DODD 2040.2;
DODD 5230.24; DODD 5230.25)

CROSS-TALK An unwanted transfer of energy from one
communications channel to another channel.
(FIPS PUB 39; AR 380-380)

CRYPTOANALYSIS The steps and operations performed in
converting encrypted messages into plain text
without initial knowledge of the key employed
in the encryption algorithm. (FIPS PUB 39; AR
380-380)

CRYPTOGRAPHIC The use of encryption related techniques to
AUTHENTICATION provide authentication. (WB)

CRYPTOGRAPHIC A parameter (e.g., a secret 64-bit number for
KEY DES) used by a cryptographic process that makes
the process completely defined and usable only
by those having that key. (FIPS PUB 112)

CRYPTOGRAPHIC The documents, devices, equipment, and associat-
SYSTEM ed techniques that are used as a unit to provide
a means of encryption (enciphering or
encoding). (FIPS PUB 39; AR 380-380)

CRYPTOGRAPHY 1) The art or science concerning the principles,
means, and methods for rendering plain text
unintelligible and for converting encrypted
messages into intelligible form. (FIPS PUB 39;
AR 380-380)

2) a. The protection of telecommunications by
rendering information unintelligible or
unrecognizable until it reaches the
intended recipient.
b. The design and use of cryptosystems.
(NCSC-9)

CRYPTOLOGY 1) The field that encompasses both cryptography
and cryptoanalysis. (FIPS PUB 39; AR 380-380)

2) The science which deals with hidden, disguised,
or encrypted communications. It embraces
communications security and communication
intelligence. (NCSC-9)

CRYPTO-OPERATION The functional application of cryptographic
methods.

a. Off-line. Encryption or decryption
performed as a self-contained operation
distinct from the transmission of the
encrypted text, as by hand or by machines
not electrically connected to a signal
line.
b. On-line. The use of crypto-equipment that
is directly connected to a signal line,
making continuous processes of encryption
and transmission or reception and
decryption. (AR 380-380)

CSTVRP See COMPUTER SECURITY TECHNICAL VULNERABILITY
REPORTING PROGRAM.

CUSTODIAN OF DATA The individual or group that has been entrusted
with the possession of, and responsibility for,
the security of specified data. (WB)

CUSTOMER 1) A person or organization who receives products
that an automated system produces, but who does
not have access to the system. (AFR 205-16)

2) See ACCESS.

CYCLE (FOR One overwrite cycle is defined as follows: write
OVERWRITING one bit pattern or character, then write the
MEMORY, DISK, complement of that pattern or character into
ETC.) every addressable location or sector.
(CSC-STD-005-85)

DAA See DESIGNATED APPROVING AUTHORITY.

DAC See DISCRETIONARY ACCESS CONTROL.

DATA 1) Information with a specific physical
representation. (CSC-STD-001-83)

2) A representation of facts, concepts,
information, or instructions in a manner
suitable for communication, interpretation, or
processing by humans or by an AIS. (DODD
5200.28)

3) Information with a specific representation
(loosely used to denote any or all information
that can be processed, stored or produced by a
computer). (CSC-STD-005-85)

4) Programs, files or other information stored in,
or processed by, a computer system. (FIPS PUB
112)

DATA BASE An extensive and comprehensive set of records
collected and organized in a meaningful manner
to serve a particular purpose. (DODD 3200.12)

DATA 1) A deliberate or accidental process or act that
CONTAMINATION results in a change in the integrity of the
original data. (AR 380-380; FIPS PUB 39)

2) See DATA DIDDLING.

DATA-DEPENDENT Protection of data at a level commensurate
PROTECTION with the sensitivity level of the individual
data elements, rather than with the sensitivity
of the entire file which includes the data
elements. (FIPS PUB 39; AR 380-380)

DATA DIDDLING 1) [...] the entering of false data into a computer
system. (TC)

2) See DATA CONTAMINATION.

DATA ENCRYPTING A cryptographic key used for encrypting (and
KEY decrypting) data. (FIPS PUB 112)

DATA ENCRYPTION 1) An unclassified crypto-algorithm published by
STANDARD (DES) the National Bureau of Standards in FIPS PUB 46
for the protection of certain U.S. Government
information. (NCSC-9)

2) An unclassified crypto-algorithm adopted by the
National Bureau of Standards for public use.
(NCSC-TG-004)

DATA FLOW CONTROL See INFORMATION FLOW CONTROL.

DATA INTEGRITY 1) The state that exists when computerized data is
the same as that in the source documents and has
not been exposed to accidental or malicious
alteration or destruction. (AR 380-380; FIPS
PUB 39)

2) The state that exists when data is being handled
as intended and has not been exposed to
accidental or malicious modification or
destruction. (DODD 5200.28)

3) The state that exists when computerized data is
the same as that in the source documents and
has not been exposed to accidental or
intentional modification, disclosure, or
destruction. (OPNAVINST 5239.1A; AFR 205-16;
AR 380-380; CSC-STD-001-83; NCSC-TG-004)

DATA LEVEL a. Level I. Classified data.
b. Level II. Unclassified data requiring
special protection; for example Privacy Act,
For Official Use Only, technical documents
restricted to limited distribution.
c. Level III. All other unclassified data.
(OPNAVINST 5239.1A)

DATA OWNER The statutory authority responsible for a
particular type or category of information. Or,
the individual or organization responsible for
the actual data contained therein. (DODD
5200.28)

DATA PROTECTION The methodology and tools used for designing and
ENGINEERING implementing data protection mechanisms. (FIPS
PUB 39)

DATA SECURITY 1) The protection of data from accidental or
malicious modification, destruction, or
disclosure. (FIPS PUB 39)

2) The protection of data from unauthorized
(accidental or intentional) modification,
destruction, or disclosure. (OPNAVINST
5239.1A; AR 380-380; NCSC-TG-004)

DECIPHER 1) To convert, by use of the appropriate key,
encrypted (encoded or enciphered) text into
plain text. (AR 380-380)

2) To convert, by use of the appropriate key,
enciphered text into its equivalent plain text.
(FIPS PUB 39)

3) To convert enciphered text to plain text by
means of a cipher system. (NCSC-9)

DECLASSIFICATION A procedure that totally removes all of the
OF MAGNETIC classified or sensitive information stored on
STORAGE MEDIA magnetic media and that is followed by a review
of the procedure performed. A decision can then
be made for (or against) actual removal of the
classification level of the media.
Declassification allows release of the media
from the controlled environment if approved by
the appropriate authorities. (NCSC-TG-004;
CSC-STD-005-85)

DECODE 1) To convert encoded text into its equivalent
plain text by means of code. (NCSC-9)

2) Synonymous with DECRYPT.

DECRYPT 1) To convert, by use of the appropriate key,
encrypted (encoded or enciphered) text into its
equivalent plain text. (FIPS PUB 39; AR
380-380)

2) To convert encoded text into its equivalent
plain text by means of code. (NCSC-9)

3) Synonymous with DECODE.

DEDICATED 1) The mode of operation in which all users have
SECURITY the appropriate clearance and need-to-know for
MODE all data in the system. The system is
specifically and exclusively dedicated to and
controlled for the processing of one particular
type or classification of information either for
full-time operation or for a specified period of
time. (AFR 205-16)

2) A mode of operation in effect when all users
with access have both a clearance and need-
to-know for all information in the information
system. Processing may be in this mode full
time or for specific periods of time. (AFR
700-10)

3) The mode of operation in which the system is
specifically and exclusively dedicated to and
controlled for the processing of one particular
type or classification of information, either
for full-time operation or for a specified
period of time. (CSC-STD-003-85)

4) A mode of operation wherein all users have the
clearance, formal access approval, and need-to-
know for all data handled by the AIS. In the
dedicated mode, an AIS may handle a single
classification level and/or category of
information or a range of classification levels
and/or categories. (DODD 5200.28)

5) An ADP system is operating in a dedicated mode
when the central computer facility and all of
its connected peripheral devices and remote
terminals are exclusively used and controlled by
specified users or groups of users for the
processing of a particular type(s) and
category(ies) of classified information. (DODD
5200.28M)

6) The operation of an ADP system such that the
central computer facility, the connected
peripheral devices, the communications
facilities, and all remote terminals are used
and controlled exclusively by specific users or
groups of users for the processing of particular
types and categories of information. (FIPS PUB
39)

7) A mode of operation wherein all users have the
clearance, formal access approval, and
need-to-know for all data handled by the
system. Processing in this mode may be full
time or for specific periods of time.
(NCSC-TG-004)

8) An ADP system is operating in the dedicated
security mode when the Central Computer
Facility and all of its connected peripheral
devices and remote terminals are exclusively
used and controlled by specific users or group
of users having a security clearance and
need-to-know for the processing of a particular
category(ies) and type(s) of classified
material. (OPNAVINST 5239.1A; AR 380-380)

DEFAULT A temporary classification, reflecting the high-
CLASSIFICATION est classification being processed in an
automated system. The default classification
is included in the safeguard statement affixed
to the product. (AR 380-380; NCSC-TG-004)

DEGAUSS 1) To reduce magnetic flux density to zero by
applying a reverse (coercive) magnetizing force.
Commonly referred to as demagnetizing.
(CSC-STD-005-85; NCSC-TG-004)

2) To apply a variable, alternating current (AC)
field for the purpose of demagnetizing magnetic
recording media. The process involved increases
the AC field gradually from zero to some maximum
value and back to zero, which leaves a very low
residue of magnetic induction on the media.
(OPNAVINST 5239.1A; AR 380-380; FIPS PUB 39)

DEGAUSSER An electrical device that can generate coercive
magnetic force for the purpose of degaussing
magnetic storage media. (NCSC-TG-004;
CSC-STD-005-85)

DEGREE OF TRUST The level of confidence that can be placed in
security mechanisms to correctly enforce the
security policy. (AFR 205-16)

DENIAL OF 1) Action or actions that prevent any part of a
SERVICE system from functioning in accordance with its
intended purpose. This includes any action
that causes the unauthorized destruction,
modification, or delay of service.
(NCSC-TG-004; DODD 5200.28)

2) See INTERDICTION.

DES See DATA ENCRYPTION STANDARD.

DESCRIPTIVE A top-level specification that is written in a
TOP-LEVEL natural language (e.g., English), an informal
SPECIFICATION program design notation, or a combination of
(DTLS) the two. (CSC-STD-001-83)

DESIGNATED 1) A designated official who approves the operation
APPROVING of automated systems at the computer facilities
AUTHORITY (DAA) under his or her jurisdiction for processing of
information or for critical processing. (AFR
205-16)

2) A senior policy official who has the authority
and the responsibility to make the management
decision to accept or not accept the security
safeguards prescribed for an AIS; the official
who may be responsible for issuing an
accreditation statement that records the
decision to accept those safeguards. (DODD
5200.28; NCSC-TG-004)

3) An official assigned responsibility to accredit
ADP elements, activities, and networks under the
official's jurisdiction. (OPNAVINST 5239.1A)

DESIGN The use of verification techniques, usually
VERIFICATION computer-assisted, to demonstrate a mathematical
correspondence between an abstract (security)
model and a formal system specification.
(MTR-8201)

DESTRUCTION The physical alteration of ADP system media or
ADP system components such that they can no
longer be used for storage or retrieval of
information. (DOE 5636.2A)

DIAL BACK See CALL BACK.

DIAL-UP The service whereby a telephone can be used to
initiate and effect communication with a
computer. (NCSC-TG-004)

DISASTER PLAN See CONTINGENCY PLAN(S).

DISCRETIONARY 1) A means of restricting access to objects based
ACCESS on the identity of subjects and/or groups
CONTROL (DAC) to which they belong. The controls are
discretionary in the sense that a subject with a
certain access permission is capable of passing
that permission (perhaps indirectly) on to any
other subject (unless restrained by mandatory
access control). (DODD 5200.28-STD)

2) A means of restricting access to objects based
on the identity and need-to-know of subjects
and/or groups to which they belong. The
controls are discretionary in the sense that a
subject with a certain access permission is
capable of passing that permission (perhaps
indirectly) on to any other subject.
(NCSC-TG-004; CSC-STD-001-83; CSC-STD-004-85)

DISCRETIONARY Access control that identifies individual users
PROTECTION and their need-to-know and limits users to the
information that they are allowed to see. It is
used on systems that process information with
the same level of sensitivity. (AFR 205-16)

DISSEMINATION See SPECIAL MARKINGS.
CONTROLS

DISSEMINATION See SPECIAL MARKINGS.
CONTROL
MARKINGS

DISSEMINATION The function of distributing government
OF INFORMATION information to the public, whether through
printed documents, or electronic or other
media. Does not include intra-agency use of
information, interagency sharing of
information, or responding to requests for
"access to information." (A-130)

DISTRIBUTED An AIS that is physically and/or electrically
AIS connected to one or more AISs. (DODD 5200.28)

DISTRIBUTION A statement used in marking a technical
STATEMENT document to denote the extent of its
availability for distribution, release, and
disclosure without additional approvals or
authorizations. A distribution statement
marking is distinct from and in addition to a
security classification marking assigned in
accordance with DOD 5200.1-R. (DODD 5230.24)

DISTRIBUTION The metallic wirepaths or fiber optic
SYSTEM transmission paths providing interconnection
between components of the protected system.
(NACSIM 5203)

DOCUMENT Any recorded information regardless of its
medium, physical form, or characteristics.

a. Technical document. Any document that
presents STI.

b. Technical report. Any preliminary or
final technical document prepared to
record, document, or share results obtained
from, or recommendations made on, or
relating to, DOD-sponsored or
co-sponsored scientific and technical
work. (DODD 3200.12)

DOD INFORMATION An activity that acquires, digests, analyzes,
ANALYSIS CENTER evaluates, synthesizes, stores, publishes,
(IAC) and provides advisory and other user services
concerning available worldwide scientific and
technical information and engineering data in a
clearly defined, specialized field or subject
area of significant DOD interest or concern.
IACs are distinguished from technical
information centers and libraries whose
functions are primarily concerned with
providing reference or access to the documents
themselves rather that the STI information
contained in the documents. (DODD 3200.12)

DODTCSEC See DOD TRUSTED COMPUTER SYSTEM EVALUATION
CRITERIA.

DOD TRUSTED A document published by the National Computer
COMPUTER SYSTEM Security Center containing a uniform set of
EVALUATION basic requirements and evaluation classes for
CRITERIA assessing the effectiveness of hardware and
(DODTCSEC) software security controls built into systems.
These criteria are intended for use in the
design and evaluation of systems that will
process and/or store sensitive or classified
data. This document is frequently referred to
as "The Criteria" or "The Orange Book."
(NCSC-TG-004)

DOMAIN 1) The set of objects that a subject has the
ability to access. (CSC-STD-001-83)

2) The set of objects that a subject or resources
in a system have the ability to access.
(NCSC-TG-004)

DOMINATE Security level S1 is said to dominate security
level S2 if the hierarchical classification of
S1 is greater than or equal to that of S2 and
the non-hierarchical categories of S1 include
all of those of S2 as a subset. (CSC-STD-
001-83)

DUAL CONTROL The process of utilizing two or more separate
entities (usually persons) operating in concert,
to protect sensitive functions or information.
Both (all) entities are equally responsible.
This approach generally involves the
split-knowledge [of the] physical or logical
protection of security parameters. (WB)

DUMB TERMINAL Terminal (or computer using dumb terminal
software) which allows communications with other
computers, but does not enhance the data
exchanged, or provide additional features such
as upload/download. (BBD)

EAVESDROPPING The unauthorized interception of information-
bearing emanations through the use of methods
other than wiretapping. (FIPS PUB 39; AR
380-380)

ECONOMIC A detailed study of security measures, their
ASSESSMENT operational and technical feasibility, and
their costs and benefits. Economic assessment
aids in planning and selecting security
measures. (AFR 205-16; AFR 700-10)

ELECTROMAGNETIC Signals transmitted as radiation through
EMANATIONS the air and through conductors. (FIPS PUB 39;
AR 380-380)

ELECTRONIC FUNDS Electronic funds transfer refers to the movement
TRANSFER (EFT) of value (money) from one party to another by
electronic means. (GAO)

EMANATIONS See COMPROMISING EMANATIONS and ELECTROMAGNETIC
EMANATIONS.

EMANATION The protection that results from all measures
SECURITY designed to deny unauthorized persons
information of value that might be derived from
intercept and analysis of compromising
emanations. (FIPS PUB 39)

EMBEDDED An embedded system is one that performs or
SYSTEM controls a function, either in whole or in
part, as an integral element of a larger system
or subsystem. For example, ground support
equipment, flight simulators, engine test
stands, or fire control systems. (DODD
5200.28; NCSC-TG-004)

EMERGENCY PLAN See CONTINGENCY PLAN(S).

EMISSION 1) A component of COMSEC that results from all
SECURITY measures to deny unauthorized persons
information of value which might be derived
from intercept and analysis of compromising
emanations from electrically operated
classified information processing equipment and
systems. (AR 380-380)

2) That component of communications security
(COMSEC) which results from all measures taken
to deny unauthorized persons information of
value which might be derived from intercept and
analysis of compromising emanations from
crypto-equipment and telecommunications
systems. (NCSC-9)

3) The protection resulting from all measures taken
to deny unauthorized persons information of
value that might be derived from intercept and
analysis of compromising emanations from
systems. (NCSC-TG-004)

EMULATOR A combination of hardware and software that
permits programs written for one computer to be
run on another computer. In computer security
terminology, the emulator is the portion of the
system responsible for creating an operating
system compatible environment out of the
environment provided by the kernel. In KSOS,
the emulator maps the kernel environment into
the UNIX environment. (MTR-8201)

ENCIPHER 1) To convert plain text into an unintelligible
form by means of a cipher system. (FIPS PUB
39; AR 380-380)

2) To convert plain text into enciphered text by
means of a cipher system. (NCSC-9)

ENCODE 1) To convert plain text into an unintelligible
form by means of a code system. (FIPS PUB 39;
AR 380-380)

2) To convert plain text into encoded text by means
of a code system. (NCSC-9)

ENCRYPT 1) To convert plain text into unintelligible form
by means of a cryptosystem. (AFR 700-10; AR
380-380; FIPS PUB 39)

2) To convert plain text into unintelligible form
by means of a cryptosystem. Note: The term
encrypt encompasses the terms "encipher: and
"encode." (NCSC-9)

ENCRYPTION 1) Transforming a text into code in order to
conceal its meaning.
a. End-to-end encryption. Encryption of
information at the origin within a
communications network and postponing
decryption to the final destination point.
b. Link encryption. The application of on-
line crypto-operations to a link of a
communications system so that all
information passing over the link is
encrypted. (AR 380-380)

2) The process of transforming data to an
unintelligible form in such a way that the
original data either cannot be obtained (one-way
encryption) or cannot be obtained without using
the inverse decryption process (two-way
encryption). (FIPS PUB 112)

3) See END-TO-END ENCRYPTION and LINK ENCRYPTION.

ENCRYPTION 1) A set of mathematical rules for rendering
ALGORITHM information unintelligible by effecting a
series of transformations to the normal
representation of the information through the
use of variable elements controlled by a key.
(AR 380-380)

2) A set of mathematically expressed rules for
rendering information unintelligible by
effecting a series of transformations through
the use of variable elements controlled by the
application of a key to the normal
representation of the information. Synonymous
with PRIVACY TRANSFORMATION. (FIPS PUB 39)

END-TO-END 1) Encryption of information at the origin within a
ENCRYPTION communications network and postponing decryption
to the final destination point. (FIPS PUB 39)

2) The protection of information passed in a secure
telecommunications system by cryptographic
means, from point of origin to point of
destination. (NCSC-TG-004)

3) See ENCRYPTION and LINK ENCRYPTION.

ENHANCED A software development methodology that makes
HIERARCHICAL use of the language REVISED SPECIAL to formally
DEVELOPMENT prove design specifications. REVISED SPECIAL
METHODOLOGY is a language developed by SRI International.
(NCSC-TG-004)

ENTRAPMENT 1) The deliberate planting of apparent flaws in a
system for the purpose of detecting attempted
penetrations. (AR 380-380; NCSC-TG-004)

2) The deliberate planting of apparent flaws in a
system for the purpose of detecting attempted
penetrations or confusing an intruder about
which flaws to exploit. (FIPS PUB 39)

ENTRY See BETWEEN-THE-LINES ENTRY and PIGGY BACK
ENTRY.

ENVIRONMENT 1) The aggregate of external circumstances,
conditions, and objects that affect the
development, operation, and maintenance of a
system. (CSC-STD-004-85; CSC-STD-003-85;
NCSC-TG-004)

2) Those factors, both internal and external, of an
ADP system that help to define the risks
associated with its operation, e.g., the
interfaces within the ADP system, the associated
software, the type and level of information
contained within the ADP system, the access
control mechanisms used to restrict access, and
the physical characteristics of the operational
area. (DOE 5636.2A)

EPL See EVALUATED PRODUCTS LIST.

ERASURE 1) A security model rule stating that objects must
be purged before being activated or reassigned.
This ensures that no information is retained
within an object when it is reassigned to a
subject at a differing security level.
(MTR-8201)

2) A process by which a signal recorded on magnetic
media is removed. Erasure is accomplished in
two ways: (1) by alternating current erasure,
the information is destroyed by applying an
alternating high/low current to the media, or
(2) by direct current erasure, the media are
saturated by applying a unidirectional current.
(NCSC-TG-004; CSC-STD-005-85)

ESCORT(S) Duly designated personnel who have appropriate
clearances and access authorizations for the
material contained in the system and are
sufficiently knowledgeable to understand the
security implications of and to control the
activities and access of the individual being
escorted. (OPNAVINST 5239.1A; AR 380-380; DCID
1/16; DCID 1/16, Sup.; DODD 5200.28M)

ESSENTIAL Information concerning a plan, project, or
ELEMENTS OF activity which, if acquired by hostile interests
FRIENDLY by any means, might jeopardize the successful
INFORMATION execution of an operation. (AFR 205-16)
(EEFI)

EVALUATED A documented inventory of commercially avail-
PRODUCTS able trusted computer hardware and software
LIST (EPL) that has been evaluated against the Department
of Defense Trusted Computer System Evaluation
Criteria by the National Computer Security
Center. (AFR 205-16; NCSC-TG-004; DODD 5200.28;
DODD 5215.1)

EVALUATION The evaluator's report to the Designated
Approving Authority describing the investigative
and test procedures used in the analysis of the
ADP system security features with a description
and results of tests used to support or refute
specific system weaknesses that would permit the
acquisition of identifiable classified material
from secure or protected data files. (DODD
5200.28M)

EVALUATOR Personnel specifically designated to participate
in the test team review, analysis, testing,
and evaluation of the security features of an
automated system. (AR 380-380)

EXECUTIVE STATE 1) One of several states in which a system may
operate and the only one in which certain
privileged instruction may be executed. Such
instructions cannot be executed when the system
is operating in other (e.g., user) states.
(NCSC-TG-004; AR 380-380; FIPS PUB 39)

2) Synonymous with SUPERVISOR STATE.

EXHAUSTIVE 1) [An] exhaustive attack consists of discovering

ATTACK secret data by trying all possibilities and
checking for correctness. For a four digit
password, one might start with 0000 and move on
to 0001, 0002 till 9999. (JL)

2) See SCANNING.

EXPLOITABLE 1) Any channel that is usable or detectable by
CHANNEL subjects external to the trusted computing
base. (NCSC-TG-004)

2)See COVERT CHANNEL.

EXPOSURE A specific instance of the condition of being
unduly exposed to losses resulting from the
occurrence of one or more threat events. (WB)

EXTERNAL That portion of a protected distribution system
PROTECTED extending beyond a Controlled Access Area (CAA).
DISTRIBUTION (NACSIM 5203)
SYSTEM

EXTERNAL SECURITY A security audit conducted by an organization
AUDIT independent of the one being audited. (FIPS PUB
39)

EXPIRED A password that must be changed by the user
PASSWORD before login may be completed. (CSC-STD-002-85)

EXPLOITABLE 1) Any channel that is usable or detectable by
CHANNEL subjects external to the Trusted Computing
Base. (CSC-STD-001-83)

2) See COVERT CHANNEL.

FAIL SAFE Automatic termination and protection of programs
and/or processing systems when a hardware or
software failure is detected in a system.
(NCSC-TG-004; AR 380-380; FIPS PUB 39)

FAIL SOFT The selective termination of affected
nonessential processing when a hardware or
software failure is detected in an automated
system. (AR 380-380; NCSC-TG-004; FIPS PUB 39)

FAILURE ACCESS An unauthorized and usually inadvertent access
to data resulting from a hardware or software
failure in the automated system. (AR 380-380;
FIPS PUB 39; NCSC-TG-004)

FAILURE The methodology used to detect and provide
CONTROL fail-safe or fail-soft recovery from hardware
and software failures in an automated system.
(AR 380-380; FIPS PUB 39; NCSC-TG-004)

FAULT 1) A condition that causes a device or system
component to fail to perform in a required
manner (such as a short circuit, broken wire,
or intermittent connection). (NCSC-TG-004; AR
380-380)

2) Synonym for LOOPHOLE.

FEATURES See SECURITY FEATURES.

FETCH A system-provided restriction to prevent a
PROTECTION program from accessing data in another user's
segment of storage. (FIPS PUB 39; AR 380-380;
NCSC-TG-004)

FILE In a manner similar to that used for the
AUTHENTICATION computation of a Message Authentication Code,
CODE certain authentication techniques can be used to
provide assurance that data held in a file has
not been altered or deleted. This term is also
applied to databases. (WB)

FILE PROTECTION The aggregate of all processes and procedures
established in an automated system and designed
to inhibit unauthorized access, contamination,
or elimination of a file. (AR 380-380;
NCSC-TG-004; FIPS PUB 39)

FILE SECURITY The means by which access to computer files is
limited to authorized users only. (NCSC-TG-004)

FIRMWARE 1) Software that is permanently stored in a
hardware device which allows reading of the
software but not writing or modifying. The
most common device for firmware is read only
memory (ROM). (AFR 205-16)

2) Computer programs recorded in a permanent or
semipermanent physical medium incorporated in
the computer equipment. (AR 380-380)

3) A method of organizing the ADP system's control
hardware in a microprogrammed structure rather
than as wired circuitry such that the method
falls in neither the software nor the hardware
subsystems. Microprograms are composed of
microinstructions, normally implemented in
read-only control storage, to directly control
the sequencing of computer circuits at the
detailed level of the single machine
instruction. For purposes of this directive
(i.e., the controlled security mode), the
firmware or microprogramming handling security
and related control functions shall be alterable
only within the Central Computer Facility and
only under controlled conditions by specifically
designated personnel. It shall not be alterable
by users or by software. Accordingly,
particular care and evaluation is required where
writable control storage is employed in addition
to, or in lieu of, read-only storage in the
microprogram control storage. (JCS PUB 22)

FLAW 1) An error of commission, omission, or oversight
in a system that may allow protection mechanisms
to be bypassed. (NCSC-TG-004; CSC-STD-001-83)

2) Synonymous with LOOPHOLE.

3) See PSEUDO-FLAW.

FLAW A system analysis and penetration technique
HYPOTHESIS where specifications and documentation for the
METHODOLOGY system are analyzed and then flaws in the
system are hypothesized. The list of
hypothesized flaws is then prioritized on the
basis of the estimated probability that a flaw
exists and, assuming a flaw does exist, on the
ease of exploiting it, and on the extent of
control or compromise it would provide. The
prioritized list is used to direct a penetration
attack against the system. (NCSC-TG-004;
CSC-STD-001-83)

FLOW CONTROL 1) A strategy for protecting the contents of
information objects from being transferred to
objects at improper security levels. It is more
restrictive than access control. (MTR-8201)

2) See INFORMATION FLOW CONTROL.

FOIA Freedom Of Information Act. Information or
activities related to the Freedom of Information
Act including access by private individuals to
certain government information. (ed.)

FOREIGN 1) Information provided by a foreign government or
GOVERNMENT governments, an international organization of
INFORMATION governments, or any element thereof with the
expectation, expressed or implied, that the
information, the source of the information, or
both, are to be held in confidence; or

Information produced by the United States
pursuant to or as a result of joint arrangement
with a foreign government or governments or an
international organization of governments, or
any element thereof, requiring that the
information, the arrangement, or both, are to be
held in confidence. (EO 12356)

2) Information that is:
a. Provided to the United States by a foreign
government or governments, an international
organization of governments, or any element
thereof with the expectation either
expressed or implied, that the information
or the source of information, or both be
held in confidence.
b. Produced by the United States following
or as a result of a joint arrangement with
a foreign government or governments or
an international organization of
governments or any element thereof,
requiring that the information or the
arrangement or both be held in confidence.

Information described in subparagraphs above
and in the possession of the DOD is classified
information in accordance with DOD 5200.1-R.
(DODD 5230.24)

FORMAL ACCESS Documented approval by a data owner to allow
APPROVAL access to a particular type or category of
information. (DODD 5200.28; NCSC-TG-004)

FORMAL A software development methodology that makes
DEVELOPMENT use of the language, Ina Jo, to formally prove
METHODOLOGY design specifications. Ina Jo is a language
developed by System Development Corporation.
(NCSC-TG-004)

FORMAL PROOF 1) A complete and convincing mathematical
argument, presenting the full logical
justification for each proof step, for the
truth of a theorem or set of theorems. The
formal verification process uses formal proofs
to show the truth of certain properties of
formal specification and for showing that
computer programs satisfy their specifications.
(CSC-STD-001-83)

2) A complete and convincing mathematical argument,
presenting the full logical justification for
each proof step, for the truth of a theorem or
set of theorems. (NCSC-TG-004)

FORMAL SECURITY 1) A mathematically precise statement of a security
POLICY MODEL policy. To be adequately precise, such a model
must represent the initial state of a system,
the way in which the system progresses from one
state to another, and a definition of a "secure"
state of the system. To be acceptable as a
basis for a Trusted Computing Base, the model
must be supported by a formal proof that if the
initial state of the system satisfies the
definition of a "secure" state and if all
assumptions required by the model hold, then all
future states of the system will be secure.
Some formal modeling techniques include: state
transition models, denotational semantics
models, and algebraic specification models.
(NCSC-TG-004; CSC-STD-001-83)

2) See BELL-LAPADULA MODEL and SECURITY POLICY
MODEL.

FORMAL A top-level specification that is written in a
TOP-LEVEL formal mathematical language to allow theorems
SPECIFICATION showing the correspondence of the system
(FTLS) specification to its formal requirements to be
hypothesized and formally proven. (CSC-STD-
001-83; NCSC-TG-004)

FORMAL The process of using formal proofs to demon-
VERIFICATION strate the consistency (design verification)
between a formal specification of a system and a
formal security policy model (implementation
verification) or between the formal
specification and its program implementation.
(NCSC-TG-004; CSC-STD-001-83)

FORMULARY A technique for permitting the decision to grant
or deny access to be determined dynamically at
access time, rather than at the time of creation
of the access list. (FIPS PUB 39)

FOR OFFICIAL Data that is unclassified official information
USE ONLY (FOUO) of a sensitive, proprietary, or personal nature
DATA which must be protected against unauthorized
public release. (AFR 205-16; AR 380-380)

FRONT-END 1) A process that is invoked to process data
SECURITY FILTER according to a specified security policy
prior to releasing the data outside the
processing environment or upon receiving data
from an external source. (DODD 5200.28-STD)

2) A security filter, which could be implemented in
hardware or software, that is logically
separated from the remainder of the system to
protect its integrity. (NCSC-TG-004)

FUNCTIONAL 1) The portion of security testing in which the
TESTING advertised features of a system are tested for
correct operation. (CSC-STD-001-83)

2) The segment of security testing in which the
advertised security mechanisms of the system are
tested, under operational conditions, for
correct operation. (NCSC-TG-004)

GAUSS A unit measure of the magnetic flux density
produced by a magnetizing force.
(CSC-STD-005-85).

GENERAL PURPOSE A computer system that is designed to aid in
SYSTEM solving a wide variety of problems. (CSC-STD-
001-83)

GOVERNMENT Information created, collected, processed,
INFORMATION transmitted, disseminated, used, stored, or
disposed of by the Federal Government. (A-130)

GOVERNMENT Informational matter which is published as an
PUBLICATION individual document at government expense, or
as required by law. (A-130)

GRANULARITY 1) The relative fineness or coarseness by which
a mechanism can be adjusted. The phrase "the
granularity of a single user" means the access
control mechanism can be adjusted to include or
exclude any single user. (DODD 5200.28-STD)

2) An expression of the relative size of a data
object; e.g., protection at the file level is
considered coarse granularity, whereas
protection at the field level is considered to
be of a finer granularity. (NCSC-TG-004)

GUARD A processor that provides a filter between two
systems operating at different security levels
or between a user terminal and a data base to
filter out data that the user is not authorized
to access. (NCSC-TG-004)

GYPSY A combined formal program specification language
and a verifiable high order language, developed
at the University of Texas, and design in
conjunction with a complete verification
system. (MTR-8201)

GYPSY A software development methodology that makes
VERIFICATION use of the Gypsy language, to formally prove
ENVIRONMENT design specification and code implementation.
Gypsy is a language developed by the University
of Texas. (NCSC-TG-004)

HACKER Originally, a computer enthusiast who spent
significant time learning the functions of the
computer without benefit of formal training (and
often without the technical manuals) by trying
combinations of commands at random to determine
their effect.
Common usage today is from the press, which uses
the word to describe people who "break into"
computers for various purposes. (BBD)

HANDLED The term "handled by" denotes the activities
performed on data in an AIS, such as collecting,
processing, transferring, storing, retrieving,
sorting, transmitting, disseminating and
controlling. (DODD 5200.28)

HANDLING CAVEATS See SPECIAL MARKINGS.

HANDLING See SPECIAL MARKINGS.
RESTRICTIONS

HANDSHAKING 1) A dialogue between a user and a computer, a
PROCEDURES computer and another computer, a program and
another program for the purpose of identifying
a user and authenticating identity. A sequence
of questions and answers is used based on
information either previously stored in the
computer or supplied to the computer by the
initiator of the dialogue. (AR 380-380; FIPS
PUB 39)

2) A dialogue between a user and a computer, or a
program and another program for the purpose of
identifying a user and authenticating identity.
(NCSC-TG-004)

3) Synonymous with PASSWORD DIALOGUE.

HARDWARE The electric, electronic, and mechanical
equipment used for processing data. (DOE
5636.2A)

HARDWARE The passing of control characters between two
HANDSHAKING devices, such as ACK, NAK, XON, XOFF, for the
purpose of controlling the flow of information
between the devices. (AFR 205-16)

HARDWARE 1) Computer equipment features or devices used in
SECURITY an ADP system to preclude unauthorized data
access. (AR 380-380)

2) Equipment features or devices used in an
automated information system to preclude
unauthorized data access or support a Trusted
Computing Base. (NCSC-TG-004)

HASH TOTAL The use of specific mathematical formulae to
produce a quantity that is (often appended to
and) used as a check-sum or validation parameter
for the data that it protects. (WB)

HIDDEN SECTIONS Menu options, or entire sub-menus, not visible
or accessible to a user due to lack of adequate
authorization. (BBD)

HIERARCHICAL 1) A formal specification and verification
DEVELOPMENT methodology developed at SRI International.
METHODOLOGY (HDM) HDM is based on a nonprocedural, state-
transition specification language, SPECIAL, and
provides a security flow analysis tool, MLS, for
verifying the multilevel security properties of
a user-interface specification. (MTR-8201)

2) A software development methodology that makes
use of the language, SPECIAL, to formally prove
design specifications. SPECIAL is a language
developed by SRI International. (NCSC-TG-004)

HOST TO FRONT- A set of conventions governing the format and
END PROTOCOL control of data that are passed from a host to a
front-end machine. (NCSC-TG-004)

HOSTILE THREAT An area that contains known threats and
ENVIRONMENT possesses little or no control over the
surrounding area, such as experienced by some
diplomatic facilities. (AFR 205-16)

HOT-STANDBY Equipment and other information system
components that are electrically activated and
so configured such that production operations
can be quickly and easily switched to such
components. (WB)

HUMAN INTERFACE TCB operations that require human intervention
FUNCTIONS or judgement. Untrusted processes would not be
able to invoke them. (MTR-8201)

IDENTIFICATION 1) The process that enables recognition of a user
described to an ADP system. This is generally
by the use of unique machine-readable names.
(AR 380-380; NCSC-TG-004)

2) The process that enables, generally by the use
of unique machine-readable names, recognition of
users or resources as identical to those
previously described to an ADP system. (FIPS
PUB 39)

IDENTITY TOKEN A smart card, a metal key, or some other
physical token carried by a systems user that
allows user identity validation. (WB)

IDENTITY 1) The performance of tests, such as the checking
VALIDATION of a password, that enables an information
system to recognize users or resources as
identical to those previously described to the
system. (WB)

2) See AUTHENTICATE and AUTHENTICATION.

IMPERSONATION 1) An attempt to gain access to a system by posing
as an authorized user. (FIPS PUB 39)

2) Synonymous with MASQUERADING and MIMICKING.


IMPLEMENTATION The use of verification techniques, usually
VERIFICATION computer-assisted, to demonstrate a
mathematical correspondence between a formal
specification and its implementation in program
code. (MTR-8201)

INADVERTENT Accidental exposure of sensitive defense
DISCLOSURE information to a person not authorized access.
This may result in a compromise or a need-to-
know violation. (AR 380-380)

INA JO (FORMAL System Development Corporation's specification
DEVELOPMENT and verification methodology, based on a
METHODOLOGY) nonprocedural state-transition specification
language, Ina Jo. The Ina Jo methodology
incorporated user-supplied invariants to produce
a formal demonstration that security properties
are met. (MTR-8201)

INCIDENT See COMPUTER SECURITY INCIDENT.

INCOMPLETE A system fault that exists when all parameters
PARAMETER have not been fully checked for accuracy and
CHECKING consistency by the operating system, thus making
the system vulnerable to penetration.
(NCSC-TG-004; AR 380-380; FIPS PUB 39)

INDIVIDUAL The ability to positively associate the identity
ACCOUNTABILITY of a user with the time, method, and degree of
access to a system. (NCSC-TG-004; AR 380-380)

INFORMATION 1) Any communication or reception of knowledge such
as facts, data, or opinions, including
numerical, graphic, or narrative forms, whether
oral or maintained in any medium, including
computerized data bases, paper, microform, or
magnetic tape. (A-130; DODD 5200.28)

2) The terms "data," "information," "material,"
"documents," and "matter" are considered
synonymous and used interchangeably in this
Order. They refer to all data regardless of its
physical form (e.g., data on paper printouts,
tapes, disks or disk packs, in memory chips,
random access memory (RAM), in read only memory
(ROM), microfilm or microfiche, on communication
lines, and on display terminals). (DOE 5636.2A)

3) Any information or material, regardless of its
physical form or characteristics, that is owned
by, produced by or for, or is under the control
of the United States Government. (EO 12356)

INFORMATION Tracing the flow of specific information types
FLOW through an information system to determine
ANALYSIS whether the controls applied to this information
are appropriate. (WB)

INFORMATION 1) A procedure to ensure that information transfers
FLOW within a system are made from a higher security
CONTROL level object to an object of a lower security
level. (NCSC-TG-004)

2) See COVERT CHANNEL, SIMPLE SECURITY PROPERTY,
STAR PROPERTY (*-PROPERTY).

3) Synonymous with DATA FLOW CONTROL and FLOW
CONTROL.

INFORMATION The planning, budgeting, organizing, direct-
RESOURCES ing, training, and control associated
MANAGEMENT with government information. The term
encompasses both information itself and the
related resources, such as personnel,
equipment, funds, and technology. (A-130)

INFORMATION 1) The result of any system of policies and
SECURITY procedures for identifying, controlling, and
protecting from unauthorized disclosure,
information whose protection is authorized by
executive order or statute. (DOD 5200.1-R)

2) An Automated Information System and
communication security system of administrative
policies and procedures for identifying,
controlling, and protecting information from
unauthorized disclosure. (NCSC-TG-004)

3) See COMPUTER SECURITY.

INFORMATION The organized collection, processing,
SYSTEM transmission, and dissemination of information
in accordance with defined procedures, whether
automated or manual. (A-130; DODD 5200.28)

INFORMATION Willful or negligent activity that affects the
SYSTEM availability, confidentiality, or integrity of
ABUSE information systems resources. Includes fraud,
embezzlement, theft, malicious damage,
unauthorized use, denial of service, and
misappropriation. (AFR 700-10)

INFORMATION 1) The protection afforded to information systems
SYSTEMS in order to preserve the availability,
SECURITY integrity, and confidentiality of the systems
and information contained within the systems.
Such protection is the application of the
combination of all security disciplines which
will, at a minimum, include COMSEC, TEMPEST,
computer security, OPSEC, information security,
personnel security, industrial security,
resource protection, and physical security.
(AFR 700-10)

2) See COMPUTER SECURITY.

INFORMATION Information System Security Officer. (DCID
SYSTEM SECURITY 1/16, Sup.)
OFFICER

INFORMATION The hardware and software used in connection
TECHNOLOGY with government information, regardless of the
technology involved, whether computers,
telecommunications, micrographics, or others.
Automatic data processing and telecommunications
activities related to certain critical national
security missions, as defined in 44 U.S.C. 3502
(2) and 10 U.S.C. 2315, are excluded. (A-130)

INFORMATION An organizationally defined set of personnel,
TECHNOLOGY hardware, software, and physical facilities, a
FACILITY primary function of which is the operation of
information technology. (A-130)

INTEGRITY 1) That computer security characteristic that
ensures that computer resources operate
correctly and that the data in the data bases
are correct. This characteristic protects
against deliberate or inadvertent unauthorized
manipulation of the system and ensures and
maintains the security of entities of a computer
system under all conditions. (AFR 205-16)

2) The quality or state of being unimpaired;
soundness.
a. The capability of an automated system to
perform its intended function in an
unimpaired manner, free from deliberate or
inadvertent unauthorized manipulation of
the system.
b. Inherent quality of protection that
ensures and maintains the security of
entities of a computer system under all
conditions. (AR 380-380)

3) The assurance, under all conditions, that a
system will reflect the logical correctness and
reliability of the operating system; the logical
completeness of the hardware and software that
implement the protection mechanisms; and the
consistency of the data structures and accuracy
of the stored data. In a formal security model,
integrity is interpreted more narrowly to mean
protection against unauthorized modification or
destruction of information. (MTR-8201)

4) The capability of a system to perform its
intended function in an unimpaired manner, free
from deliberate or inadvertent unauthorized
manipulation of the system. The inherent
quality of protection that ensures and maintains
the security of entities of a system.
(NCSC-TG-004)

5) See DATA INTEGRITY and SYSTEM INTEGRITY.

INTELLIGENCE Intelligence is the product resulting from the
collection, evaluation, analysis, integration,
and interpretation of all information concerning
one or more aspects of foreign countries or
areas, which is immediately or potentially
significant to the development and execution of
plans, policies, and operations. (AR 380-380;
DODD 5200.28M)

INTELLIGENCE Classified information defined as intelligence
INFORMATION information by Director of Central Intelligence
Directive 1/16. (DOE 5636.2A)

INTERACTIVE Use of a computer such that the user is in
COMPUTING control and may enter data or make other demands
on the system which responds by the immediate
processing of user requests and returning
appropriate replies to these requests. (FIPS
PUB 39)

INTERDICTION 1) The act of impeding or denying the use of
system resources to a user. (FIPS PUB 39; AR
380-380)

2) See DENIAL OF SERVICE.

INTERFACE The common boundary between independent systems
or modules, where communications takes place.
(MTR-8201)

INTERIM The temporary authorization granted an
APPROVAL information system to process sensitive or
critical information in its operational
environment based on preliminary results of a
comprehensive security evaluation of the
information system. (AFR 700-10; NCSC-TG-004)

INTERNAL The plan of organization and all of the
CONTROLS methods and measures adopted within an agency
to safeguard its resources, assure the accuracy
and reliability of its information, assure
adherence to applicable laws, regulations and
policies, and promote operational economy and
efficiency. (A-123; DODD 7040.6)

INTERNAL Written policies, organization charts,
CONTROL procedural write-ups, manuals, memoranda,
DOCUMENTATION flow charts, decision tables, completed
questionnaires, software, and related written
materials used to describe the internal control
methods and measures, to communicate
responsibilities and authorities for operating
such methods and measures, and to serve as a
reference for persons reviewing the internal
controls and their functioning. (A-123; DODD
7040.6)

INTERNAL A detailed examination of internal control to
CONTROL determine whether adequate control measures
REVIEW exist and are implemented to prevent or detect
the occurrence of potential risks in a cost
effective manner. (A-123; DODD 7040.6)

INTERNAL The totality of the methods and measures of
CONTROL SYSTEM internal control. (A-123; DODD 7040.6)

INTERNAL That portion of a protected distribution system
PROTECTED located entirely within a Controlled Access Area
DISTRIBUTION (CAA). (NACSIM 5203)
SYSTEM

INTERNAL SECURITY A security audit conducted by personnel
AUDIT responsible to the management of the
organization being audited. (FIPS PUB 39)

INTERNAL Hardware, firmware, and software features
SECURITY within an automated system that restrict
CONTROLS access to resources (hardware, software, and
data) to only authorized subjects (persons,
programs, or devices). Controls will also
provide limit checks, reasonability checks, and
so forth. (AFR 205-16; NCSC-TG-004)

INTERNET A network cryptographic unit that provides
PRIVATE secure connections between a host and a
LINE pre-determined set of correspondent hosts. It
INTERFACE is capable of maintaining a number of
connections simultaneously. (NCSC-TG-004)

INTERPROCESS Communication between two different processes
COMMUNICATION using system-supplied constructs; for example,
(IPC) shared files. (MTR-8201)

INTERNAL SECURITY A security audit conducted by personnel
AUDIT responsible to the management of the
organization being audited. (FIPS PUB 39)

INVESTIGATION(S) The review and analysis of system security
features (e.g., the investigation of system
control programs using flow charts, assembly
listings, and related documentation) to
determine the security provided by the
operating system. (OPNAVINST 5239.1A; DODD
5200.28M)

ISOLATION The containment of users and resources in an
automated system in such a way that users and
processes are separate from one another as well
as from the protection controls of the
operating system. (AR 380-380; FIPS PUB 39;
NCSC-TG-004)

ITEMS OF End items other than those identified in the
INTRINSIC DOD Militarily Critical Technologies List whose
MILITARY transfer to potential adversaries shall be
UTILITY controlled for the following reasons:
a. The end product in question could
significantly enhance the recipient's
military or warmaking capability either
because of its technology content or
because of the quantity to be sold; or
b. The product could be analyzed to reveal
U.S. system characteristics and thereby
contribute to the development of
countermeasures to equivalent U.S.
equipment. (DODD 2040.2)

KERNEL See SECURITY KERNEL.

KEY 1) In cryptography, a symbol or sequence of symbols
(or electrical or mechanical correlates of
symbols) which control the operations of
encryption and decryption. (AR 380-380; FIPS
PUB 39)

2) A sequence of symbols or their electrical or
mechanical equivalents which, in machine or
auto-manual cryptosystems, is combined with
plain text to produce cipher text. (Often used

informally as a synonym for keying material or
cryptovariable). (NCSC-9)

KEY ENCRYPTING A cryptographic key used for encrypting (and
KEY decrypting) data encrypting keys or other key
encrypting keys. (FIPS PUB 112)

KEY GENERATION The origination of a key or a set of distinct
keys. (FIPS PUB 39; AR 380-380)

KEY MANAGEMENT Specific manual and computer procedures for the
generation, dissemination, replacement, storage,
archive, and destruction of secret keys that
control encryption or authentication processes.
(WB)

KEY MANAGEMENT A unit that provides for secure electronic
DEVICE distribution of data encryption keys to
authorized users. In the DES case, these keys
are essentially 56 bits in a 64 bit block,
therefore, 64 bit blocks can be electronically
distributed by a key management (trusted)
center. (GAO)

KEYWORD Synonymous with PASSWORD.

KSOS Kernelized Secure Operating System. The project
to strengthen the UNIX operating system with a
security kernel to make it suitable for
multilevel operations. (MTR-8201)

KVM/370 Kernelized VM/370. The kernelized version of
IBM's VM/370 for S/370 series architecture,
being built and verified by System Development
Corporation. (MTR-8201)

LABEL 1) A piece of information that represents the
security level of an object and that describes
the sensitivity of the information in the
object. (CSC-STD-004-85; NCSC-TG-004)

2) The marking of an item of information to reflect
its classification and its set of categories
that represent the sensitivity of the
information.
a. Internal Label. The marking of an item of
information, to reflect the classification
and sensitivity of the information, within
the confines of the medium containing the
information.
b. External Label. The visible marking on the
outside of the medium or the cover of the
medium that reflects the classification and
sensitivity of the information resident within the
medium. (DOE 5636.2A)



  3 Responses to “Category : Various Text files
Archive   : GLOS1.ZIP
Filename : GLOS1.ASC

  1. Very nice! Thank you for this wonderful archive. I wonder why I found it only now. Long live the BBS file archives!

  2. This is so awesome! 😀 I’d be cool if you could download an entire archive of this at once, though.

  3. But one thing that puzzles me is the “mtswslnkmcjklsdlsbdmMICROSOFT” string. There is an article about it here. It is definitely worth a read: http://www.os2museum.com/wp/mtswslnk/