Complete Security Glossary

A
access
1.(COMSEC) Capability and opportunity to gain knowledge of or to alter information or material. 2. (AIS) Ability and means to communicate with (i.e. input to or receive output from), or otherwise make use of any information, resource, or component in an AIS. NOTE: An individual does not have "access" if the proper authority or a physical, technical, or procedural measure prevents them from obtaining knowledge or having an opportunity to alter information, material, resources, or components.
access control
Process of limiting access to the resources of an AIS only to authorized users, programs, processes, or other systems. 
access control list
Mechanism implementing discretionary access control in an AIS that identifies the users who may access an object and the type of access to the object that a user is permitted.
access control mechanism
Security safeguards designed to detect and prevent unauthorized access, and to permit authorized access in an AIS. 
access level
Hierarchical portion of the security level used to identify the sensitivity of AIS data and the clearance or authorization of users. NOTE: Access level, in conjunction with the non-hierarchical categories, forms the sensitivity label of an object. See category.
access list
1.(COMSEC) Roster of persons authorized admittance to a controlled area. 2. (AIS) Compilation of users, programs, and/or processes and the access levels and types to which each is authorized.
access period
Segment of time, generally expressed in days or weeks, during which access rights prevail.
access port
Logical or physical identifier a computer uses to distinguish different terminal input/output data streams or the physical connection for attaching an external device. 
access type
Privilege to perform an action on a program or file. NOTE: Read, write, execute, append, modify, delete, and create are examples of access types. 
accessible space
Area within which the user is aware of all persons entering and leaving, which denies the opportunity for concealed TEMPEST surveillance, and which delineates the closest point of potential tempest intercept from a vehicle. 
accountability
1.(COMSEC) Principle that an individual is responsible for safeguarding and controlling of COMSEC equipment, keying material, and information entrusted to his/her care and is answerable to proper authority for the loss or misuse of that equipment or information.
accountability
1.(AIS) Property that allows auditing of activities on an AIS to be traced to persons who may then be held responsible for their actions.
accounting legend code
Numeric code used to indicate the minimum accounting controls required for items of accountable COMSEC material within the COMSEC Material Control System. NOTE: National-level accounting legend codes are: ALC-l - continuously accountable by serial number. ALC-2 - continuously accountable by quantity. ALC-4 - report of initial receipt required. After acknowledging receipt, users may control in accordance with Service, department, or agency directives. 
accounting number
Number assigned to an item of COMSEC material to facilitate its control. 
accreditation
Formal declaration by a designated approving authority that an AIS is approved to operate in a particular security mode using a prescribed set of safeguards.
accreditation authority
Synonymous with designated approving authority. 
add-on security
Incorporation of new hardware, software, or firmware safeguards in an operational AIS.
adversary
Person or organization that must be denied access to critical information. 
alternate COMSEC custodian
Person designated by proper authority to perform the duties of the COMSEC custodian during the temporary absence of the COMSEC custodian. 
anti-jam
Measures to ensure that intended transmitted information can be received despite deliberate jamming attempts. 
anti-spoof
Measures to prevent an opponent's participation in a telecommunications network or operation/control of a cryptographic or COMSEC system.
assembly
Group of parts, elements, subassemblies, or circuits that are removable items of COMSEC equipment. 
assurance
Measure of confidence that the security features and architecture of an AIS accurately mediate and enforce the security policy. 
attack
Act of trying to defeat AIS safeguards. 
audit
Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures, and to recommend necessary changes in controls, policies, or procedures.
audit trail
Chronological record of system activities to enable the reconstruction and examination of the sequence of events and/or changes in an event. NOTE: Audit trail may apple to information in an AIS, to message routing in a communications system, or to the transfer of COMSEC material. 
authenticate
Verify the identity of a user, user device, or other entity, or the integrity of data stored, transmitted, or otherwise exposed to unauthorized modification in an automated information system, or establish the validity of a transmitted message. 
authentication
Security measure designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual's eligibility to receive specific categories of information.
authentication system
Cryptosystem or process used for authentication. 
authenticator
Means used to confirm the identity or eligibility of a station, originator, or individual.
authorization
Access rights granted to a user, program, or process. 
authorized vendor
Manufacturer of existing COMSEC equipment who is authorized to produce quantities in excess of contractual requirements for direct sale to eligible buyers.
Authorized Vendor Program
Program in which a vendor, producing a COMSEC product under contract to the National Security Agency, is authorized to produce that product in numbers exceeding the contracted requirements for direct marketing and sale to eligible buyers. NOTE: Eligible buyers are typically U.S. Government organizations or U.S. Government contractors. Products approved for marketing and sale through the Authorized Vendor Program are placed on the Endorsed Cryptographic Products List. 
auto-manual system
Programmable, hand-held crypto-equipment used to perform encoding and decoding functions.
automated information systems
Any equipment or interconnected system or subsystems of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission or reception of data and includes computer software, firmware, and hardware. NOTE: Included are computers, word processing systems, networks, or other electronic information handling systems, and associated equipment. 
automated information systems security
Synonymous with computer security.
automated security monitoring
Use of automated procedures to ensure security controls for an AIS are not circumvented. 
automatic remote rekeying
Procedure to rekey a distant crypto-equipment electronically without specific actions by the receiving terminal operator.
availability of data
Data that is in the place, at the time, and in the form needed by the user.

B
backdoor
Synonymous with trap door. 
Bell-La Padula security model
Formal-state transition model of a computer security policy that describes a formal set of access controls based on information sensitivity and subject authorizations. (See star (*) property and simple security property.) 
benign
Condition of cryptographic data such that it cannot be compromised by human access to the data. NOTE: The term benign may be used to modify a variety of COMSEC-related terms, (e.g., key, data, storage, fill, and key distribution techniques).
benign environment
Nonhostile environment that may be protected from external hostile elements by physical, personnel, and procedural security countermeasures.
beyond Al
Level of trust employed by the DoD Trusted Computer System Evaluation Criteria that was beyond the state-of-the-art technology at the time the criteria was developed. NOTE: As defined in the "Orange Book," beyond Al includes all the Al-level features, plus others not required at the Al level. 
binding
Process of associating a specific communications terminal with a specific cryptographic key or associating two related elements of information.
bit error rate
Ratio between the number of bits incorrectly received and the total number of bits transmitted in a telecommunications system.
BLACK
Designation applied to telecommunications and automated information systems, and to associated areas, circuits, components, and equipment, in which only unclassified signals are processed. NOTE: Encrypted signals are unclassified.
BLACK key
Encrypted key. (See RED key.)
brevity list
List containing words and phrases used to shorten messages. 
browsing
Act of searching through AIS storage to locate or acquire information, without necessarily knowing the existence or format of information being sought. [1]
bulk encryption
Simultaneous encryption of all channels of a multichannel telecommunications trunk. [1]

C
call back
Procedure for identifying a remote AIS terminal, whereby the host system disconnects the caller and then dials the authorized telephone number of the remote terminal to re-establish the connection. [1]
call sign cipher
Cryptosystem used to encipher/decipher call signs, address groups, and address indicating groups. [1]
canister
Type of protective package used to contain and dispense key in punched or printed tape form. [1]
capability
Unforgeable ticket that provides incontestable proof that the presenter is authorized access to the object named in the ticket. [1]
capability-based system
AIS in which access to protected objects is granted if the subject possesses a capability for the object. [1]
category
Restrictive label that has been applied to both classified and unclassified data, thereby increasing the requirement for protection of, and restricting the access to, the data. NOTE: Examples include sensitive compartmented information, proprietary information, and North Atlantic Treaty Organization information. Individuals are granted access to special category information only after being granted formal access authorization. [1]
CCI assembly
Device embodying a cryptographic logic or other COMSEC design that the National Security Agency has approved as a controlled cryptographic item and performs the entire COMSEC function, but is dependent upon the host equipment to operate. [1]
CCI component
Device embodying a cryptographic logic or other COMSEC design, which the National Security Agency has approved as a controlled cryptographic item, that does not perform the entire COMSEC function and is dependent upon the host equipment or assembly to complete and operate the COMSEC function. [1]
CCI equipment
Telecommunications or information handling equipment that embodies a controlled cryptographic item component or controlled cryptographic item assembly and performs the entire COMSEC function without dependence on a host equipment to operate. [1]
central office of record
Office of a federal department or agency that keeps records of accountable COMSEC material held by elements subject to its oversight. [1]
certificate of action statement
Statement attached to a COMSEC audit report by which a COMSEC custodian certifies that all actions have been completed. [1]
certification
Comprehensive evaluation of the technical and nontechnical security features of an AIS and other safeguards, made in support of the accreditation process, to establish the extent to which a particular design and implementation meets a set of specified security requirements. [1]
certified TEMPEST technical authority
U.S. Government or U.S. Government contractor employee designated to review the TEMPEST countermeasures programs of a federal department or agency. [1]
challenge and reply authentication
Prearranged procedure in which one communicator requests authentication of another and the latter establishes his/her validity with a correct reply. [1]
checksum
Value computed, via some parity or hashing algorithm, on information requiring protection against error or manipulation. NOTE: Checksums are stored or transmitted with data and are intended to detect data integrity problems. [1]
check word
Cipher text generated by a cryptographic logic to detect failures in the cryptography. [1]
cipher
Cryptographic system in which units of plain text are substituted according to a predetermined key. [1]
cipher text
Enciphered information. [1]
cipher text auto-key
Cryptographic logic which uses previous cipher text to generate a key stream. [1]
ciphony
Process of enciphering audio information, resulting in encrypted speech. [1]
classified information
National security information that has been classified pursuant to Executive Order 12356. [1]
clearing
Removal of data from an AIS, its storage devices, and other peripheral devices with storage capacity, in such a way that the data may not be reconstructed using normal system capabilities (i.e., through the keyboard). NOTE: An AIS need not be disconnected from any external network before clearing takes place. Clearing enables a product to be reused within, but not outside of, a secure facility. It does not produce a declassified product by itself, but may be the first step in the declassification process. See purge. [1]
closed security environment
Environment that provides sufficient assurance that applications and equipment are protected against the introduction of malicious logic prior to or during the operation of a system. NOTE: Closed security is predicated upon a system's developers, operators, and maintenance personnel having sufficient clearances, authorization, and configuration control. [1]
code
System of communication in which arbitrary groups of letters, numbers, or symbols represent units of plain text of varying length. NOTE: Codes may or may not provide security. Common uses include: (a) converting information into a form suitable for communications or encryption, (b) reducing the length of time required to transmit information, c) describing the instructions which control the operation of a computer, and (d) converting plain text to meaningless combinations of letters or numbers and vice versa. [1]
code book
Book or other document containing plain text and code equivalents in a systematic arrangement, or a technique of machine encryption using a word substitution technique. [1]
code group
Group of letters, numbers, or both in a code system used to represent a plain text word, phrase, or sentence. [1]
code vocabulary
Set of plain text words, numerals, phrases, or sentences for which code equivalents are assigned in a code system. [1]
cold start
Procedure for initially keying crypto-equipment. [1]
command authority
Individual responsible for the appointment of user representatives for a department, agency, or organization and their key ordering privileges. [1]
Commercial COMSEC Endorsement Program
Relationship between the National Security Agency and industry, in which the National Security Agency provides the COMSEC expertise (i.e., standards, algorithms, evaluations, and guidance) and industry provides design, development, and production capabilities to produce a type l or type 2 product. NOTE: Products developed under the Commercial COMSEC Endorsement Program may include modules, subsystems, equipment, systems, and ancillary devices. [1]
common fill device
One of a family of devices developed to read-in, transfer, or store key. NOTE: KYK-l3 Electronic Transfer Device, KYX-l5 Net Control Device, and KOI-l8 General Purpose Tape Reader are examples of common fill devices. [1]
communications cover
Concealing or altering of characteristic communications patterns to hide information that could be of value to an adversary. [1]
communications deception
Deliberate transmission, retransmission, or alteration of communications to mislead an adversary's interpretation of the communications. (See imitative communications deception and manipulative communications deception.) [1]
communications profile
Analytic model of communications associated with an organization or activity. NOTE: The model is prepared from a systematic examination of communications content and patterns, the functions they reflect, and the communications security measures applied. [1]
communications security
Measures and controls taken to deny unauthorized persons information derived from telecommunications and ensure the authenticity of such telecommunications. NOTE: Communications security includes cryptosecurity, transmission security, emission security, and physical security of COMSEC material. [1]
compartmented mode
AIS security mode of operation wherein each user with direct or indirect access to the system, its peripherals, remote terminals, or remote hosts has all of the following: a. Valid security clearance for the most restricted information processed in the system. b. Formal access approval and signed non-disclosure agreements for that information to which a user is to have access. c. Valid need-to-know for information to which a user is to have access. [1]
compromise
Disclosure of information or data to unauthorized persons, or a violation of the security policy of a system in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object may have occurred. [1]
compromising emanations
Unintentional signals that, if intercepted and analyzed, would disclose the information transmitted, received, handled, or otherwise processed by telecommunications or automated information systems equipment. (See TEMPEST.) [1]
computer abuse
Intentional or reckless misuse, alteration, disruption, or destruction of data processing resources. [1]
computer cryptography
Use of a crypto-algorithm program stored in software or firmware, by a general purpose computer to authenticate or encrypt/decrypt data for storage or transmission. [1]
computer security
Measures and controls that ensure confidentiality, integrity, and availability of the information processed and stored by a computer. [1]
computer security incident
Any event in which a computer system is attacked, intruded into, or threatened with an attack or intrusion. [1]
computer security subsystem
Device designed to provide limited computer security features in a larger system environment. [1]
Computer Security Technical Vulnerability Reporting Program
Program that focuses on technical vulnerabilities in commercially available hardware, firmware and software products acquired by DoD. NOTE: The Computer Security Technical Vulnerability Reporting Program provides for reporting, cataloging, and discrete dissemination of technical vulnerability and corrective-measure information on a need-to-know basis. [1]
COMSEC account
Administrative entity, identified by an account number, used to maintain accountability, custody and control of COMSEC material. [1]
COMSEC account audit
Examination of the holdings, records, and procedures of a COMSEC account to ensure that all accountable COMSEC material is properly handled and safeguarded. [1]
COMSEC aid
COMSEC material, other than an equipment or device, that assists in securing telecommunications and which is required in the production, operation, or maintenance of COMSEC systems and their components. NOTE: COMSEC keying material, callsign/frequency systems, and supporting documentation, such as operating and maintenance manuals, are examples of COMSEC aids. [1]
COMSEC boundary
Definable perimeter within a telecommunications equipment or system within which all hardware, firmware, and software components that perform critical COMSEC functions are located. NOTE: Key generation and key handling and storage are critical COMSEC functions. [1]
COMSEC chip set
Collection of National Security Agency approved microchips furnished to a manufacturer to secure or protect telecommunications equipment. (See secure communications and protected communications.) [1]
COMSEC control program
Set of instructions or routines for a computer that controls or affects the externally performed functions of key generation, key distribution, message encryption/decryption, or authentication. [1]
COMSEC custodian
Person designated by proper authority to be responsible for the receipt, transfer, accounting, safeguarding and destruction of COMSEC material assigned to a COMSEC account. NOTE: The term COMSEC manager is replacing the term COMSEC custodian. These terms are not synonymous, since the responsibilities of the COMSEC manager extend beyond the functions required for effective operation of a COMSEC account. [1]
COMSEC end item
Equipment or combination of components ready for its intended use in a COMSEC application. [1]
COMSEC equipment
Equipment designed to provide security to telecommunications by converting information to a form unintelligible to an unauthorized interceptor and, subsequently, by reconverting such information to its original form for authorized recipients; also, equipment designed specifically to aid in, or as an essential element of, the conversion process. NOTE: COMSEC equipment includes crypto-equipment, crypto-ancillary equipment, cryptoproduction equipment, and authentication equipment. [1]
COMSEC facility
Space employed primarily for the purpose of generating, storing, repairing, or using COMSEC material. [1]
COMSEC incident
Occurrence that potentially jeopardizes the security of COMSEC material or the secure electrical transmission of national security information. [1]
COMSEC insecurity
COMSEC incident that has been investigated, evaluated, and determined to jeopardize the security of COMSEC material or the secure transmission of information. [1]
COMSEC manager
Person who manages the COMSEC resources of a command or activity. (See the note following the definition for COMSEC custodian.) [1]
COMSEC material
Item designed to secure or authenticate telecommunications. NOTE: COMSEC material includes, but is not limited to, key, equipment, devices, documents, firmware or software that embodies or describes cryptographic logic and other items that perform COMSEC functions. [1]
COMSEC Material Control System
Logistics and accounting system through which COMSEC material marked "CRYPTO" is distributed, controlled, and safeguarded. NOTE: Included are the COMSEC central offices of record, cryptologistic depots, and COMSEC accounts. COMSEC material other than key may be handled through the COMSEC Material Control System. [1]
COMSEC modification
Electrical, mechanical, or software change to a National Security Agency approved COMSEC end item. NOTE: Categories of COMSEC modifications are: mandatory, optional, special mission mandatory, special mission optional, human safety mandatory, and repair actions. [1]
COMSEC module
Removable component that performs COMSEC functions in a telecommunications equipment or system. [1]
COMSEC monitoring
Act of listening to, copying, or recording transmissions of one's own official telecommunications to provide material for analysis, so that the degree of security being provided to those transmissions may be determined. [1]
COMSEC profile
Statement of the COMSEC measures and materials used to protect a given operation, system, or organization. [1]
COMSEC survey
Organized collection of COMSEC and communications data relative to a given operation, system, or organization. [1]
COMSEC system data
Information required by a COMSEC equipment or system to enable it to properly handle and control key. [1]
COMSEC training
Teaching of hands-on skills relating to COMSEC accounting, the use of COMSEC aids, or the installation, use, maintenance, and repair of COMSEC equipment. [1]
confidentiality
Assurance that information is not disclosed to unauthorized entities or processes. [1]
configuration control
Process of controlling modifications to a telecommunications or automated information systems hardware, firmware, software, and documentation to ensure the system is protected against improper modifications prior to, during, and after system implementation. [1]
configuration management
Management of security features and assurances through control of changes made to hardware, software, firmware, documentation, test, test fixtures and test documentation of an automated information system, throughout the development and operational life of a system. [1]
confinement property
Synonymous with star (*) property. [1]
contingency key
Key held for use under specific operational conditions or in support of specific contingency plans. [1]
contingency plan
Plan maintained for emergency response, backup operations, and post-disaster recovery for an AIS, as a part of its security program, that will ensure the availability of critical resources and facilitate the continuity of operations in an emergency situation. [1]
controlled access protection
Log-in procedures, audit of security relevant events, and resource isolation as prescribed for class C2 in the Orange Book. [1]
controlled cryptographic item
Secure telecommunications or information handling equipment, or associated cryptographic component, that is unclassified but governed by a special set of control requirements. NOTE: Such items are marked "CONTROLLED CRYPT0GRAPHIC ITEM" or, where space is limited, "CCI." [1]
controlled sharing
Condition which exists when access control is applied to all users and components of an AIS. [1]
controlled space
Three-dimensional space surrounding telecommunications and automated information systems equipment, within which unauthorized persons are denied unrestricted access and are either escorted by authorized persons or are under continuous physical or electronic surveillance. [1]
controlling authority
Official responsible for directing the operation of a cryptonet and for managing the operational use and control of keying material assigned to the cryptonet. [1]
cooperative key generation
Electronically exchanging functions of locally generated, random components, from which both terminals of a secure circuit construct traffic encryption key or key encryption key for use on that circuit. [1]
cooperative remote rekeying
Synonymous with manual remote rekeying. [1]
cost-benefit analysis
Assessment of the costs of providing protection or security to a telecommunications or AIS versus risk and cost associated with asset loss or damage. [1]
countermeasure
Action, device, procedure, technique, or other measure that reduces the vulnerability of an AIS. [1]
covert channel
Unintended and/or unauthorized communications path that can be used to transfer information in a manner that violates an AIS security policy. (See overt channel and exploitable channel.) [1]
covert storage channel
Covert channel that involves the direct or indirect writing to a storage location by one process and the direct or indirect reading of the storage location by another process. NOTE: Covert storage channels typically involve a finite resource (e.g., sectors on a disk) that is shared by two subjects at different security levels. [1]
covert timing channel
Covert channel in which one process signals information to another process by modulating its own use of system resources (e.g., central processing unit time) in such a way that this manipulation affects the real response time observed by the second process. [1]
credentials
Information passed from one entity to another, that is used to establish the sending entity's access rights. [1]
cryptanalysis
Operations performed in converting encrypted messages to plain text without initial knowledge of the crypto-algorithm and/or key employed in the encryption. [1]
CRYPTO
Marking or designator identifying COMSEC keying material used to secure or authenticate telecommunication carrying classified or sensitive U.S. Government or U.S. Government-derived information. NOTE: When written in all upper case letters, CRYPTO has the meaning stated above. When written in lower case as a prefix, crypto and crypt are abbreviations for cryptographic. [1]
crypto-alarm
Circuit or device which detects failures or aberrations in the logic or operation of crypto-equipment. NOTE: Crypto-alarm may inhibit transmission or may provide a visible and/or audible alarm. [1]
crypto-algorithm
Well-defined procedure or sequence of rules or steps used to produce cipher text from plain text and vice versa. [1]
crypto-ancillary equipment
Equipment designed specifically to facilitate efficient or reliable operation of crypto-equipment, but that does not perform cryptographic functions. [1]
crypto-equipment
Equipment that embodies a cryptographic logic. [1]
cryptographic
Pertaining to, or concerned with, cryptography. [1]
cryptographic component
Hardware or firmware embodiment of the cryptographic logic. NOTE: Cryptographic component may be a modular assembly, a printed wiring assembly, a microcircuit, or a combination of these items. [1]
cryptographic initialization
Function used to set the state of a cryptographic logic prior to key generation, encryption, or other operating mode. [1]
cryptographic logic
Well-defined procedure or sequence of rules or steps used to produce cipher text from plain text, and vice versa, or to produce a key stream, plus delays, alarms, and checks which are essential to effective performance of the cryptographic process. (See crypto-algorithm.) [1]
cryptographic randomization
Function which randomly determines the transmit state of a cryptographic logic. [1]
cryptography
Principles, means, and methods for rendering plain information unintelligible and for restoring encrypted information to intelligible form. [1]
crypto-ignition key
Device or electronic key used to unlock the secure mode of crypto-equipment. [1]
cryptonet
Stations that hold a specific key for use. NOTE: Activities that hold key for other than use, such as cryptologistic depots, are not cryptonet members for that key. Controlling authorities are defacto members of the cryptonets they control. [1]
cryptoperiod
Time span during which each key setting remains in effect. [1]
cryptosecurity
Component of communications security that results from the provision of technically sound cryptosystems and their proper use. [1]
cryptosynchronization
Process by which a receiving decrypting cryptographic logic attains the same internal state as the transmitting encrypting logic. [1]
cryptosystem
Associated COMSEC items interacting to provide a single means of encryption or decryption. [1]
cryptosystem assessment
Process of establishing the exploitability of a cryptosystem, normally by reviewing transmitted traffic protected or secured by the system under study. [1]
cryptosystem evaluation
Process of determining vulnerabilities of a cryptosystem. [1]
cryptosystem review
Examination of a cryptosystem by the controlling authority to ensure its adequacy of design and content, continued need, and proper distribution. [1]
cryptosystem survey
Management technique in which actual holders of a cryptosystem express opinions on the system's suitability and provide usage information for technical evaluations. [1]

D
data encryption standard
Cryptographic algorithm, designed for the protection of unclassified data and published by the National Institute of Standards and Technology in Federal Information Processing Standard Publication 46. [1]
data flow control
Synonymous with information flow control. [1]
data integrity
Condition that exists when data is unchanged from its source and has not been accidentally or maliciously modified, altered, or destroyed. [1]
data origin authentication
Corroboration that the source of data is as claimed. [1]
data security
Protection of data from unauthorized (accidental or intentional) modification, destruction, or disclosure. [1]
decertification
Revocation of the certification of an AIS item or equipment for cause. [1]
decipher
Convert enciphered text to the equivalent plain text by means of a cipher system. [1]
decode
Convert encoded text to its equivalent plain text by means of a code. [1]
decrypt
Generic term encompassing decode and decipher. [1]
dedicated mode
AIS security mode of operation wherein each user, with direct or indirect access to the system, its peripherals, remote terminals, or remote hosts, has all of the following: a. Valid security clearance for all information within the system. b. Formal access approval and signed non-disclosure agreements for all the information stored and/or processed (including all compartments, subcompartments, and/or special access programs). c. Valid need-to-know for all information contained within the AIS. NOTE: When in the dedicated security mode, a system is specifically and exclusively dedicated to and controlled for the processing of one particular type or classification of information, either for full-time operation or for a specified period of time. [1]
default classification
Temporary classification reflecting the highest classification being processed in an AIS. NOTE: Default classification is included in the caution statement affixed to the object. [1]
degauss
Destroy information contained in magnetic media by subjecting that media to high-intensity alternating magnetic fields, following which the magnetic fields slowly decrease. [1]
delegated development program
Information systems security program in which the Director, National Security Agency, delegates the development and/or production of the entire telecommunications product, including the information systems security portion, to a lead department or agency. [1]
denial of service
Result of any action or series of actions that prevents any part of a telecommunications or AIS from functioning. [1]
descriptive top-level specification
Top-level specification that is written in a natural language (e.g., English), an informal design notation, or a combination of the two. NOTE: Descriptive top-level specification, required for a class B2 and B3 AIS, completely and accurately describes a trusted computing base. See formal top-level specification. [1]
designated approving authority
Official with the authority to formally assume responsibility for operating an AIS or network at an acceptable level of risk. [1]
design controlled spare part
Part or subassembly for a COMSEC equipment or device with a National Security Agency controlled design. [1]
dial back
Synonymous with call back. [1]
digital signature
Synonymous with electronic signature. [1]
direct shipment
Shipment of COMSEC material directly from the National Security Agency to user COMSEC accounts. [1]
discretionary access control
Means of restricting access to objects based on the identity and need-to-know of users and/or groups to which the object belongs. NOTE: Controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (directly or indirectly) to any other subject. See mandatory access control. [1]
DoD Trusted Computer System Evaluation Criteria
Document containing basic requirements and evaluation classes for assessing degrees of effectiveness of hardware and software security controls built into AIS. NOTE: This document, DoD 5200.28 STD, is frequently referred to as the Orange Book. [1]
domain
Unique context (e.g., access control parameters) in which a program is operating; in effect, the set of objects that a subject has the ability to access. [1]
dominate
Term used to compare AIS security levels. NOTE: Security level S1 is said to dominate security level S2 if the hierarchical classification of S1 is greater than, or equal to, that of S2 and the non-hierarchical categories of S1 include all those of S2 as a subset. [1]
drop accountability
Procedure under which a COMSEC account custodian initially receipts for COMSEC material, and then provides no further accounting for it to its central office of record. NOTE: Local accountability of the COMSEC material may continue to be required. See also accounting legend code, ALC-3 and ALC-4. [1]
dummy group
Textual group having the appearance of a valid code or cipher group which has no plain text significance. [1]

E
electronically generated key
Key produced only in non-physical form. NOTE: Electronically generated key stored magnetically (e.g., on a floppy disc) is not considered hard copy key. [1]
electronic signature
Process that operates on a message to assure message source authenticity and integrity, and source non-repudiation. [1]
electronic security
Protection resulting from all measures designed to deny unauthorized persons information of value which might be derived from the interception and analysis of non-communications electromagnetic radiations, such as radar. [1]
element
Removable item of COMSEC equipment, assembly, or subassembly which normally consists of a single piece or group of replaceable parts. [1]
embedded computer
Computer system that is an integral part of a larger system or subsystem that performs or controls a function, either in whole or in part. [1]
embedded cryptography
Cryptography which is engineered into an equipment or system the basic function of which is not cryptographic. NOTE: Components comprising the cryptographic module are inside the equipment or system add share host device power and housing. The cryptographic function may be dispersed or identifiable as a separate module within the host. [1]
embedded cryptographic systems
Cryptosystem that performs or controls a function, either in whole or in part, as an integral element of a larger system or subsystem. [1]
emission security
Protection resulting from all measures taken to deny unauthorized persons information of value which might be derived from intercept and analysis of compromising emanations from crypto-equipment, AIS, and telecommunications systems. [1]
encipher
Convert plain text to equivalent cipher text by means of a cipher. [1]
encode
Convert plain text to equivalent cipher text by means of a code. [1]
encrypt
Generic term encompassing encipher and encode. [1]
end-item accounting
Accounting for all the accountable components of a COMSEC equipment configuration by a single short title. [1]
endorsed DES equipment
Unclassified equipment that embodies unclassified data encryption standard cryptographic logic and has been endorsed by the National Security Agency for the protection of national security information. [1]
endorsed for unclassified cryptographic item
Unclassified cryptographic equipment that embodies a U.S. Government classified cryptographic logic and is endorsed by the National Security Agency for the protection of national security information. (See type 2 product.) [1]
endorsement
National Security Agency approval of a commercially-developed telecommunications or automated information systems protection equipment or system for safeguarding national security information. [1]
end-to-end encryption
Encryption of information at its origin, and decryption at its intended destination, without any intermediate decryption. [1]
end-to-end security
Safeguarding information in a secure telecommunications system by cryptographic or protected distribution system means from point of origin to point of destination. [1]
entrapment
Deliberate planting of apparent flaws in an AIS for the purpose of detecting attempted penetrations. [1]
environment
Procedures, conditions, and objects that affect the development, operation, and maintenance of an AIS. [1]
erasure
Process intended to render stored data irretrievable by normal means. [1]
executive state
One of several states in which an AIS may operate, and the only one in which certain privileged instructions may be executed. NOTE: Such privileged instructions cannot be executed when the system is operating in other (e.g., user) states. [1]
exercise key
Key intended to safeguard transmissions associated with exercises. [1]
exploitable channel
Covert channel that is intended to violate the security policy governing an AIS and is useable or detectable by subjects external to the trusted computing base. (See covert channel.) [1]
exploratory development model
Assembly of preliminary circuits or parts in line with commercial practice to investigate, test, or evaluate the soundness of a concept, device, circuit, equipment, or system in a "breadboard" or rough experimental form, without regard to eventual overall physical form or layout. [1]
extraction resistance
Capability of a crypto-equipment or a secure telecommunications system or equipment to resist efforts to extract key. [1]

F
fail safe
Pertaining to the automatic protection of programs and/or processing systems to maintain safety when a hardware or software failure is detected in a system. [1]
fail soft
Pertaining to the selective termination of affected nonessential processing when a hardware or software failure is determined to be imminent in an AIS. [1]
failure access
Unauthorized and usually inadvertent access to data resulting from a hardware or software failure in an AIS. [1]
failure control
Methodology used to detect and provide fail safe or fail soft recovery from hardware and software failures in an AIS. [1]
fetch protection
AIS-provided restriction to prevent a program from accessing data in another user's segment of storage. [1]
fielded equipment
COMSEC end-item shipped to the user subsequent to first article testing on the initial production contract. [1]
file protection
Aggregate of all processes and procedures established in an AIS designed to inhibit unauthorized access, contamination, elimination, modification, or destruction of a file or any of its contents. [1]
file security
Means by which access to computer files is limited to authorized users only. [1]
fill device
COMSEC item used to transfer or store key in electronic form or to insert key into a crypto-equipment. [1]
FIREFLY
Key management protocol based on public key cryptography. [1]
fixed COMSEC facility
COMSEC facility that is located in an immobile structure or aboard a ship. [1]
flaw
Error of commission, omission, or oversight in an AIS that may allow protection mechanisms to be bypassed. [1]
flaw hypothesis methodology
System analysis and penetration technique in which the specification and documentation for an AIS are analyzed and then flaws in the system are hypothesized. NOTE: List of hypothesized flaws is prioritized on the basis of the estimated probability that a flaw exists and, assuming a flaw does exist, on the ease of exploiting it, and on the extent of control or compromise it would provide. The prioritized list is used to perform penetration testing of a system. [1]
formal access approval
Documented approval by a data owner to allow access to a particular category of information. [1]
formal proof
Complete and convincing mathematical argument, presenting the full logical justification for each proof step, for the truth of a theorem or set of theorems. NOTE: In computer security, these formal proofs provide A1, and beyond A1 assurance under the DoD Trusted Computer System Evaluation Criteria. [1]
formal security policy model
Mathematically precise statement of a security policy. NOTE: Such a model must define a secure state, an initial state, and how the model represents changes in state. The model must be shown to be secure by proving that the initial state is secure and that all possible subsequent states remain secure. [1]
formal top-level specification
Top-level specification that is written in a formal mathematical language to allow theorems, showing the correspondence of the system specification to its formal requirements, to be hypothesized and formally proven. NOTE: Formal top-level specification, required for a class A1 AIS, completely and accurately describes the trusted computing base. See descriptive top-level specification. [1]
formal verification
Process of using formal proofs to demonstrate the consistency between formal specification of a system and formal security policy model (design verification) or between formal specification and its high-level program implementation (implementation verification). [1]
frequency hopping
Repeated switching of frequencies during radio transmission according to a specified algorithm, to minimize unauthorized interception or jamming of telecommunications. [1]
front-end security filter
Security filter, which could be implemented in hardware or software, that is logically separated from the remainder of an AIS to protect the integrity of the system. [1]
full maintenance
Complete diagnostic repair, modification, and overhaul of information systems security equipment, including repair of defective assemblies by piece part replacement. (See limited maintenance.) [1]
functional testing
Segment of security tasting in which advertised security mechanisms of an AIS are tested under operational conditions. [1]

G
granularity
Relative fineness or coarseness to which an access control mechanism can be adjusted. NOTE: Protection at the file level is considered coarse granularity, whereas protection at the field level is considered to be a finer granularity. [1]
guard
Processor that provides a filter between two disparate systems operating at different security levels or between a user terminal and a data base to remove data for which the user is not authorized access. [1]

H
handshaking procedures
Dialogue between two entities (e.g., a user and a computer, a computer and another computer, or a program and another program) for the purpose of identifying and authenticating these entities to one another. [1]
hard copy key
Physical keying material, such as printed key lists, punched or printed key tapes, or programmable, read-only memories. [1]
hardwired key
Key that is permanently installed. [1]
hashing
Iterative process that computes a value (referred to as a hashword) from a particular data unit in a manner that, when a hashword is protected, manipulation of the data is detectable. [1]
hashword
Synonymous with checksum. [1]
high risk environment
Specific location or geographic area where there are insufficient friendly security forces to ensure the safeguarding of information systems security equipment. [1]
hostile cognizant agent
Person, authorized access to national security information, who intentionally makes that information available to an intelligence service or other group, the goals of which are inimical to the interests of the United States Government or its allies. [1]
host to front-end protocol
Set of conventions governing the format and control of data that is passed from a host to a front-end machine. [1]

I
identification
Process that enables recognition of an entity by an AIS. NOTE: This is generally accomplished by the use of unique machine-readable user names. [1]
imitative communications deception
Introduction of deceptive messages or signals into an adversary's telecommunications signals. See communications deception and manipulative communications deception. [1]
impersonation
Synonymous with spoofing. [1]
implant
Electronic device or component modification to electronic equipment that is designed to gain unauthorized interception of information-bearing energy via technical means. [1]
inadvertent disclosure
Accidental exposure of information to a person not authorized access. [1]
incomplete parameter checking
AIS design flaw that results when all parameters have not been fully anticipated for accuracy and consistency, thus making the system vulnerable to penetration. [1]
individual accountability
Ability to associate positively the identity of a user with the time, method, and degree of access to an AIS. [1]
information flow control
Procedure to ensure that information transfers within an AIS are not made from a higher security level object to an object of a lower security level. [1]
information label
Piece of information that accurately and completely represents the sensitivity of the data in a subject or object. NOTE: Information label consists of a security label as well as other required security markings (e.g., codewords, dissemination control markings, and handling caveats), to be used for data information security labeling purposes. [1]
information system
Any telecommunications and/or computer related equipment or interconnected system or subsystems of equipment that is used in the acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of voice and/or data, and includes software, firmware, and hardware. [1]
information systems security (INFOSEC)
The protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users or the provision of service to unauthorized users, including those measures necessary to detect, document, and counter such threats. [1]
information system security officer
Person responsible to the designated approving authority who ensures that security of an information system is implemented through its design, development, operation, maintenance, and secure disposal stages. [1]
information systems security product
Item (chip, module, assembly, or equipment), technique, or service that performs or relates to information systems security. [1]
initialize
Setting the state of a cryptographic logic prior to key generation, encryption, or other operating mode. [1]
integrity check value
Checksum that is capable of detecting malicious modification of an AIS. [1]
interim approval
Temporary authorization granted by a designated approving authority for an AIS to process classified information and information governed by 10 U.S.C. Section 2315 or 44 U.S.C. 3502(2) in its operational environment based on preliminary results of a security evaluation of the system. [1]
internet private line interface
Network cryptographic unit that provides secure connections, singularly or in simultaneous multiple connections, between a host and a predetermined set of corresponding hosts. [1]
internet protocol
Standard protocol for transmission of data from source to destinations in packet-switched communications networks and interconnected systems of such networks. [1]

K
key
Information (usually a sequence of random or pseudo-random binary digits) used initially to set up and periodically change the operations performed in crypto-equipment for the purpose of encrypting or decrypting electronic signals, for determining electronic counter-countermeasures patterns (e.g., frequency hopping or spread spectrum), or for producing other key. NOTE: "Key" has replaced the terms "variable," "key(ing) variable," and "cryptovariable." [1]
key-auto-key
Cryptographic logic which uses previous key to produce key. [1]
key card
Paper card, containing a pattern of punched holes, which establishes the key for a specific cryptonet at a specific time. [1]
key encryption key
Key that encrypts or decrypts other key for transmission or storage. [1]
key list
Printed series of key settings for a specific cryptonet. NOTE: Key lists may be produced in list, pad, or printed tape format. [1]
key management
Process by which key is generated, stored, protected, transferred, loaded, used, and destroyed. [1]
key production key
Key that is used to initialize a keystream generator for the production of other electronically generated key. [1]
key stream
Sequence of symbols (or their electrical or mechanical equivalents) produced in a machine or auto-manual cryptosystem to combine with plain text to produce cipher text, control transmission security processes, or produce key. [1]
key tag
Identification information associated with certain types of electronic key. [1]
key tape
Punched or magnetic tape containing key. NOTE: Printed key in tape form is referred to as a key list. [1]
key updating
Irreversible cryptographic process for modifying key automatically or manually. [1]
keying material
Key, code, or authentication information in physical or magnetic form. [1]

L
least privilege
Principle that requires that each subject be granted the most restrictive set of privileges needed for the performance of authorized tasks. NOTE: Application of this principle limits the damage that can result from accident, error, or unauthorized use of an AIS. [1]
limited access
Synonymous with access control. [1]
limited maintenance
COMSEC maintenance restricted to fault isolation, removal, and replacement of plug-in assemblies. NOTE: Soldering or unsoldering usually is prohibited in limited maintenance. See full maintenance. [1]
line conduction
Unintentional signals or noise induced or conducted on a telecommunications or automated information system signal, power, control, indicator, or other external interface line. [1]
link encryption
Encryption of data in individual links of a telecommunications system. [1]
list-oriented
Computer protection in which each protected object has a list of all subjects authorized to access it. (See also ticket-oriented.) [1]
lock and key protection system
Protection system that involves matching a key or password with a specific access requirement. [1]
logic bomb
Resident computer program that triggers an unauthorized act when particular states of an AIS are realized. [1]
logical completeness measure
Means for assessing the effectiveness and degree to which a set of security and access control mechanisms meets the requirements of security specifications. [1]
long title
Descriptive title of a COMSEC item. [1]
low probability of detection
Result of measures used to hide or disguise intentional electromagnetic transmissions. [1]
low probability of intercept
Result of measures to prevent the intercept of intentional electromagnetic transmissions. [1]

M
machine cryptosystem
Cryptosystem in which cryptographic processes are performed by crypto-equipment. [1]
magnetic remanence
Magnetic representation of residual information that remains on a magnetic medium after the medium has been erased or overwritten. NOTE: Magnetic remanence refers to data remaining on magnetic storage media after removal of the power or after degaussing. [1]
maintenance hook
Special instructions in software to allow easy maintenance and additional feature development. NOTE: Maintenance hooks are not clearly defined during access for design specification. Since maintenance hooks frequently allow entry into the code at unusual points or without the usual checks, they are a serious security risk if they are not removed prior to live implementation. Maintenance hooks are special types of trap doors. [1]
maintenance key
Key intended only for off-the-air in-shop use. [1]
malicious logic
Hardware, software, or firmware that is intentionally included in an AIS for an unauthorized purpose. NOTE: Trojan horse is a form of malicious logic. [1]
mandatory access control
Means of restricting access to objects based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (i.e., clearance) of subjects to access information of such sensitivity. (See discretionary access control.) [1]
mandatory modification
Change to a COMSEC end item that the National Security Agency requires to be completed and reported by a specified date. NOTE: This type of modification should not be confused with modifications that are optional to the National Security Agency, but have been adjudged mandatory by a given department or agency. The latter modification may have an installation deadline established and controlled solely by the user's headquarters. [1]
manipulative communications deception
Alteration or simulation of friendly telecommunications for the purpose of deception. NOTE: Manipulative communications deception may involve establishment of bogus communications structures, transmission of deception messages, and expansion or creation of communications schedules on existing structures to display an artificial volume of messages. See communications deception and imitative communications deception. [1]
manual cryptosystem
Cryptosystem in which the cryptographic processes are performed manually without the use of crypto-equipment or auto-manual devices. [1]
manual remote rekeying
Procedure by which a distant crypto-equipment is rekeyed electrically, with specific actions required by the receiving terminal operator. [1]
masquerading
Synonymous with spoofing. [1]
master crypto-ignition key
Crypto-ignition key that is able to initialize crypto-ignition key, when interacting with its associated crypto-equipment. [1]
material symbol
Communications circuit identifier used for key card resupply purposes. [1]
memory bounds
Limits in the range of storage addresses for a protected region in the memory of an AIS. [1]
message authentication code
Data element associated with an authenticated message which allows a receiver to verify the integrity of the message. [1]
message externals
Non-textual (outside the message text) characteristics of transmitted messages. [1]
message indicator
Sequence of bits transmitted over a telecommunications system for the purpose of crypto-equipment synchronization. NOTE: Some off-line cryptosystems, such as the KL-5l and one-time pad systems, employ message indicators to establish decryption starting points. [1]
mimicking
Synonymous with spoofing. [1]
mobile COMSEC facility
COMSEC facility that can be readily moved from one location to another. [1]
mode of operation
Description of the conditions under which an AIS operates, based on the sensitivity of data processed and the clearance levels and authorizations of the users. NOTE: Five modes of operation are authorized for an AIS processing information and for networks transmitting information. See compartmented mode, dedicated mode, multilevel mode, partitioned security mode, and system-high mode. [1]
multilevel device
Device that is trusted to properly maintain and separate data of different security levels. [1]
multilevel mode
AIS security mode of operation wherein all the following statements are satisfied concerning the users who have direct or indirect access to the system, its peripherals, remote terminals, or remote hosts: a. Some users do not have a valid security clearance for all the information processed in the AIS. b. All users have the proper security clearance and appropriate formal access approval for that information to which they have access. c. All users have a valid need-to-know only for information to which they have access. [1]
multilevel security
Concept of processing information with different classifications and categories that simultaneously permits access by users with different security clearances, but prevents users from obtaining access to information for which they lack authorization. [1]
mutual suspicion
Condition in which two entities need to rely upon each other to perform a service, yet neither entity trusts the other to properly protect shared data. [1]

N
national security information
Information that has been determined, pursuant to Executive Order 12356 or any predecessor order, to require protection against unauthorized disclosure, and that is so designated. [1]
national security systems
Telecommunications and automated information systems operated by the U.S. Government, its contractors, or its agents, that contain classified information or, as set forth in 10 U.S.C. Section 2315, that involves intelligence activities, involves cryptologic activities related to national security, involves command and control of military forces, involves equipment that is an integral part of a weapon or weapon system, or involves equipment that is critical to the direct fulfillment of military or intelligence missions. [1]
need-to-know
Access to, or knowledge or possession of, specific information required to carry out official duties. [1]
net control station
Terminal in a secure telecommunications net responsible for distributing key in electronic form to the members of the net. [1]
network front end
Device that implements the needed security-related protocols to allow a computer system to be attached to a network. [1]
network reference monitor
Access control concept that refers to an abstract machine that mediates all access to objects within a network by subjects within the network. See reference monitor. [1]
network security
Protection of networks and their services from unauthorized modification, destruction, or disclosure, and provision of assurance that the network performs its critical functions correctly and there are no harmful side-effects. NOTE: Network security includes providing for data integrity. [1]
network security officer
Individual formally appointed by a designated approving authority to ensure that the provisions of all applicable directives are implemented throughout the life cycle of an automated information system network. See information system security officer. [1]
network system
System that is implemented with a collection of interconnected network components. NOTE: A network system is based on a coherent security architecture and design. [1]
network trusted computing base
Totality of protection mechanisms within a network system, including hardware, firmware, and software, the combination of which is responsible for enforcing a security policy. See trusted computing base. [1]
no-lone zone
Area, room, or space which, when manned, must be occupied by two or more appropriately cleared individuals who remain within sight of each other. (See two person integrity.) [1]
noncooperative remote rekeying
Synonymous with automatic remote rekeying. [1]
non-repudiation
Method by which the sender of data is provided with proof of delivery and the recipient is assured of the sender's identity, so that neither can later deny having processed the data. [1]
non-secret encryption
Synonymous with public key cryptography. [1]
null
Dummy letter, letter symbol, or code group inserted in an encrypted message to delay or prevent its decryption or to complete encrypted groups for transmission or transmission security purposes. [1]

O
object
Passive entity that contains or receives information. NOTE: Access to an object implies access to the information it contains. Examples of objects are: records, blocks, pages, segments, files, directories, directory trees and programs, as well as bits, bytes, words, fields, processors, video displays, keyboards, clocks, printers, and network nodes. [1]
object reuse
Reassignment of a storage medium (e.g., page frame, disk sector, magnetic tape) that contained one or more objects, after ensuring that no residual data remained on the storage medium. [1]
off-line cryptosystem
Cryptosystem in which encryption and decryption are performed independently of the transmission and reception functions. [1]
one-part code
Code in which plain text elements and their accompanying code groups are arranged in alphabetical, numerical, or other systematic order, so that one listing serves for both encoding and decoding. NOTE: One-part codes are normally small codes that are used to pass small volumes of low-sensitivity information. [1]
one-time cryptosystem
Cryptosystem employing key which is used only once. [1]
one-time pad
Manual one-time cryptosystem produced in pad form. [1]
one-time tape
Punched paper tape used to provide key streams on a one-time basis in certain machine cryptosystems. [1]
on-line cryptosystem
Cryptosystem in which encryption and decryption are performed in association with the transmitting and receiving functions. [1]
open security environment
Environment that does not provide sufficient assurance that applications and equipment are protected against the introduction of malicious logic prior to or during the operation of a system. [1]
open storage
Storage of classified information within an accredited facility, but not in General Services Administration approved secure containers, while the facility is unoccupied by authorized personnel. [1]
operational data security
Protection of data from either accidental or unauthorized intentional modification, destruction, or disclosure during input, processing, or output operations. [1]
operational key
Key intended for use on-the-air for protection of operational information or for the production or secure electrical transmission of key streams. [1]
operational waiver
Authority for continued use of unmodified COMSEC end-items, pending the completion of a mandatory modification. [1]
operations code
Code composed largely of words and phrases which are suitable for general communications use. [1]
operations security
Process denying to potential adversaries information about capabilities and/or intentions by identifying, controlling and protecting generally unclassified evidence of the planning and execution of sensitive activities. [1]
optional modification
National Security Agency approved modification that is not required for universal implementation by all holders of a COMSEC end-item. NOTE: This class of modification requires all of the engineering/ doctrinal control of mandatory modification, but is usually not related to security, safety, TEMPEST, or reliability. [1]
Orange Book
Synonymous with DoD Trusted Computer System Evaluation Criteria. [1]
organizational maintenance
Limited maintenance performed by a user organization. [1]
overt channel
Communications path within a computer system or network that is designed for the authorized transfer of data. (See covert channel.) [1]
over-the-air key distribution
Providing electronic key via over-the-air rekeying, over-the-air key transfer, or cooperative key generation. [1]
over-the-air key transfer
Electronically distributing key without changing traffic encryption key used on the secured communications path over which the transfer is accomplished. [1]
over-the-air rekeying
Changing traffic encryption key or transmission security key in remote crypto-equipment by sending new key directly to the remote crypto-equipment over the communications path it secures. [1]
overwrite procedure
Process which removes or destroys data recorded on an AIS storage medium by writing patterns of data over, or on top of, the data stored on the medium. [1]

P
parity
Set of bits used to determine whether a block of data (key or data stored in computers) has been intentionally or unintentionally altered. [1]
partitioned security mode
AIS security mode of operation wherein all personnel have the clearance, but not necessarily formal access approval and need-to-know, for all information handled by an AIS. NOTE: This security mode encompasses the compartmented mode and applies to non-intelligence DoD organizations and DoD contractors. [1]
passphrase
Sequence of characters, longer than the acceptable length of a password, that is transformed by a password system into a virtual password of acceptable length. [1]
password
Protected/private character string used to authenticate an identity or to authorize access to data. [1]
penetration
Unauthorized act of bypassing the security mechanisms of a cryptographic system or AIS. [1]
penetration testing
Security testing in which evaluators attempt to circumvent the security features of an AIS based on their understanding of the system design and implementation. [1]
per-call key
Unique traffic encryption key generated automatically by certain secure telecommunications systems to secure single voice or data transmissions. (See cooperative key generation.) [1]
periods processing
Processing of various levels of classified and unclassified information at distinctly different times. NOTE: Under periods processing, the system must be purged of all information from one processing period before transitioning to the next when there are different users with differing authorizations. [1]
permuter
Device used in a crypto-equipment to change the order in which the contents of a shift register are used in various nonlinear combining circuits. [1]
plain text
Unencrypted information. [1]
positive control material
Generic term referring to a sealed authenticator system, permissive action link, coded switch system, positive enable system, or nuclear command and control documents, material or devices. [1]
preproduction model
Version of a crypto-equipment that employs standard parts and is in final mechanical and electrical form suitable for complete evaluation of form, design, and performance. NOTE: Preproduction models are often referred to as E-model equipment. [1]
print suppression
Eliminating the display of characters in order to preserve their secrecy. NOTE: An example of print suppression is not displaying the characters of a password as it is keyed at she input terminal. [1]
privacy system
Commercial encryption system that affords telecommunications limited protection to deter a casual listener, but cannot withstand a technically competent cryptanalytic attack. [1]
production model
Crypto-equipment in its final mechanical and electrical form of production design made by use of production tools, jigs, fixtures, and methods using standard parts. [1]
profile
Detailed security description of the physical structure, equipment component, location, relationships, and general operating environment of an AIS. [1]
proprietary information
Material and information relating to or associated with a company's products, business or activities, including but not limited to: financial information; data or statements; trade secrets; product research and development; existing and future product designs and performance specifications; marketing plans or techniques; schematics; client lists; computer programs; processes; and know-how that have been clearly identified and properly marked as proprietary information, trade secrets or company confidential information. NOTE: Trade secrets constitute the whole or any portion or phase of any technical information, design process, procedure, formula or improvement that is not generally available to the public, that a company considers company confidential and that could give or gives an advantage over competitors who do not know or use the trade secret. [1]
protected communications
Telecommunications deriving their protection through use of type 2 products or data encryption standard equipment. (See secure communications.) [1]
protected distribution system
Wireline or fiber-optic telecommunications system that includes terminals and adequate acoustic, electrical, electromagnetic, and physical safeguards to permit its use for the unencrypted transmission of classified information. [1]
protection equipment
Type 2 product or data encryption standard equipment that the National Security Agency has endorsed to meet applicable standards for the protection of telecommunications or automated information systems containing national security information. [1]
protection philosophy
Informal description of the overall design of an AIS that delineates each of the protection mechanisms employed. NOTE: Combination, appropriate to the evaluation class, of formal and informal techniques used to show the mechanisms are adequate to enforce the security policy. [1]
protection ring
One of a hierarchy of privileged modes of an AIS that gives certain access rights to user programs and processes authorized to operate in a given mode. [1]
protective packaging
Packaging techniques for COMSEC material which discourage penetration, reveal that a penetration has occurred or was attempted, or inhibit viewing or copying of keying material prior to the time it is exposed for use. [1]
protective technologies
Special tamper-evident features and materials employed for the purpose of detecting tampering and deterring attempts to compromise, modify, penetrate, extract, or substitute information processing equipment and keying material. [1]
protective technology/package incident
Any penetration of information system security protective technology or packaging, such as a crack, cut, or tear. [1]
protocol
Set of rules and formats, semantic and syntactic, that permits entities to exchange information. [1]
public cryptography
Body of cryptographic and related knowledge, study, techniques, and applications that is, or intended to be, in the public domain. [1]
public key cryptography
Type of cryptography in which the encryption process is publicly available and unprotected, but in which a part of the decryption key is protected so that only a party with knowledge of both parts of the decryption process can decrypt the cipher text. NOTE: Commonly called non-secret encryption in professional cryptologic circles. FIREFLY is an application of public key cryptography. [1]
purge
Removal of data from an AIS, its storage devices, or other peripheral devices with storage capacity in such a way that the data may not be reconstructed. NOTE: An AIS must be disconnected from any external network before a purge. See clearing. [1]

Q
QUADRANT
Short name referring to technology which provides tamper-resistant protection to crypto-equipment. [1]

R
randomizer
Analog or digital source of unpredictable, unbiased, and usually independent bits. NOTE: Randomizers can be used for several different functions, including key generation or to provide a starting state for a key generator. [1]
read
Fundamental operation in an AIS that results only in the flow of information from an object to a subject. (See access type.) [1]
read access
Permission to read information in an AIS. [1]
real-time reaction
Immediate response to a penetration attempt that is detected and diagnosed in time to prevent access. [1]
recovery procedures
Actions necessary to restore data files of an AIS and computational capability after a system failure. [1]
RED
Designation applied to telecommunications and automated information systems, plus associated areas, circuits, components, and equipment which, when classified plain text signals are being processed therein, require protection during electrical transmission. [1]
RED/BLACK concept
Separation of electrical and electronic circuits, components, equipment, and systems that handle classified plain text (RED) information, in electrical signal form, from those which handle unclassified (BLACK) information in the same form. [1]
RED key
Unencrypted key. (See BLACK key.) [1]
RED signal
Telecommunications or automated information systems signal that would divulge classified information if recovered and analyzed. NOTE: RED signals may be plain text, key, subkey, initial fill, control, or traffic flow related information. [1]
reference monitor
Access control concept that refers to an abstract machine that mediates all accesses to objects by subjects. [1]
reference validation mechanism
Portion of a trusted computing base, the normal function of which is to control access between subjects and objects, and the correct operation of which is essential to the protection of data in the system. NOTE: This is the implementation of reference monitor. [1]
release prefix
Prefix appended to the short title of United States produced keying material to indicate its foreign releasability. NOTE: "A" designate material that is releasable to specific allied nations and "US" designates material intended exclusively for United States use. [1]
remanence
Residual information that remains on storage media after erasure. (See magnetic remanence.) [1]
remote rekeying
Procedure by which a distant crypto-equipment is rekeyed electrically. (See automatic remote rekeying and manual remote rekeying.) [1]
repair action
National Security Agency approved change to a COMSEC end item that does not affect the original characteristics of the end item and is provided for optional application by holders. NOTE: Repair actions are limited to minor electrical and/or mechanical improvements to enhance operation, maintenance, or reliability. They do not require an identification label, marking, or control, but must be fully documented by changes to the maintenance manual. [1]
reserve keying material
Key held to satisfy unplanned needs. (See contingency key.) [1]
residual risk
Portion of risk that remains after security measures have been applied. [1]
residue
Data left in storage after automated information processing operations are complete, but before degaussing or overwriting has taken place. [1]
resource encapsulation
Method by which the reference monitor mediates accesses to an AIS resource. NOTE: Resource is protected and not directly accessible by a subject. Satisfies requirement for accurate auditing of resource usage. [1]
risk analysis
Synonymous with risk assessment. [1]
risk assessment
Process of analyzing threats to and vulnerabilities of an information system, and the potential impact that the loss of information or capabilities of a system would have on national security and using the analysis as a basis for identifying appropriate and cost-effective measures. [1]
risk index
Difference between the minimum clearance or authorization of AIS users and the maximum sensitivity (e.g., classification and categories) of data processed by the system. [1]
risk management
Process concerned with the identification, measurement, control, and minimization of security risks in information systems. [1]

S
safeguarding statement
Statement affixed to a computer output or printout that states the highest classification being processed at the time the product was produced, and requires control of the product, at that level, until determination of the true classification by an authorized person. [1]
sample key
Key intended for off-the-air demonstration use only. [1]
sanitize
To remove or edit classified or sensitive data so that what remains is of a lower classification or sensitivity than the original data. [1]
scavenging
Searching through object residue to acquire data. [1]
scratch pad store
Momentary key storage in crypto-equipment. [1]
secure communications
Telecommunications deriving security through use of type l products and/or protected distribution systems. [1]
secure operating system
Resident software that controls hardware and other software functions in an AIS to provide a level of protection or security appropriate to the classification, sensitivity, and/or criticality of the data and resources it manages. [1]
secure state
Condition in which no subject can access any object in an unauthorized manner. [1]
secure subsystem
Subsystem that contains its own implementation of the reference monitor concept for those resources it controls. NOTE: Secure subsystem must depend on other controls and the base operating system for the control of subjects and the more primitive system objects. [1]
security fault analysis
Assessment, usually performed on information system hardware, to determine the security properties of a device when hardware fault is encountered. [1]
security filter
AIS trusted subsystem that enforces security policy on the data that passes through it. [1]
security flaw
Error of commission or omission in an AIS that may allow protection mechanisms to be bypassed. [1]
security inspection
Examination of an AIS to determine compliance with security policy, procedures, and practices. [1]
security kernel
Hardware, firmware, and software elements of a trusted computing base that implement the reference monitor concept. NOTE: Security kernel must mediate all accesses, be protected from modification, and be verifiable as correct. [1]
security label
Piece of information that represents the sensitivity of a subject or object, such as its hierarchical classification (CONFIDENTIAL, SECRET, TOP SECRET) together with any applicable non-hierarchical security categories (e.g., sensitive compartmented information, critical nuclear weapon design information). (See information label and sensitivity label.) [1]
security perimeter
Boundary where security controls are in effect to protect AIS assets. [1]
security range
Highest and lowest security levels that are permitted in or on an AIS, system component, subsystem, or network. [1]
security requirements
Types and levels of protection necessary for equipment, data, information, applications and facilities to meet security policy. [1]
security requirements baseline
Description of the minimum requirements necessary for an AIS to maintain an acceptable level of security. [1]
security safeguards
Protective measures and controls that are prescribed to meet the security requirements specified for an AIS. NOTE: Safeguards may include security features, as well as management constraints, personnel security, and security of physical structures, areas, and devices. See accreditation. [1]
security specification
Detailed description of the safeguards required to protect an AIS. [1]
security test and evaluation
Examination and analysis of the safeguards required to protect an AIS, as they have been applied in an operational environment, to determine the security posture of that system. [1]
security testing
Process to determine that an AIS protects data and maintains functionality as intended. NOTE: Security testing may reveal vulnerabilities beyond the scope of the AIS design. [1]
seed key
Initial key used to start an updating or key generation process. [1]
self-authentication
Implicit authentication, to a predetermined level, of all transmissions on a secure communications system. [1]
sensitive information
Information, the loss, misuse, or unauthorized access to or modification of which could adversely affect the national interest or the conduct of federal programs, or the privacy to which individuals are entitled under 5 U.S.C. Section 552a (the Privacy Act), but that has not been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept secret in the interest of national defense or foreign policy. NOTE: Systems that are not national security systems, but contain sensitive information are to be protected in accordance with the requirements of the Computer Security Act of 1987 (P.L. 100-235). [1]
sensitivity label
Piece of information that represents elements of the security label(s) of a subject and an object. NOTE: Sensitivity labels are used by the trusted computing base as the basis for mandatory access control decisions. [1]
shielded enclosure
Room or container designed to attenuate electromagnetic radiation. [1]
short title
Identifying combination of letters and numbers assigned to certain COMSEC materials to facilitate handling, accounting, and control. NOTE: NAG-l6C/TSEC is an example of a short title. [1]
signals security
Generic term encompassing communications security and electronic security. [1]
simple security property
Bell-La Padula security model rule allowing a subject read access to an object only if the security level of the subject dominates the security level of the object. [1]
single-level device
AIS device that is not trusted to properly maintain and separate data to different security levels. [1]
single point keying
Means of distributing key to multiple, local crypto-equipment or devices from a single fill point. [1]
software system test and evaluation process
Process that plans, develops, and documents the quantitative demonstration of the fulfillment of all baseline functional performance, operational, and interface requirements. [1]
special mission modification
Modification that applies only to a specific mission, purpose, operational, or environmental need. NOTE: Special mission modifications may be either optional or mandatory. [1]
speech privacy
Techniques that use fixed sequence permutations or voice/speech inversion to render speech unintelligible to the casual listener. [1]
spelling table
Synonymous with syllabary. [1]
split knowledge
Separation of data or information into two or more parts, each part constantly kept under control of separate authorized individuals or teams, so that no one individual or team Bill know the whole data. [1]
spoofing
1. (COMSEC) Interception, alteration, and retransmission of a cipher signal or data in such a way as to mislead the recipient. 2. (AIS) Attempt to gain access to an AIS by posing as an authorized user. [1]
spread spectrum
Telecommunications techniques in which a signal is transmitted in a bandwidth considerably greater than the frequency content of the original information. NOTE: Frequency hopping, direct sequence spreading, time scrambling, and combinations of these techniques are forms of spread spectrum. [1]
star (*) property
Bell-La Padula security model rule allowing a subject write access to an object only if the security level of the object dominates the security level of the subject. [1]
start-up KEK
Key encryption key held in common by a group of potential communicating entities and used to establish ad hoc tactical nets. [1]
state variable
Variable that represents either the state of an AIS or the state of some system resource. [1]
storage object
Object that supports both read and write accesses to an AIS. [1]
subassembly
Major subdivision of a cryptographic assembly which consists of a package of parts, elements, and circuits that performs a specific function. [1]
subject
Active entity in an AIS, generally in the form of a person, process, or device that causes information to flow among objects or changes the system state. [1]
subject security level
Sensitivity label(s) of the objects to which the subject has both read and write access. NOTE: Security level of a subject must always be dominated by the clearance level of the user with which the subject is associated. [1]
superencryption
Process of encrypting encrypted information. NOTE: Occurs when a message, encrypted off-line, is transmitted over a secured, on-line circuit, or when information encrypted by the originator is multiplexed onto a communications trunk, which is then bulk encrypted. [1]
supersession
Scheduled or unscheduled replacement of a COMSEC aid with a different edition. [1]
supervisor state
Synonymous with executive state. [1]
suppression measure
Action, procedure, modification, or device that reduces the level of, or inhibits the generation of, compromising emanations in a telecommunications or automated information system. [1]
syllabary
List of individual letters, combination of letters, or syllables, with their equivalent code groups, used for spelling out words or proper names not present in the vocabulary of a code. NOTE: A syllabary may also be known as a spelling table. [1]
synchronous crypto-operation
Method of on-line crypto-operation in which crypto-equipment and associated terminals have timing systems to keep them in step. [1]
system development methodologies
Methodologies developed through software engineering to manage the complexity of system development. NOTE: Development methodologies include software engineering aids and high-level design analysis tools. [1]
system high
Highest security level supported by an AIS. [1]
system high mode
AIS security mode of operation wherein each user, with direct or indirect access to the AIS, its peripherals, remote terminals, or remote hosts, has all of the following: a. Valid security clearance for all information within an AIS. b. Formal access approval and signed non-disclosure agreements for all the information stored and/or processed (including all compartments, subcompartments and/or special access programs). c. Valid need-to-know for some of the information contained within the AIS. [1]
system indicator
Symbol or group of symbols in an off-line encrypted message that identifies the specific cryptosystem or key used in the encryption. [1]
system integrity
Quality of an AIS when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system. [1]
system low
Lowest security level supported by an AIS. [1]
system security
Measure of security provided by a system, as determined by evaluation of the totality of all system elements and COMSEC measures that support telecommunications and AIS protection. [1]
system security engineering
The efforts that help achieve maximum security and survivability of a system during its life cycle and interfacing with other program elements to ensure security functions are effectively integrated into the total system engineering effort. [1]
system security evaluation
Determination of the risk associated with the use of a given system, considering its vulnerabilities and perceived security threat. [1]
system security management plan
A formal document that fully describes the planned security tasks required to meet system security requirements. [1]
system security officer
Synonymous with information system security officer. [1]

T
tampering
Unauthorized modification that alters the proper functioning of a cryptographic or AIS security equipment or system in a manner that degrades the security or functionality it provides. [1]
tape mixer
Teletypewriter security equipment that encrypts plain text and decrypts cipher text by combining them with a key stream from a one-time tape. [1]
technical attack
Attack that can be perpetrated by circumventing or nullifying hardware or software protection mechanisms, rather than by subverting system personnel or other users. [1]
technical penetration
Deliberate penetration of a security area by technical means to gain unauthorized interception of information-bearing energy. [1]
technical security hazard
Condition that could permit the technical penetration of an area through equipment that by reason of its normal design, installation, operation, maintenance, or damaged condition, allows the unauthorized transmission of classified information. [1]
technical security material
Equipment, components, devices, and associated documentation or other media that pertains to cryptography or the securing of telecommunications and automated information systems. [1]
telecommunications
Preparation, transmission, communication, or related processing of information (writing, images, sounds or other data) by electrical, electromagnetic, electromechanical, electro-optical or electronic means. [1]
telecommunications and automated information systems security
Protection afforded to telecommunications and automated information systems, in order to prevent exploitation through interception, unauthorized electronic access, or related technical intelligence threats and to ensure authenticity. NOTE: Such protection results from the application of security measures (including cryptosecurity, transmission security, emission security, and computer security) to systems that generate, store, process, transfer, or communicate information of use to an adversary, and also includes the physical protection of technical security material and technical security information. [1]
telecommunications security
Synonymous with communications security. [1]
TEMPEST
Short name referring to investigation, study, and control of compromising emanations from telecommunications and automated information systems equipment. (See compromising emanations.) [1]
TEMPEST test
Laboratory or on-site test to determine the nature of compromising emanations associated with a telecommunications or automated information system. [1]
TEMPEST zone
Defined area within a facility where equipment with appropriate TEMPEST characteristics (TEMPEST zone assignment) may be operated without emanating electromagnetic radiation beyond the controlled space boundary of the facility. NOTE: Facility TEMPEST zones are determined by measuring electromagnetic attenuation provided by a building's properties and the free space loss to the controlled space boundary. Equipment TEMPEST zone assignments are based on the[1]
terminal identification
Means used to uniquely identify a terminal to an AIS. [1]
test key
Key intended for on-the-air testing of COMSEC equipment or systems. [1]
threat
Capabilities, intentions, and attack methods of adversaries to exploit, or any circumstance or event with the potential to cause harm to, information or an information system. [1]
threat analysis
Process of studying information to identify the nature of and elements comprising a threat. [1]
threat assessment
Process of formally evaluating the degree of threat to an information system and describing the nature of the threat. [1]
threat monitoring
Analysis, assessment, and review of AIS audit trails and other data collected for the purpose of searching out system events that may constitute violations or attempted violations of data or system security. [1]
ticket-oriented
Computer protection system in which each subject maintains a list of unforgeable bit patterns called tickets, one for each object that a subject is authorized to access. (See list-oriented.) [1]
time bomb
Logic bomb for which the logic trigger is time. [1]
time compliance date
Date by which a mandatory modification to a COMSEC end item must be incorporated if the item is to remain approved for operational use. [1]
time-dependent password
Password that is valid only at a certain time of day or during a specified interval of time. [1]
traditional COMSEC program
COMSEC program in which the National Security Agency acts as the central procurement agency for the development and, in some cases, the production of COMSEC items. NOTE: This includes the Authorized Vendor Program and user partnerships. Modifications to the COMSEC end items used in products developed and/or produced under these programs must be approved by the National Security Agency. [1]
traffic analysis
Study of communications characteristics external to the text. [1]
traffic encryption key
Key used to encrypt plain text or to superencrypt previously encrypted text and/or to decrypt cipher text. [1]
traffic-flow security
Measure used to conceal the presence of valid messages in an on-line cryptosystem or secure communications system. NOTE: Encryption of sending and receiving addresses and causing the circuit to appear busy at all times by sending dummy traffic are two methods of traffic-flow security. A more common method is to send a continuous encrypted signal, irrespective of whether traffic is being transmitted. [1]
traffic padding
Generation of spurious communications or data units to disguise the amount of real data units being sent. [1]
training key
Cryptographic key intended for on-the-air or off-the-air training. [1]
tranquillity
Property whereby the security level of an object cannot change while the object is being processed by an AIS. [1]
transmission security
Component of communications security that results from the application of measures designed to protect transmissions from interception and exploitation by means other than cryptanalysis. [1]
transmission security key
Key that is used in the control of transmission security processes, such as frequency hopping and spread spectrum. [1]
trap door
Hidden software or hardware mechanism that can be triggered to permit protection mechanisms in an AIS to be circumvented. NOTE: A trap door is usually activated in some innocent-appearing manner; e.g., a special random key sequence at a terminal. Software developers often write trap doors in their code that enable them to reenter the system to perform certain functions. [1]
Trojan horse
Computer program containing an apparent or actual useful function that contains additional (hidden) functions that allows unauthorized collection, falsification or destruction of data. [1]
trusted computer system
AIS that employs sufficient hardware and software assurance measures to allow simultaneous processing of a range of classified or sensitive information. [1]
trusted computing base
Totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination of which is responsible for enforcing a security policy. NOTE: The ability of a trusted computing base to enforce correctly a unified security policy depends on the correctness of the mechanisms within the trusted computing base, the protection of those mechanisms to ensure their correctness, and the correct input of parameters related to the security policy. [1]
trusted distribution
Method for distributing trusted computing base hardware, software, and firmware components, both originals and updates, that provides protection of the trusted computing base from modification during distribution, and for the detection of any changes. [1]
trusted identification forwarding
An identification method used in AIS networks whereby the sending host can verify that an authorized user is attempting a connection to another host. NOTE: The sending host transmits the required user authentication information to the receiving host. The receiving host can then verify that the user is validated for access to the system. This operation may be transparent to the user. [1]
trusted path
Mechanism by which a person using a terminal can communicate directly with the trusted computing base. NOTE: Trusted path can only be activated by the person or the trusted computing base and cannot be imitated by untrusted software. [1]
trusted process
Process that has privileges to circumvent the system security policy and has been tested and verified to operate only as intended. [1]
trusted software
Software portion of a trusted computing base. [1]
TSEC nomenclature
System for identifying the type and purpose of certain items of COMSEC material. NOTE: TSEC is derived from telecommunications security. [1]
two-part code
Code consisting of an encoding section, in which the vocabulary items (with their associated code groups) are arranged in alphabetical or other systematic order, and a decoding section, in which the code groups (with their associated meanings) are arranged in a separate alphabetical or numeric order. [1]
two-person control
Continuous surveillance and control of positive control material at all times by a minimum of two authorized individuals, each capable of detecting incorrect and unauthorized procedures with respect to the task being performed, and each familiar with established security and safety requirements. [1]
two-person integrity
System of storage and handling designed to prohibit individual access to certain COMSEC keying material, by requiring the presence of at least two authorized persons, each capable of detecting incorrect or unauthorized security procedures with respect to the task being performed. NOTE: Two-person integrity procedures differ from no-lone zone procedures in that, under two-person integrity controls, two authorized persons must directly participate in the handling and safeguarding of the keying material (as in accessing storage containers, transportation, keying/rekeying operations, and destruction). No-lone zone controls are less restrictive in that the two authorized persons need only to be physically present in the common area where the material is located. Two-person control refers to nuclear command and control COMSEC material while two-person integrity refers only to COMSEC keying material. [1]
type 1 product
Classified or controlled cryptographic item endorsed by the National Security Agency for securing classified and sensitive U.S. Government information, when appropriately keyed. NOTE: The term refers only to products, and not to information, key, services, or controls. Type 1 products contain classified National Security Agency algorithms. They are available to U.S. Government users, their contractors, and federally sponsored non-U.S. Government activities subject to export restrictions in accordance with International Traffic in Arms Regulation. [1]
type 2 product
Unclassified cryptographic equipment, assembly, or component, endorsed by the National Security Agency, for use in telecommunications and automated information systems for the protection of national security information. NOTE: The term refers only to products, and not to information, key, services, or controls. Type 2 products may not be used for classified information, but contain classified National Security Agency algorithms that distinguish them from products containing the unclassified data encryption standard algorithm. Type 2 products are available to U.S. Government departments and agencies and sponsored elements of state and local governments, sponsored U.S. Government contractors, and sponsored private sector entities. Type 2 products are subject to export restrictions in accordance with the International Traffic in Arms Regulation. [1]
type 3 algorithm
Cryptographic algorithm that has been registered by the National Institute of Standards and Technology and has been published as a Federal Information Processing Standard for use in protecting unclassified sensitive information or commercial information. [1]
type 4 algorithm
Unclassified cryptographic algorithm that has been registered by the National Institute of Standards and Technology, but is not a Federal Information Processing Standard. [1]

U
unauthorized disclosure
The revelation of information to individuals not authorized to receive it. [1]
unclassified
Information that has not been determined, pursuant to E.O. 12356 or any predecessor order, to require protection against unauthorized disclosure and that is not designated as classified. [1]
untrusted process
Process that has not been tested and verified for adherence to the security policy. NOTE: Untrusted process may include incorrect or malicious code that attempts to circumvent the security mechanisms. [1]
updating
Automatic or manual cryptographic process that irreversibly modifies the state of a COMSEC key, equipment, device, or system.
user
Person or process accessing an AIS by direct connections (e.g., via terminals) or indirect connections. NOTE: "Indirect connection" relates to persons who prepare input data or receive output that is not reviewed for content or classification by a responsible individual.
user ID
Unique symbol or character string that is used by an AIS to uniquely identify a specific user. 
User Partnership Program
Partnership between the National Security Agency and a U.S. Government department or agency to facilitate the development of secure information processing and communications equipment incorporating National Security Agency approved cryptographic security.
user profile
Patterns of a user's activity on an AIS that can be used to detect changes in normal routines.
user representative
Person authorized by an organization to order COMSEC keying material and to interface with the keying system to provide information to key users, ensuring that the correct type of key is ordered.
U.S.-controlled facility
Base or building, access to which is physically controlled by U.S. persons who are authorized U.S. Government or U.S. Government contractor employees. 
U.S.-controlled space
Room or floor within a facility that is not a U.S.-controlled facility, access to which is physically controlled by U.S. persons who are authorized U.S. Government or U.S. Government contractor employees. NOTE: Keys or combinations to locks controlling entrance to U.S.-controlled spaces must be under the exclusive control of U.S. persons who are U.S. Government or U.S. Government contractor employees. 
U.S. person
United States citizen or resident alien.

V
validation
Process of applying specialized security test and evaluation procedures, tools, and equipment needed to establish acceptance for joint usage of an AIS by one or more departments or agencies and their contractors. NOTE: This action will include, as necessary, final development, evaluation, and testing, preparatory to acceptance by senior security test and evaluation staff specialists.
variant
One of two or more code symbols which have the same plain text equivalent.
verification
The process of comparing two levels of an AIS specification for proper correspondence (e.g., security policy model with top-level specification, top-level specification with source code, or source code with object code). NOTE: This process may or may not be automated.
verified design
Computer protection class in which formal security verification methods are used to assure that the AIS mandatory and discretionary security controls can effectively protect classified and sensitive information stored in, or processed by; the system. NOTE: Class A1 system is verified design.
virtual password
AIS password computed from a passphrase that meets the requirements of password storage (e.g., 64 bits).
virus
Self replicating, malicious program segment that attaches itself to an application program or other executable system component and leaves no external signs of its presence. [1]
vulnerability
Weakness in an information system, or cryptographic system, or components (e.g., system security procedures, hardware design, internal controls) that could be exploited. [1]
vulnerability analysis
Systematic examination of an information system or product to determine the adequacy of security measures, identify security deficiencies, provide data from which to predict the effectiveness of proposed security measures, and confirm the adequacy of such measures after implementation.
work factor
Estimate of the effort or time needed by a potential perpetrator, with specified expertise and resources, to overcome a protective measure. NOTE: In cryptography, a work factor is the number of computer binary operations needed to guarantee that a particular key will not be recovered through cryptanalysis.
worm
Independent program that replicates from machine to machine across network connections often clogging networks and computer systems as it spreads.
wri
Fundamental operation in an AIS that results only in the flow of information from a subject to an object. (See access type.)
write access
Permission to write to an object in an AIS.

Z
zeroize
Remove or eliminate the key from a crypto-equipment or fill device.

|Home| |About TCF| |Firm Profile| |Manufacturers| |Contacts| |Markets Served| |Downloads| |News & Events| |Contractor Forms| |Industry Links| |Glossary| |Literature Request| |Newsletters| |Careers| |Site Map| |Policies and Use| |TCF Forum|


2005 TCF, Inc
Home
About TCF
Firm Profile
Manufacturers
Contacts
Markets Served
Downloads
News & Events
Contractor Forms
Industry Links
Glossary
Literature Request
Newsletters
Careers
Site Map
Policies and Use
TCF Forum
e-mail me