Air Force
Intelligence and Security Doctrine






This publication implements Air Force Policy Directive (AFPD) 33-2, C4 Systems Security. It defines C4 systems security abbreviations, acronyms, and terms for use by Air Force personnel when referring to C4 systems in correspondence, reports, inspections, and so on, to ensure standardized terminology and allow universal understanding of C4 problems. Submit technical questions about this publication to Headquarters Air Force Command, Control, Communications, and Computer Agency, C4 Systems Security Office (HQ AFC4A/SYS), 203 W. Losey Street, Room 1020, Scott AFB IL 62225-5218. Refer recommended changes and conflicts between this and other publications, through channels, using an AF Form 847, Recommendation for Change of Publications, to HQ AFC4A, Policy and Procedures Branch (XPXP), 203 W. Losey Street, Room 1065, Scott AFB IL 62225-5224.


Replaces Air Force Systems Security Memorandum (AFSSM) 9000, Command, Control, Communications, and Computer Systems Security Glossary, without any significant changes.

Section A -- Abbreviations and Acronyms

and Acronyms Definitions

ACL Access Control List
ADM Advanced Development Model
ADP Automated Data Processing
ADPE Automated Data Processing Equipment
AE Application Entity
AFSSI Air Force Systems Security Instruction
AFSSM Air Force Systems Security Memorandum
AIG Address Indicator Group
AIRK Area Interswitch Rekeying Key
AIS Automated Information System
AISS Automated Information System Security
AJ Anti-Jamming
AK Automatic Remote Rekeying
AKDC Automatic Key Distribution Center
AKD/RCU Automatic Key Distribution/Rekeying Control Unit
AKM Automated Key Management Center
ALC Accounting Legend Code

Supersedes AFSSM 9000, 11 January 1993. Certified by: HQ USAF/SC (Lt General Carl G. O'Berry)
OPR: HQ AFC4A/SYS (Mr Charles Morrison) Pages: 57/Distribution: F

and Acronyms Definitions

AMS 1. Auto-Manual System
2. Autonomous Message Switch
ANDVT Advanced Narrowband Digital Voice Terminal
ANSI American National Standards Institute
AOSS Automated Office Support System
APC Adaptive Predictive Coding
APL Assessed Products List
APU Auxiliary Power Unit
ARES Automated Risk Evaluation System
ARPANET Advanced Research Projects Agency Network
ASCII American Standard Code for Information Interchange
ASPJ Advanced Self-Protection Jammer
ASU Approval for Service Use
ATAM Automated Threat Assessment Methodology
AUTODIN Automatic Digital Network
AUTOSEVOCOM Automatic Secure Voice Communications (Network)
AUTOVON Automatic Voice Network
AV Auxiliary Vector
AVP Authorized Vendor Program
BCSSO Base Computer System Security Officer
BPS Bits Per Second
C3 Command, Control, and Communications
C3I Command, Control, Communications, and Intelligence
C4 Command, Control, Communications, and Computer
CA 1. Controlling Authority
2. Crypto-Analysis
3. COMSEC Account
4. Command Authority
CCB Configuration Control Board
CCEP Commercial COMSEC Endorsement Program
CCI Controlled Cryptographic Item
CCO 1. Circuit Control Officer
2. Configuration Control Officer
CDR Critical Design Review
CDRL Contract Data Requirements List
CDS Cryptographic Device Services
CEOI Communications-Electronics Operating Instruction
CEPR Compromising Emanation Performance Requirement
CERT Computer Emergency Response Team
CFD Common Fill Device
CI Configuration Item
CIAC Computer Incident Assessment Capability
CIK Crypto-Ignition Key
CIP Crypto-Ignition Plug
CIRK Common Interswitch Rekeying Key
CK Compartment Key
CKG Cooperative Key Generation
CKL Compromised Key List
CLMD COMSEC Local Management Device
CM Configuration Management
CMCS COMSEC Material Control System
CMP Configuration Management Plan
CMS C4 Systems Security Management System
and Acronyms Definitions

CNCS Cryptonet Control Station
CNK Cryptonet Key
COMPUSEC Computer Security
COMSEC Communications Security
COOP Continuity Of Operations Plan
COR Central Office of Record
COTS Commercial Off-The-Shelf
CPC Computer Program Component
CPCI Computer Program Configuration Item
CPS COMSEC Parent Switch
CPU Central Processing Unit
CRC Cyclic Redundancy Check
CRIB Card Reader Insert Board
CRO COMSEC Responsible Officer
CRLCMP Computer Resources Life Cycle Management Plan
CRP COMSEC Resources Program (Budget)
CRWG Computer Resources Working Group
Crypt/Crypto Cryptographic-Related
CSA Cognizant Security Authority
CSC Computer Software Component
CSCI Computer Software Configuration Item
CSE Communications Security Element
CSETWG Computer Security Education and Training Working Group
CSM Computer System Manager
CSO C4 Systems Officer
CSPP Communications-Computer Systems Program Plan
CSRD Communications-Computer Systems Requirements Document
CSS 1. COMSEC Subordinate Switch
2. Constant Surveillance Service (courier)
3. Continuous Signature Service (courier)
CSSO 1. Computer System Security Officer
2. Contractor Special Security Officer
CSSP Computer Security Support Program
CSTVRP Computer Security Technical Vulnerability Reporting Program
CSWG Computer Security Working Group
CTAK Cipher Text Auto-Key
CTTA Certified TEMPEST Technical Authority
CUP COMSEC Utility Program
CVA Clandestine Vulnerability Analysis
CVRP C4 System Security Vulnerability Reporting Program
DAA Designated Approving Authority
DAC Discretionary Access Control
DAMA Demand Assigned Multiple Access
DBMS Data Base Management System
DCP Decision Coordinating Paper
DCS 1. Defense Communications System
2. Defense Courier Service
DCSP Design Controlled Spare Part
DDN Defense Data Network
DDS Dual Driver Service (courier)
DES Data Encryption Standard
DIB Directory Information Base
and Acronyms Definitions

DID Data Item Description
DLED Dedicated Loop Encryption Device
DMA Direct Memory Access
DoD TCSEC Department of Defense Trusted Computer System Evaluation Criteria
DPL Degausser Products List (a section in the Information Systems Security Products
and Services Catalogue
DSN Defense Switched Network
DSVT Digital Subscriber Voice Terminal
DTD Data Transfer Device
DT&E Developmental Test and Evaluation
DTLS Descriptive Top-Level Specification
DTS Diplomatic Telecommunications Service
DUA Directory User Agent
D&V Demonstration and Validation
EAM Emergency Action Message
ECCM Electronic Counter-Countermeasures
ECM Electronic Countermeasures
ECPL Endorsed Cryptographic Products List (a section in the Information Systems Security Products
and Services Catalogue
EDAC Error Detection and Correction
EDESPL Endorsed Data Encryption Standard Products List
EDM Engineering Development Model
EEPROM Electrically Erasable Programmable Read-Only Memory
EFD Electronic Fill Device
EFTO Encrypt for Transmission Only
EGADS Electronic Generation, Accounting, and Distribution System
EKMS Electronic Key Management System
ELINT Electronic Intelligence
ELSEC Electronic Security
E-Mail Electronic Mail
E Model Engineering Development Model
EMSEC Emissions Security
EPL Evaluated Products List (a section in the Information Systems Security Products
and Services Catalogue
EPROM Erasable Programmable Read Only Memory
ERTZ Equipment Radiation TEMPEST Zone
ETL Endorsed Tools List
ETPL Endorsed TEMPEST Products List
EUCI Endorsed for Unclassified Cryptographic Information
EV Enforcement Vector
FCA 1. Functional Configuration Audit
2. Formal Cryptographic Access
FDIU Fill Device Interface Unit
FDM Formal Development Methodology
FIPS Federal Information Processing Standard
FIPS PUB Federal Information Processing Standard Publication
FOCI Foreign Owned, Controlled, or Influenced
FOT&E Follow-On Operational Test and Evaluation
FOUO For Official Use Only
FQR Formal Qualification Review
FQT Formal Qualification Testing
FSD Full Scale Development
FSRS Functional Security Requirements Specification
and Acronyms Definitions

FSTS Federal Secure Telephone Service
FTAM File Transfer Access Management
FTLS Formal Top-Level Specification
FTS Federal Telecommunications System
GPS Global Positioning System
GTS Global Telecommunications Service
GWEN Ground Wave Emergency Network
HDM Hierarchical Development Methodology
HOL High Order Language
HSM Human Safety Mandatory Modification
HUS Hardened Unique Storage
HUSK Hardened Unique Storage Key
IBAC Identity Based Access Control
ICU Interface Control Unit
IDS Intrusion Detection System
IEMATS Improved Emergency Message Automated Transmission System
IFF Identification, Friend or Foe
IFFN Identification, Friend, Foe, or Neutral
IIRK Interarea Interswitch Rekeying Key
ILS Integrated Logistics Support
I/O Input/Output
IOT&E Initial Operational Test and Evaluation
IP Internet Protocol
IPM Interpersonal Messaging
IPSO Internet Protocol Security Option
IRK Interswitch Rekeying Key
IS Information System
ISDN Integrated Services Digital Network
ISO International Standards Organization
ISS Information Systems Security
ISSO Information Systems Security Officer
ITAR International Traffic in Arms Regulation
IV&V Independent Verification and Validation
JMSNS Justification for Major System New Start
JTIDS Joint Tactical Information Distribution System
KAK Key-Auto-Key
KEK Key Encryption Key
KG Key Generator
KMASE Key Management Application Service Element
KMC Key Management Center
KMID Key Management Identification Number
KMODC Key Material Ordering and Distribution Center
KMP Key Management Protocol
KMPDU Key Management Protocol Data Unit
KMS Key Management System
KMSA Key Management System Agent
KMUA Key Management User Agent
KP Key Processor
KPK Key Production Key
KSOS Kernelized Secure Operating System
KVG Key Variable Generator
LAN Local Area Network
LEAD Low-Cost Encryption/Authentication Device
and Acronyms Definitions

LKG Loop Key Generator
LMD Local Management Device
LME Layer Management Entry
LMI Layer Management Interface
LOCK Logical Co-Processing Kernel
LPC Linear Predictive Coding
LPD Low Probability of Detection
LPI Low Probability of Intercept
LRIP Limited Rate Initial Preproduction
LSI Large Scale Integration
MAC 1. Mandatory Access Control
2. Message Authentication Code
MAN Mandatory Modification
MATSYM Material Symbol
MCCB Modification/Configuration Control Board
MCCR Mission Critical Computer Resources
MCSSM MAJCOM Computer Systems Security Manager
MCTL Military Critical Technologies List
MDC 1. Manipulation Detection Code
2. Message Distribution Center
MEECN Minimum Essential Emergency Communications Network
MEP Management Engineering Plan
MER Minimum Essential Requirements
MHS Message Handling System
MI Message Indicator
MIB Management Information Base
MIJI Meaconing, Intrusion, Jamming, and Interference
MIL-STD Military Standard
MINTERM Miniature Terminal
MIPR Military Interdepartmental Purchase Request
MLS Multilevel Security
MOA Memorandum of Agreement
MOE Measure of Effectiveness
MOP Measure of Performance
MOU Memorandum of Understanding
MRK Manual Remote Rekeying
MRT Miniature Receiver Terminal
MSE Mobile Subscriber Equipment
MTT Methodologies, Tools, and Techniques
NACAM National COMSEC Advisory Memorandum
NACSEM National COMSEC Emanations Memorandum
NACSI National COMSEC Instruction
NACSIM National COMSEC Information Memorandum
NAK Negative Acknowledge
NATO North Atlantic Treaty Organization
NCCD National Command and Control Document
NCS 1. National Communications System
2. National Cryptologic School
3. Net Control Station
NCSC National Computer Security Center
NETS Nationwide Emergency Telecommunications Service
NISAC 1. National Information Security Assessment Center
2. National Industrial Security Advisory Committee
and Acronyms Definitions

NIST National Institute for Standards and Technology
NKSR Non-Kernel Security-Related (software)
NSA National Security Agency
NSAD Network Security Architecture and Design
NSD National Security Directive
NSDD National Security Decision Directive
NSEP National Security Emergency Preparedness
NSM Network Security Manager
NSO Network Security Officer
NSP Network Security Plan
NSTAC National Security Telecommunications Advisory Committee
NSTISSAM National Security Telecommunications and Information Systems Security
Advisory/Information Memorandum
NSTISSC National Security Telecommunications and Information Systems Security Committee
NSTISSD National Security Telecommunications and Information Systems Security Directive
NSTISSI National Security Telecommunications and Information Systems Security Instruction
NSTISSP National Security Telecommunications and Information Systems Security Policy
NTCB Network Trusted Computing Base
NTIA National Telecommunications and Information Administration
NTISSAM National Telecommunications and Information Systems Security Advisory/
Information Memorandum
NTISSC National Telecommunications and Information Systems Security Committee
NTISSD National Telecommunications and Information Systems Security Directive
NTISSI National Telecommunications and Information Systems Security Instruction
NTISSP National Telecommunications and Information Systems Security Policy
O&M Operations and Maintenance
OADR Originating Agency's Determination Required
OMB CIR Office of Management and Budget Circular
OPCODE Operations Code
OPSEC Operations Security
OPT Optional Modification
ORD Operational Requirements Document
OT&E Operational Test and Evaluation
OTAD Over-the-Air Key Distribution
OTAR Over-the-Air Rekeying
OTAT Over-the-Air Key Transfer
OTP One-Time Pad
OTT One-Time Tape
PA Privacy Act
PAA Peer Access Approval
PAE Peer Access Enforcement
PAL Permissive Action Link
PC Personal Computer
PCA Physical Configuration Audit
PCS Physical Control Space
PCZ 1. Protected Communications Zone
2. Physical Control Zone
P&D Production and Deployment
PDL Program Design Language
PDR Preliminary Design Review
PDS 1. Practice Dangerous to Security
2. Protected Distribution System
PDU Protocol Data Unit
and Acronyms Definitions

PERC Product Evaluation Resource Center
PES Positive Enable System
PKA Public Key Algorithm
PKC Public Key Cryptography
PKSD Programmable Key Storage Device
PL Public Law
PLSDU Physical Layer Service Data Unit
P Model Preproduction Model
PM 1. Program Manager
2. Preventative Maintenance
PMD Program Management Directive
PMO Program Management Office
PMP Program Management Plan
PNEK Post-Nuclear Event Key
POM Program Objective Memorandum
PPL Preferred Products List (a section in the Information Systems Security Products
and Services Catalogue
PRBAC Partition Rule Base Access Control
PROM Programmable Read-Only Memory
PROPIN Proprietary Information
PSDU Physical Layer Service Data Unit
PSL Protected Services List
PTT Push-to-Talk
PWA Printed Wiring Assembly
PWDS Protected Wireline Distribution System
QOT&E Qualification Operational Test and Evaluation
QT&E Qualification Test and Evaluation
RAC Repair Action
RACE Rapid Automatic Cryptographic Equipment
RAM Random Access Memory
RCCI Regional Computer Crime Investigator
R&D Research and Development
RFP Request For Proposal
ROM Read-Only Memory
RQT Reliability Qualification Tests
SAISS Subcommittee on Automated Information Systems Security (of the NTISSC)
SAMS Semi-Automatic Message Switch
SAO Special Access Office
SAP 1. System Acquisition Plan
2. Special Access Program
SARK SAVILLE Advanced Remote Keying
SCI Sensitive Compartmented Information
SCIF Sensitive Compartmented Information Facility
SCOMP Secure Communications Processor
SCP System Concept Paper
SDNRIU Secure Digital Net Radio Interface Unit
SDNS Secure Data Network System
SDR System Design Review
SFA Security Fault Analysis
SI Special Intelligence
SIGSEC Signals Security
SISS Subcommittee on Information Systems Security (of the NSTISSC)
SMM Special Mission Mandatory Modification
and Acronyms Definitions

SMO Special Mission Optional Modification
SMU Secure Mobile Unit
SON Statement of Operational Need
SOW Statement of Work
SPK Single Point Key(ing)
SPO System Program Office
SPS Scratch Pad Store
SRR System Requirements Review
SSO Special Security Officer
SSR Software Specification Review
ST&E Security Test and Evaluation
STAR System Threat Assessment Report
STD Standard
STS Subcommittee on Telecommunications Security (of the NTISSC)
STU Secure Telephone Unit
TA Traffic Analysis
TACTED Tactical Trunk Encryption Device
TACTERM Tactical Terminal
TAG TEMPEST Advisory Group
TAISS Telecommunications and Automated Information Systems Security
TASO Terminal Area Security Officer
TCB Trusted Computing Base
TCD Time Compliance Data
TCSEC (DoD) Trusted Computer System Evaluation Criteria
TD Transfer Device
TDBI Trusted Data Base Interpretation (of the TCSEC)
T&E Test and Evaluation
TED Trunk Encryption Device
TEI Trusted Evaluated Interpretation (of the TCSEC)
TEK Traffic Encryption Key
TEMP Test and Evaluation Master Plan
TEMPEST Compromising Emanations
TEP TEMPEST Endorsement Program
TFM Trusted Facility Manual
TFS Traffic Flow Security
TLS Top-Level Specification
TNI Trusted Network Interpretation (of the TCSEC)
TNIEG Trusted Network Interpretation Environment Guideline
TPC Two-Person Control
TPI Two-Person Integrity
TPWG Test Planning Working Group
TRANSEC Transmission Security
TRB Technical Review Board
TRI-TAC Tri-Service Tactical Communications System
TRR Test Readiness Review
TSCM Technical Surveillance Countermeasure
TSEC Telecommunications Security
TSK Transmission Security Key
UA User Agent
UIRK Unique Interswitch Rekeying Key
UIS User Interface System
UK Unique Key
UPP User Partnership Program
or Acronyms Definitions

USDE Undesired Signal Data Emanations
USER ID User Identification
VDT Video Display Terminal
V Model Advanced Development Model
VST VINSON Subscriber Terminal
VTT VINSON Trunk Terminal
WAN Wide Area Network
WWMCCS Worldwide Military Command and Control System
XDM/X Model Experimental Development Model/Exploratory Development Model

Section B -- Terms

NOTE: The source from other publications is shown in italics and parentheses following the definition.

Above Type 2 Magnetic Media--See Magnetic Media.

Acceptable Level of Risk--Judicious and carefully considered assessment by the appropriate DAA and after all proposed security features are implemented that the residual risk inherent in operating the computer system or network is acceptable and in the best interests of the Air Force.

Acceptance Inspection--Final inspection to determine if an AIS meets the specified technical and performance standards. This inspection is the basis for commissioning or accepting the AIS.

Access--1. COMSEC: Capability and opportunity to gain knowledge of or to alter information or material. 2. AIS: Ability and means to communicate with (input to or receive output from), or make use of any information, resource, or component in an AIS. NOTE: Individuals do not have "access" if the proper authority or a physical, technical, or procedural measure prevents them from obtaining knowledge or having an opportunity to alter information, material, resources, or components.

Access Control--Process of limiting access to the resources of an AIS to authorized users, programs, processes, or other systems.

Access Control List (ACL)--Mechanism implementing discretionary access control in an AIS that identifies the users who may access an object and the type of access permitted.

Access Control Mechanism--Security safeguards designed to detect and prevent unauthorized access and permit authorized access in an AIS.

Access Control Roster--List of users, both human and computer, who communicate or interface with an AIS that documents the degree of access and control for each user.

Access Level--Hierarchical portion of the security level used to identify the sensitivity of AIS data and the clearance or authorization of users. NOTE: Access level, in conjunction with the non-hierarchical categories, forms the sensitivity label of an object. See Category.

Access List--1. Roster of persons authorized admittance to a controlled area. 2. COMSEC: Roster of persons authorized access to COMSEC material. 3. AIS: Compilation of users, programs, and, or processes, and the their authorized access levels and types.

Access Period--Segment of time, generally expressed in days or weeks, during which access rights prevail.

Access Port--Logical or physical identifier a computer uses to distinguish different terminal input/output data streams or the physical connection for attaching an external device.

Access Type--Privilege to perform an action on a program or file. NOTE: Read, write, execute, append, modify, delete, and create are examples of access types.

Accessible Space--Area within which the user is aware of all persons entering and leaving, which denies the opportunity for concealed TEMPEST surveillance, and which delineates the closest point of potential TEMPEST intercept from a vehicle.

Accountability--1. COMSEC: Principle that an individual is responsible for safeguarding and controlling COMSEC equipment, keying material, and information entrusted to his/her care, and is answerable to proper authority for the loss or misuse of that equipment or information. 2. AIS: Property that allows auditing of activities on an AIS to be traced to persons who may then be held responsible for their actions.

Accounting Legend Code (ALC)--Numeric code used to indicate the minimum accounting controls needed for items of accountable COMSEC material within the COMSEC material control system. NOTE: National-level ALCs are: (1) ALC-1: Continuously accountable by serial number. (2) ALC-2: Continuously accountable by quantity. (3) ALC-4: Report of initial receipt required. After acknowledging receipt, the COMSEC manager and users will control according to AFKAG-1 or Air Force Systems Security Instruction (AFSSI) 4005, respectively.

Accounting Number--Number assigned to an item of COMSEC material to facilitate its control.

Accreditation--Formal declaration by a DAA that an AIS is approved to operate in a particular security mode using a prescribed set of safeguards. See Approval to Operate and Interim Approval.

Accreditation Authority--See Designated Approving Authority (DAA).

AC Erasure--Using a magnetic field produced by an electromagnet powered by alternating current (AC) to degauss (purge) magnetic storage media. See Clearing and DC Erasure.

Active Attack--An attack that results in an unauthorized change in the system's state. Examples include modifying messages, inserting spurious messages, masquerading as an authorized user, and denying service. See Passive Attack.

Add-On Security--Incorporation of new hardware, software, or firmware safeguards in an operational AIS.

Administrative Security--Management constraints and supplemental administrative controls established to provide an acceptable level of protection for data. Synonymous with Procedural Security.

Advanced Development Model (ADM or V Model)--Model of COMSEC equipment for experimentation or tests intended to demonstrate the technical feasibility of a design and its ability to meet existing performance requirements and to provide engineering data for further development.

Adversary--Person or organization that must be denied access to critical information.

Aggregation--Collection or grouping of independent information where the sensitivity of the whole is greater than the sensitivity of the parts.

Alternate COMSEC Manager--Person designated by proper authority to perform the duties of the COMSEC manager during the temporary absence of the COMSEC manager.

American Standard Code for Information Interchange (ASCII)--Standard and predominant seven-bit (eight bit with parity) character code used for data communications and data processing.

Anti-Jamming (AJ)--Measures to ensure that intended transmitted information can be received despite deliberate jamming attempts.

Anti-Spoof--Measures to prevent an opponent's participation in a telecommunications network, or operation/control of a cryptographic or COMSEC system.

Anti-Virus Program--Software program designed to protect an AIS from a virus attack.

Application Software--Mission support or mission specific software programs designed by, or for, system users and customers. By using available computer system equipment and operating system software, application software completes specific, mission-oriented tasks, jobs, or functions. It can be either general-purpose packages, such as demand deposit accounting, payroll, machine tool control, or specific application programs tailored to complete a single or limited number of user functions.

Approval to Operate--Concurrence by the DAA that minimum security requirements are met and there is an acceptable level of risk. Accreditation authorizes the operation of a computer system or network at a specific site. See Accreditation and Interim Approval.

Assembly--Group of parts, elements, subassemblies, or circuits that are removable items of COMSEC equipment.

Assessment--See Risk Assessment and Vulnerability Assessment.

Asset--Any software, data, hardware, or administrative, physical, communications or personnel resource within an AIS or activity.

Assurance--Measure of confidence that the security features and architecture of an AIS accurately mediate and enforce the security policy.

Asynchronous Operation--Method of computer processing in which one operation is completed before the next one starts.

Attack--Act of trying to defeat AIS safeguards.

Audit--Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures, and to recommend necessary changes in controls, policies, or procedures.

Audit Trail--Chronological record of system activities to enable the reconstruction and examination of the sequence of events and/or changes in an event. NOTE: Audit trail may apply to information in an AIS, to message routing in a communications system, or to the transfer of COMSEC material.

Authenticate--A challenge given by voice or electrical means to attest to the authenticity of a message or transmission. (JP

Authentication--A security measure designed to protect a communications system against acceptance of a fraudulent transmission or simulation by establishing the validity of a transmission, message, or originator. (JP-02)

Authentication System--Cryptosystem or process used for authentication.

Authenticator--Means used to confirm the identity or eligibility of a station, originator, or individual.

Authorization--Access rights granted to a user, program, or process.

Authorized Vendor--Manufacturer of existing COMSEC equipment who is authorized to produce quantities more than contractual requirements for direct sale to eligible buyers.

Authorized Vendor Program (AVP)--Program in which a vendor, producing a COMSEC product under contract to NSA , is authorized to produce that product in numbers exceeding the contracted requirements for direct marketing and sale to eligible buyers. NOTE: Eligible buyers are typically U.S. Government organizations or U.S. Government contractors. Products approved for marketing and sale through the AVP are placed on the Endorsed Cryptographic Products List.

Auto-Manual System (AMS)--Programmable, hand-held crypto-equipment used to perform encoding and decoding functions.

Automated Data Processing Equipment (ADPE)--See Automated Information System (AIS).

Automated Data Processing Security--See Computer Security (COMPUSEC).

Automated Decision-Making System--Computer applications that perform decision-making activities based on programmed criteria with little human intervention (e.g., issue checks or requisition supplies,).

Automated Information System (AIS)--Any equipment or interconnected system or subsystems of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data and includes software, firmware, and hardware. NOTE: Included are computers, word processing systems, networks, or other electronic information handling systems and associated equipment. See Network.

Automated Information System (AIS) Security--See Computer Security (COMPUSEC).

Automated Security Monitoring--Use of automated procedures to ensure security controls for an AIS are not circumvented.

Automatic Remote Rekeying--Procedure to rekey a distant crypto-equipment electronically without specific actions by the receiving terminal operator.

Availability of Data--Data that is in the place, at the time, and in the form needed by the user.

Backdoor--See Trap Door.

Backup Plan--See Contingency Plan.

Backup Procedures--Provisions made for the recovery of data files and program libraries, and for the restart or replacement of computer equipment after a system failure or disaster.

Base C4 Systems Security Office--Office charged with the responsibility for managing and executing the C4 systems security program for a base or wing. The office reports to the major command (MAJCOM) C4 systems security office and provides security guidance to organization C4 systems security offices or appropriate unit officials (COMSEC managers, CSOs, NSOs, ETAP managers, and TEMPEST users).

Base Computer Systems Security Officer (BCSSO)--Term no longer used. Before the Base C4 Systems Security Office, this was the individual charged with the responsibility for managing and executing the computer security program for a base or wing.

Baud Rate--A measurement of the signaling speed of a data transmission device. A baud rate is equivalent to the maximum number of signaling elements, or symbols, per second that are generated.

Bell-La Padula Security Model--Formal-state transition model of computer security policy that describes a formal set of access controls based on information sensitivity and subject authorizations. See Formal Security Policy Model, Simple Security Property, and Star Property (*-property).

Benign--Condition of cryptographic data that cannot be compromised by human access to the data. NOTE: The term "benign" may be used to modify a variety of COMSEC-related terms, (e.g., key, data, storage, fill, and key distribution techniques).

Benign Environment--Non-hostile environment protected from external hostile elements by physical, personnel, and procedural security countermeasures.

Between-the-Lines Entry. Unauthorized access obtained by tapping the temporarily inactive terminal of a legitimate user. See Piggyback.

Beyond A1--Level of trust used by the DoD TCSEC that was beyond the technology available at the time the criteria was developed. NOTE: As defined in the "Orange Book," beyond A1 includes all the A1-level features plus others not required at the A1 level.

Binding--Process of associating a specific communications terminal with a specific cryptographic key or associating two related elements of information.

Bit--Short for "binary digit." A bit is the representation of a signal, wave, or state as either a binary zero or one.

Bit Error Rate--Ratio between the number of bits incorrectly received and the total number of bits transmitted in a telecommunications system.

Bits Per Second (BPS)--Basic unit of measure for data transmission capacity; usually expressed as kbps for thousands (kilo) of bits per second, mbps for millions (mega) of bits per second, and Gbps for billions (giga) of bits per second.

Black--Designation applied to telecommunications and AISs, and to associated areas, circuits, components, and equipment, in which only unclassified signals are processed. NOTE: Encrypted signals are unclassified.

Black Key--Encrypted key. See Red Key.

Bogus Message--Communications transmitted for some purpose other than to pass information. NOTE: Bogus messages may consist of dummy groups or meaningless text.

Bomb--See Logic Bomb.

Bounds Checking--Testing of computer program results for access to storage outside its authorized limits. Synonymous with Memory Bounds Checking.

Bounds Register--Hardware register that holds an address specifying a storage boundary.

Breach--Result of a successful attack.

Brevity List--List containing words and phrases used to shorten messages.

Bridge--Device that connects local networks at the data link layer.

Browsing--Act of searching through AIS storage to locate or acquire information, without necessarily knowing the existence or format of information being sought.

Bulk Encryption--Simultaneous encryption of all channels of a multichannel telecommunications trunk.

Bus--Transmission path or channel. A LAN topology, as used in Ethernet and the token bus, where all network nodes "listen" to all transmissions, selecting certain ones based on address identification.

Byte--Quantity of information, 8-bits long, generally referred to in data communications as a character.

Call Back--Procedure for identifying a remote AIS terminal, whereby the host system disconnects the caller and then dials the authorized telephone number of the remote terminal to reestablish the connection.

Callsign--Any combination of characters or pronounceable words, which identifies a communication facility, a command, an authority, an activity, or a unit; used primarily for establishing and maintaining communications. (JP-02)

Callsign Cipher--Cryptosystem used to encipher or decipher callsigns, address groups, and address indicating groups.

Canister--Type of protective package used to contain and dispense key in punched or printed tape form.

Capability--The ability to execute a specified course of action. (JP-02)

Capability-Based System--AIS in which access to protected objects is granted if the subject possesses a capability for the object.

Cascading--Downward flow of information across a range of security levels that is greater than the accreditation range of a component part of a network. An example is causing Top Secret data to flow through a network such that it comes to reside in a network component not accredited for Top Secret data and not protected as required.

Category--Restrictive label applied to both classified and unclassified data, that increases the requirement for protection of, and restricts the access to, the data. NOTE: Examples include, proprietary information, FOUO, PA information, and NATO information. Individuals are granted access to special category information only after being granted formal access authorization. See Security Level.

Caveats--See Special Markings.

Central Computer Facility--One or more computers with their peripherals and storage units, central processing units, and communications equipment in a single controlled area. This does not include remote computer facilities, peripheral devices, or terminals located outside the single controlled area even though they are connected to the central computer facility by approved communications links.

Central Office of Record (COR)--Office of a Federal department or agency that keeps records of accountable COMSEC material held by elements subject to its oversight.

Central Processing Unit (CPU)--Computer component with the circuitry to control the interpretation and execution of instructions. The CPU includes arithmetic, logic, and control sections.

Certificate of Action Statement--Statement attached to a COMSEC audit report by which a COMSEC manager certifies that all actions have been completed.

Certification--Comprehensive evaluation of the technical and nontechnical security features of an AIS and other safeguards, made in support of the accreditation process, to establish the extent to which a particular design and implementation meet a set of specified security requirements.

Certification and Accreditation Program--Program designed to ensure critical decisions regarding the adequacy of AIS security safeguards are made by authorized managers using reliable technical information.

Certified TEMPEST Technical Authority (CTTA)--U.S. Government or U.S. Government contractor employee designated to review the TEMPEST countermeasures programs of a federal department or agency. NOTE: A CTTA is required to be an experienced, technically qualified individual who has met established certification requirements according to NTISSC-approved criteria.

Challenge and Reply Authentication--Prearranged procedure in which one communicator requests authentication of another and the latter establishes his/her validity with a correct reply.

Checksum--Value computed, by some parity or hashing algorithm, on information requiring protection against error or manipulation. NOTE: Checksums are stored or transmitted with data and are intended to detect data integrity problems. See Hash Total and Integrity Check Value.

Check Word--Cipher text generated by a cryptographic logic to detect failures in the cryptography.

Cipher--Any cryptographic system in which arbitrary symbols or groups of symbols, represent units of plain text of regular length, usually single letters, or in which units of plain text are rearranged, or both, according to certain predetermined rules. (JP-02)

Cipher Text--Enciphered information.

Cipher Text Auto-Key (CTAK)--Cryptographic logic that uses previous cipher text to generate a key stream.

Ciphony--Process of enciphering audio information, resulting in encrypted speech.

Class--Hierarchical ranking that denotes a certain level of computer operating system trust based on DoD Standard 5200.28. See below and also Trusted Computing Base (TCB).

Classification--Determination that official information requires, in the interests of national security, a specific degree of protection against unauthorized disclosure together with a designation signifying that such a determination has been made.

Classified Information--Official information that has been determined to require, in the interests of national security, protection against unauthorized disclosure and which has been so designated. (JP-02)

Clearing--Removal of data from an AIS, its storage devices, and other peripheral devices with storage capacity, in such a way that the data may not be reconstructed using normal system capabilities (i.e., through the keyboard). NOTE: An AIS need not be disconnected from any external network before clearing takes place. Clearing enables a product to be reused within, but not outside of, a secure facility. It does not produce a declassified product by itself, but may be the first step in the declassification process. See AC Erasure, DC Erasure, Declassification (of magnetic storage media), Erasure, and Purge.

Closed Security Environment--Environment that provides sufficient assurance that applications and equipment are protected against the introduction of malicious logic before or during the operation of a system. NOTE: Closed security is predicated upon a system's developers, operators, and maintenance personnel having sufficient clearances, authorization, and configuration control. See Open Security Environment.

Code--1. Any system of communication in which arbitrary groups of symbols represent units of plain text of varying length. Codes may be used for brevity or for security. 2. A cryptosystem in which the cryptographic equivalents (usually called "code groups") typically consisting of letters or digits (or both) in otherwise meaningless combinations are substituted for plain text elements that are primarily words, phrases, or sentences. (JP-02)

Code Book--Book or other document containing plain text and code equivalents in a systematic arrangement, or a technique of machine encryption using a word substitution technique.

Code Group--Group of letters, numbers, or both in a code system used to represent a plain text word, phrase, or sentence.

Code Vocabulary--Set of plain text words, numerals, phrases, or sentences for which code equivalents are assigned in a code system.

Coercive Force--Negative or reverse magnetic force applied to reduce magnetic flux density. For example, the force applied to magnetic media by a degausser.

Coercivity--Amount of applied magnetic field (of opposite polarity) required to reduce magnetic induction to zero. Coercivity is measured in oersteds (Oe). It is often used to represent the relative difficulty of degaussing various magnetic media.

Cognizant Security Authority (CSA)--An individual, usually at the MAJCOM level, who is authorized to make COMSEC policy decisions based on current Air Force COMSEC doctrine.

Cold Start--1. COMSEC: Procedure for initially keying crypto-equipment. 2. AIS: Reloading an AIS with software and data known to be good.

Command Authority (CA)--Individual responsible for the appointment of user representatives for a department, agency, or organization and their key ordering privileges.

Commercial COMSEC Endorsement Program (CCEP)--Relationship between NSA and industry, in which NSA provides the COMSEC expertise (i.e., standards, algorithms, evaluations, and guidance) and industry provides design, development, and production capabilities to produce a type 1 or type 2 product. NOTE: Products developed under the CCEP may include modules, subsystems, equipment, systems, and ancillary devices.

Common Fill Device (CFD)--One of a family of devices developed to read-in, transfer, or store key. NOTE: KYK-13 Electronic Transfer Device, KYX-15 Net Control Device, and KOI-18 General Purpose Tape Reader are examples of common fill devices.

Command, Control, Communications, and Computer (C4) Systems--Integrated systems of doctrine, procedures, organizational structures, personnel, equipment, facilities, and communications designed to support a commander's exercise of command and control, through all phases of the operational continuum. (JP-02)

Command, Control, Communications, and Computer (C4) Systems Security--The protection afforded to information systems to preserve the availability, integrity, and confidentiality of the systems and the information contained within the systems. Such protection is the integrated application of COMSEC, TEMPEST, and COMPUSEC.

C4 Systems Security Vulnerability Reporting Program (CVRP)--Air Force program that implements the national-level reporting requirements of the CSTVRP as well as integrate COMPUSEC, TEMPEST, and COMSEC under a single threat driven program. The CVRP combines administrative controls, reporting procedures, specially developed software, and R&D efforts directed at known risks to Air Force communications and computer systems.

Communications Cover--Concealing or altering of characteristic communications patterns to hide information that could be of value to an adversary.

Communications Deception--Deliberate transmission, retransmission, or alteration of communications to mislead an adversary's interpretation of the communications. See Imitative Communications Deception and Manipulative Communications Deception.

Communications Profile--Analytic model of communications associated with an organization or activity. NOTE: The model is prepared from a systematic examination of communications content and patterns, the functions they reflect, and the COMSEC measures applied.

Communications Security (COMSEC)--The protection resulting from all measures designed to deny unauthorized persons information of value which might be derived from the possession and study of telecommunications, or to mislead unauthorized persons in their interpretation of the results of such possession and study. (JP-02)

Compartment--Class of information that has need-to-know access controls beyond those normally provided for access to Confidential, Secret, or Top Secret information.

Compartmented Mode--AIS security mode of operation wherein each user with direct or indirect access to the system, its peripherals, remote terminals, or remote hosts has all the following: (1) Valid security clearance for the most restricted information processed in the system. (2) Formal access approval and signed non-disclosure agreements for that information to which a user is to have access. (3). Valid need-to-know for information to which a user is to have access. NOTE: See Mode of Operation and Partitioned Security Mode.

Competent Authority--Authority recognized by the DAA as having sufficient knowledge (individual or corporate) to make a valid determination of minimum essential COMPUSEC requirements.

Component--Hardware device, with its required firmware or software, that performs a specific AIS function. Components include modems, printers, communications controllers, tape drives, message switches, computers, gateways, peripheral controllers, etc.

Compromise--The known or expected exposure of clandestine personnel, installations, or other assets or of classified information or material, to an unauthorized person. (JP-02)

Compromising Emanations--Unintentional signals that, if intercepted and analyzed, would disclose the information transmitted, received, handled, or otherwise processed by telecommunications or AIS equipment. See TEMPEST.

Computer--See Automated Information System (AIS).

Computer Abuse--Intentional or reckless misuse, alteration, disruption, or destruction of data processing resources.

Computer Crime--Fraud, embezzlement, unauthorized access, and other crimes committed with the aid of or directly involving an AIS.

Computer Cryptography--Use of a crypto-algorithm program stored in software or firmware, by a general purpose computer to authenticate or encrypt and, or decrypt data for storage or transmission.

Computer Facility--Physical resources that include structures or parts of structures to house and support capabilities. For small computers, stand-alone systems, and word processing equipment, it is the physical area where the computer is used.

Computer Fraud--Computer-related crimes involving deliberate misrepresentation or alteration of data to get something of value, usually for monetary gain. A computer system must have been involved in the perpetration or cover-up of the act, or series of acts, through improper manipulation of input or output data, applications programs, data files, computer operations, communications, or computer hardware, software, or firmware.

Computer Network--See Network.

Computer Security (COMPUSEC)--The protection of the information and physical assets of a computer system. (Federal Records Management Glossary) See Information Systems Security (INFOSEC) and Network Security.

Computer Security Incident--Any event in which a computer system is attacked, intruded into, or threatened with attack or intrusion.

Computer Security Officer (CSO)--Individual responsible for the security of a specific computer system or grouping of computer systems. The CSO usually receives guidance from the BCSSO and provides security assistance for assigned TASOs. See Network Security Officer (NSO).

Computer Security Policy--Set of laws, rules, and practices that regulate how an organization protects computer systems and the data within them.

Computer Security Subsystem--Device designed to provide limited COMPUSEC features in a larger system environment.

Computer Security Technical Vulnerability Reporting Program (CSTVRP)--Program that focuses on technical vulnerabilities in commercially available hardware, firmware, and software products acquired by DoD. NOTE: CSTVRP provides for reporting, cataloging, and discreet dissemination of technical vulnerability and corrective-measure information on a need-to-know basis.

Computer System--See Automated Information System (AIS).

Computer System Manager (CSM)--Individual responsible for the operation of a computer system. See Network Manager (NM).

Computer Systems Security Officer (CSSO)--Term no longer used. See Computer Security Officer (CSO).

COMSEC Account (CA)--Administrative entity, identified by an account number, used to maintain accountability, custody and control of COMSEC material.

COMSEC Account Audit--Examination of the holdings, records, and procedures of a COMSEC account to make sure all accountable COMSEC material is properly handled and safeguarded.

COMSEC Aid--COMSEC material, other than an equipment or device, that assists in securing telecommunications and which is required in the production, operation, or maintenance of COMSEC systems and their components. Examples include COMSEC keying material, callsign/frequency systems, and supporting documentation, such as O&M manuals.

COMSEC Boundary--Definable perimeter within a telecommunications equipment or system within which all hardware, firmware, and software components that perform critical COMSEC functions are located. NOTE: Key generation and key handling and storage are critical COMSEC functions.

COMSEC Chip Set--Collection of NSA-approved microchips furnished to a manufacturer to secure or protect telecommunications equipment. See Protected Communications and Secure Communications.

COMSEC Control Program--Set of instructions or routines for a computer that controls or affects the externally performed functions of key generation, key distribution, message encryption and, or decryption, or authentication.

COMSEC End Item--Equipment or combination of components ready for its intended use in a COMSEC application.

COMSEC Equipment--Equipment designed to provide security to telecommunications by converting information to a form unintelligible to an unauthorized interceptor and, subsequently, by reconverting such information to its original form for authorized recipients; also, equipment designed specifically to aid in, or as an essential element of, the conversion process. NOTE: COMSEC equipment includes crypto-equipment, crypto-ancillary equipment, crypto-production equipment, and authentication equipment.

COMSEC Facility--Space employed primarily to generate, store, repair, or use COMSEC material.

COMSEC Incident--Occurrence that potentially jeopardizes the security of COMSEC material or the secure electrical transmission of national security information.

COMSEC Insecurity--COMSEC incident that has been investigated, evaluated, and determined to jeopardize the security of COMSEC material or the secure transmission of information.

COMSEC Manager--Person designated by proper authority to be responsible for the management of COMSEC material assigned to a COMSEC account.

COMSEC Material--Item designed to secure or authenticate telecommunications. NOTE: COMSEC material includes, but is not limited to, key, equipment, devices, documents, firmware or software that embodies or describes cryptographic logic and other items that perform COMSEC functions.

COMSEC Material Control System (CMCS)--Logistics and accounting system through which COMSEC material marked "CRYPTO" is distributed, controlled, and safeguarded. NOTE: Included are the COMSEC central offices of record, cryptologistic depots, and COMSEC accounts. COMSEC material other than key may be handled through the CMCS.

COMSEC Modification--Electrical, mechanical, or software change to a NSA-approved COMSEC end item. NOTE: Categories of COMSEC modifications are: mandatory, optional, special mission optional, human safety mandatory, and repair actions.

COMSEC Module--Removable component that performs COMSEC functions in a telecommunications equipment or system.

COMSEC No-Lone Zone--Area, room, or space that, when manned, must be occupied by two or more appropriately cleared individuals who remain within sight of each other. See Two-Person Integrity (TPI).

COMSEC Profile--Statement of the COMSEC measures and materials used to protect a given operation, system, or organization.

COMSEC Responsible Officer (CRO)--Individual authorized by an organization to order COMSEC aids from the COMSEC account and who is responsible for their protection.

COMSEC Survey--Organized collection of COMSEC and communications data about a given operation, system, or organization.

COMSEC System Data--Information required by a COMSEC equipment or system to enable it to properly handle and control key.

COMSEC Training--Teaching of hands-on skills relating to COMSEC accounting, the use of COMSEC aids, or to the installation, use, maintenance, and repair of COMSEC equipment.

Concealment System--A method of achieving confidentiality in which sensitive information is hidden by embedding it in irrelevant data.

Confidentiality--Assurance that information is not disclosed to unauthorized entities or processes.

Configuration Control--Process of controlling modifications to telecommunications or AIS hardware, firmware, software, and documentation to make sure the system is protected against improper modifications before, during, and after system implementation. See Configuration Management.

Configuration Management--Management of security features and assurances through control of changes made to hardware, software, firmware, documentation, test, test fixtures, and test documentation of an AIS, throughout the development and operational life of a system.

Confinement--Prevention of the leaking of sensitive data from a program.

Confinement Channel--See Covert Channel.

Confinement Property--See Star Property (*-Property).

Contamination--Intermixing of data at different sensitivity and need-to-know levels. The lower level data is said to be contaminated by the higher level data; thus, the contaminating (higher level) data may not receive the required level of protection.

Contingency Key--Key held for use under specific operational conditions or in support of specific contingency plans.

Contingency Plan--Plan maintained for emergency response, backup operations, and post-disaster recovery for an AIS, as a part of its security program, that will ensure the availability of critical resources and facilitate the continuity of operations in an emergency.

Controlled Access--See Access Control.

Controlled Access Protection (Class C2)--Systems in this class enforce a more finely grained discretionary access control than C1 systems, making users individually accountable for their actions through login procedures, auditing of security relevant events, and resource isolation.

Controlled Area--Any building, area, or structure containing Air Force resources that are lucrative targets for theft, compromise, or destruction and to which entry must be limited to provide more protection.

Controlled Cryptographic Item (CCI)--Secure telecommunications or information handling equipment, or associated cryptographic component, that is unclassified but governed by a special set of control requirements. NOTE: Such items are marked "CONTROLLED CRYPTOGRAPHIC ITEM" or, where space is limited, "CCI."

Controlled Cryptographic Item (CCI) Assembly--Device embodying a cryptographic logic or other COMSEC design that NSA has approved as a CCI and performs the entire COMSEC function, but is dependent upon the host equipment to operate.

Controlled Cryptographic Item (CCI) Component--Device embodying a cryptographic logic or other COMSEC design, that NSA has approved as a CCI, that does not perform the entire COMSEC function and is dependent upon the host equipment or assembly to complete and operate the COMSEC function.

Controlled Cryptographic Item (CCI) Equipment--Telecommunications or information handling equipment that embodies a CCI component or CCI assembly and which performs the entire COMSEC function without dependence on a host equipment to operate.

Controlled Sharing--Condition that exists when access control is applied to all users and components of an AIS.

Controlled Space--Three dimensional space surrounding telecommunications and AIS equipment, within which unauthorized persons are denied unrestricted access and are either escorted by authorized persons or are under continuous physical or electronic surveillance.

Controlling Authority (CA)--Official responsible for directing the operation of a cryptonet and for managing the operational use and control of keying material assigned to the cryptonet.

Control Zone--Space, expressed in feet of radius, surrounding equipment processing sensitive information, that is under sufficient physical and technical control to preclude an unauthorized entry or compromise.

Cooperative Key Generation (CKG)--Electronically exchanged functions of locally generated, random components, from which both terminals of a secure circuit construct traffic encryption key or key encryption key for use on that circuit.

Cooperative Remote Rekeying--See Manual Remote Rekeying.

Cost-Benefit Analysis--Assessment of the costs of providing protection or security to a telecommunications or AIS versus risk and cost associated with asset loss or damage.

Copy Protected--Software distributed on diskettes rendered "uncopyable" by physical means.

Cost-Risk Analysis--See Cost-Benefit Analysis.

Countermeasure--Action, device, procedure, technique, or other measure that reduces the vulnerability of an AIS.

Covert Channel--Unintended and, or unauthorized communications path that can be used to transfer information in a manner that violates an AIS security policy. See Exploitable Channel and Overt Channel.

Covert Storage Channel--Covert channel that involves the direct or indirect writing to a storage location by one process and the direct or indirect reading of the storage location by another process. NOTE: Covert storage channels typically involve a finite resource (e.g., sectors on a disk) that is shared by two subjects at different security levels.

Covert Timing Channel--Covert channel in which one process signals information to another process by modulating its own use of system resources (e.g., CPU time) in such a way that this manipulation affects the real response time observed by the second process.

Credentials--Information, passed from one entity to another, which is used to establish the sending entity's access rights.

Criticality--COMPUSEC characteristic that measures how important the correct and uninterrupted functioning of the AIS is to national security, human life or safety, or the mission of the using organization.

Critical Processing--Processing that must continue in a correct and uninterrupted manner to support DoD emergency or war plans, preserve human life or safety, or support the mission of the using organization.

Cryptanalysis (CA)--The steps and operations performed in converting encrypted messages into plain text without initial knowledge of the key employed in the encryption. (JP 1-02)

CRYPTO--Marking or designator identifying COMSEC keying material used to secure or authenticate telecommunications carrying classified or sensitive U.S. Government or U.S. Government-derived information. NOTE: When written in all upper case letters, "CRYPTO" has the meaning stated above. When written in lower case as a prefix, "crypto" and "crypt" are abbreviations for cryptographic.

Crypto-Alarm--Circuit or device that detects failures or aberrations in the logic or operation of crypto-equipment. NOTE: Crypto-alarm may inhibit transmission or may provide a visible and, or audible alarm.

Crypto-Algorithm--Well-defined procedure or sequence of rules or steps used to produce cipher text from plain text and vice versa.

Crypto-Ancillary Equipment--Equipment designed specifically to facilitate efficient or reliable operation of crypto-equipment, but which does not perform cryptographic functions.

Crypto-Equipment--Equipment that embodies a cryptographic logic.

Cryptographic--Pertaining to, or concerned with, cryptography.

Cryptographic Component--Hardware or firmware embodiment of the cryptographic logic. NOTE: Cryptographic component may be a modular assembly, a printed wiring assembly, a microcircuit, or a combination of these items.

Cryptographic Initialization--Function used to set the state of a cryptographic logic before key generation, encryption, or other operating mode.

Cryptographic Logic--Well-defined procedure or sequence of rules or steps used to produce cipher text from plain text, and vice versa, or to produce a key stream, plus delays, alarms, and checks that are essential to effective performance of the cryptographic process. See Crypto-Algorithm.

Cryptographic Randomization--Function that randomly determines the transmit state of a cryptographic logic.

Cryptography--Principles, means, and methods for rendering plain information unintelligible and for restoring encrypted information to intelligible form.

Crypto-Ignition Key (CIK)--Device or electronic key used to unlock the secure mode of crypto-equipment.

Cryptonet--Stations that hold a specific key for use. NOTE: Activities that hold key for other than use, such as cryptologistics depots, are not cryptonet members for that key. Controlling authorities are actual members of the cryptonets they control.

Cryptoperiod--Time span during which each key setting remains in effect.

Cryptosecurity--Component of COMSEC that results from the provisions of technically sound cryptosystems and their proper use.

Cryptosynchronization--Process by which a receiving decrypting cryptographic logic attains the same internal state as the transmitting encrypting logic.

Cryptosystem--The associated items of cryptomaterial that are used as a unit and provide a single means of encryption and deception. (JP 1-02)

Cryptosystem Assessment--Process of establishing the exploitability of a cryptosystem, normally by reviewing transmitted traffic protected or secured by the system under study.

Cryptosystem Evaluation--Process of determining vulnerability of a cryptosystem.

Cryptosystem Review--Examination of a cryptosystem by the controlling authority to ensure its adequacy of design and content, continued need, and proper distribution.

Cryptosystem Survey--Management technique in which actual holders of a cryptosystem express opinions on the system's suitability and provide usage information for technical evaluations.

Cyclic Redundancy Check (CRC)--Error-checking mechanism that checks data integrity by computing a polynomial algorithm based checkvalue. The "as received" checkvalue must match the "as sent" checkvalue, or there has been an error.

Data--Representation of facts, concepts, or instructions in a formalized manner suitable for communication, interpretation, or processing by humans or by automatic means. Any representations such as characters or analog quantities to which meaning is or might be assigned. (JP 1-02)

Data Base--Information collected and organized in a meaningful manner to serve a particular purpose.

Data Contamination--Deliberate or accidental process or act resulting in a change in the integrity of the original data. See Data Diddling.

Data Diddling--Process of accidentally or maliciously changing data before or during the input or output to a computer. The changes can be made by anyone associated with or having access to the processes of creating, recording, transporting, encoding, examining, checking, converting, or transforming the data. See Data Contamination.

Data Encryption Standard (DES)--Crypto-algorithm designed for the protection of unclassified data and published by the National Institute of Standards and Technology in Federal Information Processing Standard (FIPS) Publication 46.

Data Flow Control--See Information Flow Control.

Data Integrity--Condition that exists when data is unchanged from its source and has not been accidentally or maliciously modified, altered, or destroyed.

Data Origin Authentication--Corroboration that the source of data is as claimed.

Data Owner--Authority, individual, or organization who has original responsibility for the data by statute, executive order, or directive.

Data Protection Engineering--Methodology and tools used for designing and implementing data protection mechanisms.
Data Security--Protection of data from unauthorized (accidental or intentional) modification, destruction, or disclosure.

DC Erasure--Using a magnetic field produced by an electromagnet operating on direct current (DC) to degauss (purge) magnetic storage media. See AC Erasure and Clearing.

Decertification--Revocation of the certification of an AIS item or equipment for cause.

Decipher--Convert enciphered text to the equivalent plain text by means of a cipher system.

Declassification (of magnetic storage media)--Administrative decision or procedure to remove or reduce the security classification of the subject media. See Clearing and Purge.

Decode--Convert encoded text to its equivalent plain text by means of a code.

Decrypt--Convert encrypted text into its equivalent plain text by means of a cryptosystem. NOTE: The term "decrypt" covers the meanings of decipher and decode. (JP 1-02)

Dedicated Mode or Dedicated Security Mode--AIS security mode of operation wherein each user, with direct or indirect access to the system, its peripherals, remote terminals, or remote hosts, has all the following: (1) Valid security clearance for all information within the system. (2) Formal access approval and signed non-disclosure agreements for all the information stored and/or processed (including all compartments, subcompartments, and/or special access programs). (3) Valid need-to-know for all information contained within the AIS. NOTE: When in the dedicated security mode, a system is specifically and exclusively dedicated to and controlled for the processing of one particular type or classification of information, either for full-time operation or for a specified time. See Mode of Operation.

Default Classification--Temporary classification reflecting the highest classification being processed in the AIS. The default classification is included in the caution statement affixed to the object.

Degauss--Destroy information contained in magnetic media by subjecting that media to high-intensity alternating magnetic fields, following which the magnetic fields slowly decrease.

Degausser--Electrical device or hand held permanent magnet that can generate a high intensive magnetic field to purge magnetic storage media.

Degausser Products List (DPL)-- List of commercially produced degaussers that meet NSA specifications. This list is included in the NSA Information Systems Security Products and Services Catalogue, and is available through the Government Printing Office.

Degree of Trust--Level of confidence in security mechanisms and procedures to correctly enforce a specified security policy.

Delegated Development Program--Information systems security program in which the NSA Director delegates the development and, or production of the entire telecommunications product, including the information systems security portion, to a lead department or agency.

Denial of Service--Result of any action or series of actions that prevent any part of a telecommunications or AIS from functioning.

Deployable Computer System--Computer system able to temporarily operate in different locations to satisfy the mission. These systems vary from large communications processors to laptop computers.

Descriptive Top-Level Specification (DTLS)--Top-level specification that is written in a natural language (e.g., English), an informal design notation, or a combination of the two. NOTE: DTLS required for a Class B2 or Class B3 AIS completely and accurately describes a TCB. See Formal Top-Level Specification (FTLS).

Designated Approving Authority (DAA)--Official with the authority to formally assume responsibility for operating an AIS or network at an acceptable level of risk.

Design Controlled Spare Part (DCSP)--Part or subassembly for a COMSEC equipment or device with a NSA-controlled design.

Design Verification--Use of verification techniques, usually computer-assisted, to demonstrate a mathematical correspondence between an abstract (security) model and a formal system specification.

Dial Back--See Call Back.

Dial-Up--Service whereby a computer terminal can use the telephone to initiate and effect communication with another computer.

Dial-Up Diagnostic--Service whereby a remote diagnostic facility or source can communicate and perform diagnostic functions on computers or a computer system.

Digital Signature--See Electronic Signature.

Direct Shipment--Shipment of COMSEC material directly from NSA to user COMSEC accounts.

Direct Support--COMSEC monitor support provided to combat commanders under wartime, simulated wartime conditions, or as specified in agreements between the Air Intelligence Agency (HQ AIA) and other agencies.

Disaster Plan--See Contingency Plan.

Discretionary Access Control (DAC)--Means of restricting access to objects based on the identity and need-to-know of users and, or groups to which the object belongs. NOTE: Controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (directly or indirectly) on to any other subject. See Mandatory Access Control (MAC).

Discretionary Access Control Mechanism--TCB routines or algorithms that use DACs to provide discretionary protection.

Discretionary Protection--Access control features that identify individual users and their need-to-know and limits them to certain, specified information. See Discretionary Access Control (DAC).

Discretionary Security Protection (Class C1)--TCB that provides elementary DAC protection features that separate users from data. It incorporates some form of credible controls capable of enforcing access limitations on an individual basis (i.e., suitable for allowing users to be able to protect private data and to keep other users from accidentally reading or destroying that data).

Dissemination Controls--See Special Markings.

Dissemination of Information--Act of distributing government information, whether through printed documents, electronic data transfer, floppy disks, or other media.

Distributed Computer System--Computer system that is geographically separated but electrically connected to one or more other systems.

Distribution Statement--Statement used in marking a document to denote the extent of its availability for distribution, release, and disclosure without additional approvals or authorizations. A distribution statement marking is distinct from and in addition to a security classification marking assigned according to DoD 5200.1-R.

DoD Trusted Computer System Evaluation Criteria (TCSEC)--Document containing basic requirements and evaluation classes for assessing degrees of effectiveness of hardware and software security controls built into AIS. NOTE: This document, DoD 5200.28-STD, is frequently referred to as "The Orange Book."

Domain--Unique context (e.g., access control parameters) in which a program is operating; in effect, the set of objects that a subject can access. See Object and Subject.

Dominate--Term used to compare AIS security levels. NOTE: Security level S1 is said to dominate security level S2 if the hierarchical classification of S1 is greater than, or equal to, that of S2 and the non-hierarchical categories of S1 include all those of S2 as a subset.

Drop Accountability--Procedure under which a COMSEC account manager initially receipts for COMSEC material, and then provides no further accounting for it to its COR. NOTE: Local accountability of the COMSEC material may continue to be required. See Accounting Legend Code (ALC) and ALC-4.

Dumb Terminal--Terminal attached to a system or network that does not have, within its confines, the capability to store or process data.

Dummy Group--Textual group having the appearance of a valid code or cipher group that has no plain text significance.

Economic Assessment--Comparison of the benefits of proposed security measures versus their cost. An economic assessment aids in planning and selecting security measures.

Electronically Generated Key--Key produced only in non-physical form. NOTE: Electronically generated key stored magnetically (e.g., on a floppy disk) is not considered hard copy key. See Hard Copy Key.

Electronic Signature--Process that operates on a message to assure message source authenticity and integrity, and source non-repudiation.

Electronics Security--The protection resulting from all measures designed to deny unauthorized persons information of value that might be derived from their interception and study of noncommunications electromagnetic radiations (e.g., radar). (JP 1-02)

Element--Removable item of COMSEC equipment, assembly, or subassembly that normally consists of a single piece or group of replaceable parts.

Electronic Security Assessment--One of three levels of capability to improve communications-computer systems security posture by accurately measuring the posture and recommending countermeasures where deficiencies exist.

Emanations--See Compromising Emanations.

Embedded Computers--Computer hardware and software that are an integral part of a product, where the principal function of the product is not the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information. An embedded computer would require major modification to be used for general purpose computing and is managed as a component of the system in which it is embedded. (Federal Information Resources Management Regulation [FIRMR]).

Embedded Cryptography--Cryptography that is engineered into an equipment or system the basic function of which is not cryptographic. NOTE: Components comprising the cryptographic module are inside the equipment or system and share host device power and housing. The cryptographic function may be dispersed or identifiable as a separate module within the host.

Embedded Cryptographic System--Cryptosystem that performs or controls a function, either in whole or in part, as an integral element of a larger system or subsystem.

Emergency Plan--See Contingency Plan.

Emission Security--Protection resulting from all measures taken to deny unauthorized persons information of value that might be derived from intercept and analysis of compromising emanations from crypto-equipment, AIS, and telecommunications systems.

Emulator--Combination of hardware and software permitting programs written for one computer to be run on another computer. In COMPUSEC, the emulator is the portion of the system responsible for creating an operating system compatible environment out of the environment provided by the kernel.

Encipher--Convert plain text into unintelligible form by means of a cipher system. (JP 1-02)

Encode--Convert plain text to equivalent cipher text by means of a code.

Encrypt--Convert plain text into unintelligible forms by means of a cryptosystem. NOTE: The term encrypt covers the meanings of encipher and encode. (JP 1-02)

Encryption--Process of transforming data into an unintelligible form to conceal its meaning.

End-Item Accounting--Accounting for all the accountable components of a COMSEC equipment configuration by a single short title.

Endorsed DES Equipment--Unclassified equipment that embodies unclassified data encryption standard cryptographic logic and has been endorsed by NSA for the protection of national security information.

Endorsed for Unclassified Cryptographic Item--Unclassified cryptographic equipment that embodies a U.S. Government classified cryptographic logic and is endorsed by NSA for the protection of national security information. See Type 2 Product.

Endorsed Tools List (ETL)--List of formal verification tools endorsed by the NCSC to develop systems with high levels of trust.

Endorsement--NSA approval of a commercially developed telecommunications or AIS protection equipment or system for safeguarding national security information.

End-to-End Encryption--Encryption of information at its origin, and decryption at its intended destination, without any intermediate decryption.

End-to-End Security--Safeguarding information in a secure telecommunications system by cryptographic or protected distribution system means from point of origin to point of destination.

Engineering Development Model (EDM)--Model of COMSEC equipment used for engineering or operational tests under service conditions for evaluation of performance and operational suitability.

Enhanced Hierarchical Development Methodology--Software development methodology that makes use of the language REVISED SPECIAL to formally prove design specifications.

Entrapment--Deliberate planting of apparent flaws in an AIS to detect attempted penetrations.

Environment--Procedures, conditions, and objects that affect the development, operation, and maintenance of an AIS.

Erasure--Process intended to render stored data irretrievable by normal means. See Clearing.

Escort--Designated person with appropriate clearances and access authorizations for material contained in a system or location who is sufficiently knowledgeable to understand the security implications and control the activities and access of the person being escorted.

Evaluated Products List (EPL)--List of equipments, hardware, software, and, or firmware that have been evaluated against, and found to be technically compliant, at a particular level of trust, with the DoD TCSEC by the NCSC.

Executive State--One of several states in which an AIS may operate, and the only one in which certain privileged instructions may be executed. NOTE: Such privileged instructions cannot be executed when the system is operating in other states (e.g., user).

Exercise Key--Key intended to safeguard transmissions associated with exercises.

Expired Password--Password that must be changed by the user, or other authorized individual, before login may be completed.

Exploitable Channel--Covert channel that is intended to violate the security policy governing an AIS and is usable or detectable by subjects external to the TCB. See Covert Channel.

Exploratory Development Model--Assembly of preliminary circuits or parts in line with commercial practice to investigate, test, or evaluate the soundness of a concept, device, circuit, equipment, or system in a "breadboard" or rough experimental form, without regard to eventual overall physical form or layout.

External Label--Visible marking on the outside of media, or the cover of media, that reflects the classification and sensitivity of the information resident within media. See Internal Label and Label.

Extraction Resistance--Capability of a crypto-equipment or a secure telecommunications system or equipment to resist efforts to extract key.

Fail Safe--Pertaining to the automatic protection of programs and, or processing systems to maintain safety when a hardware or software failure is detected in a system.

Fail Soft--Pertaining to the selective termination of affected nonessential processing when a hardware or software failure is determined to be imminent in an AIS.

Failure Access--Unauthorized and usually inadvertent access to data resulting from a hardware or software failure in an AIS. See Inadvertent Disclosure.

Failure Control--Methodology used to detect and provide fail safe or fail soft recovery from hardware and software failures in an AIS.

Fault--Condition causing a device or system component to fail to perform in a required manner.

Fetch Protection--AIS-provided restriction to prevent a program from accessing data in another user's segment of storage.

Fielded Equipment--Any COMSEC end-item shipped to the user subsequent to first article testing on the initial production contract.

File Protection--Aggregate of all processes and procedures established in an AIS designed to inhibit unauthorized access, contamination, elimination, modification, or destruction of a file or any of its contents.

File Security--Means by which access to computer files is limited to authorized users only.

Fill Device--COMSEC item used to transfer or store key in electronic form or to insert key into a crypto-equipment.

Filter--See Front-End Security Filter and Guard.

FIREFLY--Key management protocol based on public key cryptography.

Firmware--Software that is permanently fixed in a hardware device that allows reading, but not writing or modifying the software. See Read-Only Memory (ROM).

Fixed COMSEC Facility--COMSEC facility that is located in an immobile structure or aboard a ship.

Flaw--Error of commission, omission, or oversight in an AIS that may allow protection mechanisms to be bypassed.

Flaw Hypothesis Methodology--System analysis and penetration technique in which the specification and documentation for an AIS are analyzed and then flaws in the system are hypothesized. NOTE: List of hypothesized flaws is prioritized by the estimated probability that a flaw exists and, assuming a flaw does exist, on the ease of exploiting it, and on the extent of control or compromise it would provide. The prioritized list is used to perform penetration testing of a system.

Flow Control--See Information Flow Control.

Flux--1. Number of particles crossing a unit area per unit of time. 2. Magnetic field that exists between the poles of a magnet.

Formal Access Approval--Documented approval by a data owner to allow access to a particular category of information.

Formal Cryptographic Access (FCA)--Formal approval permitting access to COMSEC keying material and prior consent to a non-lifestyle, counterintelligence-scope polygraph examination.

Formal Development Methodology (FDM)--Collection of languages and tools enforcing a rigorous method of verification. This methodology uses the Ina Jo specification language for successive stages of system development, including identification and modeling of requirements, high-level design, and program design.

Formal Proof--Complete and convincing mathematical argument, presenting the full logical justification for each proof step, for the truth of a theorem or set of theorems. NOTE: In computer security, these formal proofs provide A1 and beyond A1 assurance under the DoD TCSEC.

Formal Security Policy Model--Mathematically precise statement of a security policy. NOTE: Such a model must define a secure state, an initial state, and how the model represents changes in state. The model must be shown to be secure by proving that the initial state is secure and that all possible subsequent states remain secure. See Bell-La Padula Security Model.

Formal Top-Level Specification (FTLS)--Top-level specification that is written in a formal mathematical language to allow theorems, showing the correspondence of the system specification to its formal requirements, to be hypothesized and formally proven. NOTE: FTLS required for a Class A1 AISompletely and accurately describes the TCB. See Descriptive Top-Level Specification (DTLS).

Formal Verification--Process of using formal proofs to demonstrate the consistency between formal specification of a system and formal security policy model (design verification) or between formal specification and its high-level program implementation (Implementation Verification).

Freeware--Software programs distributed and copied freely, without any payment implied or expected. See Public Domain Software and Shareware.

Frequency Hopping--Repeated switching of frequencies during radio transmission according to a specified algorithm, to minimize unauthorized interception or jamming of telecommunications.

Front-End Security Filter--Security filter, which could be implemented in hardware or software, that is logically separated from the remainder of an AIS to protect the integrity of the system.

Full Maintenance--Complete diagnostic repair, modification, and overhaul of information systems security equipment, including repair of defective assemblies by piece part replacement. See Limited Maintenance.

Functional Testing--Segment of security testing in which advertised security mechanisms of an AIS are tested under operational conditions.

Gateway--Network station that serves to interconnect otherwise incompatible networks, network nodes, subnetworks, or devices.

Granularity--Relative fineness or coarseness to which an access control mechanism can be adjusted. NOTE: Protection at the file level is considered coarse granularity, whereas protection at the field level is considered to be a finer granularity.

Guard--Processor that provides a filter between two disparate systems operating at different security levels or between a user terminal and a data base to remove data for which the user is not authorized access.

Gypsy--Computer language developed by the University of Texas and used in formal design specification verification. See Formal Verification.

Gypsy Verification Environment--Integrated set of tools for specifying, coding, and verifying programs written in the Gypsy language, a language similar to Pascal that has both specification and programming features. This methodology includes an editor, a specification processor, a verification condition generator, a user-directed theorem prover, and an information flow tool.

Hacker--Originally, a computer enthusiast who spent significant time learning the functions of the computer without benefit of formal training (and often without technical manuals) by trying combinations of commands at random to determine their effect. Common usage today is from the press, which uses the word to describe people who break into computers for various purposes.

Handshaking Procedure--Dialogue between two entities (e.g., a user and a computer, a computer and another computer, or a program and another program) to identify and authenticate one another.

Hard Copy Key--Physical keying material, such as printed key lists, punched or printed key tapes, or programmable, read-only memories.

Hardware--Electric, electronic, and mechanical devices that make up a computer system.

Hardware Security--Equipment features or devices used in a computer system to preclude unauthorized data access or support a TCB.

Hardwired Key--Key that is permanently installed.

Hashing--Iterative process that computes a value (referred to as a hashword) from a particular data unit in a manner that, when a hashword is protected, manipulation of the data is detectable.

Hash Total--Quantity produced by specific mathematical formulae, often appended to and used as a checksum or validation parameter for the data that it protects.

Hashword--See Checksum.

Hidden Sections--Menu options, or entire sub-menus, not visible or accessible to a user due to lack of adequate authorization.

Hierarchical Development Methodology (HDM)--Methodology for specifying and verifying the design programs written in the Special Specification Language. The tools for this methodology include the Special Specification Processor, the Boyer-Moore Theorem Prover, and the Feiertag Information Flow Tool.

High Order Language (HOL)--Programming languages designed to easily achieve varying degrees of machine independence. HOLs are designed for programming convenience and are intended to communicate procedures more readily to individuals who develop, review, or maintain such procedures.

High Risk Environment--Specific location or geographic area where there are insufficient friendly security forces to ensure the safeguarding of information systems security equipment.

Host--1. Computer providing processing power for attached terminals and peripheral devices. 2. Controlling computer of a network.

Hostile Cognizant Agent--Person, authorized access to national security information, who intentionally makes that information available to an intelligence service or other group, the goals of which are inimical to the interests of the United States Government or its allies.

Hostile Threat Environment--Area that contains known threats over which one possesses little or no control.

Host to Front-End Protocol--Set of conventions governing the format and control of data that is passed from a host to a front-end machine.

Identification--Process that enables recognition of an entity by an AIS. NOTE: This is generally accomplished by using unique machine-readable user names.

Identity-Based Security Policy--Security policy based on the identities and, or attributes for users, user groups, or entities acting on the user's behalf, resources, and, or objects being assessed.

Identity Token--Smart card, metal key, or some other physical token carried by a system's user allowing user identity validation.

Impersonating--See Spoofing.

Imitative Communications Deception--Introduction of deceptive messages or signals into an adversary's telecommunications signals. See Communications Deception and Manipulative Communications Deception.

Impersonation--See Spoofing.

Implant--Electronic device or component modification to electronic equipment that is designed to gain unauthorized interception of information-bearing energy by technical means.

Implementation Verification--Techniques, usually computer-assisted, used to demonstrate a mathematical correspondence between a formal specification and its implementation in program code.

Ina Jo--A software language developed by the Systems Development Corporation used in formal development methodology.

Inadvertent Disclosure--Accidental exposure of information to a person not authorized access. See Failure Access.

Incomplete Parameter Checking--AIS design flaw that results when all parameters have not been fully anticipated for accuracy and consistency, thus making the system vulnerable to penetration.

Individual Accountability--Ability to associate positively the identity of a user with the time, method, and degree of access to an AIS.

Information--Knowledge such as facts, data, or opinions, including numerical, graphic, or narrative forms, whether oral or maintained in media. See Data.

Information Flow Control--Procedure to ensure that information transfers within an AIS are not made from a higher security level object to an object of a lower security level. See Covert Channel, Simple Security Property, and Star Property (*-Property).

Information Label--Piece of information that accurately and completely represents the sensitivity of the data in a subject or object. NOTE: Information label consists of a security label and other required security markings (e.g., codewords, dissemination control markings, and handling caveats) to be used for data information security labeling purposes. See Label.

Information System (IS)--Any telecommunications and, or computer related equipment or interconnected system or subsystem of equipment that is used in the acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of voice and, or data, and includes software, firmware, and hardware. See Automated Information System (AIS).

Information System Security Officer (ISSO)--Person responsible to the DAA who ensures that security of an information system is implemented through its design, development, operation, maintenance, and secure disposal stages. See Computer Security Officer (CSO) and Network Security Officer (NSO).

Information Systems Security (INFOSEC)--The protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users or the provision of service to unauthorized users, including those measures necessary to detect, document, and counter such threats. See Computer Security (COMPUSEC).

Information Systems Security Product--Item (chip, module, assembly, or equipment), technique, or service that performs or relates to INFOSEC.

Information Systems Security Products and Services Catalogue--Compendium of products and services that have been endorsed or evaluated by NSA or NCSC for protecting classified or sensitive information. The catalogue is published quarterly by the Government Printing Office.

Initialize--Setting the state of a cryptographic logic before key generation, encryption, or other operating mode.

Integrated Services Digital Network (ISDN)--Standardized operating parameters and interfaces for a network that will allow mixed digital transmission services (audio, video, and data) simultaneously.

Integrity--COMPUSEC characteristic ensuring computer resources operate correctly and data in the system is accurate. This characteristic is applicable to hardware, software, firmware, and the data bases used by the computer system.

Integrity Check Value--Checksum that is capable of detecting malicious modification of an AIS.

Intelligent Terminal--See Smart Terminal.

Interactive Computing--Use of a computer such that the user is in control and may enter data or make other demands on the system that responds by the immediate processing of user requests and returning appropriate replies to these requests.

Interdiction--See Denial of Service.

Interface--A boundary or point common to two or more similar or dissimilar command and control systems, subsystems, or other entities against which or at which necessary information flow takes place. (JP 1-02)

Interim Approval--Temporary authorization granted by a DAA for an AIS to process classified information and information governed by Title 10, United States Code, Section 2315 or Title 44, United States Code, Section 3502(2) in its operational environment based on preliminary results of a security evaluation of the system. See Accreditation and Approval to Operate.

Internal Label--Marking of an item of information, to reflect the classification and sensitivity of the information, within the confines of the media containing the information. See External Label and Label.

Internal Security Audit--A security audit conducted by personnel responsible to the management of the organization being audited.

Internal Security Controls--Hardware, firmware, and software features within a system that restrict access to resources (hardware, software, and data) to authorized subjects only (persons, programs, or devices).

Internet Private Line Interface--Network cryptographic unit that provides secure connections, singularly or in simultaneous multiple connections, between a host and a predetermined set of corresponding hosts.

Internet Protocol (IP)--Standard protocol for transmission of data from source to destinations in packet-switched communications networks and interconnected systems of such networks.

Investigation--Review and analysis of system security features (e.g., the investigation of system control programs using flow charts, assembly listings, and related documentation) to determine the security provided by the operating system.

Isolation--The containment of subjects and objects in a system in such a way that they are separated from one another, as well as from the protection controls of the operating system.

Kernel--See Security Kernel.

Kernelized Secure Operating System (KSOS)--Project to strengthen the UNIX operating system with a security kernel to make it suitable for multilevel operations.

Kernelized VM/370--Kernelized version of IBM's VM/370 for S/370 series architecture, being built by System Development Corporation.

Key--Information (usually a sequence of random or pseudorandom binary digits) used initially to set up and periodically change the operations performed in crypto-equipment for encrypting or decrypting electronic signals, for determining electronic counter-countermeasures' patterns (e.g., frequency hopping or spread spectrum), or for producing other keys. NOTE: "Key" has replaced the terms "variable," "key(ing) variable," and "cryptovariable."

Key-Auto-Key (KAK)--Cryptographic logic that uses previous key to produce key.

Key Card--Paper card, containing a pattern of punched holes, which establishes the key for a specific cryptonet at a specific time.

Key Encryption Key (KEK)--Key that encrypts or decrypts other key for transmission or storage.

Keying Material--Key, code, or authentication information in physical or magnetic form.

Key List--Printed series of key settings for a specific cryptonet. NOTE: Key lists may be produced in list, pad, or printed tape format.

Key Management--Process by which key is generated, stored, protected, transferred, loaded, used, and destroyed.

Key Production Key (KPK)--Key that is used to initialize a key stream generator for the production of other electronically generated keys.

Key Stream--Sequence of symbols (or their electrical or mechanical equivalents) produced in a machine or auto-manual cryptosystem to combine with plain text to produce cipher text, control transmission security processes, or produce key.

Key Tag--Identification information associated with certain types of electronic key.

Key Tape--Punched or magnetic tape containing key. NOTE: Printed key in tape form is referred to as a key list.

Key Updating--Irreversible cryptographic process for modifying key automatically or manually.

Keying Material--Key, code, or authentication information in physical or magnetic form.

Keyword--See Password.

Label--Marking of an item of information, with its classification and other required security markings (e.g., codewords, dissemination and control markings, and handling caveats), to represent its sensitivity. See External Label, Information Label, Internal Label, Security Label, Security Level, and Sensitivity Label.

Labeled Security Protection (Class B1)--TCB that provides elementary-level mandatory access control protection features, as well as intermediate-level DAC features. Sensitivity labels are used to make access control decisions based on an informal security policy model that states the rules for how named subjects (users, programs) may access named objects (files, records).

Laptop Computer--Large hand-carried computer, typically weighing over seven pounds. See Notebook Computer.

Least Privilege--Principle that requires each subject be granted the most restrictive set of privileges needed for the performance of authorized tasks. NOTE: Application of this principle limits the damage that can result from accident, error, or unauthorized use of an AIS.

Life Cycle--The total phases through which an item passes from the time it is initially developed until the time it is either consumed in use or disposed of as being excess to all known materiel requirements. (JP 1-02)

Limited Access--See Access Control.

Limited Maintenance--COMSEC maintenance restricted to fault isolation, removal, and replacement of plug-in assemblies. NOTE: Soldering or unsoldering usually is prohibited in limited maintenance. See Full Maintenance.

Line Conduction--1. Unintentional signals or noise induced or conducted on a telecommunications or AIS signal, power, control, indicator, or other external interface line. 2. TEMPEST: Emanations produced on any external or interface line of an equipment, which, in any way, alter the signal on the external or interface lines. The external lines include signal lines, control and indicator lines, and AC or DC power lines.

Linkage--Purposeful combination of data or information from one computer system with that of another system in the hope of deriving additional information; in particular, the combination of computer files from two or more sources.

Link Encryption--The application of on-line crypto-operation to a link of a communications system so that all information passing over the link is encrypted in its entirety. (JP 1-02)

List-Oriented--Computer protection in which each protected object has a list of all subjects authorized to access it. See Ticket-Oriented.

Local Area Network (LAN)--Computer network that services a small area. LANs typically have a diameter of not more than a few miles and are owned by a single organization. See Network and Wide Area Network (WAN).

Lock and Key Protection System--Protection system that involves matching a key or password with a specific access requirement.

Logic Bomb--Resident computer program that triggers an unauthorized act when particular states of an AIS are realized.

Logical Access Control--Use of information-related mechanisms (such as passwords) rather than physical mechanisms for the provision of access control.

Logical Completeness Measure--Means for assessing the effectiveness and degree to which a set of security and access control mechanisms meets the requirements of security specifications.

Login/Log In--See Logon/Log On.

Logoff/Log Off--Procedure used to terminate connections.

Logon/Log On--Procedure used to establish the identity of the user, and the levels of authorization and access permitted.

Long-Haul Communication--Any communication line, whether Government owned or controlled by a common carrier, extending outside the geographic perimeter of the installation.

Long Title--Descriptive title of a COMSEC item.

Loophole--Error of omission or oversight in software or hardware that permits circumventing the system security policy.

Low Probability of Detection (LPD)--Result of measures used to hide or disguise intentional electromagnetic transmissions.

Low Probability of Intercept (LPI)--Result of measures to prevent the intercept of intentional electromagnetic transmissions.

Machine Cryptosystem--Cryptosystem in which cryptographic processes are performed by crypto-equipment.

Magnetic Field--Area where magnetic forces can be detected.

Magnetic Field Intensity--Strength of the magnetic field or the measure of magnetic flux created by a magnet. See Oersted.

Magnetic Flux--Lines of force representing a magnetic field. See Flux.

Magnetic Flux Density--1. Flux per unit area perpendicular to the direction of the flux. 2. Representation of the strength of a magnetic field, given as the symbol B. See Flux.

Magnetic Media--Media used to store computer data using magnetic force. There are currently three types of magnetic media. They are defined based on their coercivity as: (1) Type 1: Media whose coercivity is no greater than 350 Oe. (2) Type 2: Media whose coercivity lies in the range of 351 to 750 Oe. (3) Above Type 2: Media whose coercivity is 751 Oe or higher.

Magnetic Oxide--Surface coating on magnetic media that is sensitive to magnetic forces and allows the media to retain data images.

Magnetic Remanence--Magnetic representation of residual information that remains on a magnetic medium after the medium has been erased or overwritten. NOTE: Magnetic remanence refers to data remaining on magnetic storage media after removal of the power or after degaussing.

Magnetic Saturation--Condition in which an increase in magnetizing force will produce or result in little or no increase in magnetic flux.

Maintenance Hook--Special instructions in software to allow easy maintenance and additional feature development. NOTE: Maintenance hooks are not clearly defined during access for design specification. Since maintenance hooks frequently allow entry into the code at unusual points or without the usual checks, they are a serious security risk if they are not moved before live implementation. Maintenance hooks are special types of trap doors.

Maintenance Key--Key intended only for off-the-air, in-shop use.

MAJCOM C4 Systems Security Office--Office charged with the responsibility for managing and executing the C4 systems security program for a major command (MAJCOM), field operating agency (FOA), or direct reporting unit (DRU). The office reports to the MAJCOM DAA and provides security guidance to the BCSSOs.

MAJCOM Computer System Security Manager (MCSSM)--Term no longer used. Before the MAJCOM C4 systems security office, this was the individual charged with the responsibility for managing and executing the computer security program for a MAJCOM, separate operating agency (SOA), or DRU.

Malicious Logic--Hardware, software, or firmware that is intentionally included in an AIS for an unauthorized purpose. NOTE: Trojan horse is a form of malicious logic.

Mandatory Access Control (MAC)--Means of restricting access to objects based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (i.e., clearance) of subjects to access information of such sensitivity. See Discretionary Access Control (DAC).

Mandatory Modification (MAN)--Change to a COMSEC end item that NSA requires to be completed and reported by a specified date. NOTE: This type of modification should not be confused with modifications that are optional to NSA, but have been adjudged mandatory by a given department or agency. The latter modification may have an installation deadline established and controlled solely by the user's headquarters.

Mandatory Protection--Result of a system that preserves the sensitivity labels of major data structures in the system and uses them to enforce mandatory access controls.

Manipulation Detection--Mechanism used to detect whether a data unit has been modified accidentally or intentionally.

Manipulative Communications Deception--Alteration or simulation of friendly telecommunications to deceive. NOTE: Manipulative communications deception may involve establishment of bogus communications structures, transmission of deception messages, and expansion or creation of communications schedules on existing structures to display an artificial volume of messages. See Communications Deception and Imitative Communications Deception.

Manual Cryptosystem--Cryptosystem in which the cryptographic processes are performed manually without the use of crypto-equipment or auto-manual devices.

Manual Remote Rekeying--Procedure by which a distant crypto-equipment is rekeyed electrically, with specific actions required by the receiving terminal operator.

Masquerading--See Spoofing.

Master Crypto-Ignition Key--Crypto-ignition key that is able to initialize crypto-ignition key when interacting with its associated crypto-equipment.

Material Symbol (MATSYM)--Communications circuit identifier used for key card resupply purposes.

Media--Material used to store data, such as tape reels and floppy diskettes.

Memory--Computer component used to hold information in electrical, magnetic, or optical form. See Nonvolatile Memory and Volatile Memory.

Memory Bounds--Limits in the range of storage addresses for a protected region in the memory of an AIS.

Memory Bounds Checking--See Bounds Checking.

Message Authentication Code (MAC)--Data element associated with an authenticated message that allows a receiver to verify the integrity of the message.

Message Externals--Non-textual (outside the message text) characteristics of transmitted messages.

Message Indicator--Sequence of bits transmitted over a telecommunications system for crypto-equipment synchronization. NOTE: Some off-line cryptosystems, such as the KL-51 and one-time pad systems, use message indicators to establish decryption starting points.

Metal Particle Tape--Type of tape whose surface coating is produced from pure iron and has very high coercivity in the range of 850 to 1250 Oe (above Type II).

Mimicking--See Spoofing.

Minimal Protection (Class D)--Class reserved for those systems that have been evaluated but fail to meet the requirements for a higher evaluation.

Mobile COMSEC Facility--COMSEC facility that can be readily moved from one location to another.

Mockingbird--Computer program or process that mimics the legitimate behavior of a normal system feature (or other apparently useful function) but performs malicious activities once invoked by the user.

Mode of Operation--Description of the conditions under which an AIS operates, based on the sensitivity of data processed and the clearance levels and authorizations of the users. NOTE: Five modes of operation are authorized for an AIS processing information and for networks transmitting information. See Compartmented Mode, Dedicated Mode or Dedicated Security Mode, Multilevel Mode or Multilevel Security Mode, Partitioned Security Mode, and System High Mode or System-High Security Mode.

Mode of

When All Users Have
Formal Access Approval



System High


Partitioned or




Table 1--Security Mode of Operation Matrix

Multilevel Device--Device that is trusted to properly maintain and separate data of different security levels.

Multilevel Mode or Multilevel Security Mode--AIS security mode of operation where all the following statements are satisfied concerning the users who have direct or indirect access to the system, its peripherals, remote terminals, or remote hosts: (1) Some users do not have a valid security clearance for all the information processed in the AIS. (2) All users have the proper security clearance and appropriate formal access approval for that information to which they have access. (3) All users have a valid need-to-know only for information to which they have access. See Mode of Operation.

Multilevel Security--Concept of processing information with different classifications and categories that simultaneously permits access by users with different security clearances, but which prevents users from gaining access to information for which they lack authorization.

Mutual Suspicion--Condition in which two entities need to rely upon each other to perform a service, yet neither entity trusts the other to properly protect shared data.

NAK Attack--Penetration technique that capitalizes on a potential weakness in an operating system that does not handle asynchronous interrupts properly and, thus, leaves the system in an unprotected state during such interrupts.

National Computer Security Assessment Program--Program designed to evaluate the interrelationship between data of computer security infractions and critical systems profiles, while comprehensively incorporating information from the CSTVRP. The assessment will build threat and vulnerability scenarios based on relevant reported cases.

National Computer Security Center (NCSC)--Responsible for encouraging the widespread availability of trusted computer systems throughout the Federal Government by creating national policy, performing software and hardware evaluations, writing standards, and so forth.

National Security Information--Information that has been determined, pursuant to Executive Order 12356 or any predecessor order, to require protection against unauthorized disclosure, and that is so designated.

National Security Systems--Telecommunications and AISs operated by the U.S. Government, its contractors, or agents, that contain classified information or, as set forth in Title 10, United States Code, Section 2315, that involve intelligence activities, cryptologic activities related to national security, command and control of military forces, equipment that is an integral part of a weapon or weapon system, or equipment that is critical to the direct fulfillment of military or intelligence missions.

Need to Know--A criterion used in security procedures that requires the custodians of classified information to establish, before disclosure, that the intended recipient must have access to the information to perform his or her official duties. (JP

Net Control Station (NCS)--A communications station designated to control traffic and enforce circuit discipline within a given net. (JP 1-02)

Network--An interconnected collection of autonomous computers.

Network Front End--Device that implements the needed security-related protocols to allow a computer system to be attached to a network.

Network Manager (NM)--The individual who is responsible for the operation of a network. See Computer System Manager (CSM).

Network Reference Monitor--Access control concept that refers to an abstract machine that mediates all access to objects within a network by subjects within the network. See Reference Monitor Concept.

Network Security--Protection of networks and their services from unauthorized modification, destruction, or disclosure, and provision of assurance that the network performs its critical functions correctly and there are no harmful side-effects. NOTE: Network security includes providing for data integrity.

Network Security Manager (NSM)--Term no longer used, see Network Security Officer (NSO).

Network Security Officer (NSO)--Individual formally appointed by a DAA to make sure the provisions of all applicable directives are implemented throughout the life cycle of an AIS network. See Information System Security Officer (ISSO).

Network System--System that is implemented with a collection of interconnected network components. NOTE: A network system is based on a coherent security architecture and design.

Network Trusted Computing Base (NTCB)--Totality of protection mechanisms within a network system, including hardware, firmware, and software, the combination of which is responsible for enforcing a security policy. See Trusted Computing Base (TCB).

Network Topology--Physical and logical relationship for network nodes. Networks are typically a star, ring, tree, or bus topology, or some hybrid thereof.

Network Weaving--Technique using different communication networks to gain access to an organization's system. For example, a perpetrator makes a call through AT&T, jumps over to Sprint, then to MCI, and then to Tymnet. The purpose is to avoid detection and trace-back to the source of the call.

Node--System or group of systems directly connected to a network.

Noncooperative Remote Rekeying--See Automatic Remote Rekeying.

Non-Discretionary Security--Aspect of DoD security policy that restricts access on the basis of security levels. A security level is composed of a read level and a category set restriction. For read-access to an item of information, a user must have a clearance level greater than or equal to the classification of the information, and have a category clearance that includes all the access categories specified for the information.

Non-Kernel Security-Related Software (NKSR)--Security-relevant software that is executed in the environment provided by a security kernel rather than as a part of the kernel itself.

Nonprocedural Language--Formal high-level language for the specification of program modules. Such languages express relations that hold between "input" and "output" values of program variables, without constraining the particular algorithms that implement the change.

Non-Removable Storage Media--Storage media such as a hard disk, that is internal to the system. Sometimes called "fixed" disk storage. Generally, this type of media is removed only when necessary for maintenance purposes. See Removable Storage Media.

Non-Repudiation--Method by which the sender of data is provided with proof of delivery and the recipient is assured of the sender's identity, so that neither can later deny having processed the data.

Non-Secret Encryption--See Public Key Cryptography (PKC).

Nonvolatile Memory--Media that retains information without power and makes the information available when power is restored. See Memory and Volatile Memory.

Notebook Computer--Small hand-carried computer, typically weighing seven pounds or less. See Laptop Computer.

Null--Dummy letter, letter symbol, or code group inserted in an encrypted message to delay or prevent its decryption, or to complete encrypted groups for transmission or transmission security purposes.

Object--Passive entity that contains or receives information. NOTE: Access to an object implies access to the information it contains. Examples of objects are: records, blocks, pages, segments, files, directories, directory trees and programs, as well as bits, words, fields, processors, video displays, keyboards, clocks, printers, and network nodes. See Domain and Subject.

Object Reuse--Reassignment of a storage medium (e.g., page frame, disk sector, magnetic tape) that contained one or more objects, after making sure no residual data remained on the storage medium.

Oersted--Unit of measure of the magnetizing force necessary to produce a desired magnetic flux across a surface. See Magnetic Field Intensity.

Off-Line Cryptosystem--Cryptosystem in which encryption and decryption are performed independently of the transmission and reception functions.

One-Part Code--Code in which plain text elements and their accompanying code groups are arranged in alphabetical, numerical, or other systematic order, so that one listing serves for both encoding and decoding. NOTE: One-part codes are normally small codes that are used to pass small volumes of low-sensitivity information.

One-Time Cryptosystem--Cryptosystem employing keys that are used only once.

One-Time Pad (OTP)--Manual one-time cryptosystem produced in pad form.

One-Time Passwords--Passwords that are changed after each use and are useful when the password is not adequately protected from compromise during login.

One-Time Tape (OTT)--Punched paper tape used to provide key streams on a one-time basis in certain machine cryptosystems.

On-Line Cryptosystem--Cryptosystem in which encryption and decryption are performed in association with the transmitting and receiving functions.

Open Security Environment--Environment that does not provide sufficient assurance that applications and equipment are protected against the introduction of malicious logic before or during the operation of a system. See Closed Security Environment.

Open Storage--Storage of classified information within an accredited facility, but not in General Services Administration-approved secure containers, while the facility is unoccupied by authorized personnel.

Operating System--Integrated collection of service routines for supervising the sequencing and processing of programs by a computer. Operating systems control the allocation of resources to users and their programs and play a central role in managing and operating a computer system. Operating systems may perform input and output, accounting, resource allocation, storage assignment tasks, and other system-related functions.

Operational Data Security--Protection of data from either accidental or unauthorized intentional modification, destruction, or disclosure during input, processing, or output operations.

Operational Key--Key intended for use on-the-air for protection of operational information or for the production of secure electrical transmission of key streams.

Operational Waiver--Authority for continued use of unmodified COMSEC end-items, pending the completion of a mandatory modification.

Operations Code (OPCODE)--Code composed largely of words and phrases that are suitable for general communications use.

Operations Security (OPSEC)--Process that denies to potential adversaries information about capabilities and, or intentions by identifying, controlling and protecting generally unclassified evidence of the planning and execution of sensitive activities.

Optional Modification--NSA-approved modification that is not required for universal implementation by all holders of a COMSEC end-item. NOTE: This class of modification requires all the engineering and doctrinal control of mandatory modification, but is usually not related to security, safety, TEMPEST, or reliability.

Orange Book--See DoD Trusted Computer System Evaluation Criteria (TCSEC).

Organizational Maintenance--Limited maintenance performed by a user organization.

Organization C4 Systems Security Office--Office charged with the responsibility for managing and executing the C4 systems security program for a unit.

Overt Channel--Communications path within a computer system or network that is designed for the authorized transfer of data. See Covert Channel.

Over-the-Air Key Distribution (OTAD)--Providing electronic key by over-the-air rekeying, over-the-air key transfer, or cooperative key generation.

Over-the-Air Key Transfer (OTAT)--Electronically distributing key without changing traffic encryption key used on the secured communications path over which the transfer is accomplished.

Over-the-Air Rekeying (OTAR)--Changing traffic encryption key or transmission security key in remote crypto-equipment by sending new key directly to the remote crypto-equipment over the communications path it secures.

Overwrite Procedure--Process that removes or destroys data recorded on an AIS storage medium by writing patterns of data over, or on top of, the data stored on the medium. See Magnetic Remanence.

Parity--Set of bits used to determine whether a block of data (key or data stored in computers) has been intentionally or unintentionally altered.

Partitioned Security Mode--AIS security mode of operation wherein all personnel have the clearance, but not the formal access approval and need-to-know, for all information handled by an AIS. NOTE: This security mode encompasses the compartmented mode and applies to non-intelligence DoD organizations and DoD contractors. See Compartmented Mode and Mode of Operation.

Passive Attack--Attack that does not result in an unauthorized state change, such as an attack that only monitors and, or records data. See Active Attack.

Passphrase--Sequence of characters, longer than the acceptable length of a password, that is transformed by a password system into a virtual password of acceptable length. See Password.

Password--Protected and private character string used to authenticate an identity or to authorize access to data.

Password Dialogue--Interactive communication between user and computer to enter and verify a password. See Handshaking Procedure.

Penetration--Unauthorized act of bypassing the security mechanisms of a cryptographic system or AIS.

Penetration Signature--Characteristics or identifying marks that may be produced by penetration.

Penetration Study--Study of the feasibility and methods to defeat system controls.

Penetration Testing--Security testing in which evaluators attempt to circumvent the security features of an AIS based on their understanding of the system design and implementation.

Per-Call Key--Unique traffic encryption key generated automatically by certain secure telecommunications systems to secure single voice or data transmissions. See Cooperative Key Generation (CKG).

Periods Processing--Processing of various levels of classified and unclassified information at distinctly different times. NOTE: Under periods processing, the system must be purged of all information from one processing period before transitioning to the next when there are different users with differing authorizations.

Peripheral Devices--Input and output devices and auxiliary storage units of a computer system.

Permissions--Description of the type of authorized interactions a subject can have with an object. Examples include read, write, execute, add, modify, and delete. See Read Down, Write Down, and Write Up.

Permuter--Device used in a crypto-equipment to change the order in which the contents of a shift register are used in various nonlinear combining circuits.

Personal Data--Information about an individual including, but not limited to, education, financial history, medical history, training, service records, employment history, criminal record, or other particulars, including name, aliases, identification numbers, fingerprints, voiceprint, or photograph. Personal data is subject to the Privacy Act of 1974.

Personal Password--Password that is known by one person and is used to authenticate that person's identity.

Personnel Security--Procedures established to ensure that all personnel who have access to sensitive information have the required authority, as well as appropriate clearances, and the need-to-know for the information.

Physical Control Space (PCS)--Spherical space surrounding electronic equipment used to process information under sufficient physical control to stop hostile intercept of compromising emanations. It is usually expressed in meters and can be controlled by fences, guards, patrols, walls, and so forth.

Physical Security--1. COMSEC: Component of COMSEC that results from all physical measures necessary to safeguard classified equipment, material, and information from access or observation by unauthorized persons. 2. AIS: Use of physical barriers and control procedures as preventive measures or countermeasures against threats to resources and sensitive information.

Piggyback--Method of gaining unauthorized access to a system by another user's legitimate connection. See Between-the-Lines Entry.

Plain Text--Unencrypted information.

Positive Control Material--Generic term referring to a sealed authenticator system; permissive action link; coded switch system; positive enable system; or nuclear command and control documents, material, or devices.

Practice Dangerous to Security (PDS)--A procedure that has the potential to jeopardize the security of COMSEC material if allowed to continue.

Preferred Products List (PPL)--List of commercially produced equipment that meet TEMPEST and other requirements prescribed by NSA. This list is included in the NSA Information Systems Security Products and Services Catalogue, issued quarterly and available through the Government Printing Office.

Preproduction Model (P Model)--Version of a crypto-equipment that employs standard parts and is in final mechanical and electrical form suitable for complete evaluation of form, design, and performance. NOTE: Preproduction models are often referred to as E-model equipment.

Print Suppression--Eliminating the displaying of characters to preserve their secrecy. NOTE: An example of print suppression is not displaying the characters of a password as it is keyed at the input terminal.

Privacy--An individual's right to determine the degree to which personal information will be shared, including control over the collection, storage, and dissemination of personal or organizational information.

Privacy Protection--Establishment of appropriate administrative, technical, and physical safeguards to ensure the security and confidentiality of data records. It also protects both security and confidentiality against anticipated threats or hazards that could result in substantial harm, embarrassment, inconvenience, or unfairness to any individual about whom such information is maintained.

Privacy System--Commercial encryption system that affords telecommunications limited protection to deter a casual listener, but cannot withstand a technically competent cryptanalytic attack.

Privilege--System environment functions controlled by the operating system and administered by the system manager.

Privileged Data--Data not subject to usual rules because of confidentiality imposed by law, such as chaplain, legal, and medical files.

Privileged Instructions--Set of instructions (e.g., interrupt handling or special computer instructions) to control features (such as storage protection features) that are generally executable only when the computer system is operating in the executive state.

Procedural Security--See Administrative Security.

Process--A systematic sequence of operations to produce a specified result.

Production Model--Crypto-equipment in its final mechanical and electrical form of production design made by use of production tools, jigs, fixtures, and methods using standard parts.

Profile--Detailed security description of the physical structure, equipment component, location, relationships, and general operating environment of an AIS.

Propagation of Risk--Spreading of risk in a network when a system with an accepted level of risk is connected to that network.

Proprietary Information (PROPIN)--Material and information relating to or associated with a company's products, business, or activities, including but not limited to: financial information; data or statements; trade secrets; product R&D; existing and future product designs and performance specifications; marketing plans or techniques; schematics; client lists; computer programs; processes; and know-how that have been clearly identified and properly marked as proprietary information, trade secrets, or company confidential information. NOTE: Trade secrets constitute the whole or any portion or phase of any technical information, design process, procedure, formula or improvement that is not generally available to the public, that a company considers company confidential and that could give or gives an advantage over competitors who do not know or use the trade secret.

Protected Communications--Telecommunications deriving their protection through use of type 2 products or data encryption standard equipment. See Secure Communications.

Protected Distribution System (PDS)--Wireline or fiber-optic telecommunications system that includes terminals and adequate acoustic, electrical, electromagnetic, and physical safeguards to permit its use for the unencrypted transmission of classified information.

Protection Critical--Portion of the TCB whose normal function is to deal with the control of access between subjects and objects, and whose correct operation is essential to the protection of data in the system.

Protection Equipment--Type 2 product or data encryption standard equipment that NSA has endorsed to meet applicable standards for the protection of telecommunications or AISs national security information.

Protection Mechanisms--See Security Features.

Protection Philosophy--Informal description of the overall design of an AIS that delineates each of the protection mechanisms used. NOTE: Combination, appropriate to the evaluation class, of formal and informal techniques used to show that the mechanisms are adequate to enforce the security policy.

Protection Ring--One of a hierarchy of privileged modes of an AIS that gives certain access rights to user programs and processes authorized to operate in a given mode.

Protective Packaging--Packaging techniques for COMSEC material that discourage penetration, reveal that a penetration has occurred or was attempted, or inhibit viewing or copying of keying material before the time it is exposed for use.

Protective Technologies--Special tamper-evident features and materials employed to detect tampering and deter attempts to compromise, modify, penetrate, extract, or substitute information processing equipment and keying material.

Protective Technology/Package Incident--Any penetration of information system security protective technology or packaging, such as a crack, cut, or tear.

Protocol--Set of rules and formats, semantic and syntactic, that permits entities to exchange information.

Pseudo-Flaw--Apparent loophole deliberately implanted in an operating system program as a trap for intruders.

Public Cryptography--Body of cryptographic and related knowledge, study, techniques, and applications that is, or is intended to be, in the public domain.

Public Domain Software--Software distributed without charge. Such software commonly does not have security protection features and is more susceptible to viruses. See Freeware and Shareware.

Public Key Cryptography (PKC)--Type of cryptography in which the encryption process is publicly available and unprotected, but in which a part of the decryption key is protected so that only a party with knowledge of both parts of the decryption process can decrypt the cipher text. NOTE: Commonly called non-secret encryption in professional cryptologic circles. FIREFLY is an application of public key cryptography.

Purge--Removal of data from an AIS, its storage devices, or other peripheral devices with storage capacity in such a way that the data may not be reconstructed. NOTE: An AIS must be disconnected from any external network before a purge. See Clearing and Declassification (of magnetic storage media).

QUADRANT--Short name referring to technology that provides tamper-resistant protection to crypto-equipment.

Random Access Memory (RAM)--Solid state storage device that enables data to be written in, changed, or read out repeatedly.

Randomizer--Analog or digital source of unpredictable, unbiased, and usually independent bits. NOTE: Randomizers can be used for several different functions, including key generation or to provide a starting state for a key generator.

Read--Fundamental operation in an AIS that results only in the flow of information from an object to a subject. See Access Type and Write.

Read Access--Permission to read information in an AIS. See Write Access.

Read Down--Ability of a subject to read objects classified at the subject's security level and below. Permission is provided through the security functions on a system and administered by the system manager. See Read Up, Write Down, and Write Up.

Read Up--Ability of a subject to read objects classified above the subject's security level. This should never happen. See Read Down, Write Down, and Write Up.

Read-Only Memory (ROM)--Permanently programmed semiconductor memory device that can read out data repeatedly and whose contents cannot be changed. See Firmware.

Real-Time Reaction--Immediate response to a penetration attempt that is detected and diagnosed in time to prevent access.

Recovery Procedures--Actions necessary to restore data files of an AIS and computational capability after a system failure.

Red--Designation applied to telecommunications and AISs, plus associated areas, circuits, components, and equipment, which, when classified plain text signals are being processed therein, require protection during electrical transmission.

Red/Black Concept--Separation of electrical and electronic circuits, components, equipment, and systems that handle classified plain text (Red) information, in electrical signal form, from those which handle unclassified (Black) information in the same form.

Red Key--Unencrypted key. See Black Key.

RednalTelecommunications or AIS signal that would divulge classified information if recovered and analyzed. NOTE: Red signals may be plain text, key, subkey, initial fill, control, or traffic flow related information.

Reference Monitor Concept--Access control concept that refers to an abstract machine that mediates all accesses to objects by subjects.

Reference Validation Mechanism--Portion of a TCB, the normal function of which is to control access between subjects and objects, and the correct operation of which is essential to the protection of data in the system. NOTE: This is the implementation of reference monitor. See Trusted Computing Base (TCB).

Release Prefix--Prefix appended to the short title of United States-produced keying material to indicate its foreign releasability. NOTE: "A" designates material that is releasable to specific allied nations and "US" designates material intended exclusively for United States use.

Reliability--The ability of a system and its parts to perform its mission without failure, degradation, or demand on the support system. (AFM 11-1)

Remanence--Residual information that remains on storage media after erasure. See Magnetic Remanence.

Remote Rekeying--Procedure by which a distant crypto-equipment is rekeyed electrically. See Automatic Remote Rekeying and Manual Remote Rekeying.

Remote Terminal Area--Any location with computers, peripheral devices, or terminals outside the facility housing the central computer or network that they are connected to. Each remote terminal area has a TASO appointed to monitor the security for the area.

Removable Storage Media--Storage media, such as a Bernoulli disk, that can be removed easily and transferred to a compatible system or secured.

Repair Action--An NSA-approved change to a COMSEC end item that does not affect the original characteristics of the end item and is provided for optional application by holders. NOTE: Repair actions are limited to minor electrical and, or mechanical improvements to enhance operation, maintenance, or reliability. They do not require an identification label, marking, or control, but must be fully documented by changes to the maintenance manual.

Reserve Keying Material--Key held to satisfy unplanned needs. See Contingency Key.

Resident Memory--Section of the CPU that, during processing, holds program instructions, input data, calculation results, and data to be output. Also called internal storage, main memory, or primary memory.

Residual Risk--Portion of risk that remains after security measures have been applied.

Residue--Data left in storage after automated information processing operations are complete, but before degaussing or overwriting has taken place.

Resource--Any function, device, or data collection that may be allocated to users or programs (i.e., memory, tape drives, disk space, and so forth).

Resource Encapsulation--Method by which the reference monitor mediates accesses to an AIS resource. NOTE: Resource is protected and not directly accessible by a subject. Satisfies requirement for accurate auditing of resource usage.

Resource Sharing--Concurrent use of a resource by more than one user, job, or program.

Restricted Area--Area under military jurisdiction in which special security measures are employed to prevent unauthorized entry.

Risk--Probability that a particular threat will exploit a particular vulnerability of the system.

Risk Analysis--See Risk Assessment.

Risk Assessment--Process of analyzing threats to and vulnerabilities of an information system, and the potential impact that the loss of information or capabilities of a system would have on national security and using the analysis as a basis for identifying appropriate and cost-effective measures.

Risk Index--Difference between the minimum clearance or authorization of AIS users and the maximum sensitivity (e.g., classification and categories) of data processed by an AIS.

Risk Management--Process concerned with the identification, measurement, control, and minimization of security risks in information systems.

Safeguards--See Security Safeguards.

Safeguarding Statement--Statement affixed to a computer output or printout that states the highest classification being processed at the time the product was produced, and requires control of the product, at that level, until determination of the true classification by an authorized person.

Salami Technique--Pertains to fraud spread over a large number of individual transactions (e.g., a program that does not round off figures but diverts the leftovers to a personal account)

Sample Key--Key intended for off-the-air demonstration use only.

Sanitize--Remove or edit classified or sensitive data so that what remains is of a lower classification or sensitivity than the original data.

Scavenging--Searching through object residue to acquire data.

Scratch Pad Store (SPS)--Momentary key storage in crypto-equipment.

Secure Communications--Telecommunications deriving security through use of Type 1 products and, or protected distribution systems. See Protected Communications.

Secure Configuration Management--Procedures appropriate for controlling changes to a system's hardware and software structure to make sure changes will not lead to violations of the system's security policy.

Secure Operating System--Resident software that controls hardware and other software functions in an AIS to provide a level of protection or security appropriate to the classification, sensitivity, and, or criticality of the data and resources it manages.

Secure State--Condition in which no subject can access any object in an unauthorized manner.

Secure Subsystem--Subsystem that contains its own implementation of the reference monitor concept for those resources it controls. NOTE: Secure subsystem must depend on other controls and the base operating system for the control of subjects and the more primitive system objects.

Security Architecture--Detailed description of all aspects of the system that relate to security, along with a set of principles to guide the design.

Security Critical Mechanisms--Security mechanisms whose correct operation is necessary to ensure that the security policy is enforced.

Security Domains (Class B3)--Advanced TCB that provides highly effective and mandatory access controls. Significant security and software engineering must be accomplished during the design, implementation, and testing phases to achieve the required level of confidence, or trust. Operational support features extend auditing capabilities as well as other functions needed for a trusted system recovery.

Security Engineering--See Data Protection Engineering.

Security Environment--Environmental security factors, in a specific location, which keep a system from being exploited or deactivated.

Security Evaluation--Determination of the degree of trust placed in a system for the secure handling of sensitive information. The evaluation is performed on the hardware and software features and assurances of a computer product from a perspective excluding the application environment. The system evaluation assesses security safeguards regarding a specific operational mission and is a major step in the risk management process.

Security Fault Analysis (SFA)--Assessment, usually performed on information systems hardware, to determine the security properties of a device when a hardware fault is encountered.

Security Features--Security-relevant functions, mechanisms, and characteristics of system hardware and software. Security features are a subset of system security safeguards.

Security Filter--AIS-trusted subsystem that enforces security policy on the data that passes through it.

Security Flaw--Error of commission or omission in an AIS that may allow protection mechanisms to be bypassed. See Flaw.

Security Flow Analysis--Security analysis performed on a formal system specification that locates potential flows of information within the system.

Security Incident--Any act or circumstance involving classified information in which there is a deviation from the requirements of the governing security regulations. Administrative deviation, need-to-know violation, inadvertent disclosure, and compromise are examples of security incidents.

Security Inspection--Examination of an AIS to determine compliance with security policy, procedures, and practices.

Security Kernel--Hardware, firmware, and software elements of a TCB that implement the reference monitor concept. NOTE: Security kernel must mediate all accesses, be protected from modification, and be verifiable as correct.

Security Label--Piece of information that represents the sensitivity of a subject or object, such as its hierarchical classification (CONFIDENTIAL, SECRET, TOP SECRET) together with any applicable non-hierarchical security categories (e.g., SCI, critical nuclear weapon design information). See Label.

Security Level--Combination of classification levels and a set of categories, including sensitive unclassified categories, that represents the sensitivity of the information. See Access Level and Category.

Security Measures--Elements of software, firmware, hardware, or procedures used to satisfy security specifications.

Security Mode--Mode of operation in which the accredits a computer system to operate. Inherent with each of the security modes are restrictions on the user clearance levels, formal access requirements, need-to-know requirements, and the range of sensitive information permitted in the system. See Mode of Operation.

Security Perimeter--Boundary where security controls are in effect to protect AIS assets.

Security Policy--Set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information.

Security Policy Model--See Formal Security Policy Model.

Security Range--Highest and lowest security levels permitted in or on an AIS, system component, subsystem, or network.

Security Requirements--Types and levels of protection necessary for equipment, data, information, applications, and facilities to meet security policy.

Security Requirements Baseline--Description of minimum requirements necessary for an AIS to maintain an acceptable level of security.

Security Safeguards--Protective measures and controls prescribed to meet the security requirements specified for an AIS. NOTE: Safeguards may include security features, as well as management constraints, personnel security, and security of physical structures, areas, and devices. See Accreditation.

Security Specification--Detailed description of the safeguards required to protect an AIS.

Security Test and Evaluation (ST&E)--Examination and analysis of the safeguards required to protect an AIS, as they have been applied in an operational environment, to determine the security posture of that system.

Security Testing--Process to determine that an AIS protects data and maintains functionality as intended. NOTE: Security testing may reveal vulnerabilities beyond the scope of the AIS design.

Seed Key--Initial key used to start an updating or key generation process.

Seepage--Accidental flow of data to unauthorized individuals, access to which is presumed to be controlled by computer security safeguards.

Self-Authentication--Implicit authentication, to a predetermined level, of all transmissions on a secure communications system.

Sensitive Information (SI)--Information, the loss, misuse, or unauthorized access to or modification of which could adversely affect the national interest or the conduct of Federal programs, or the privacy to which individuals are entitled under Title 5, United States Code, Section 552a (the Privacy Act), but that has not been specifically authorized under criteria established by an executive order or an act of congress to be kept secret in the interest of national defense or foreign policy. NOTE: Systems that are not national security systems, but contain sensitive information are to be protected according to the requirements of the Computer Security Act of 1987 (P.L. 100-235).

Sensitivity and Criticality Assessment--Study to determine the value of a computer system by taking into account the cost, capability, and jeopardy to mission accomplishment or human life associated with the system.

Sensitivity Label--Piece of information that represents elements of the security label of a subject and an object. NOTE: Sensitivity labels are used by the TCB as the basis for mandatory access control decisions. See Label.

Service Interruption Hazard--Probability that an action may occur which would affect the operational integrity of a system.

Shareware--Software freely distributed with the understanding that users will voluntarily pay for it if they continue to use it after a short (typically 30 days) trial period. Shareware is not synonymous with freeware. See Freeware and Public Domain Software.

Shielded Enclosure--Room or container designed to attenuate electromagnetic radiation.

Short Title--A short identifying combination of letters and, or numbers assigned to a document or device for purposes of brevity and, or security. (JP 1-02)

Signal Security--A generic term that includes both COMSEC and ELSEC. (JP 1-02)

Significant Modification--Any modification to the AIS or facility that affects the accredited safeguards or results in changes to the prescribed security requirements.

Simple Security Condition--See Simple Security Property.

Simple Security Property--Bell-La Padula security model rule allowing a subject read access to an object only if the security level of the subject dominates the security level of the object.

Single-Level Device--AIS device that is not trusted to properly maintain and separate data to different security levels.

Single Point Keying (SPK)--Means of distributing key to multiple local crypto-equipment or devices from a single fill point.

Smart Terminal--Terminal with a built-in processor that can perform specific functions such as editing data and controlling other terminals.

Software--A set of computer programs, procedures, and associated documentation concerned with the operation of a data processing system (e.g., compilers, library routines, manuals, circuit diagrams). (JP 1-02)

Software Development Methodologies--Methodologies for specifying and verifying design programs for system development. Each methodology is written for a specific computer language. See Enhanced Hierarchical Development Methodology, Formal Development Methodology (FDM), Gypsy Verification Environment, and Hierarchical Development Methodology (HDM).

Software Security--General purpose (e.g., executive, utility, or software development tools) and applications programs or routines that protect data handled by a system.

Software System Test and Evaluation Process--Process that plans, develops, and documents the quantitative demonstration of the fulfillment of all baseline functional performance, operational, and interface requirements.

Special Markings--Markings used on certain classified documents to indicate that the document has special access or handling requirements.

Special Mission Modification--Modification that applies only to a specific mission, purpose, operational, or environmental need. NOTE: Special mission modifications may be either optional or mandatory.

Speech Privacy--Techniques that use fixed sequence permutations or voice and speech inversion to render speech unintelligible to the casual listener.

Spelling Table--See Syllabary.

Split Knowledge--Separation of data or information into two or more parts, each part constantly kept under control of separate authorized individuals or teams, so that no one individual or team will know the whole data.

Spoofing--Any technique by which sensitive information or commands may be substituted or stopped without the knowledge of authorized personnel involved. (AFM 11-1)

Spread Spectrum--Telecommunications techniques in which a signal is transmitted in a bandwidth considerably greater than the frequency content of the original information. NOTE: Frequency hopping, direct sequence spreading, time scrambling, and combinations of these techniques are forms of spread spectrum.

Stand-Alone, Shared System--AIS that is physically and electrically isolated from all other systems and is intended to be used by more than one person, either simultaneously (e.g., a system with multiple terminals) or serially, with data belonging to one user remaining available to the system while another user is using the system (e.g., a personal computer with nonremovable storage media such as a hard disk).

Stand-Alone, Single-User System--AIS that is physically and electrically isolated from all other systems and is intended to be used by one person at a time, with no data belonging to other users remaining in the system (e.g., a personal computer with removable storage media such as a floppy disk).

Star Property (*-Property)--Bell-La Padula security model rule allowing a subject write access to an object only if the security level of the object dominates the security level of the subject.

Start-Up KEK--Key encryption key held in common by a group of potential communicating entities and used to establish ad hoc tactical nets.

State Delta Verification System--System designed to give high confidence regarding microcode performance by using formulae that represent isolated states of a computation to check proofs concerning the course of that computation.

State Variable--Variable that represents either the state of an AIS or the state of some system resource.

Storage Object--Object that supports both read and write accesses to an AIS.

Structured Protection (Class B2)--Enhanced-level TCB that provides intermediate-level mandatory access control protection features, as well as enhanced DAC features. Sensitivity labels are used to enforce access control decisions and are based on a formally specified security policy model that documents rules for how each subject (users, programs) may access every object (files, records). Operational support features are provided, such as a TFM, system security officer, and administrator functions, and stringent configuration management practices.

Subassembly--Major subdivision of a cryptographic assembly that consists of a package of parts, elements, and circuits that performs a specific function.

Subject--Active entity in an AIS, generally in the form of a person, process, or device that causes information to flow among objects or changes the system state. See Domain and Object.

Subject Security Level--Sensitivity label of the objects to which the subject has both read and write access. NOTE: Security level of a subject must always be dominated by the clearance level of the user with which the subject is associated.

Subsystem--Component of an AIS, which may be software or hardware, that performs a specific function or functions.

Superencryption--Process of encrypting encrypted information. NOTE: Occurs when a message, encrypted off-line, is transmitted over a secured, on-line circuit, or when information encrypted by the originator is multiplexed onto a communications trunk, which is then bulk encrypted.

Supersession--Scheduled or unscheduled replacement of a COMSEC aid with a different edition.

Supervisor State--See Executive State.

Suppression Measure--Action, procedure, modification, or device that reduces the level of, or inhibits the generation of, compromising emanations in a telecommunications or AIS.

Survivability--Capability of a system to accomplish its mission in the face of an unnatural (manmade) hostile, scenario-dependent environment. Survivability may be achieved by avoidance, hardness, proliferation, or reconstitution (or a combination). (AFM 11-1)

Susceptibility--Inability of a system to prevent: (1) An electronic compromise of national scurity iormation or, (2) Detrimental effects on its operational integrity.

Syllabary--List of individual letters, combination of letters, or syllables, with their equivalent code groups, used for spelling out words or proper names not present in the vocabulary of a code. NOTE: A syllabary is also called a spelling table.

Synchronous Crypto-Operation Method of on-line crypto-operation in which crypto-equipment and associated terminals have timing systems to keep them in step.

System--See Automated Information System (AIS).

System Development Methodologies--Methodologies developed through software engineering to manage the complexity of system development. NOTE: Development methodologies include software engineering aids and high-level design analysis tools.

System Environment--1. Configuration of an AIS. 2. Physical conditions of temperature, humidity, and so forth.

System High--Highest security level supported by an AIS. See System Low.

System High Mode or System High Security Mode--AIS security mode of operation where each user with direct or indirect access to the AIS, its peripherals, remote terminals, or remote hosts, has all the following: (1) Valid security clearance for all information within an AIS. (2) Formal access approval and signed non-disclosure agreements for all the information stored and, or processed (including all compartments and, or special access programs). (3) Valid need-to-know for some of the information contained within the AIS. See Mode of Operation.

System Indicator--Symbol or group of symbols in an off-line encrypted message that identifies the specific cryptosystem or key used in the encryption.

System Integrity--Quality that an AIS has when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.

System Low--Lowest security level supported by an AIS. See System High.

System Manager--Term no longer used. See Computer System Manager (CSM).

System Security--A condition resulting from the timely application of system security management and engineering principles throughout all phases of a system's life cycle. It can be measured with relative probability (i.e., that under a known set of circumstances [vulnerability versus countermeasures]), the probability that acts of illicit interference against a system could achieve a specific objective without an effective preemptive response by the operating command. (AFM-1)

System Security Engineering--An element of system engineering that applies scientific and engineering principles to identify security vulnerabilities and minimize or contain risks associated with these vulnerabilities. It uses mathematical, physical, and related scientific disciplines, and the principles and methods of engineering design and analysis to specify, predict, and evaluate the vulnerability of the system to security threats. (AFM 11-1)

System Security Evaluation--Determination of the risk associated with the use of a given system, considering its vulnerabilities and perceived security threat.

System Security Management Plan--A formal document that fully describes the planned security tasks required to meet system security requirements.

System Security Officer (SSO)--See Information System Security Officer (ISSO).

System Software--Routines and programs designed to extend or facilitate the use of particular automated equipment. System software is usually provided by the vendor and is essential for system operation. Some examples are operating systems, compilers, and assemblers.

Tampering--Unauthorized modification that alters the proper functioning of a cryptographic or AIS security equipment or system in a manner that degrades the security or functionality it provides.

Tape Mixer--Teletypewriter security equipment that encrypts plain text and decrypts cipher text by combining them with a key stream from a one-time tape.

Technical Attack--Attack that can be perpetrated by circumventing or nullifying hardware or software protection mechanisms rather than by subverting system personnel or other users.

Technical Penetration--Deliberate penetration of a security area by technical means to gain unauthorized interception of information-bearing energy.

Technical Security Hazard--Condition that could permit the technical penetration of an area through equipment that by reason of its normal design, installation, operation, maintenance, or damaged condition, allows the unauthorized transmission of classified information.

Technical Security Material--Equipment, components, devices, and associated documentation or other media that pertains to cryptography or the securing of telecommunications and AISs.

Technical Vulnerability--Hardware, firmware, or software flaw that leaves a computer processing system open for potential exploitation. The possible exploitation can be either from an external or internal source, thereby resulting in risk for the owner, user, or manager of the system.

Telecommunication--Any transmission, emission, or reception of signs, signals, writings, images, sounds, or information of any nature by wire, radio, visual, or other electromagnetic systems. (JP 1-02)

Telecommunications and Automated Information Systems Security (TAISS)--Protection afforded to telecommunications and AISs, to prevent exploitation through interception, unauthorized electronic access, or related technical intelligence threats and to ensure authenticity. NOTE: Such protection results from the application of security measures (including cryptosecurity, transmission security, emission security, and COMPUSEC) to systems that generate, store, process, transfer, or communicate information of use to an adversary, and includes the physical protection of technical security material and technical security information.

Telecommunications Security (TSEC)--See Communications Security (COMSEC).

Teleprocessing--The combining of telecommunications and computer operations interacting in the automatic processing, reception, and transmission of data and/or information. (JP 1-02)

TEMPEST--An unclassified term referring to technical investigation for compromising emanations from electrically operated information processing equipment; these investigations are conducted in support of emanations and emissions security. (Approved by JMTGM 22 Dec 93) See Compromising Emanations.

TEMPEST Test--Laboratory or on-site test to determine the nature of compromising emanations associated with a telecommunications or AIS.

TEMPEST Zone--Defined area within a facility where equipment with appropriate TEMPEST characteristics (TEMPEST zone assignment) may be operated without emanating electromagnetic radiation beyond the controlled space boundary of the facility. NOTE: Facility TEMPEST zones are determined by measuring electromagnetic attenuation provided by a building's properties and the free space loss to the controlled space boundary. Equipment TEMPEST zone assignments are based on the level of compromising emanations produced by the equipment.

Terminal Area Security Officer (TASO)--Individual responsible for security-related issues for terminals at a remote terminal area. The TASO receives guidance from the CSSO or NSO, and provides status and other reports to the CSSO or NSO.

Terminal Identification--Means used to uniquely identify a terminal to an AIS.

Test Key--Key intended for on-the-air testing of COMSEC equipment or systems.

Threat--Capabilities, intentions, and attack methods of adversaries to exploit, or any circumstance or event with the potential to cause harm to information or an information system.

Threat Agent--Method used to exploit a vulnerability in a system, operation, or facility.

Threat Analysis--Process of studying information to identify the nature of and elements comprising a threat.

Threat Assessment--Process of formally evaluating the degree of threat to an information system and describing the nature of the threat.

Threat Monitoring--Analysis, assessment, and review of AIS audit trails and other data collected to search out system events that may constitute violations or attempted violations of data or system security.

Ticket-Oriented--Computer protection system in which each subject maintains a list of unforgettable bit patterns called tickets, one for each object that a subject is authorized to access. See List-Oriented.

Time Bomb--Logic bomb for which the logic trigger is time.

Time Compliance Date (TCD)--Date by which a mandatory modification to a COMSEC end item must be incorporated if the item is to remain approved for operational use.

Time-Dependent Password--Password that is valid only at a certain time of day or during a specified interval of time.

Top-Level Specification--Nonprocedural description of system behavior at the most abstract level; typically, a functional specification that omits all implementation details.

Traditional COMSEC Program--COMSEC program in which NSA acts as the central procurement agency for the development and, in some cases, the production of COMSEC items. NOTE: This includes the AVP and user partnerships. Modifications to the COMSEC end items used in products developed and, or produced under these programs must be approved by NSA.

Traffic Analysis (TA)--Study of communications characteristics external to the text.

Traffic Encryption Key (TEK)--Key used to encrypt plain text or to superencrypt previously encrypted text and, or to decrypt cipher text.

Traffic Flow Security (TFS)--The protection resulting from features, inherent in some cryptoequipment, which conceal the presence of valid messages on a communications circuit, normally achieved by causing the circuit to always appear busy. (JP 1-02)

Traffic Padding--Generation of spurious communications or data units to disguise the amount of real data units being sent.

Training Key--Cryptographic key intended for on-the-air or off-the-air training.

TranquillityProperty whereby the security level of an object cannot change while the object is being processed by an AIS.

Transmission Security (TRANSEC)--The component of communications security that results from all measures designed to protect transmissions from interception and exploitation by means other than cryptanalysis. (JP 1-02)

Transmission Security Key (TSK)--Key that is used in the control of transmission security processes, such as frequency hopping and spread spectrum.

Trap Door--Hidden software or hardware mechanism that can be triggered to permit protection mechanisms in an AIS to be circumvented. NOTE: A trap door is usually activated in some innocent-appearing manner (e.g., a special random key sequence at a terminal). Software developers often write trap doors in their code that enable them to reenter the system to perform certain functions.

Trojan Horse--Computer program containing an apparent or actual useful function that contains additional (hidden) functions that allow unauthorized collection, falsification, or destruction of data.

Trusted Computer System--AIS that employs sufficient hardware and software assurance measures to allow simultaneous processing of a range of classified or sensitive information.

Trusted Computing Base (TCB)--Totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination of which is responsible for enforcing a security policy. NOTE: The ability of a TCB to correctly enforce a unified security policy depends on the correctness of the mechanisms within the TCB, the protection of those mechanisms to ensure their correctness, and the correct input of parameters related to the security policy.

Trusted Distribution--Method for distributing TCB hardware, software, and firmware components, both originals and updates, that provides protection of the TCB from modification during distribution, and for the detection of any changes.

Trusted Facility Manual (TFM)--Manual which documents the operational requirements; security environment; hardware and software configurations and interfaces; all security procedures, measures, and features; and the contingency plans for continued operations in case of a local disaster.

Trusted Identification Forwarding--An identification method used in AIS networks where the sending host can verify that an authorized user is attempting a connection to another host. NOTE: The sending host transmits the required user authentication information to the receiving host. The receiving host can then verify that the user is validated for access to the system. This operation may be transparent to the user.

Trusted Network--Network that employs sufficient hardware and software integrity measures to allow its use for processing simultaneously a range of sensitive or classified information.

Trusted Path--Mechanism by which a person using a terminal can communicate directly with the TCB. NOTE: Trusted path can only be activated by the person or the TCB and cannot be imitated by untrusted software.

Trusted Process--Process that has privileges to circumvent the system security policy and has been tested and verified to operate only as intended. See Untrusted Process.

Trusted Software--Software portion of the TCB.

Trusted System--See Trusted Computer System.

TSEC Nomenclature--System for identifying the type and purpose of certain items of COMSEC material. NOTE: TSEC is derived from telecommunications security.

Two-Part Code--Code consisting of an encoding section, in which the vocabulary items (with their associated code groups) are arranged in alphabetical or other systematic order, and a decoding section, in which the code groups (with their associated meanings) are arranged in a separate alphabetical or numeric order.

Two-Person Control (TPC)--Continuous surveillance and control of positive control material always by a minimum of two authorized individuals, each capable of detecting incorrect and unauthorized procedures concerning the task being performed, and each familiar with established security and safety requirements.

Two-Person Integrity (TPI)--System of storage and handling designed to prohibit individual access to certain COMSEC keying material by requiring the presence of at least two authorized persons, each capable of detecting incorrect or unauthorized security procedures concerning the task being performed. NOTE: TPI procedures differ from COMSEC no-lone zone procedures in that, under TPI controls, two authorized persons must directly participate in the handling and safeguarding of the keying material (as in accessing storage containers, transportation, keying or rekeying operations, and destruction). COMSEC no-lone zone controls are less restrictive in that the two authorized persons need only to be physically present in the common area where the material is located. TPC refers to nuclear command and control COMSEC material while TPI refers only to COMSEC keying material.

Type Accreditation--DAA authorization to employ a number of systems in a specified operational environment. To be type accredited, the systems must have similar characteristics, such as same function, physical environment, operating system, security subsystem, and so on. See Accreditation.

Type 1 Magnetic Media--See Magnetic Media.

Type 2 Magnetic Media--See Magnetic Media.

Type 1 Product--Classified or CCI endorsed by NSA for securing classified and sensitive U.S. Government information, when appropriately keyed. NOTE: The term refers only to products, not to information, key, services, or controls. Type 1 products contain classified NSA algorithms. They are available to U.S. Government users, their contractors, and Federally sponsored non-U.S. Government activities subject to export restrictions according to the International Traffic in Arms Regulation.

Type 2 Product--Unclassified cryptographic equipment, assembly, or component, endorsed by NSA, for use in telecommunications and AISs for the protection of national security information. NOTE: The term refers only to products, not to information, key, services, or controls. Type 2 products may not be used for classified information, but contain classified NSA algorithms that distinguish them from products containing the unclassified data encryption standard algorithm. Type 2 products are available to U.S. Government departments and agencies and sponsored elements of state and local governments, sponsored U.S. Government contractors, and sponsored private sector entities. Type 2 products are subject to export restrictions according to the International Traffic in Arms Regulation.

Type 3 Algorithm--Cryptographic algorithm that has been registered by NIST and has been published as a FIPS for use in protecting unclassified sensitive information or commercial information.

Type 4 Algorithm--Unclassified cryptographic algorithm that has been registered by NIST, but is not a FIPS.

Unauthorized Disclosure--The disclosure of information to individuals not authorized to receive it.

Unclassified--Information that has not been determined, per Executive Order 12356 or any predecessor order, to require protection against unauthorized disclosure and that is not designated as classified.

Untrusted Process--Process that has not been tested and verified for adherence to the security policy. NOTE: Untrusted process may include incorrect or malicious code that attempts to circumvent the security mechanisms. See Trusted Process.

Updating--Automatic or manual cryptographic process that irreversibly modifies the state of a COMSEC key, equipment, device, or system.

User--Person or process accessing an AIS by direct connections (i.e., through terminals) or indirect connections. NOTE: "Indirect connection" relates to persons who prepare input data or receive output that is not reviewed for content or classification by a responsible individual.

User Identification (User ID)--Unique symbol or character string that is used by an AIS to uniquely identify a specific user.

User Partnership Program (UPP)--Partnership between NSA and a U.S. Government department or agency to facilitate the development of secure information processing and communications equipment incorporating NSA-approved cryptographic security.

User Profile--Patterns of a user's activity on an AIS that can be used to detect changes in normal routines.

U.S.-Controlled Facility--Base or building, access to which is physically controlled by U.S. persons who are authorized U.S. Government or U.S. Government contractor employees.

U.S.-Controlled Space--Room or floor within a facility that is not a U.S.-controlled facility, access to which is physically controlled by U.S. persons who are authorized U.S. Government or U.S. Government contractor employees. NOTE: Keys or combinations to locks controlling entrance to U.S.-controlled spaces must be under the exclusive control of U.S. persons who are U.S. Government or U.S. Government contractor employees.

U.S. Person--United States citizen or resident alien.

Vaccines--Program that "injects" itself into an executable program to perform a signature check and warns if there have been any changes. See Anti-Virus Program.

Validation--Process of applying specialized security test and evaluation procedures, tools, and equipment needed to establish acceptance for joint use of an AIS by one or more departments or agencies and their contractors. NOTE: This action will include, as necessary, final development, evaluation, and testing, before acceptance by senior security test and evaluation staff specialists.

Valid Password--Personal password that authenticates the identity of an individual when presented to a password system or an access password that will allow the requested access when presented to a password system.

Variant--One of two or more cipher or code symbols that have the same plain text equivalent. (JP 1-02)

Verification--The process of comparing two levels of an AIS specification for proper correspondence (e.g., security policy model with TLS, TLS with source code, or source code with object code). NOTE: This process may or may not be automated.

Verified Design--Computer protection class in which formal security verification methods are used to assure that the AIS mandatory and discretionary security controls can effectively protect classified and sensitive information stored in, or processed by, the system. NOTE: Class A1 system is verified design.

Virtual Password--AIS password computed from a passphrase that meets the requirements of password storage (e.g., 64 bits).

Virus--Self replicating, malicious program segment that attaches itself to an application program or other executable system component and leaves no external signs of its presence.

Volatile Memory--Media that retains information only as long as power is applied. See Nonvolatile Memory and Memory.

Vulnerability--The characteristics of a system which cause it to suffer a definite degradation (incapability to perform the designated mission) as a result of having been subjected to a certain level of effects in an unnatural (manmade) hostile environment. (JP 1-02)

Vulnerability Analysis--Systematic examination of an information system or product to determine the adequacy of security measures, identify security deficiencies, provide data from which to predict the effectiveness of proposed security measures, and confirm the adequacy of such measures after implementation.

Vulnerability Assessment--Measurement of vulnerability that includes the susceptibility of a particular system to a specific attack and the opportunities available to a threat agent to mount that attack. NOTE: This process may or may not be automated. See Risk Assessment.

Wide Area Network (WAN)--Computer network that services a large area. WANs typically span large areas (i.e., states, countries, continents) and are owned by multiple organizations. See Local Area Network (LAN) and Network.

Wiretapping--Attaching an unauthorized device, such as a computer terminal, to a communications circuit to gain access to data by generating false messages or control signals, or by altering legitimate users' communications.

Work Factor--Estimate of the effort or time needed by a potential penetrator, with specified expertise and resources, to overcome a protective measure. NOTE: In cryptography, a work factor is the number of computer binary operations needed to guarantee that a particular key will not be recovered through cryptanalysis.

Worm--Independent program that replicates from machine to machine across network connections, often clogging networks and computer systems as it spreads.

Write--Fundamental operation in an AIS that results only in the flow of information from a subject to an object. See Access Type.

Write Access--Permission to write to an object in an AIS. See Read Access.

Write Down--Ability of a subject to write data to an object that is classified at a lower level than the subject's security level. This is normally not allowed. See Read Down, Read Up, and Write Up.

Write Up--Ability of a subject to write data to an object that is classified at a higher level than the subject's security level. Permission is provided through the security functions of a system and administered by the system manager. See Read Down, Read Up, and Write Down.

Zeroize--Remove or eliminate the key from a crypto-equipment or fill device.

DCS Command, Control, Communications, and Computer