Security Glossary

Complete Security Glossary

A

access
1.(COMSEC) Capability and opportunity to gain knowledge of or to alter information or material. 2. (AIS) Ability and means to communicate with (i.e. input to or receive output from), or otherwise make use of any information, resource, or component in an AIS. NOTE: An individual does not have "access" if the proper authority or a physical, technical, or procedural measure prevents them from obtaining knowledge or having an opportunity to alter information, material, resources, or components.
access control
Process of limiting access to the resources of an AIS only to authorized users, programs, processes, or other systems.
access control list
Mechanism implementing discretionary access control in an AIS that identifies the users who may access an object and the type of access to the object that a user is permitted.
access control mechanism
Security safeguards designed to detect and prevent unauthorized access, and to permit authorized access in an AIS.
access level
Hierarchical portion of the security level used to identify the sensitivity of AIS data and the clearance or authorization of users. NOTE: Access level, in conjunction with the non-hierarchical categories, forms the sensitivity label of an object. See category.
access list
1.(COMSEC) Roster of persons authorized admittance to a controlled area. 2. (AIS) Compilation of users, programs, and/or processes and the access levels and types to which each is authorized.
access period
Segment of time, generally expressed in days or weeks, during which access rights prevail.
access port
Logical or physical identifier a computer uses to distinguish different terminal input/output data streams or the physical connection for attaching an external device.
access type
Privilege to perform an action on a program or file. NOTE: Read, write, execute, append, modify, delete, and create are examples of access types.
accessible space
Area within which the user is aware of all persons entering and leaving, which denies the opportunity for concealed TEMPEST surveillance, and which delineates the closest point of potential tempest intercept from a vehicle.
accountability
1.(COMSEC) Principle that an individual is responsible for safeguarding and controlling of COMSEC equipment, keying material, and information entrusted to his/her care and is answerable to proper authority for the loss or misuse of that equipment or information.
accountability
1.(AIS) Property that allows auditing of activities on an AIS to be traced to persons who may then be held responsible for their actions.
accounting legend code
Numeric code used to indicate the minimum accounting controls required for items of accountable COMSEC material within the COMSEC Material Control System. NOTE: National-level accounting legend codes are: ALC-l - continuously accountable by serial number. ALC-2 - continuously accountable by quantity. ALC-4 - report of initial receipt required. After acknowledging receipt, users may control in accordance with Service, department, or agency directives.
accounting number
Number assigned to an item of COMSEC material to facilitate its control.
accreditation
Formal declaration by a designated approving authority that an AIS is approved to operate in a particular security mode using a prescribed set of safeguards.
accreditation authority
Synonymous with designated approving authority.
add-on security
Incorporation of new hardware, software, or firmware safeguards in an operational AIS.
adversary
Person or organization that must be denied access to critical information.
alternate COMSEC custodian
Person designated by proper authority to perform the duties of the COMSEC custodian during the temporary absence of the COMSEC custodian.
anti-jam
Measures to ensure that intended transmitted information can be received despite deliberate jamming attempts.
anti-spoof
Measures to prevent an opponent's participation in a telecommunications network or operation/control of a cryptographic or COMSEC system.
assembly
Group of parts, elements, subassemblies, or circuits that are removable items of COMSEC equipment.
assurance
Measure of confidence that the security features and architecture of an AIS accurately mediate and enforce the security policy.
attack
Act of trying to defeat AIS safeguards.
audit
Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures, and to recommend necessary changes in controls, policies, or procedures.
audit trail
Chronological record of system activities to enable the reconstruction and examination of the sequence of events and/or changes in an event. NOTE: Audit trail may apple to information in an AIS, to message routing in a communications system, or to the transfer of COMSEC material.
authenticate
Verify the identity of a user, user device, or other entity, or the integrity of data stored, transmitted, or otherwise exposed to unauthorized modification in an automated information system, or establish the validity of a transmitted message.
authentication
Security measure designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual's eligibility to receive specific categories of information.
authentication system
Cryptosystem or process used for authentication.
authenticator
Means used to confirm the identity or eligibility of a station, originator, or individual.
authorization
Access rights granted to a user, program, or process.
authorized vendor
Manufacturer of existing COMSEC equipment who is authorized to produce quantities in excess of contractual requirements for direct sale to eligible buyers.
Authorized Vendor Program
Program in which a vendor, producing a COMSEC product under contract to the National Security Agency, is authorized to produce that product in numbers exceeding the contracted requirements for direct marketing and sale to eligible buyers. NOTE: Eligible buyers are typically U.S. Government organizations or U.S. Government contractors. Products approved for marketing and sale through the Authorized Vendor Program are placed on the Endorsed Cryptographic Products List.
auto-manual system
Programmable, hand-held crypto-equipment used to perform encoding and decoding functions.
automated information systems
Any equipment or interconnected system or subsystems of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission or reception of data and includes computer software, firmware, and hardware. NOTE: Included are computers, word processing systems, networks, or other electronic information handling systems, and associated equipment.
automated information systems security
Synonymous with computer security.
automated security monitoring
Use of automated procedures to ensure security controls for an AIS are not circumvented.
automatic remote rekeying
Procedure to rekey a distant crypto-equipment electronically without specific actions by the receiving terminal operator.
availability of data
Data that is in the place, at the time, and in the form needed by the user.

B

backdoor
Synonymous with trap door.
Bell-La Padula security model
Formal-state transition model of a computer security policy that describes a formal set of access controls based on information sensitivity and subject authorizations. (See star (*) property and simple security property.)
benign
Condition of cryptographic data such that it cannot be compromised by human access to the data. NOTE: The term benign may be used to modify a variety of COMSEC-related terms, (e.g., key, data, storage, fill, and key distribution techniques).
benign environment
Nonhostile environment that may be protected from external hostile elements by physical, personnel, and procedural security countermeasures.
beyond Al
Level of trust employed by the DoD Trusted Computer System Evaluation Criteria that was beyond the state-of-the-art technology at the time the criteria was developed. NOTE: As defined in the "Orange Book," beyond Al includes all the Al-level features, plus others not required at the Al level.
binding
Process of associating a specific communications terminal with a specific cryptographic key or associating two related elements of information.
bit error rate
Ratio between the number of bits incorrectly received and the total number of bits transmitted in a telecommunications system.
BLACK
Designation applied to telecommunications and automated information systems, and to associated areas, circuits, components, and equipment, in which only unclassified signals are processed. NOTE: Encrypted signals are unclassified.
BLACK key
Encrypted key. (See RED key.)
brevity list
List containing words and phrases used to shorten messages.
browsing
Act of searching through AIS storage to locate or acquire information, without necessarily knowing the existence or format of information being sought. [1]
bulk encryption
Simultaneous encryption of all channels of a multichannel telecommunications trunk. [1]

C

call back
Procedure for identifying a remote AIS terminal, whereby the host system disconnects the caller and then dials the authorized telephone number of the remote terminal to re-establish the connection. [1]
call sign cipher
Cryptosystem used to encipher/decipher call signs, address groups, and address indicating groups. [1]
canister
Type of protective package used to contain and dispense key in punched or printed tape form. [1]
capability
Unforgeable ticket that provides incontestable proof that the presenter is authorized access to the object named in the ticket. [1]
capability-based system
AIS in which access to protected objects is granted if the subject possesses a capability for the object. [1]
category
Restrictive label that has been applied to both classified and unclassified data, thereby increasing the requirement for protection of, and restricting the access to, the data. NOTE: Examples include sensitive compartmented information, proprietary information, and North Atlantic Treaty Organization information. Individuals are granted access to special category information only after being granted formal access authorization. [1]
CCI assembly
Device embodying a cryptographic logic or other COMSEC design that the National Security Agency has approved as a controlled cryptographic item and performs the entire COMSEC function, but is dependent upon the host equipment to operate. [1]
CCI component
Device embodying a cryptographic logic or other COMSEC design, which the National Security Agency has approved as a controlled cryptographic item, that does not perform the entire COMSEC function and is dependent upon the host equipment or assembly to complete and operate the COMSEC function. [1]
CCI equipment
Telecommunications or information handling equipment that embodies a controlled cryptographic item component or controlled cryptographic item assembly and performs the entire COMSEC function without dependence on a host equipment to operate. [1]
central office of record
Office of a federal department or agency that keeps records of accountable COMSEC material held by elements subject to its oversight. [1]
certificate of action statement
Statement attached to a COMSEC audit report by which a COMSEC custodian certifies that all actions have been completed. [1]
certification
Comprehensive evaluation of the technical and nontechnical security features of an AIS and other safeguards, made in support of the accreditation process, to establish the extent to which a particular design and implementation meets a set of specified security requirements. [1]
certified TEMPEST technical authority
U.S. Government or U.S. Government contractor employee designated to review the TEMPEST countermeasures programs of a federal department or agency. [1]
challenge and reply authentication
Prearranged procedure in which one communicator requests authentication of another and the latter establishes his/her validity with a correct reply. [1]
checksum
Value computed, via some parity or hashing algorithm, on information requiring protection against error or manipulation. NOTE: Checksums are stored or transmitted with data and are intended to detect data integrity problems. [1]
check word
Cipher text generated by a cryptographic logic to detect failures in the cryptography. [1]
cipher
Cryptographic system in which units of plain text are substituted according to a predetermined key. [1]
cipher text
Enciphered information. [1]
cipher text auto-key
Cryptographic logic which uses previous cipher text to generate a key stream. [1]
ciphony
Process of enciphering audio information, resulting in encrypted speech. [1]
classified information
National security information that has been classified pursuant to Executive Order 12356. [1]
clearing
Removal of data from an AIS, its storage devices, and other peripheral devices with storage capacity, in such a way that the data may not be reconstructed using normal system capabilities (i.e., through the keyboard). NOTE: An AIS need not be disconnected from any external network before clearing takes place. Clearing enables a product to be reused within, but not outside of, a secure facility. It does not produce a declassified product by itself, but may be the first step in the declassification process. See purge. [1]
closed security environment
Environment that provides sufficient assurance that applications and equipment are protected against the introduction of malicious logic prior to or during the operation of a system. NOTE: Closed security is predicated upon a system's developers, operators, and maintenance personnel having sufficient clearances, authorization, and configuration control. [1]
code
System of communication in which arbitrary groups of letters, numbers, or symbols represent units of plain text of varying length. NOTE: Codes may or may not provide security. Common uses include: (a) converting information into a form suitable for communications or encryption, (b) reducing the length of time required to transmit information, c) describing the instructions which control the operation of a computer, and (d) converting plain text to meaningless combinations of letters or numbers and vice versa. [1]
code book
Book or other document containing plain text and code equivalents in a systematic arrangement, or a technique of machine encryption using a word substitution technique. [1]
code group
Group of letters, numbers, or both in a code system used to represent a plain text word, phrase, or sentence. [1]
code vocabulary
Set of plain text words, numerals, phrases, or sentences for which code equivalents are assigned in a code system. [1]
cold start
Procedure for initially keying crypto-equipment. [1]
command authority
Individual responsible for the appointment of user representatives for a department, agency, or organization and their key ordering privileges. [1]
Commercial COMSEC Endorsement Program
Relationship between the National Security Agency and industry, in which the National Security Agency provides the COMSEC expertise (i.e., standards, algorithms, evaluations, and guidance) and industry provides design, development, and production capabilities to produce a type l or type 2 product. NOTE: Products developed under the Commercial COMSEC Endorsement Program may include modules, subsystems, equipment, systems, and ancillary devices. [1]
common fill device
One of a family of devices developed to read-in, transfer, or store key. NOTE: KYK-l3 Electronic Transfer Device, KYX-l5 Net Control Device, and KOI-l8 General Purpose Tape Reader are examples of common fill devices. [1]
communications cover
Concealing or altering of characteristic communications patterns to hide information that could be of value to an adversary. [1]
communications deception
Deliberate transmission, retransmission, or alteration of communications to mislead an adversary's interpretation of the communications. (See imitative communications deception and manipulative communications deception.) [1]
communications profile
Analytic model of communications associated with an organization or activity. NOTE: The model is prepared from a systematic examination of communications content and patterns, the functions they reflect, and the communications security measures applied. [1]
communications security
Measures and controls taken to deny unauthorized persons information derived from telecommunications and ensure the authenticity of such telecommunications. NOTE: Communications security includes cryptosecurity, transmission security, emission security, and physical security of COMSEC material. [1]
compartmented mode
AIS security mode of operation wherein each user with direct or indirect access to the system, its peripherals, remote terminals, or remote hosts has all of the following: a. Valid security clearance for the most restricted information processed in the system. b. Formal access approval and signed non-disclosure agreements for that information to which a user is to have access. c. Valid need-to-know for information to which a user is to have access. [1]
compromise
Disclosure of information or data to unauthorized persons, or a violation of the security policy of a system in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object may have occurred. [1]
compromising emanations
Unintentional signals that, if intercepted and analyzed, would disclose the information transmitted, received, handled, or otherwise processed by telecommunications or automated information systems equipment. (See TEMPEST.) [1]
computer abuse
Intentional or reckless misuse, alteration, disruption, or destruction of data processing resources. [1]
computer cryptography
Use of a crypto-algorithm program stored in software or firmware, by a general purpose computer to authenticate or encrypt/decrypt data for storage or transmission. [1]
computer security
Measures and controls that ensure confidentiality, integrity, and availability of the information processed and stored by a computer. [1]
computer security incident
Any event in which a computer system is attacked, intruded into, or threatened with an attack or intrusion. [1]
computer security subsystem
Device designed to provide limited computer security features in a larger system environment. [1]
Computer Security Technical Vulnerability Reporting Program
Program that focuses on technical vulnerabilities in commercially available hardware, firmware and software products acquired by DoD. NOTE: The Computer Security Technical Vulnerability Reporting Program provides for reporting, cataloging, and discrete dissemination of technical vulnerability and corrective-measure information on a need-to-know basis. [1]
COMSEC account
Administrative entity, identified by an account number, used to maintain accountability, custody and control of COMSEC material. [1]
COMSEC account audit
Examination of the holdings, records, and procedures of a COMSEC account to ensure that all accountable COMSEC material is properly handled and safeguarded. [1]
COMSEC aid
COMSEC material, other than an equipment or device, that assists in securing telecommunications and which is required in the production, operation, or maintenance of COMSEC systems and their components. NOTE: COMSEC keying material, callsign/frequency systems, and supporting documentation, such as operating and maintenance manuals, are examples of COMSEC aids. [1]
COMSEC boundary
Definable perimeter within a telecommunications equipment or system within which all hardware, firmware, and software components that perform critical COMSEC functions are located. NOTE: Key generation and key handling and storage are critical COMSEC functions. [1]
COMSEC chip set
Collection of National Security Agency approved microchips furnished to a manufacturer to secure or protect telecommunications equipment. (See secure communications and protected communications.) [1]
COMSEC control program
Set of instructions or routines for a computer that controls or affects the externally performed functions of key generation, key distribution, message encryption/decryption, or authentication. [1]
COMSEC custodian
Person designated by proper authority to be responsible for the receipt, transfer, accounting, safeguarding and destruction of COMSEC material assigned to a COMSEC account. NOTE: The term COMSEC manager is replacing the term COMSEC custodian. These terms are not synonymous, since the responsibilities of the COMSEC manager extend beyond the functions required for effective operation of a COMSEC account. [1]
COMSEC end item
Equipment or combination of components ready for its intended use in a COMSEC application. [1]
COMSEC equipment
Equipment designed to provide security to telecommunications by converting information to a form unintelligible to an unauthorized interceptor and, subsequently, by reconverting such information to its original form for authorized recipients; also, equipment designed specifically to aid in, or as an essential element of, the conversion process. NOTE: COMSEC equipment includes crypto-equipment, crypto-ancillary equipment, cryptoproduction equipment, and authentication equipment. [1]
COMSEC facility
Space employed primarily for the purpose of generating, storing, repairing, or using COMSEC material. [1]
COMSEC incident
Occurrence that potentially jeopardizes the security of COMSEC material or the secure electrical transmission of national security information. [1]
COMSEC insecurity
COMSEC incident that has been investigated, evaluated, and determined to jeopardize the security of COMSEC material or the secure transmission of information. [1]
COMSEC manager
Person who manages the COMSEC resources of a command or activity. (See the note following the definition for COMSEC custodian.) [1]
COMSEC material
Item designed to secure or authenticate telecommunications. NOTE: COMSEC material includes, but is not limited to, key, equipment, devices, documents, firmware or software that embodies or describes cryptographic logic and other items that perform COMSEC functions. [1]
COMSEC Material Control System
Logistics and accounting system through which COMSEC material marked "CRYPTO" is distributed, controlled, and safeguarded. NOTE: Included are the COMSEC central offices of record, cryptologistic depots, and COMSEC accounts. COMSEC material other than key may be handled through the COMSEC Material Control System. [1]
COMSEC modification
Electrical, mechanical, or software change to a National Security Agency approved COMSEC end item. NOTE: Categories of COMSEC modifications are: mandatory, optional, special mission mandatory, special mission optional, human safety mandatory, and repair actions. [1]
COMSEC module
Removable component that performs COMSEC functions in a telecommunications equipment or system. [1]
COMSEC monitoring
Act of listening to, copying, or recording transmissions of one's own official telecommunications to provide material for analysis, so that the degree of security being provided to those transmissions may be determined. [1]
COMSEC profile
Statement of the COMSEC measures and materials used to protect a given operation, system, or organization. [1]
COMSEC survey
Organized collection of COMSEC and communications data relative to a given operation, system, or organization. [1]
COMSEC system data
Information required by a COMSEC equipment or system to enable it to properly handle and control key. [1]
COMSEC training
Teaching of hands-on skills relating to COMSEC accounting, the use of COMSEC aids, or the installation, use, maintenance, and repair of COMSEC equipment. [1]
confidentiality
Assurance that information is not disclosed to unauthorized entities or processes. [1]
configuration control
Process of controlling modifications to a telecommunications or automated information systems hardware, firmware, software, and documentation to ensure the system is protected against improper modifications prior to, during, and after system implementation. [1]
configuration management
Management of security features and assurances through control of changes made to hardware, software, firmware, documentation, test, test fixtures and test documentation of an automated information system, throughout the development and operational life of a system. [1]
confinement property
Synonymous with star (*) property. [1]
contingency key
Key held for use under specific operational conditions or in support of specific contingency plans. [1]
contingency plan
Plan maintained for emergency response, backup operations, and post-disaster recovery for an AIS, as a part of its security program, that will ensure the availability of critical resources and facilitate the continuity of operations in an emergency situation. [1]
controlled access protection
Log-in procedures, audit of security relevant events, and resource isolation as prescribed for class C2 in the Orange Book. [1]
controlled cryptographic item
Secure telecommunications or information handling equipment, or associated cryptographic component, that is unclassified but governed by a special set of control requirements. NOTE: Such items are marked "CONTROLLED CRYPT0GRAPHIC ITEM" or, where space is limited, "CCI." [1]
controlled sharing
Condition which exists when access control is applied to all users and components of an AIS. [1]
controlled space
Three-dimensional space surrounding telecommunications and automated information systems equipment, within which unauthorized persons are denied unrestricted access and are either escorted by authorized persons or are under continuous physical or electronic surveillance. [1]
controlling authority
Official responsible for directing the operation of a cryptonet and for managing the operational use and control of keying material assigned to the cryptonet. [1]
cooperative key generation
Electronically exchanging functions of locally generated, random components, from which both terminals of a secure circuit construct traffic encryption key or key encryption key for use on that circuit. [1]
cooperative remote rekeying
Synonymous with manual remote rekeying. [1]
cost-benefit analysis
Assessment of the costs of providing protection or security to a telecommunications or AIS versus risk and cost associated with asset loss or damage. [1]
countermeasure
Action, device, procedure, technique, or other measure that reduces the vulnerability of an AIS. [1]
covert channel
Unintended and/or unauthorized communications path that can be used to transfer information in a manner that violates an AIS security policy. (See overt channel and exploitable channel.) [1]
covert storage channel
Covert channel that involves the direct or indirect writing to a storage location by one process and the direct or indirect reading of the storage location by another process. NOTE: Covert storage channels typically involve a finite resource (e.g., sectors on a disk) that is shared by two subjects at different security levels. [1]
covert timing channel
Covert channel in which one process signals information to another process by modulating its own use of system resources (e.g., central processing unit time) in such a way that this manipulation affects the real response time observed by the second process. [1]
credentials
Information passed from one entity to another, that is used to establish the sending entity's access rights. [1]
cryptanalysis
Operations performed in converting encrypted messages to plain text without initial knowledge of the crypto-algorithm and/or key employed in the encryption. [1]
CRYPTO
Marking or designator identifying COMSEC keying material used to secure or authenticate telecommunication carrying classified or sensitive U.S. Government or U.S. Government-derived information. NOTE: When written in all upper case letters, CRYPTO has the meaning stated above. When written in lower case as a prefix, crypto and crypt are abbreviations for cryptographic. [1]
crypto-alarm
Circuit or device which detects failures or aberrations in the logic or operation of crypto-equipment. NOTE: Crypto-alarm may inhibit transmission or may provide a visible and/or audible alarm. [1]
crypto-algorithm
Well-defined procedure or sequence of rules or steps used to produce cipher text from plain text and vice versa. [1]
crypto-ancillary equipment
Equipment designed specifically to facilitate efficient or reliable operation of crypto-equipment, but that does not perform cryptographic functions. [1]
crypto-equipment
Equipment that embodies a cryptographic logic. [1]
cryptographic
Pertaining to, or concerned with, cryptography. [1]
cryptographic component
Hardware or firmware embodiment of the cryptographic logic. NOTE: Cryptographic component may be a modular assembly, a printed wiring assembly, a microcircuit, or a combination of these items. [1]
cryptographic initialization
Function used to set the state of a cryptographic logic prior to key generation, encryption, or other operating mode. [1]
cryptographic logic
Well-defined procedure or sequence of rules or steps used to produce cipher text from plain text, and vice versa, or to produce a key stream, plus delays, alarms, and checks which are essential to effective performance of the cryptographic process. (See crypto-algorithm.) [1]
cryptographic randomization
Function which randomly determines the transmit state of a cryptographic logic. [1]
cryptography
Principles, means, and methods for rendering plain information unintelligible and for restoring encrypted information to intelligible form. [1]
crypto-ignition key
Device or electronic key used to unlock the secure mode of crypto-equipment. [1]
cryptonet
Stations that hold a specific key for use. NOTE: Activities that hold key for other than use, such as cryptologistic depots, are not cryptonet members for that key. Controlling authorities are defacto members of the cryptonets they control. [1]
cryptoperiod
Time span during which each key setting remains in effect. [1]
cryptosecurity
Component of communications security that results from the provision of technically sound cryptosystems and their proper use. [1]
cryptosynchronization
Process by which a receiving decrypting cryptographic logic attains the same internal state as the transmitting encrypting logic. [1]
cryptosystem
Associated COMSEC items interacting to provide a single means of encryption or decryption. [1]
cryptosystem assessment
Process of establishing the exploitability of a cryptosystem, normally by reviewing transmitted traffic protected or secured by the system under study. [1]
cryptosystem evaluation
Process of determining vulnerabilities of a cryptosystem. [1]
cryptosystem review
Examination of a cryptosystem by the controlling authority to ensure its adequacy of design and content, continued need, and proper distribution. [1]
cryptosystem survey
Management technique in which actual holders of a cryptosystem express opinions on the system's suitability and provide usage information for technical evaluations. [1]

D

data encryption standard
Cryptographic algorithm, designed for the protection of unclassified data and published by the National Institute of Standards and Technology in Federal Information Processing Standard Publication 46. [1]
data flow control
Synonymous with information flow control. [1]
data integrity
Condition that exists when data is unchanged from its source and has not been accidentally or maliciously modified, altered, or destroyed. [1]
data origin authentication
Corroboration that the source of data is as claimed. [1]
data security
Protection of data from unauthorized (accidental or intentional) modification, destruction, or disclosure. [1]
decertification
Revocation of the certification of an AIS item or equipment for cause. [1]
decipher
Convert enciphered text to the equivalent plain text by means of a cipher system. [1]
decode
Convert encoded text to its equivalent plain text by means of a code. [1]
decrypt
Generic term encompassing decode and decipher. [1]
dedicated mode
AIS security mode of operation wherein each user, with direct or indirect access to the system, its peripherals, remote terminals, or remote hosts, has all of the following: a. Valid security clearance for all information within the system. b. Formal access approval and signed non-disclosure agreements for all the information stored and/or processed (including all compartments, subcompartments, and/or special access programs). c. Valid need-to-know for all information contained within the AIS. NOTE: When in the dedicated security mode, a system is specifically and exclusively dedicated to and controlled for the processing of one particular type or classification of information, either for full-time operation or for a specified period of time. [1]
default classification
Temporary classification reflecting the highest classification being processed in an AIS. NOTE: Default classification is included in the caution statement affixed to the object. [1]
degauss
Destroy information contained in magnetic media by subjecting that media to high-intensity alternating magnetic fields, following which the magnetic fields slowly decrease. [1]
delegated development program
Information systems security program in which the Director, National Security Agency, delegates the development and/or production of the entire telecommunications product, including the information systems security portion, to a lead department or agency. [1]
denial of service
Result of any action or series of actions that prevents any part of a telecommunications or AIS from functioning. [1]
descriptive top-level specification
Top-level specification that is written in a natural language (e.g., English), an informal design notation, or a combination of the two. NOTE: Descriptive top-level specification, required for a class B2 and B3 AIS, completely and accurately describes a trusted computing base. See formal top-level specification. [1]
designated approving authority
Official with the authority to formally assume responsibility for operating an AIS or network at an acceptable level of risk. [1]
design controlled spare part
Part or subassembly for a COMSEC equipment or device with a National Security Agency controlled design. [1]
dial back
Synonymous with call back. [1]
digital signature
Synonymous with electronic signature. [1]
direct shipment
Shipment of COMSEC material directly from the National Security Agency to user COMSEC accounts. [1]
discretionary access control
Means of restricting access to objects based on the identity and need-to-know of users and/or groups to which the object belongs. NOTE: Controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (directly or indirectly) to any other subject. See mandatory access control. [1]
DoD Trusted Computer System Evaluation Criteria
Document containing basic requirements and evaluation classes for assessing degrees of effectiveness of hardware and software security controls built into AIS. NOTE: This document, DoD 5200.28 STD, is frequently referred to as the Orange Book. [1]
domain
Unique context (e.g., access control parameters) in which a program is operating; in effect, the set of objects that a subject has the ability to access. [1]
dominate
Term used to compare AIS security levels. NOTE: Security level S1 is said to dominate security level S2 if the hierarchical classification of S1 is greater than, or equal to, that of S2 and the non-hierarchical categories of S1 include all those of S2 as a subset. [1]
drop accountability
Procedure under which a COMSEC account custodian initially receipts for COMSEC material, and then provides no further accounting for it to its central office of record. NOTE: Local accountability of the COMSEC material may continue to be required. See also accounting legend code, ALC-3 and ALC-4. [1]
dummy group
Textual group having the appearance of a valid code or cipher group which has no plain text significance. [1]

E

electronically generated key
Key produced only in non-physical form. NOTE: Electronically generated key stored magnetically (e.g., on a floppy disc) is not considered hard copy key. [1]
electronic signature
Process that operates on a message to assure message source authenticity and integrity, and source non-repudiation. [1]
electronic security
Protection resulting from all measures designed to deny unauthorized persons information of value which might be derived from the interception and analysis of non-communications electromagnetic radiations, such as radar. [1]
element
Removable item of COMSEC equipment, assembly, or subassembly which normally consists of a single piece or group of replaceable parts. [1]
embedded computer
Computer system that is an integral part of a larger system or subsystem that performs or controls a function, either in whole or in part. [1]
embedded cryptography
Cryptography which is engineered into an equipment or system the basic function of which is not cryptographic. NOTE: Components comprising the cryptographic module are inside the equipment or system add share host device power and housing. The cryptographic function may be dispersed or identifiable as a separate module within the host. [1]
embedded cryptographic systems
Cryptosystem that performs or controls a function, either in whole or in part, as an integral element of a larger system or subsystem. [1]
emission security
Protection resulting from all measures taken to deny unauthorized persons information of value which might be derived from intercept and analysis of compromising emanations from crypto-equipment, AIS, and telecommunications systems. [1]
encipher
Convert plain text to equivalent cipher text by means of a cipher. [1]
encode
Convert plain text to equivalent cipher text by means of a code. [1]
encrypt
Generic term encompassing encipher and encode. [1]
end-item accounting
Accounting for all the accountable components of a COMSEC equipment configuration by a single short title. [1]
endorsed DES equipment
Unclassified equipment that embodies unclassified data encryption standard cryptographic logic and has been endorsed by the National Security Agency for the protection of national security information. [1]
endorsed for unclassified cryptographic item
Unclassified cryptographic equipment that embodies a U.S. Government classified cryptographic logic and is endorsed by the National Security Agency for the protection of national security information. (See type 2 product.) [1]
endorsement
National Security Agency approval of a commercially-developed telecommunications or automated information systems protection equipment or system for safeguarding national security information. [1]
end-to-end encryption
Encryption of information at its origin, and decryption at its intended destination, without any intermediate decryption. [1]
end-to-end security
Safeguarding information in a secure telecommunications system by cryptographic or protected distribution system means from point of origin to point of destination. [1]
entrapment
Deliberate planting of apparent flaws in an AIS for the purpose of detecting attempted penetrations. [1]
environment
Procedures, conditions, and objects that affect the development, operation, and maintenance of an AIS. [1]
erasure
Process intended to render stored data irretrievable by normal means. [1]
executive state
One of several states in which an AIS may operate, and the only one in which certain privileged instructions may be executed. NOTE: Such privileged instructions cannot be executed when the system is operating in other (e.g., user) states. [1]
exercise key
Key intended to safeguard transmissions associated with exercises. [1]
exploitable channel
Covert channel that is intended to violate the security policy governing an AIS and is useable or detectable by subjects external to the trusted computing base. (See covert channel.) [1]
exploratory development model
Assembly of preliminary circuits or parts in line with commercial practice to investigate, test, or evaluate the soundness of a concept, device, circuit, equipment, or system in a "breadboard" or rough experimental form, without regard to eventual overall physical form or layout. [1]
extraction resistance
Capability of a crypto-equipment or a secure telecommunications system or equipment to resist efforts to extract key. [1]

F

fail safe
Pertaining to the automatic protection of programs and/or processing systems to maintain safety when a hardware or software failure is detected in a system. [1]
fail soft
Pertaining to the selective termination of affected nonessential processing when a hardware or software failure is determined to be imminent in an AIS. [1]
failure access
Unauthorized and usually inadvertent access to data resulting from a hardware or software failure in an AIS. [1]
failure control
Methodology used to detect and provide fail safe or fail soft recovery from hardware and software failures in an AIS. [1]
fetch protection
AIS-provided restriction to prevent a program from accessing data in another user's segment of storage. [1]
fielded equipment
COMSEC end-item shipped to the user subsequent to first article testing on the initial production contract. [1]
file protection
Aggregate of all processes and procedures established in an AIS designed to inhibit unauthorized access, contamination, elimination, modification, or destruction of a file or any of its contents. [1]
file security
Means by which access to computer files is limited to authorized users only. [1]
fill device
COMSEC item used to transfer or store key in electronic form or to insert key into a crypto-equipment. [1]
FIREFLY
Key management protocol based on public key cryptography. [1]
fixed COMSEC facility
COMSEC facility that is located in an immobile structure or aboard a ship. [1]
flaw
Error of commission, omission, or oversight in an AIS that may allow protection mechanisms to be bypassed. [1]
flaw hypothesis methodology
System analysis and penetration technique in which the specification and documentation for an AIS are analyzed and then flaws in the system are hypothesized. NOTE: List of hypothesized flaws is prioritized on the basis of the estimated probability that a flaw exists and, assuming a flaw does exist, on the ease of exploiting it, and on the extent of control or compromise it would provide. The prioritized list is used to perform penetration testing of a system. [1]
formal access approval
Documented approval by a data owner to allow access to a particular category of information. [1]
formal proof
Complete and convincing mathematical argument, presenting the full logical justification for each proof step, for the truth of a theorem or set of theorems. NOTE: In computer security, these formal proofs provide A1, and beyond A1 assurance under the DoD Trusted Computer System Evaluation Criteria. [1]
formal security policy model
Mathematically precise statement of a security policy. NOTE: Such a model must define a secure state, an initial state, and how the model represents changes in state. The model must be shown to be secure by proving that the initial state is secure and that all possible subsequent states remain secure. [1]
formal top-level specification
Top-level specification that is written in a formal mathematical language to allow theorems, showing the correspondence of the system specification to its formal requirements, to be hypothesized and formally proven. NOTE: Formal top-level specification, required for a class A1 AIS, completely and accurately describes the trusted computing base. See descriptive top-level specification. [1]
formal verification
Process of using formal proofs to demonstrate the consistency between formal specification of a system and formal security policy model (design verification) or between formal specification and its high-level program implementation (implementation verification). [1]
frequency hopping
Repeated switching of frequencies during radio transmission according to a specified algorithm, to minimize unauthorized interception or jamming of telecommunications. [1]
front-end security filter
Security filter, which could be implemented in hardware or software, that is logically separated from the remainder of an AIS to protect the integrity of the system. [1]
full maintenance
Complete diagnostic repair, modification, and overhaul of information systems security equipment, including repair of defective assemblies by piece part replacement. (See limited maintenance.) [1]
functional testing
Segment of security tasting in which advertised security mechanisms of an AIS are tested under operational conditions. [1]

G

granularity
Relative fineness or coarseness to which an access control mechanism can be adjusted. NOTE: Protection at the file level is considered coarse granularity, whereas protection at the field level is considered to be a finer granularity. [1]
guard
Processor that provides a filter between two disparate systems operating at different security levels or between a user terminal and a data base to remove data for which the user is not authorized access. [1]

H

handshaking procedures
Dialogue between two entities (e.g., a user and a computer, a computer and another computer, or a program and another program) for the purpose of identifying and authenticating these entities to one another. [1]
hard copy key
Physical keying material, such as printed key lists, punched or printed key tapes, or programmable, read-only memories. [1]
hardwired key
Key that is permanently installed. [1]
hashing
Iterative process that computes a value (referred to as a hashword) from a particular data unit in a manner that, when a hashword is protected, manipulation of the data is detectable. [1]
hashword
Synonymous with checksum. [1]
high risk environment
Specific location or geographic area where there are insufficient friendly security forces to ensure the safeguarding of information systems security equipment. [1]
hostile cognizant agent
Person, authorized access to national security information, who intentionally makes that information available to an intelligence service or other group, the goals of which are inimical to the interests of the United States Government or its allies. [1]
host to front-end protocol
Set of conventions governing the format and control of data that is passed from a host to a front-end machine. [1]

I

identification
Process that enables recognition of an entity by an AIS. NOTE: This is generally accomplished by the use of unique machine-readable user names. [1]
imitative communications deception
Introduction of deceptive messages or signals into an adversary's telecommunications signals. See communications deception and manipulative communications deception. [1]
impersonation
Synonymous with spoofing. [1]
implant
Electronic device or component modification to electronic equipment that is designed to gain unauthorized interception of information-bearing energy via technical means. [1]
inadvertent disclosure
Accidental exposure of information to a person not authorized access. [1]
incomplete parameter checking
AIS design flaw that results when all parameters have not been fully anticipated for accuracy and consistency, thus making the system vulnerable to penetration. [1]
individual accountability
Ability to associate positively the identity of a user with the time, method, and degree of access to an AIS. [1]
information flow control
Procedure to ensure that information transfers within an AIS are not made from a higher security level object to an object of a lower security level. [1]
information label
Piece of information that accurately and completely represents the sensitivity of the data in a subject or object. NOTE: Information label consists of a security label as well as other required security markings (e.g., codewords, dissemination control markings, and handling caveats), to be used for data information security labeling purposes. [1]
information system
Any telecommunications and/or computer related equipment or interconnected system or subsystems of equipment that is used in the acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of voice and/or data, and includes software, firmware, and hardware. [1]
information systems security (INFOSEC)
The protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users or the provision of service to unauthorized users, including those measures necessary to detect, document, and counter such threats. [1]
information system security officer
Person responsible to the designated approving authority who ensures that security of an information system is implemented through its design, development, operation, maintenance, and secure disposal stages. [1]
information systems security product
Item (chip, module, assembly, or equipment), technique, or service that performs or relates to information systems security. [1]
initialize
Setting the state of a cryptographic logic prior to key generation, encryption, or other operating mode. [1]
integrity check value
Checksum that is capable of detecting malicious modification of an AIS. [1]
interim approval
Temporary authorization granted by a designated approving authority for an AIS to process classified information and information governed by 10 U.S.C. Section 2315 or 44 U.S.C. 3502(2) in its operational environment based on preliminary results of a security evaluation of the system. [1]
internet private line interface
Network cryptographic unit that provides secure connections, singularly or in simultaneous multiple connections, between a host and a predetermined set of corresponding hosts. [1]
internet protocol
Standard protocol for transmission of data from source to destinations in packet-switched communications networks and interconnected systems of such networks. [1]

K

key
Information (usually a sequence of random or pseudo-random binary digits) used initially to set up and periodically change the operations performed in crypto-equipment for the purpose of encrypting or decrypting electronic signals, for determining electronic counter-countermeasures patterns (e.g., frequency hopping or spread spectrum), or for producing other key. NOTE: "Key" has replaced the terms "variable," "key(ing) variable," and "cryptovariable." [1]
key-auto-key
Cryptographic logic which uses previous key to produce key. [1]
key card
Paper card, containing a pattern of punched holes, which establishes the key for a specific cryptonet at a specific time. [1]
key encryption key
Key that encrypts or decrypts other key for transmission or storage. [1]
key list
Printed series of key settings for a specific cryptonet. NOTE: Key lists may be produced in list, pad, or printed tape format. [1]
key management
Process by which key is generated, stored, protected, transferred, loaded, used, and destroyed. [1]
key production key
Key that is used to initialize a keystream generator for the production of other electronically generated key. [1]
key stream
Sequence of symbols (or their electrical or mechanical equivalents) produced in a machine or auto-manual cryptosystem to combine with plain text to produce cipher text, control transmission security processes, or produce key. [1]
key tag
Identification information associated with certain types of electronic key. [1]
key tape
Punched or magnetic tape containing key. NOTE: Printed key in tape form is referred to as a key list. [1]
key updating
Irreversible cryptographic process for modifying key automatically or manually. [1]
keying material
Key, code, or authentication information in physical or magnetic form. [1]

L

least privilege
Principle that requires that each subject be granted the most restrictive set of privileges needed for the performance of authorized tasks. NOTE: Application of this principle limits the damage that can result from accident, error, or unauthorized use of an AIS. [1]
limited access
Synonymous with access control. [1]
limited maintenance
COMSEC maintenance restricted to fault isolation, removal, and replacement of plug-in assemblies. NOTE: Soldering or unsoldering usually is prohibited in limited maintenance. See full maintenance. [1]
line conduction
Unintentional signals or noise induced or conducted on a telecommunications or automated information system signal, power, control, indicator, or other external interface line. [1]
link encryption
Encryption of data in individual links of a telecommunications system. [1]
list-oriented
Computer protection in which each protected object has a list of all subjects authorized to access it. (See also ticket-oriented.) [1]
lock and key protection system
Protection system that involves matching a key or password with a specific access requirement. [1]
logic bomb
Resident computer program that triggers an unauthorized act when particular states of an AIS are realized. [1]
logical completeness measure
Means for assessing the effectiveness and degree to which a set of security and access control mechanisms meets the requirements of security specifications. [1]
long title
Descriptive title of a COMSEC item. [1]
low probability of detection
Result of measures used to hide or disguise intentional electromagnetic transmissions. [1]
low probability of intercept
Result of measures to prevent the intercept of intentional electromagnetic transmissions. [1]

M

machine cryptosystem
Cryptosystem in which cryptographic processes are performed by crypto-equipment. [1]
magnetic remanence
Magnetic representation of residual information that remains on a magnetic medium after the medium has been erased or overwritten. NOTE: Magnetic remanence refers to data remaining on magnetic storage media after removal of the power or after degaussing. [1]
maintenance hook
Special instructions in software to allow easy maintenance and additional feature development. NOTE: Maintenance hooks are not clearly defined during access for design specification. Since maintenance hooks frequently allow entry into the code at unusual points or without the usual checks, they are a serious security risk if they are not removed prior to live implementation. Maintenance hooks are special types of trap doors. [1]
maintenance key
Key intended only for off-the-air in-shop use. [1]
malicious logic
Hardware, software, or firmware that is intentionally included in an AIS for an unauthorized purpose. NOTE: Trojan horse is a form of malicious logic. [1]
mandatory access control
Means of restricting access to objects based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (i.e., clearance) of subjects to access information of such sensitivity. (See discretionary access control.) [1]
mandatory modification
Change to a COMSEC end item that the National Security Agency requires to be completed and reported by a specified date. NOTE: This type of modification should not be confused with modifications that are optional to the National Security Agency, but have been adjudged mandatory by a given department or agency. The latter modification may have an installation deadline established and controlled solely by the user's headquarters. [1]
manipulative communications deception
Alteration or simulation of friendly telecommunications for the purpose of deception. NOTE: Manipulative communications deception may involve establishment of bogus communications structures, transmission of deception messages, and expansion or creation of communications schedules on existing structures to display an artificial volume of messages. See communications deception and imitative communications deception. [1]
manual cryptosystem
Cryptosystem in which the cryptographic processes are performed manually without the use of crypto-equipment or auto-manual devices. [1]
manual remote rekeying
Procedure by which a distant crypto-equipment is rekeyed electrically, with specific actions required by the receiving terminal operator. [1]
masquerading
Synonymous with spoofing. [1]
master crypto-ignition key
Crypto-ignition key that is able to initialize crypto-ignition key, when interacting with its associated crypto-equipment. [1]
material symbol
Communications circuit identifier used for key card resupply purposes. [1]
memory bounds
Limits in the range of storage addresses for a protected region in the memory of an AIS. [1]
message authentication code
Data element associated with an authenticated message which allows a receiver to verify the integrity of the message. [1]
message externals
Non-textual (outside the message text) characteristics of transmitted messages. [1]
message indicator
Sequence of bits transmitted over a telecommunications system for the purpose of crypto-equipment synchronization. NOTE: Some off-line cryptosystems, such as the KL-5l and one-time pad systems, employ message indicators to establish decryption starting points. [1]
mimicking
Synonymous with spoofing. [1]
mobile COMSEC facility
COMSEC facility that can be readily moved from one location to another. [1]
mode of operation
Description of the conditions under which an AIS operates, based on the sensitivity of data processed and the clearance levels and authorizations of the users. NOTE: Five modes of operation are authorized for an AIS processing information and for networks transmitting information. See compartmented mode, dedicated mode, multilevel mode, partitioned security mode, and system-high mode. [1]
multilevel device
Device that is trusted to properly maintain and separate data of different security levels. [1]
multilevel mode
AIS security mode of operation wherein all the following statements are satisfied concerning the users who have direct or indirect access to the system, its peripherals, remote terminals, or remote hosts: a. Some users do not have a valid security clearance for all the information processed in the AIS. b. All users have the proper security clearance and appropriate formal access approval for that information to which they have access. c. All users have a valid need-to-know only for information to which they have access. [1]
multilevel security
Concept of processing information with different classifications and categories that simultaneously permits access by users with different security clearances, but prevents users from obtaining access to information for which they lack authorization. [1]
mutual suspicion
Condition in which two entities need to rely upon each other to perform a service, yet neither entity trusts the other to properly protect shared data. [1]

N

national security information
Information that has been determined, pursuant to Executive Order 12356 or any predecessor order, to require protection against unauthorized disclosure, and that is so designated. [1]
national security systems
Telecommunications and automated information systems operated by the U.S. Government, its contractors, or its agents, that contain classified information or, as set forth in 10 U.S.C. Section 2315, that involves intelligence activities, involves cryptologic activities related to national security, involves command and control of military forces, involves equipment that is an integral part of a weapon or weapon system, or involves equipment that is critical to the direct fulfillment of military or intelligence missions. [1]
need-to-know
Access to, or knowledge or possession of, specific information required to carry out official duties. [1]
net control station
Terminal in a secure telecommunications net responsible for distributing key in electronic form to the members of the net. [1]
network front end
Device that implements the needed security-related protocols to allow a computer system to be attached to a network. [1]
network reference monitor
Access control concept that refers to an abstract machine that mediates all access to objects within a network by subjects within the network. See reference monitor. [1]
network security
Protection of networks and their services from unauthorized modification, destruction, or disclosure, and provision of assurance that the network performs its critical functions correctly and there are no harmful side-effects. NOTE: Network security includes providing for data integrity. [1]
network security officer
Individual formally appointed by a designated approving authority to ensure that the provisions of all applicable directives are implemented throughout the life cycle of an automated information system network. See information system security officer. [1]
network system
System that is implemented with a collection of interconnected network components. NOTE: A network system is based on a coherent security architecture and design. [1]
network trusted computing base
Totality of protection mechanisms within a network system, including hardware, firmware, and software, the combination of which is responsible for enforcing a security policy. See trusted computing base. [1]
no-lone zone
Area, room, or space which, when manned, must be occupied by two or more appropriately cleared individuals who remain within sight of each other. (See two person integrity.) [1]
noncooperative remote rekeying
Synonymous with automatic remote rekeying. [1]
non-repudiation
Method by which the sender of data is provided with proof of delivery and the recipient is assured of the sender's identity, so that neither can later deny having processed the data. [1]
non-secret encryption
Synonymous with public key cryptography. [1]
null
Dummy letter, letter symbol, or code group inserted in an encrypted message to delay or prevent its decryption or to complete encrypted groups for transmission or transmission security purposes. [1]

O

object
Passive entity that contains or receives information. NOTE: Access to an object implies access to the information it contains. Examples of objects are: records, blocks, pages, segments, files, directories, directory trees and programs, as well as bits, bytes, words, fields, processors, video displays, keyboards, clocks, printers, and network nodes. [1]
object reuse
Reassignment of a storage medium (e.g., page frame, disk sector, magnetic tape) that contained one or more objects, after ensuring that no residual data remained on the storage medium. [1]
off-line cryptosystem
Cryptosystem in which encryption and decryption are performed independently of the transmission and reception functions. [1]
one-part code
Code in which plain text elements and their accompanying code groups are arranged in alphabetical, numerical, or other systematic order, so that one listing serves for both encoding and decoding. NOTE: One-part codes are normally small codes that are used to pass small volumes of low-sensitivity information. [1]
one-time cryptosystem
Cryptosystem employing key which is used only once. [1]
one-time pad
Manual one-time cryptosystem produced in pad form. [1]
one-time tape
Punched paper tape used to provide key streams on a one-time basis in certain machine cryptosystems. [1]
on-line cryptosystem
Cryptosystem in which encryption and decryption are performed in association with the transmitting and receiving functions. [1]
open security environment
Environment that does not provide sufficient assurance that applications and equipment are protected against the introduction of malicious logic prior to or during the operation of a system. [1]
open storage
Storage of classified information within an accredited facility, but not in General Services Administration approved secure containers, while the facility is unoccupied by authorized personnel. [1]
operational data security
Protection of data from either accidental or unauthorized intentional modification, destruction, or disclosure during input, processing, or output operations. [1]
operational key
Key intended for use on-the-air for protection of operational information or for the production or secure electrical transmission of key streams. [1]
operational waiver
Authority for continued use of unmodified COMSEC end-items, pending the completion of a mandatory modification. [1]
operations code
Code composed largely of words and phrases which are suitable for general communications use. [1]
operations security
Process denying to potential adversaries information about capabilities and/or intentions by identifying, controlling and protecting generally unclassified evidence of the planning and execution of sensitive activities. [1]
optional modification
National Security Agency approved modification that is not required for universal implementation by all holders of a COMSEC end-item. NOTE: This class of modification requires all of the engineering/ doctrinal control of mandatory modification, but is usually not related to security, safety, TEMPEST, or reliability. [1]
Orange Book
Synonymous with DoD Trusted Computer System Evaluation Criteria. [1]
organizational maintenance
Limited maintenance performed by a user organization. [1]
overt channel
Communications path within a computer system or network that is designed for the authorized transfer of data. (See covert channel.) [1]
over-the-air key distribution
Providing electronic key via over-the-air rekeying, over-the-air key transfer, or cooperative key generation. [1]
over-the-air key transfer
Electronically distributing key without changing traffic encryption key used on the secured communications path over which the transfer is accomplished. [1]
over-the-air rekeying
Changing traffic encryption key or transmission security key in remote crypto-equipment by sending new key directly to the remote crypto-equipment over the communications path it secures. [1]
overwrite procedure
Process which removes or destroys data recorded on an AIS storage medium by writing patterns of data over, or on top of, the data stored on the medium. [1]

P

parity
Set of bits used to determine whether a block of data (key or data stored in computers) has been intentionally or unintentionally altered. [1]
partitioned security mode
AIS security mode of operation wherein all personnel have the clearance, but not necessarily formal access approval and need-to-know, for all information handled by an AIS. NOTE: This security mode encompasses the compartmented mode and applies to non-intelligence DoD organizations and DoD contractors. [1]
passphrase
Sequence of characters, longer than the acceptable length of a password, that is transformed by a password system into a virtual password of acceptable length. [1]
password
Protected/private character string used to authenticate an identity or to authorize access to data. [1]
penetration
Unauthorized act of bypassing the security mechanisms of a cryptographic system or AIS. [1]
penetration testing
Security testing in which evaluators attempt to circumvent the security features of an AIS based on their understanding of the system design and implementation. [1]
per-call key
Unique traffic encryption key generated automatically by certain secure telecommunications systems to secure single voice or data transmissions. (See cooperative key generation.) [1]
periods processing
Processing of various levels of classified and unclassified information at distinctly different times. NOTE: Under periods processing, the system must be purged of all information from one processing period before transitioning to the next when there are different users with differing authorizations. [1]
permuter
Device used in a crypto-equipment to change the order in which the contents of a shift register are used in various nonlinear combining circuits. [1]
plain text
Unencrypted information. [1]
positive control material
Generic term referring to a sealed authenticator system, permissive action link, coded switch system, positive enable system, or nuclear command and control documents, material or devices. [1]
preproduction model
Version of a crypto-equipment that employs standard parts and is in final mechanical and electrical form suitable for complete evaluation of form, design, and performance. NOTE: Preproduction models are often referred to as E-model equipment. [1]
print suppression
Eliminating the display of characters in order to preserve their secrecy. NOTE: An example of print suppression is not displaying the characters of a password as it is keyed at she input terminal. [1]
privacy system
Commercial encryption system that affords telecommunications limited protection to deter a casual listener, but cannot withstand a technically competent cryptanalytic attack. [1]
production model
Crypto-equipment in its final mechanical and electrical form of production design made by use of production tools, jigs, fixtures, and methods using standard parts. [1]
profile
Detailed security description of the physical structure, equipment component, location, relationships, and general operating environment of an AIS. [1]
proprietary information
Material and information relating to or associated with a company's products, business or activities, including but not limited to: financial information; data or statements; trade secrets; product research and development; existing and future product designs and performance specifications; marketing plans or techniques; schematics; client lists; computer programs; processes; and know-how that have been clearly identified and properly marked as proprietary information, trade secrets or company confidential information. NOTE: Trade secrets constitute the whole or any portion or phase of any technical information, design process, procedure, formula or improvement that is not generally available to the public, that a company considers company confidential and that could give or gives an advantage over competitors who do not know or use the trade secret. [1]
protected communications
Telecommunications deriving their protection through use of type 2 products or data encryption standard equipment. (See secure communications.) [1]
protected distribution system
Wireline or fiber-optic telecommunications system that includes terminals and adequate acoustic, electrical, electromagnetic, and physical safeguards to permit its use for the unencrypted transmission of classified information. [1]
protection equipment
Type 2 product or data encryption standard equipment that the National Security Agency has endorsed to meet applicable standards for the protection of telecommunications or automated information systems containing national security information. [1]
protection philosophy
Informal description of the overall design of an AIS that delineates each of the protection mechanisms employed. NOTE: Combination, appropriate to the evaluation class, of formal and informal techniques used to show the mechanisms are adequate to enforce the security policy. [1]
protection ring
One of a hierarchy of privileged modes of an AIS that gives certain access rights to user programs and processes authorized to operate in a given mode. [1]
protective packaging
Packaging techniques for COMSEC material which discourage penetration, reveal that a penetration has occurred or was attempted, or inhibit viewing or copying of keying material prior to the time it is exposed for use. [1]
protective technologies
Special tamper-evident features and materials employed for the purpose of detecting tampering and deterring attempts to compromise, modify, penetrate, extract, or substitute information processing equipment and keying material. [1]
protective technology/package incident
Any penetration of information system security protective technology or packaging, such as a crack, cut, or tear. [1]
protocol
Set of rules and formats, semantic and syntactic, that permits entities to exchange information. [1]
public cryptography
Body of cryptographic and related