* property (or star property)
A Bell-LaPadula security model rule giving a subject write access to an object only if the security level of the object dominates the security level of the subject. Also called the confinement property.
1000 Mbps (1Gbps) baseband Ethernet using twisted-pair wire.
100 Mbps baseband Ethernet using twisted-pair wire.
802.3 IEEE Ethernet standard for 10 Mbps Ethernet using coaxial cable (thinnet) rated to 185 meters.
10 Mbps Ethernet using coaxial cable (thicknet) rated to 500 meters.
10 Mbps baseband Ethernet using optical fiber.
10 Mbps UTP Ethernet rated to 100 meters.
10 Mbps broadband Ethernet rated to 3600 meters.
Triple Data Encryption Standard.
IEEE standard that specifies security and privacy access methods for LANs.
IEEE standard that specifies 1 Mbps and 2 Mbps wireless connectivity. Defines aspects of frequency hopping and direct-sequence spread spectrum (DSSS) systems for use in the 2.4 MHz ISM (industrial, scientific, medical) band. Also refers to the IEEE committee responsible for setting wireless LAN standards.
Specifies high-speed wireless connectivity in the 5 GHz band using orthogonal frequency division multiplexing (OFDM) with data rates up to 54 Mbps.
Specifies high-speed wireless connectivity in the 2.4 GHz ISM band up to 11 Mbps.
Specification for Bluetooth LANs in the 2.4–2.5 GHz band.
Standard that specifies the LLC (logical link control).
Ethernet bus topology using carrier sense medium access control/carrier detect (CSMA/CD) for 10 Mbps wired LANs. Currently, it is the most popular LAN topology.
Specifies a token-passing bus access method for LANs.
Specifies a token-passing ring access method for LANs.
The final inspection to determine whether a facility or system meets specified technical and performance standards. Note: This inspection is held immediately after facility and software testing and is the basis for commissioning or accepting the information system.
A type of testing used to determine whether the network is acceptable to the actual users.
A specific type of interaction between a subject and an object that results in the flow of information from one to the other.
The process of limiting access to system resources only to authorized programs, processes, or other systems (on a network). This term is synonymous with controlled access and limited access.
access control mechanism
Hardware or software features, operating procedures, management procedures, and various combinations thereof that are designed to detect and prevent unauthorized access and to permit authorized access in an automated system.
The hierarchical portion of the security level that is used to identify the sensitivity of data and the clearance or authorization of users. Note: The access level, in conjunction with the nonhierarchical categories, forms the sensitivity label of an object. See category, security level, and sensitivity label.
A list of users, programs, and/or processes and the specifications of access categories to which each is assigned; a list denoting which users have what privileges to a particular resource.
A segment of time, generally expressed on a daily or weekly basis, during which access rights prevail.
access point (AP)
A wireless LAN transceiver interface between the wireless network and a wired network. Access points forward frames between wireless devices and hosts on the LAN.
A logical or physical identifier that a computer uses to distinguish different terminal input/output data streams.
The nature of an access right to a particular device, program, or file (for example, read, write, execute, append, modify, delete, or create).
Property that allows auditing of IT system activities to be traced to persons or processes that may then be held responsible for their actions. Accountability includes authenticity and nonrepudiation.
A formal declaration by the DAA that the AIS is approved to operate in a particular security mode by using a prescribed set of safeguards. Accreditation is the official management authorization for operation of an AIS and is based on the certification process as well as other management considerations. The accreditation statement affixes security responsibility with the DAA and shows that due care has been taken for security.
Synonymous with designated approving authority.
Acknowledgment; a short-return indication of the successful receipt of a message.
acknowledged connectionless service
A datagram-style service that includes error-control and flow-control mechanisms.
Authenticated ciphering offset.
The government organization that is responsible for developing a system.
A form of network routing whereby the path data packets traverse from a source to a destination node, depending upon the current state of the network, by calculating the best path through the network.
The retrofitting of protection mechanisms implemented by hardware or software.
Address Resolution Protocol (ARP)
A TCP/IP protocol that binds logical (IP) addresses to physical addresses.
The management constraints and supplemental controls established to provide an acceptable level of protection for data. Synonymous with procedural security.
Advanced Encryption Standard (AES) (Rijndael)
A symmetric block cipher with a block size of 128 bits in which the key can be 128, 192, or 256 bits. The Advanced Encryption Standard replaces the Data Encryption Standard (DES) and was announced on November 26, 2001, as Federal Information Processing Standard Publication (FIPS PUB 197).
See Automated information system.
An electrical signal with an amplitude that varies continuously.
The top layer of the OSI model, which is concerned with application programs. It provides services such as file transfer and e-mail to the network’s end users.
An entity, either human or software, that uses the services offered by the Application Layer of the OSI reference model.
application program interface
A software interface provided between a specialized communications program and an end-user application.
Software that accomplishes functions such as database access, electronic mail, and menu prompts.
The configuration of any equipment or interconnected system or subsystems of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information; includes computers, ancillary equipment, and services, including support services and related resources. In reference to a computer system, an architecture describes the type of components, interfaces, and protocols the system uses and how they fit together.
A measure of confidence that the security features and architecture of an AIS accurately mediate and enforce the security policy. Grounds for confidence that an IT product or system meets its security objectives. See DITSCAP.
asymmetric-(public-) key encryption
Cryptographic system that employs two keys: a public key and a private key. The public key is made available to anyone wishing to send an encrypted message to an individual holding the corresponding private key of the public-private key pair. Any message encrypted with one of these keys can be decrypted with the other. The private key is always kept private. It should not be possible to derive the private key from the public key.
Asynchronous Transfer Mode (ATM)
A cell-based connection-oriented data service offering high-speed data communications. ATM integrates circuit and packet switching to handle both constant and burst information at rates up to 2.488 Gbps. Also called cell relay.
Type of communications data synchronization with no defined time relationship between transmission of data frames. See synchronous transmission.
attachment unit interface (AUI)
A 15-pin interface between an Ethernet Network Interface Card and a transceiver. attack The act of trying to bypass security controls on a system. An attack can be active, resulting in data modification, or passive, resulting in the release of data. Note: The fact that an attack is made does not necessarily mean that it will succeed. The degree of success depends on the vulnerability of the system or activity and the effectiveness of existing countermeasures.
A chronological record of system activities that is sufficient to enable the reconstruction, reviewing, and examination of the sequence of environments and activities surrounding or leading to an operation, a procedure, or an event in a transaction from its inception to its final result.
(1) To verify the identity of a user, device, or other entity in a computer system, often as a prerequisite to allowing access to system resources. (2) To verify the integrity of data that have been stored, transmitted, or otherwise exposed to possible unauthorized modification.
Generically, the process of verifying “who” is at the other end of a transmission.
A device whose identity has been verified during the lifetime of the current link based on the authentication procedure.
The means used to confirm the identity or verify the eligibility of a station, originator, or individual.
The property that allows the ability to validate the claimed identity of a system entity.
The granting of access rights to a user, program, or process.
automated data processing security
Synonymous with automated information systems security.
automated information system (AIS)
An assembly of computer hardware, software, and/or firmware that is configured to collect, create, communicate, compute, disseminate, process, store, and/or control data or information.
automated information system security
Measures and controls that protect an AIS against Denial of Service (DoS) and unauthorized (accidental or intentional) disclosure, modification, or destruction of AISs and data. AIS security includes consideration of all hardware and/or software functions, characteristics, and/or features; operational procedures, accountability procedures, and access controls at the central computer facility, remote computers and terminal facilities; management constraints; physical structures and devices; and personnel and communication controls that are needed to provide an acceptable level of risk for the AIS and for the data and information contained in the AIS. It includes the totality of security safeguards needed to provide an acceptable protection level for an AIS and for data handled by an AIS.
automated security monitoring
The use of automated procedures to ensure that security controls are not circumvented.
Timely, reliable access to data and information services for authorized users.
availability of data
The condition in which data is in the place needed by the user, at the time the user needs it, and in the form needed by the user.
A network that interconnects other networks.
A hidden software or hardware mechanism that can be triggered to permit system protection mechanisms to be circumvented. It is activated in a manner that appears innocent - for example, a special “random” key sequence at a terminal. Software developers often introduce back doors in their code to enable them to reenter the system and perform certain functions. Also called trapdoor. An unauthorized modem that can be connected to the Internet through an outside line constitutes a hardware back door to a system.
Synonymous with contingency plan.
In an expert system, the process of beginning with a possible solution and using the knowledge in the knowledge base to justify the solution based on the raw input data. Backward chaining is generally used when a large number of possible solutions exist relative to the amount of input.
The amount of the frequency spectrum that is usable for data transfer. In other words, bandwidth identifies the maximum data rate a signal can attain on the medium without encountering significant attenuation (loss of power). Also, the amount of information one can send through a connection.
The number of pulses of a signal that occurs in one second. Thus, baud rate is the speed at which the digital signal pulses travel. Also, the rate at which data is transferred.
A formal state transition model of computer security policy that describes a set of access control rules. In this formal model, the entities in a computer system are divided into abstract sets of subjects and objects. The notion of a secure state is defined, and each state transition preserves security by moving from secure state to secure state, thereby inductively proving that the system is secure. A system state is defined to be secure only if the permitted access modes of subjects to objects are in accordance with a specific security policy. In order to determine whether a specific access mode is allowed, the clearance of a subject is compared to the classification of the object, and a determination is made as to whether the subject is authorized for the specific access mode. See * property (or star property) and simple security property.
A nonhostile environment that might be protected from external hostile elements by physical, personnel, and procedural security countermeasures.
Unauthorized access obtained by tapping the temporarily inactive terminal of a legitimate user. See piggyback.
A level of trust, defined by the DoD Trusted Computer System Evaluation Criteria (TCSEC), that is beyond the state-of-the-art technology available at the time the criteria was developed. It includes all of the A1-level features plus additional features that are not required at the A1 level.
Access control method in which an individual’s physiological or behavioral characteristics are used to determine that individual’s access to a particular resource.
Basic Input/Output System; the first program to run when the computer is turned on. BIOS initializes and tests the computer hardware, loads and runs the operating system, and manages setup for making changes in the computer.
Short for binary digit. A single digit number in binary (0 or 1).
The transmission rate of binary symbol 0s and 1s. Bit rate is equal to the total number of bits transmitted in one second.
An expert system reasoning methodology in which a solution is generated by the use of a virtual “blackboard,” wherein information or potential solutions are placed on the blackboard by multiple individuals or expert knowledge sources. As more information is placed on the blackboard in an iterative process, a solution is generated.
A form of digital signature in which the signer is not privy to the content of the message.
A symmetric key algorithm that operates on a fixed-length block of plaintext and transforms it into a fixed-length block of ciphertext. A block cipher is obtained by segregating plaintext into blocks of n characters or bits and applying the same encryption algorithm and key to each block.
An open specification for wireless communication of data and voice, based on a low-cost short-range radio link facilitating protected ad hoc connections for stationary and mobile communication environments.
A network device that provides internetworking functionality by connecting networks. Bridges can provide segmentation of data frames and can be used to connect LANs by forwarding packets across connections at the Media Access Control (MAC) sublayer of the OSI model’s Data Link Layer.
A transmission system in which signals are encoded and modulated into different frequencies and then transmitted simultaneously with other signals (that is, of a different frequency). A LAN broadband signal is commonly analog.
The act of searching through storage to locate or acquire information without necessarily knowing the existence or the format of the information being sought.
BSI ISO/IEC 17799:2000, BS 7799-I:2000, Information technology - Code of practice for information security management, British Standards Institution, London, UK
A standard intended to “provide a comprehensive set of controls comprising best practices in information security.” ISO refers to the International Organization for Standardization, and IEC is the International Electrotechnical Commission.
A type of network topology wherein all nodes are connected to a single length of cabling with a terminator at each end.
Business Software Alliance (BSA)
An international organization representing leading software and e-commerce developers in 65 countries around the world. BSA efforts include educating computer users about software copyrights; advocating for public policy that fosters innovation and expands trade opportunities; and fighting software piracy.
A set of bits, usually eight, that represent a single character.
C & A
Certification and Accreditation.
Certification Authority/Agent. See Certification Authority.
A procedure for identifying a remote terminal. In a callback, the host system disconnects the caller and then dials the authorized telephone number of the remote terminal in order to reestablish the connection. Synonymous with dial back.
A protected identifier that both identifies the object and specifies the access rights allowed to the accessor who possesses the capability. In a capability-based system, access to protected objects (such as files) is granted if the would-be accessor possesses a capability for the object.
A Very Large Scale Integration (VLSI) chip that employs the Escrowed Encryption Standard and incorporates the Skipjack algorithm, similar to the Clipper Chip. As such, it has a Law Enforcement Access Field (LEAF). Capstone also supports public key exchange and digital signatures. At this time, Capstone products have their LEAF function suppressed and a certificate authority provides for key recovery.
A device used by the U.S. FBI to monitor ISP traffic (S.P. Smith, et. al., “Independent Technical Review of the Carnivore System - Draft report,” U.S. Department of Justice Contract # 00-C-328 IITRI, CR-022-216, November 17, 2000).
carrier current LAN
A LAN that uses power lines within the facility as a medium for data transport.
carrier sense multiple access (CSMA)
The technique used to reduce transmission contention by listening for contention before transmitting.
carrier sense multiple access/collision detection (CSMA/CD)
The most common Ethernet cable access method.
A restrictive label that has been applied to classified or unclassified data as a means of increasing the protection of the data and further restricting its access.
category 1 twisted-pair wire
Used for early analog telephone communications; not suitable for data.
category 2 twisted-pair wire
Rated for 4 Mbps and used in 802.5 token ring networks.
category 3 twisted-pair wire
Rated for 10 Mbps and used in 802.3 10Base-T Ethernet networks.
category 4 twisted-pair wire
Rated for 16 Mbps and used in 802.5 token ring networks.
category 5 twisted-pair wire
Rated for 100 Mbps and used in 100BaseT Ethernet networks.
Cipher block chaining, an encryption mode of the Data Encryption Standard (DES) that operates on plaintext blocks 64 bits in length.
Common Criteria are a standard for specifying and evaluating the features of computer products and systems.
See Asynchronous Transfer Mode.
A de facto standard 36-pin parallel 200 Kbps asynchronous interface for connecting printers and other devices to a computer.
CERT Coordination Center (CERT®/CC)
A unit of the Carnegie Mellon University Software Engineering Institute (SEI), which is a federally funded R&D Center. CERT’s mission is to alert the Internet community to vulnerabilities and attacks and to conduct research and training in the areas of computer security, including incident response.
The comprehensive evaluation of the technical and nontechnical security features of an AIS and other safeguards, made in support of the accreditation process, to establish the extent to which a particular design and implementation meets a specified set of security requirements.
certification authority (CA)
The official responsible for performing the comprehensive evaluation of the technical and nontechnical security features of an IT system and other safeguards, made in support of the accreditation process, to establish the extent that a particular design and implementation meet a set of specified security requirements.
Chinese Wall model
Use of internal rules to compartmentalize areas in which individuals may work to prevent disclosure of proprietary information and to avoid conflicts of interest. The Chinese Wall model also incorporates the principle of separation of duty.
A cryptographic transformation that operates on characters or bits.
ciphertext or cryptogram
An unintelligible encrypted message.
The application of a network wherein a dedicated line is used to transmit information; contrast with packet-switched.
A computer that accesses a server’s resources.
A network system design in which a processor or computer designated as a server (such as a file server or database server) provides services to other, client processors or computers. Applications are distributed between a host server and a remote client.
closed security environment
An environment in which both of the following conditions hold true: (1) Application developers (including maintainers) have sufficient clearances and authorizations to provide an acceptable presumption that they have not introduced malicious logic, and (2) configuration control provides sufficient assurance that applications and equipment are protected against the introduction of malicious logic prior to and during the operation of system applications.
Data processing area using physical access controls to limit access to authorized personnel.
Situation in which a plaintext message generates identical ciphertext messages using the same transformation algorithm but with different cryptovariables or keys.
Committee on National Security Systems (formerly NSTISS Committee).
coaxial cable (coax)
Type of transmission cable consisting of a hollow outer cylindrical conductor that surrounds and shields a single inner wire conductor for current flow. Because the shielding reduces the amount of electrical noise interference, coax can extend much greater lengths than twisted-pair wiring.
code division multiple access (CDMA)
A spread-spectrum digital cellular radio system that uses different codes to distinguish users.
Cryptographic transformations that operates at the level of words or phrases.
The detection of simultaneous transmission on the communications medium.
See Component Object Model.
Common Object Request Broker Architecture (CORBA)
A standard that uses the Object Request Broker (ORB) to implement exchanges among objects in a heterogeneous, distributed environment.
Communications Assistance for Law Enforcement Act (CALEA) of 1994
An act that required all communications carriers to make wiretaps possible in ways approved by the FBI.
communications security (COMSEC)
Measures and controls taken to deny unauthorized persons information derived from telecommunications and to ensure the authenticity of such telecommunications. Communications security includes cryptosecurity, transmission security, emission security, and physical security of COMSEC material and information.
A class of information that has need-to-know access controls beyond those normally provided for access to confidential, secret, or top secret information.
compartmented security mode
See modes of operation.
A combination of controls, such as physical and technical or technical and administrative (or all three).
Component Object Model (COM)
A model that allows two software components to communicate with each other independent of their platforms’ operating systems and languages of implementation. As in the object-oriented paradigm, COM works with encapsulated objects.
An information security model that investigates the resulting security properties when subsystems are combined.
A violation of a system’s security policy such that unauthorized disclosure of sensitive information might have occurred.
Unintentional data-related or intelligence-bearing signals that, when intercepted and analyzed, disclose the information transmission that is received, handled, or otherwise processed by any information-processing equipment. See TEMPEST.
See computer security.
The misuse, alteration, disruption, or destruction of data-processing resources. The key is that computer abuse is intentional and improper.
The use of a crypto-algorithm in a computer, microprocessor, or microcomputer to perform encryption or decryption in order to protect information or to authenticate users, sources, or information.
The physical structure housing data processing operations.
Information collection from and about computer systems that is admissible in a court of law.
Computer-related crimes involving deliberate misrepresentation, alteration, or disclosure of data in order to obtain something of value (usually for monetary gain). A computer system must have been involved in the perpetration or cover-up of the act or series of acts. A computer system might have been involved through improper manipulation of input data, output or results, applications programs, data files, computer operations, communications, computer hardware, systems software, or firmware.
computer security (COMPUSEC)
Synonymous with automated information system security.
computer security subsystem
A device that is designed to provide limited computer security features in a larger system environment.
Computer Security Technical Vulnerability Reporting Program (CSTVRP)
A program that focuses on technical vulnerabilities in commercially available hardware, firmware, and software products acquired by the DoD. CSTVRP provides for the reporting, cataloging, and discrete dissemination of technical vulnerability and corrective measure information to DoD components on a need-to-know basis.
The total environment in which an automated information system, network, or a component operates. The environment includes physical, administrative, and personnel procedures as well as communication and networking relationships with other information systems.
See communications security.
A method of achieving confidentiality in which sensitive information is hidden by embedding it inside irrelevant data.
Assurance that information is not disclosed to unauthorized persons, processes, or devices. The concept of holding sensitive data in confidence, limited to an appropriate set of individuals or organizations.
The process of controlling modifications to the system’s hardware, firmware, software, and documentation that provides sufficient assurance that the system is protected against the introduction of improper modifications prior to, during, and after system implementation. Compare with configuration management.
The management of security features and assurances through control of changes made to a system’s hardware, software, firmware, documentation, test, test fixtures, and test documentation throughout the development and operational life of the system. Compare with configuration control.
The individual or organization responsible for configuration control or configuration management.
The prevention of the leaking of sensitive data from a program.
Synonymous with covert channel.
Synonymous with * property (or star property).
A method of hiding the relationship between the plaintext and the ciphertext.
Service that establishes a logical connection that provides flow control and error control between two stations who need to exchange data.
A path through which communications signals can flow.
A software component that provides an interface between the networked appliance and the database or application software located on the network.
CONOPS or CONOP
Concept of Operations.
Construction Cost Model (COCOMO), Basic version
Estimates software development effort and cost as a function of the size of the software product in source instructions.
A strategy for containment (in other words, stopping the spread) of the disaster and the identification of the provisions and processes required to contain the disaster.
The intermixing of data at different sensitivity and need-to-know levels. The lower-level data is said to be contaminated by the higher-level data; thus, the contaminating (higher-level) data might not receive the required level of protection.
Establishing actions to be taken before, during, and after a threatening incident.
A plan for emergency response, backup operations, and post-disaster recovery maintained by an activity as a part of its security program; this plan ensures the availability of critical resources and facilitates the continuity of operations in an emergency situation. Synonymous with backup plan, disaster plan, and emergency plan.
continuity of operations
Maintenance of essential IP services after a major outage.
The space, expressed in feet of radius, surrounding equipment processing sensitive information that is under sufficient physical and technical control to preclude an unauthorized entry or compromise.
See access control.
The condition that exists when access control is applied to all users and components of a system.
Copper Data Distributed Interface (CDDI)
A version of FDDI specifying the use of unshielded twisted-pair wiring.
The assessment of the cost of providing data protection for a system versus the cost of losing or compromising the data.
Any action, device, procedure, technique, or other measure that reduces the vulnerability of or threat to a system.
An entity that mitigates the potential risk to an information system.
A communications channel that enables two cooperating processes to transfer information in a manner that violates the system’s security policy. Synonymous with confinement channel.
covert storage channel
A covert channel that involves the direct or indirect writing of a storage location by one process and the direct or indirect reading of the storage location by another process. Covert storage channels typically involve a finite resource (for example, sectors on a disk) that is shared by two subjects at different security levels.
covert timing channel
A covert channel in which one process signals information to another by modulating its own use of system resources (for example, CPU time) in such a way that this manipulation affects the real response time observed by the second process.
The central processing unit of a computer.
See DoD Trusted Computer System Evaluation Criteria.
Certificate Revocation List.
Computer Resources Life Cycle Management Plan.
Computer Resource Management Plan.
Certification Requirements Review.
Refers to the ability to “break” the cipher so that the encrypted message can be read. Cryptanalysis can be accomplished by exploiting weaknesses in the cipher or in some fashion determining the key.
A well-defined procedure, sequence of rules, or steps used to produce a key stream or ciphertext from plaintext, and vice versa. A step-by-step procedure that is used to encipher plaintext and decipher ciphertext. Also called a cryptographic algorithm.
cryptographic application programming interface (CAPI)
An interface to a library of software functions that provide security and cryptography services. CAPI is designed for software developers to call functions from the library, which makes it easier to implement security services.
The principles, means, and methods for rendering information unintelligible and for restoring encrypted information to intelligible form. The word cryptography comes from the Greek kryptos, meaning “hidden,” and graphein, “to write.”
The security or protection resulting from the proper use of technically sound cryptosystems.
A set of transformations from a message space to a ciphertext space. This system includes all cryptovariables (keys), plaintexts, and ciphertexts associated with the transformation algorithm.
Carrier sense multiple access/collision avoidance, commonly used in 802.11 Ethernet and LocalTalk.
Carrier sense multiple access/collision detection, used in 802.3 Ethernet.
See Computer Security Technical Vulnerability Reporting Program.
cyclic redundancy check (CRC)
A common error-detection process. A mathematical operation is applied to the data when transmitted. The result is appended to the core packet. Upon receipt, the same mathematical operation is performed and checked against the CRC. A mismatch indicates a very high probability that an error has occurred during transmission.
See designated approving authority.
See discretionary access control.
A database that comprises tools to support the analysis, design, and development of software and to support good software engineering practices.
Data Encryption Standard (DES)
A cryptographic algorithm for the protection of unclassified data, published in Federal Information Processing Standard (FIPS) 46. The DES, which was approved by the National Institute of Standards and Technology (NIST), is intended for public and government use.
data flow control
See information flow control.
The attribute of data that is related to the preservation of its meaning and completeness, the consistency of its representation(s), and its correspondence to what it represents; the condition in which data meets a prior expectation of quality.
Data Link Layer
The OSI level that performs the assembly and transmission of data packets, including error control.
A database that comprises data or relations that have been extracted from the data warehouse. Information in the data mart is usually of interest to a particular group of people.
The process of analyzing large data sets in a data warehouse to find nonobvious patterns.
Maintenance of a data warehouse by deleting information that is unreliable or no longer relevant.
The protection of data from unauthorized (accidental or intentional) modification, destruction, or disclosure.
data service unit/channel service unit (DSU/CSU)
A set of network components that reshape data signals into a form that can be effectively transmitted over a digital transmission medium, typically a leased 56 Kbps or T1 line.
A subject-oriented, integrated, time-variant, nonvolatile collection of data in support of management’s decision-making process.
A persistent collection of data items that form relations among each other.
A data redundancy process that uses the live processing of remote journaling but creates even more redundancy by duplicating the database sets to multiple servers.
A connectionless form of packet switching whereby the source does not need to establish a connection with the destination before sending data packets.
A standard 9-pin connector commonly used with RS-232 serial interfaces on portable computers. The DB-9 connector does not support all RS-232 functions.
A standard 15-pin connector commonly used with RS-232 serial interfaces, Ethernet transceivers, and computer monitors.
A standard 25-pin connector commonly used with RS-232 serial interfaces. The DB-25 connector supports all RS-232 functions.
Director of Central Intelligence Directive.
To unscramble the encipherment process in order to make the message human-readable.
declassification of AIS storage media
An administrative decision or procedure to remove or reduce the security classification of the subject media.
A program that bypasses the Content Scrambling System (CSS) software used to prevent the viewing of DVD movie discs on unlicensed platforms.
dedicated security mode
See modes of operation.
de facto standard
A standard based on broad usage and support but not directly specified by the IEEE.
A value or option that is automatically chosen when no other value is specified.
A temporary classification reflecting the highest classification being processed in a system. The default classification is included in the caution statement that is affixed to the object.
defense information infrastructure (DII)
The DII is the seamless web of communications networks, computers, software, databases, applications, data, security services, and other capabilities that meets the information processing and transport needs of DoD users in peace and in all crises, conflict, humanitarian support, and wartime roles.
Defense Information Technology Systems Certification and Accreditation Process (DITSCAP)
Establishes for the defense entities a standard process, set of activities, general task descriptions, and management structure to certify and accredit IT systems that will maintain the required security posture. The process is designed to certify that the IT system meets the accreditation requirements and that the system will maintain the accredited security posture throughout the system life cycle. The four phases to the DITSCAP are Definition, Verification, Validation, and Post Accreditation.
To expose a magnetic storage medium to strong, rapidly varying magnetic fields in order to remove all the patterns of magnetization on its surface and thus remove the data stored on it. A degausser is a device used for this purpose.
Degausser Products List (DPL)
A list of commercially produced degaussers that meet National Security Agency specifications. This list is included in the NSA Information Systems Security Products and Services Catalogue and is available through the Government Printing Office.
degraded fault tolerance
Specifies which capabilities the TOE will still provide after a system failure. Examples of general failures are flooding of the computer room, short-term power interruption, breakdown of a CPU or host, software failure, or buffer overflow. Only functions specified must be available.
Denial of Service (DoS)
Any action (or series of actions) that prevents any part of a system from functioning in accordance with its intended purpose. This action includes any action that causes unauthorized destruction, modification, or delay of service. Synonymous with interdiction.
See Data Encryption Standard.
Descriptive Top-Level Specification (DTLS)
A top-level specification that is written in a natural language (for example, English), an informal design notation, or a combination of the two.
designated approving authority
The official who has the authority to decide on accepting the security safeguards prescribed for an AIS, or the official who might be responsible for issuing an accreditation statement that records the decision to accept those safeguards.
The organization that develops the information system.
DoD Goal Security Architecture.
Synonymous with callback.
The service whereby a computer terminal can use the telephone to initiate and effect communication with a computer.
A method of obscuring redundancy in plaintext by spreading the effect of the transformation over the ciphertext.
Digital Millennium Copyright Act (DMCA) of 1998
In addition to addressing licensing and ownership information, the DMCA prohibits trading, manufacturing, or selling in any way that is intended to bypass copyright protection mechanisms.
See Defense Information Infrastructure.
Direct-sequence spread spectrum (DSSS)
A method used in 802.11b to split the frequency into 14 channels, each with a frequency range, by combining a data signal with a chipping sequence. Data rates of 1, 2, 5.5, and 11 Mbps are obtainable. DSSS spreads its signal continuously over this wide frequency band.
A sudden, unplanned, calamitous event that produces great damage or loss; any event that creates an inability on the organization’s part to provide critical business functions for some undetermined period of time.
Synonymous with contingency plan.
disaster recovery plan
Procedure for emergency response, extended backup operations, and postdisaster recovery when an organization suffers a loss of computer resources and physical facilities.
In the context of legal proceedings and trial practice, a process in which the prosecution presents information it has uncovered to the defense. This information may include potential witnesses, reports resulting from the investigation, evidence, and so on. During an investigation, discovery refers to:
discretionary access control
A means of restricting access to objects based on the identity and need-to-know of the user, process, and/or groups to which they belong. The controls are discretionary in the sense that a subject that has certain access permissions is capable of passing that permission (perhaps indirectly) on to any other subject. Compare with mandatory access control.
disk image backup
Conducting a bit-level copy, sector by sector, of a disk, which provides the capability to examine slack space, undeleted clusters, and, possibly, deleted files.
Distributed Component Object Model (DCOM)
A distributed object model that is similar to the Common Object Request Broker Architecture (CORBA). DCOM is the distributed version of COM that supports remote objects as if the objects reside in the client’s address space. A COM client can access a COM object through the use of a pointer to one of the object’s interfaces and then invoke methods through that pointer.
Distributed Queue Dual Bus (DQDB)
The IEEE 802.6 standard that provides full-duplex 155 Mbps operation between nodes in a metropolitan area network.
A form of routing wherein each router on the network periodically identifies neighboring nodes, updates its routing table, and, with this information, sends its routing table to all of its neighbors. Because each node follows the same process, complete network topology information propagates through the network and eventually reaches each node.
See Defense Information Technology Systems Certification and Accreditation Process.
U.S. Department of Defense.
DoD Trusted Computer System Evaluation Criteria (TCSEC)
A document published by the National Computer Security Center containing a uniform set of basic requirements and evaluation classes for assessing degrees of assurance in the effectiveness of hardware and software security controls built into systems. These criteria are intended for use in the design and evaluation of systems that process and/or store sensitive or classified data. This document is Government Standard DoD 5200.28-STD and is frequently referred to as “The Criteria” or “The Orange Book.”
U.S. Department of Justice.
The unique context (for example, access control parameters) in which a program is operating; in effect, the set of objects that a subject has the ability to access. See process and subject.
Security level S1 is said to dominate security level S2 if the hierarchical classification of S1 is greater than or equal to that of S2 and if the nonhierarchical categories of S1 include all those of S2 as a subset.
Denial of Service attack.
Degausser Products List.
Descriptive Top-Level Specification.
The care which an ordinary prudent person would have exercised under the same or similar circumstances. The terms due care and reasonable care are used interchangeably.
Dynamic Host Configuration Protocol (DHCP)
A protocol that issues IP addresses automatically within a specified range to devices such as PCs when they are first powered on. The device retains the use of the IP address for a specific license period that the system administrator can define.
Extensible Authentication Protocol. Cisco proprietary protocol for enhanced user authentication and wireless security management.
Extended Binary-Coded Decimal Interchange Code. An 8-bit character representation developed by IBM in the early 1960s.
Elliptic curve cryptography.
Elliptic curve digital signature algorithm.
A cooperative, worldwide signal intelligence system that is run by the NSA of the United States, the Government Communications Head Quarters (GCHQ) of England, the Communications Security Establishment (CSE) of Canada, the Australian Defense Security Directorate (DSD), and the General Communications Security Bureau (GCSB) of New Zealand.
Electronic Communications Privacy Act (ECPA) of 1986
An act that prohibited eavesdropping or the interception of message contents without distinguishing between private and public systems.
Electronic Data Interchange (EDI)
A service that provides communications for business transactions. ANSI standard X.12 defines the data format for EDI.
A term that refers to the transfer of backup data to an offsite location. This process is primarily a batch process of dumping the data through communications lines to a server at an alternate location.
Electronics Industry Association (EIA)
A U.S. standards organization that represents a large number of electronics firms.
See compromising emanations.
A system that performs or controls a function, either in whole or in part, as an integral element of a larger system or subsystem.
Synonymous with contingency plan.
emission(s) security (EMSEC)
The protection resulting from all measures taken to deny unauthorized persons information of value derived from the intercept and analysis of compromising emanations from crypto-equipment or an IT system.
See emissions security.
To make the message unintelligible to all but the intended recipients.
Endorsed Tools List (ETL)
The list of formal verification tools endorsed by the NCSC for the development of systems that have high levels of trust.
Encrypted information sent from the point of origin to the final destination. In symmetric-key encryption, this process requires the sender and the receiver to have the identical key for the session.
Enhanced Hierarchical Development Methodology
An integrated set of tools designed to aid in creating, analyzing, modifying, managing, and documenting program specifications and proofs. This methodology includes a specification parser and typechecker, a theorem prover, and a multilevel security checker. Note: This methodology is not based upon the Hierarchical Development Methodology.
The deliberate planting of apparent flaws in a system for the purpose of detecting attempted penetrations.
The aggregate of external procedures, conditions, and objects that affect the development, operation, and maintenance of a system.
Evaluated Products List.
A process by which a signal recorded on magnetic media is removed. Erasure is accomplished in two ways: (1) by alternating-current erasure, in which the information is destroyed when an alternating high and low magnetic field is applied to the media; or (2) by direct-current erasure, in which the media is saturated by applying a unidirectional magnetic field.
An industry-standard local area network media access method that uses a bus topology and CSMA/CD. IEEE 802.3 is a standard that specifies Ethernet.
A component that provides Ethernet connections among multiple stations sharing a common collision domain. Also referred to as a shared Ethernet hub.
More intelligent than a hub, with the capability to connect the sending station directly to the receiving station.
Endorsed Tools List.
European Telecommunications Standards Institute.
Evaluated Products List (EPL)
A list of equipment, hardware, software, and/or firmware that has been evaluated against, and found to be technically compliant at, a particular level of trust with the DoD TCSEC by the NCSC. The EPL is included in the National Security Agency Information Systems Security Products and Services Catalogue, which is available through the Government Printing Office (GPO).
Assessment of an IT product or system against defined security functional and assurance criteria performed by a combination of testing and analytic techniques.
Evaluation Assurance Level (EAL)
In the Common Criteria, the degree of examination of the product to be tested. EALs range from EA1 (functional testing) to EA7 (detailed testing and formal design verification). Each numbered package represents a point on the CCs predefined assurance scale. An EAL can be considered a level of confidence in the security functions of an IT product or system.
evolutionary program strategies
Generally characterized by design, development, and deployment of a preliminary capability that includes provisions for the evolutionary addition of future functionality and changes as requirements are further defined (DoD Directive 5000.1).
One of several states in which a system can operate, and the only one in which certain privileged instructions can be executed. Such instructions cannot be executed when the system is operating in other (for example, user) states. Synonymous with supervisor state.
exigent circumstances doctrine
Specifies that a warrantless search and seizure of evidence can be conducted if there is probable cause to suspect criminal activity or destruction of evidence.
expert system shell
An off-the-shelf software package that implements an inference engine, a mechanism for entering knowledge, a user interface, and a system to provide explanations of the reasoning used to generate a solution. It provides the fundamental building blocks of an expert system and supports the entering of domain knowledge.
Any information channel that is usable or detectable by subjects that are external to the trusted computing base, whose purpose is to violate the security policy of the system. See covert channel.
An instance of being exposed to losses from a threat.
Operations automatically switching over to a backup system when one system/application fails.
A term that refers to the automatic protection of programs and/or processing systems to maintain safety when a hardware or software failure is detected in a system.
A term that refers to a system that preserves a secure state during and after identified failures occur.
A term that refers to the selective termination of affected nonessential processing when a hardware or software failure is detected in a system.
An unauthorized and usually inadvertent access to data resulting from a hardware or software failure in the system.
The methodology that is used to detect and provide fail-safe or fail-soft recovery from hardware and software failures in a system.
A condition that causes a device or system component to fail to perform in a required manner.
Systems designed without redundancy; in the event of failure, they result in a slightly longer downtime.
Federal Communications Commission.
Frequency division multiple access. A spectrum-sharing technique whereby the available spectrum is divided into a number of individual radio channels.
Federal Intelligence Surveillance Act (FISA) of 1978
An act that limited wiretapping for national security purposes as a result of the Nixon Administration’s history of using illegal wiretaps.
A system-provided restriction to prevent a program from accessing data in another user’s segment of storage.
Fiber-Distributed Data Interface (FDDI)
An ANSI standard for token-passing networks. FDDI uses optical fiber and operates at 100 Mbps in dual, counter-rotating rings.
An iterated block cipher that encrypts by breaking a plaintext block into two halves and, with a subkey, applying a “round” transformation to one of the halves. The output of this transformation is then XORed with the remaining half. The round is completed by swapping the two halves.
First in, first out.
A computer that provides network stations with controlled access to sharable resources. The network operating system (NOS) is loaded on the file server, and most sharable devices, including disk subsystems and printers, are attached to it.
The aggregate of all processes and procedures in a system designed to inhibit unauthorized access, contamination, or elimination of a file.
The means by which access to computer files is limited to authorized users only.
File Transfer Protocol (FTP)
A TCP/IP protocol for file transfer.
Federal Information Processing Standard.
A network device that shields the trusted network from unauthorized users in the untrusted network by blocking certain specific types of traffic. Many types of firewalls exist, including packet filtering and stateful inspection.
Executable programs stored in nonvolatile memory.
flaw hypothesis methodology
A systems analysis and penetration technique in which specifications and documentation for the system are analyzed and then hypotheses are made regarding flaws in the system. The probability that a flaw exists, on the ease of exploiting it if it does exist, and on the extent of control or compromise that it would provide. The prioritized list is used to direct a penetration attack against the system.
See information flow control.
frequency modulation (FM)
A method of transmitting information over a radio wave by changing frequencies.
formal access approval
Documented approval by a data owner to allow access to a particular category of information.
Formal Development Methodology
A collection of languages and tools that enforces a rigorous method of verification. This methodology uses the Ina Jo specification language for successive stages of system development, including identification and modeling of requirements, high-level design, and program design.
A complete and convincing mathematical argument presenting the full logical justification for each proof step for the truth of a theorem or set of theorems.
formal security policy model
A mathematically precise statement of a security policy. To be adequately precise, such a model must represent the initial state of a system, the way in which the system progresses from one state to another, and a definition of a secure state of the system. To be acceptable as a basis for a TCB, the model must be supported by a formal proof that if the initial state of the system satisfies the definition of a secure state and if all assumptions required by the model hold, then all future states of the system will be secure. Some formal modeling techniques include state transition models, denotational semantics models, and algebraic specification models. See Bell-LaPadula model.
Formal Top-Level Specification (FTLS)
A top-level specification that is written in a formal mathematical language to enable theorems showing the correspondence of the system specification to its formal requirements to be hypothesized and formally proven.
The process of using formal proofs to demonstrate the consistency between a formal specification of a system and a formal security policy model (design verification) or between the formal specification and its high-level program implementation (implementation verification).
The reasoning approach that can be used when a small number of solutions exist relative to the number of inputs. The input data is used to reason “forward” to prove that one of the possible solutions in a small solution set is correct.
A 64 Kbps increment of a T1 frame.
A packet-switching interface that operates at data rates of 56 Kbps to 2 Mbps. Frame relay is minus the error control overhead of X.25, and it assumes that a higher-layer protocol will check for transmission errors.
frequency division multiple access (FDMA)
A digital radio technology that divides the available spectrum into separate radio channels. Generally used in conjunction with time division multiple access (TDMA) or code division multiple access (CDMA).
frequency hopping multiple access (FHMA)
A system using frequency hopping spread spectrum (FHSS) to permit multiple, simultaneous conversations or data sessions by assigning different hopping patterns to each.
frequency hopping spread spectrum (FHSS)
A method used to share the available bandwidth in 802.11b WLANs. FHSS takes the data signal and modulates it with a carrier signal that hops from frequency to frequency on a cyclical basis over a wide band of frequencies. FHSS in the 2.4 GHz frequency band will hop between 2.4 GHz and 2.483 GHz. The receiver must be set to the same hopping code.
frequency shift keying (FSK)
A modulation scheme for data communications using a limited number of discrete frequencies to convey binary information.
front-end security filter
A security filter, which could be implemented in hardware or software, that is logically separated from the remainder of the system in order to protect the system’s integrity.
Formal Top-Level Specification.
A programming method that uses only mathematical functions to perform computations and solve problems.
The segment of security testing in which the advertised security mechanisms of the system are tested, under operational conditions, for correct operation.
A network component that provides interconnectivity at higher network layers.
Part of the general class known as evolutionary computing, which uses the Darwinian principles of survival of the fittest, mutation, and the adaptation of successive generations of populations to their environment. The genetic algorithm implements this process through iteration of generations of a constant-size population of items or individuals.
gigabyte (GB, GByte)
A unit of measure for memory or disk storage capacity; usually 1,073,741,824 bytes.
A measure of frequency; 109 hertz.
Global System for Mobile (GSM) communications
The wireless analog of the ISDN landline system.
Government off-the-shelf software.
governing security requisites
Those security requirements that must be addressed in all systems. These requirements are set by policy, directive, or common practice set; for example, by EO, OMB, the OSD, a military service, or a DoD agency. Those requirements are typically high-level. Although implementation will vary from case to case, those requisites are fundamental and shall be addressed.
Gramm-Leach-Bliley (GLB) Act of November 1999
An act that removes Depression-era restrictions on banks that limited certain business activities, mergers, and affiliations. It repeals the restrictions on banks affiliating with securities firms contained in sections 20 and 32 of the Glass-Steagall Act. GLB became effective on November 13, 2001. GLB also requires health plans and insurers to protect member and subscriber data in electronic and other formats. These health plans and insurers will fall under new state laws and regulations that are being passed to implement GLB because GLB explicitly assigns enforcement of the health plan and insurer regulations to state insurance authorities (15 U.S.C. § 6805). Some of the privacy and security requirements of Gramm-Leach-Bliley are similar to those of HIPAA.
grand design program strategies
Characterized by acquisition, development, and deployment of the total functional capability in a single increment.
An expression of the relative size of a data object; for example, protection at the file level is considered coarse granularity, whereas protection at the field level is considered to be of a finer granularity.
A processor that provides a filter between two disparate systems operating at different security levels or between a user terminal and a database in order to filter out data that the user is not authorized to access.
Gypsy Verification Environment
An integrated set of tools for specifying, coding, and verifying programs written in the Gypsy language - a language similar to Pascal that has both specification and programming features. This methodology includes an editor, a specification processor, a verification condition generator, a user-directed theorem prover, and an information flow tool.
A dialogue between two entities (for example, a user and a computer, a computer and another computer, or a program and another program) for the purpose of identifying and authenticating the entities to one another.
A unit of frequency measurement; one cycle of a periodic event per second. Used to measure frequency.
Hierarchical Development Methodology
A methodology for specifying and verifying the design programs written in the Special specification language. The tools for this methodology include the Special specification processor, the Boyer-Moore theorem prover, and the Feiertag information flow tool.
high-level data link control
An ISO protocol for link synchronization and error control.
See Kennedy-Kassebaum Act of 1996.
A time-sharing computer accessed via terminals or terminal emulation; a computer to which an expansion device attaches.
host to front-end protocol
A set of conventions governing the format and control of data that is passed from a host to a front-end machine.
Hypertext Transfer Protocol.
Hypertext Markup Language (HTML)
A standard used on the Internet for defining hypertext links between documents.
Identification and authentication.
Inquiry access code; used in inquiry procedures. The IAC can be one of two types: a dedicated IAC for specific devices or a generic IAC for all devices.
Information Assurance Support Environment.
In accordance with.
See identity-based encryption.
Integrity check value. In WEP encryption, the frame is run through an integrity algorithm, and the generated ICV is placed at the end of the encrypted data in the frame. Then the receiving station runs the data through its integrity algorithm and compares it to the ICV received in the frame. If it matches, the unencrypted frame is passed to the higher layers. If it does not match, the frame is discarded.
Common abbreviation for “identifier” or “identity.”
The process that enables a system to recognize an entity, generally by the use of unique machine-readable user names.
The IBE concept proposes that any string can be used as an individual’s public key, including his or her e-mail address.
Intrusion detection system.
Internet Engineering Task Force.
Internet key exchange.
Synonymous with spoofing.
incomplete parameter checking
A system design flaw that results when all parameters have not been fully examined for accuracy and consistency, thus making the system vulnerable to penetration.
incremental program strategies
Characterized by acquisition, development, and deployment of functionality through a number of clearly defined system “increments” that stand on their own.
The ability to positively associate the identity of a user with the time, method, and degree of access to a system.
industrial, scientific, and medicine (ISM) bands
Radio frequency bands authorized by the Federal Communications Commission (FCC) for wireless LANs. The ISM bands are located at 902 MHz, 2.400 GHz, and 5.7 GHz. The transmitted power is commonly less than 600mW, but no FCC license is required.
A component of an artificial intelligence system that takes inputs and uses a knowledge base to infer new facts and solve a problem.
The term used to bound information and tie it to an information security policy.
information flow control
A procedure undertaken to ensure that information transfers within a system are not made from a higher security level object to an object of a lower security level. See covert channel, simple security property, and * property (or star property). Synonymous with data flow control and flow control.
information flow model
Information security model in which information is categorized into classes, and rules define how information can flow between the classes.
information security policy
The aggregate of public law, directives, regulations, and rules that regulate how an organization manages, protects, and distributes information. For example, the information security policy for financial data processed on DoD systems may be in U.S.C., E.O., DoD Directives, and local regulations. The information security policy lists all the security requirements applicable to specific information.
information system (IS)
Any telecommunications or computer-related equipment or interconnected systems or subsystems of equipment that is used in the acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of voice and/or data; includes software, firmware, and hardware.
information system security officer (ISSO)
The person who is responsible to the DAA for ensuring that security is provided for and implemented throughout the life cycle of an AIS, from the beginning of the concept development plan through its design, development, operation, maintenance, and secure disposal. In C&A, the person responsible to the DAA for ensuring the security of an IT system is approved, operated, and maintained throughout its life cycle in accordance with the SSAA.
Information Systems Security Products and Services Catalogue
A catalogue issued quarterly by the National Security Agency that incorporates the DPL, EPL, ETL, PPL, and other security product and service lists. This catalogue is available through the U.S. Government Printing Office, Washington, DC 20402.
information technology (IT)
The hardware, firmware, and software used as part of the information system to perform DoD information functions. This definition includes computers, telecommunications, automated information systems, and automatic data processing equipment. IT includes any assembly of computer hardware, software, and/or firmware configured to collect, create, communicate, compute, disseminate, process, store, and/or control data or information.
information technology security (ITSEC)
Protection of information technology against unauthorized access to or modification of information, whether in storage, processing, or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats. Protection and maintenance of confidentiality, integrity, availability, and accountability.
Information System Security.
infrared (IR) light
Light waves that range in length from about 0.75 to 1000 microns; this is a lower frequency range than the visible colors but a higher frequency range than radio waves.
A security management approach that considers information systems and their computing environment as a single entity.
The property of object-oriented programming whereby all the methods of one class, called a superclass, automatically also work for objects of a subclass derived from the superclass. Thus, all messages understood by the superclass are understood by the subclass.
Institute of Electrical and Electronic Engineers (IEEE)
A United States–based standards organization participating in the development of standards for data transmission systems. The IEEE has made significant progress in the establishment of standards for LANs, namely the IEEE 802 series.
Integrated Services Digital Network (ISDN)
A collection of CCITT standards specifying WAN digital transmission services. The overall goal of ISDN is to provide a single physical network outlet and transport mechanism for the transmission of all types of information, including data, video, and voice.
Testing process used to verify the interface among network components as the components are installed. The installation crew should integrate components into the network one by one and perform integration testing when necessary to ensure proper gradual integration of components.
An organization or individual that unites, combines, or otherwise incorporates information system components with another system(s).
(1) A term that refers to a sound, unimpaired, or perfect condition. (2) Quality of an IT system reflecting the logical correctness and reliability of the operating system; the logical completeness of the hardware and software implementing the protection mechanisms; and the consistency of the data structures and occurrence of the stored data. It is composed of data integrity and system integrity.
See Denial of Service.
Interface Definition Language (IDL)
A standard interface language that is used by clients to request services from objects.
internal security controls
Hardware, firmware, and software features within a system that restrict access to resources (hardware, software, and data) to authorized subjects only (persons, programs, or devices).
International Organization for Standardization (ISO)
A nontreaty organization active in the development of international standards, such as the Open Systems Interconnect (OSI) network architecture.
International Telecommunications Union (ITU)
An intergovernmental agency of the United States responsible for making recommendations and standards regarding telephone and data communications systems for public and private telecommunication organizations and for providing coordination for the development of international standards.
International Telegraph and Telephone Consultative Committee (CCITT)
An international standards organization that is part of the ITU and is dedicated to establishing effective and compatible telecommunications among members of the United Nations. CCITT develops the widely used V-series and X-series standards and protocols.
The largest network in the world. The successor to ARPANET, the Internet includes other large internetworks. The Internet uses the TCP/IP protocol suite and connects universities, government agencies, and individuals around the world.
Internet Protocol (IP)
The Internet standard protocol that defines the Internet datagram as the information unit passed across the Internet. IP provides the basis of a best-effort packet delivery service. The Internet protocol suite is often referred to as TCP/IP because IP is one of the two fundamental protocols, the other being the Transfer Control Protocol.
Internetwork Packet Exchange (IPX)
NetWare protocol for the exchange of message packets on an internetwork. IPX passes application requests for network services to the network drives and then to other workstations, servers, or devices on the internetwork.
Secure Internet Protocol.
See Information System.
Type of synchronization whereby information frames are sent at specific times.
The containment of subjects and objects in a system in such a way that they are separated from one another as well as from the protection controls of the operating system.
Internet service provider.
Information systems security engineering/engineer.
See information system security officer.
See information technology.
Industrial Telecommunications Association.
See information technology security.
Initialization vector; for WEP encryption.
joint application design (JAD)
A parallel team design process simultaneously defining requirements composed of users, sales people, marketing staff, project managers, analysts, and engineers. Members of this team are used to simultaneously define requirements.
Kennedy-Kassebaum Health Insurance Portability and Accountability Act (HIPAA) of 1996
A set of regulations that mandates the use of standards in health care record keeping and electronic transactions. The act requires that health care plans, providers, insurers, and clearinghouses do the following:
A trusted, third-party authentication protocol that was developed under Project Athena at MIT. In Greek mythology, Kerberos is a three-headed dog that guards the entrance to the underworld. Using symmetric-key cryptography, Kerberos authenticates clients to other entities on a network of which a client requires services.
Information or sequence that controls the enciphering and deciphering of messages. Also known as a cryptovariable. Used with a particular algorithm to encipher or decipher the plaintext message.
A situation in which a plaintext message generates identical ciphertext messages by using the same transformation algorithm but with different cryptovariables.
A set of subkeys derived from a secret key.
kilobyte (KB, Kbyte)
A unit of measurement of memory or disk storage capacity; a data unit of 210 (1024) bytes.
A unit of frequency measurement equivalent to 1000 Hertz.
knowledge acquisition system
The means of identifying and acquiring the knowledge to be entered into an expert system’s knowledge base.
Refers to the rules and facts of the particular problem domain in an expert system.
The principle that requires each subject to be granted the most restrictive set of privileges needed for the performance of authorized tasks. The application of this principle limits the damage that can result from accident, error, or unauthorized use.
legacy information system
An operational information system that existed before the implementation of the DITSCAP.
light-emitting diode (LED)
Used in conjunction with optical fiber, an LED emits incoherent light when current is passed through it. Its advantages include low cost and long lifetime, and it is capable of operating in the Mbps range.
Synonymous with access control.
limited fault tolerance
Specifies against what type of failures the Target of Evaluation (TOE) must be resistant. Examples of general failures are flooding of the computer room, short-term power interruption, breakdown of a CPU or host, software failure, or buffer overflow. Requires all functions to be available if a specified failure occurs.
Link Access Procedure
An ITU error correction protocol derived from the HDLC standard.
Each entity has keys in common with its two neighboring nodes in the chain of transmission. Thus, a node receives the encrypted message from its predecessor neighboring node, decrypts it, and reencrypts it with another key that is common to the successor node. Then, the encrypted message is sent on to the successor node, where the process is repeated until the final destination is reached. Obviously, this mode provides no protection if the nodes along the transmission path are subject to compromise.
A computer protection system in which each protected object has a list of all subjects that are authorized to access it. Compare ticket-oriented.
Logical Link Control; the IEEE layer 2 protocol.
local area network (LAN)
A network that interconnects devices in the same office, floor, building, or close buildings.
lock-and-key protection system
A protection system that involves matching a key or password with a specific access requirement.
A resident computer program that triggers the perpetration of an unauthorized act when particular states of the system are realized.
Logical Link Control layer
The highest layer of the IEEE 802 reference model; provides similar functions to those of a traditional data link control protocol.
An error of omission or oversight in software or hardware that permits circumventing the system security policy.
(1) Mandatory access control if used in the context of a type of access control. (2) The media access control address assigned to a network interface card on an Ethernet network.
A measure of the magnetic flux density that remains after removal of the applied magnetic force. Refers to any data remaining on magnetic storage media after removal of the power.
A type of gateway that interconnects dissimilar e-mail systems.
The organization or individual that maintains the information system.
Special instructions in software to enable easy maintenance and additional feature development. These instructions are not clearly defined during access for design specification. Hooks frequently enable entry into the code at unusual points or without the usual checks, so they are serious security risks if they are not removed prior to live implementation. Maintenance hooks are special types of back doors.
The organization that keeps an IT system operating in accordance with prescribed laws, policies, procedures, and regulations. In the case of a contractor-maintained system, the maintenance organization is the government organization responsible for, or sponsoring the operation of, the IT system.
Hardware, software, or firmware that is intentionally included in a system for an unauthorized purpose (for example, a Trojan horse).
Metropolitan area network.
management information base (MIB)
A collection of managed objects residing in a virtual information store.
mandatory access control (MAC)
A means of restricting access to objects based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (in other words, clearance) of subjects to access information of such sensitivity. Compare discretionary access control.
Microsoft’s mail application programming interface.
media access control (MAC)
An IEEE 802 standards sublayer used to control access to a network medium, such as a wireless LAN. Also deals with collision detection. Each computer has its own unique MAC address.
The Data Link Layer function that controls how devices access a shared medium. IEEE 802.11 uses either CSMA/CA or contention-free access modes. Also, a data link function that controls the use of a common network medium.
megabits per second (Mbps)
One million bits per second.
megabyte (MB, Mbyte)
A unit of measurement for memory or disk storage capacity; usually 1,048,576 bytes.
A measure of frequency equivalent to one million cycles per second.
An intermediate software component located on the wired network between the wireless appliance and the application or data residing on the wired network. Middleware provides appropriate interfaces between the appliance and the host application or server database.
The assigned duties to be performed by a resource.
A protocol developed by the IETF that enables users to roam to parts of the network associated with a different IP address than the one loaded in the user’s appliance. Also refers to any mobile device that contains the IEEE 802.11 MAC and physical layers.
modes of operation
A description of the conditions under which an AIS functions, based on the sensitivity of data processed and the clearance levels and authorizations of the users. Four modes of operation are authorized:
(1) The process of translating a digital signal to a suitable analog form. (2) Any of several techniques for combining user information with a transmitter’s carrier signal.
Most significant bit.
A device that is used in a manner that permits it to simultaneously process data of two or more security levels without risk of compromise. To accomplish this, sensitivity labels are normally stored on the same physical medium and in the same form (for example, machine-readable or human-readable) as the data being processed.
A class of system containing information with different sensitivities that simultaneously permits access by users with different security clearances and needs-to-know but that prevents users from obtaining access to information for which they lack authorization.
multilevel security mode
See modes of operation.
The signal variation caused when radio signals take multiple paths from transmitter to receiver.
A type of fading caused by signals taking different paths from the transmitter to the receiver and consequently interfering with each other.
multiple access rights terminal
A terminal that can be used by more than one class of users; for example, users who have different access rights to data.
In object-oriented programming, a situation in which a subclass inherits the behavior of multiple superclasses.
A network component that combines multiple signals into one composite signal in a form suitable for transmission over a long-haul connection, such as leased 56 Kbps or T1 circuits.
multistation access unit (MAU)
A multiport wiring hub for token-ring networks.
multiuser mode of operation
A mode of operation designed for systems that process sensitive, unclassified information in which users might not have a need-to-know for all information processed in the system. This mode is also used for microcomputers processing sensitive unclassified information that cannot meet the requirements of the stand-alone mode of operation.
Musical Instrument Digital Interface (MIDI)
A standard protocol for the interchange of musical information between musical instruments and computers.
A state that exists between interacting processes (subsystems or programs) in which neither process can expect the other process to function securely with respect to some property.
Multiplexing sublayer; a sublayer of the L2CAP layer.
NACK or NAK
Negative acknowledgement. This can be a deliberate signal that the message was received in error or it can be inferred by a time out.
National Computer Security Assessment Program
A program designed to evaluate the interrelationship of the empirical data of computer security infractions and critical systems profiles while comprehensively incorporating information from the CSTVRP. The assessment builds threat and vulnerability scenarios that are based on a collection of facts from relevant reported cases. Such scenarios are a powerful, dramatic, and concise form of representing the value of loss experience analysis.
National Computer Security Center (NCSC)
Originally named the DoD Computer Security Center, the NCSC is responsible for encouraging the widespread availability of trusted computer systems throughout the federal government. It is a branch of the National Security Agency (NSA) that also initiates research and develops and publishes standards and criteria for trusted information systems.
National Information Assurance Certification and Accreditation Process (NIACAP)
A standard set of activities, general tasks, and a management structure to certify and accredit systems that will maintain the information assurance and security posture of a system or site. The NIACAP is designed to certify that the information system meets documented accreditation requirements and continues to maintain the accredited security posture throughout the system life cycle.
National Security Decision Directive 145 (NSDD 145)
Signed by President Ronald Reagan on September 17, l984, this directive is entitled “National Policy on Telecommunications and Automated Information Systems Security.” It provides initial objectives, policies, and an organizational structure to guide the conduct of national activities toward safeguarding systems that process, store, or communicate sensitive information; establishes a mechanism for policy development; and assigns implementation responsibilities.
National Telecommunications and Information System Security Directives (NTISSD)
NTISS directives establish national-level decisions relating to NTISS policies, plans, programs, systems, or organizational delegations of authority. NTISSDs are promulgated by the executive agent of the government for telecommunications and information systems security or by the chairman of the NTISSC when so delegated by the executive agent. NTISSDs are binding upon all federal departments and agencies.
National Telecommunications and Information Systems Security Advisory Memoranda/Instructions (NTISSAM, NTISSI)
Provide advice, assistance, or information on telecommunications and systems security that is of general interest to applicable federal departments and agencies. NTISSAMs/NTISSIs are promulgated by the National Manager for Telecommunications and Automated Information Systems Security and are recommendatory.
See National Computer Security Center.
See nondevelopmental item.
The necessity for access to, knowledge of, or possession of specific information that is required to carry out official duties.
Network Basic Input/Output System (NetBIOS)
A standard interface between networks and PCs that enables applications on different computers to communicate within a LAN. NetBIOS was created by IBM for its early PC network, was adopted by Microsoft, and has since become a de facto industry standard. It is not routable across a WAN.
network file system (NFS)
A distributed file system enabling a set of dissimilar computers to access each other’s files in a transparent manner.
network front end
A device that implements the necessary network protocols, including security-related protocols, to enable a computer system to be attached to a network.
Network Interface Card (NIC)
A network adapter inserted into a computer that enables the computer to be connected to a network.
A form of operational support enabling network management to view the network’s inner workings. Most network-monitoring equipment is nonobtrusive and can be used to determine the network’s utilization and to locate faults.
A structured process that can help an organization proactively control the evolution of its network. Network reengineering consists of continually identifying factors influencing network changes, analyzing network modification feasibility, and performing network modifications as necessary.
network service access point (NSAP)
A point in the network where OSI network services are available to a transport entity.
See National Information Assurance Certification and Accreditation Process.
National Information Assurance Partnership.
National Institute of Standards and Technology.
Any network-addressable device on the network, such as a router or Network Interface Card. Any network station.
nondevelopmental item (NDI)
Any item that is available in the commercial marketplace; any previously developed item that is in use by a department or agency of the federal, a state, or a local government, or a foreign government with which the United States has a mutual defense cooperation agreement; any such item that requires only minor modifications in order to meet the requirements of the procuring agency; or any item that is currently being produced that does not meet the requirements of these definitions solely because the item is not yet in use or is not yet available in the commercial marketplace.
The inability of a sender to deny sending a message.
The information security model that addresses a situation wherein one group is not affected by another group using specific commands.
National Security Agency.
See National Security Decision Directive 145.
National Security Telecommunications and Information Systems Security.
The National Telecommunications and Information Systems Security Committee.
Number Field Sieve (NFS)
A general-purpose factoring algorithm that can be used to factor large numbers.
A passive entity that contains or receives information. Access to an object potentially implies access to the information that it contains. Examples of objects include records, blocks, pages, segments, files, directories, directory trees, and programs, as well as bits, bytes, words, fields, processors, video displays, keyboards, clocks, printers, and network nodes.
Object Request Broker (ORB)
The fundamental building block of the Object Request Architecture (ORA), which manages the communications among the ORA entities. The purpose of the ORB is to support the interaction of objects in heterogeneous, distributed environments. The objects may be on different types of computing platforms.
The reassignment and reuse of a storage medium (for example, page frame, disk sector, and magnetic tape) that once contained one or more objects. To be securely reused and assigned to a new subject, storage media must contain no residual data (data remanence) from the object(s) that were previously contained in the media.
Services that support the ORB in creating and tracking objects as well as performing access control functions.
Orthogonal frequency division multiplexing; a set of frequency-hopping codes that never use the same frequency at the same time. Used in IEEE 802.11a for high-speed data transfer.
Office of Management and Budget.
Encipherment operation performed using each component ki of the key, K, only once to encipher a single character of the plaintext. Therefore, the key has the same length as the message. The popular interpretation of one-time pad is that the key is used only once and never used again. Ideally, the components of the key are truly random and have no periodicity or predictability, making the ciphertext unbreakable.
Open Database Connectivity (ODBC)
A standard database interface enabling interoperability between application software and multivendor ODBC-compliant databases.
Open Data-Link Interface (ODI)
Novell’s specification for Network Interface Card device drivers, allowing simultaneous operation of multiple protocol stacks.
Open security environment
An environment that includes those systems in which at least one of the following conditions holds true: (l) application developers (including maintainers) do not have sufficient clearance or authorization to provide an acceptable presumption that they have not introduced malicious logic, and (2) configuration control does not provide sufficient assurance that applications are protected against the introduction of malicious logic prior to and during the operation of system applications.
Open Shortest Path First (OSPF)
A TCP/IP routing protocol that bases routing decisions on the least number of hops from source to destination.
Open system authentication
The IEEE 802.11 default authentication method, which is a very simple, two-step process: (1) The station that wants to authenticate with another station sends an authentication management frame containing the sending station’s identity. (2) The receiving station then sends back a frame indicating whether it recognizes the identity of the authenticating station.
Open Systems Interconnect (OSI)
An ISO standard specifying an open system capable of enabling communications between diverse systems. OSI has the following seven layers of distinction: Physical, Data Link, Network, Transport, Session, Presentation, and Application. These layers provide the functions that enable standardized communications between two application processes.
Controls over hardware, media, and operators who have access; protects against asset threats, baseline, or selective mechanisms.
Operations Security (OPSEC)
An analytical process by which the U.S. government and its supporting contractors can deny to potential adversaries information about capabilities and intentions by identifying, controlling, and protecting evidence of the planning and execution of sensitive activities and operations.
An individual who supports system operations from the operator’s console, monitors execution of the system, controls the flow of jobs, and mounts input/output volumes. The operator must be alert for shoulder surfing.
See Operations Security.
Alternate name for DoD Trusted Computer Security Evaluation Criteria.
Original equipment manufacturer (OEM)
A manufacturer of products for integration in other products or systems.
Commonly used abbreviation for operating system.
Office of the Secretary of Defense.
Other program strategies
Strategies intended to encompass variations and/or combinations of the grand design, incremental, evolutionary, or other program strategies (DoD Directive 5000.1).
A path within a computer system or network that is designed for the authorized transfer of data. Compare with covert channel.
A stimulation to change the state of a bit followed by a known pattern. See magnetic remanence.
A basic message unit for communication across a network. A packet usually includes routing information, data, and (sometimes) error-detection information.
(1) A network that routes data packets based on an address contained in the data packet is said to be a packet-switched network. Multiple data packets can share the same network resources. (2) A communications network that uses shared facilities to route data packets from and to different users. Unlike a circuit-switched network, a packet-switched network does not set up dedicated circuits for each session.
Acronym for packet assembly/disassembly.
Partitioned security mode
A mode of operation wherein all personnel have the clearance but not necessarily the formal access approval and need-to-know for all information contained in the system. Not to be confused with compartmented security mode.
A protected/private character string that is used to authenticate an identity.
Personal Computer Memory Card International Association. The industry group that defines standards for PC Cards (and the name applied to the cards themselves). These roughly credit card–sized adapters for memory and modem cards come in three thicknesses: 3.3, 5, and 10.5 mm.
Public data network.
Personal electronic device.
A network in which a group of devices can communicate among a group of equal devices. A peer-to-peer LAN does not depend upon a dedicated server but allows any node to be installed as a nondedicated server and share its files and peripherals across the network.
A device that records all the numbers dialed from a specific telephone line.
The successful act of bypassing a system’s security mechanisms.
The characteristics or identifying marks that might be produced by a penetration.
A study to determine the feasibility and methods for defeating the controls of a system.
The portion of security testing in which the evaluators attempt to circumvent the security features of a system. The evaluators might be assumed to use all system design and implementation documentation, which can include listings of system source code, manuals, and circuit diagrams. The evaluators work under the same constraints that are applied to ordinary users.
The use of simulation software to predict network behavior, allowing developers to perform capacity planning. Simulation makes it possible to model the network and impose varying levels of utilization to observe the effects.
Activity that tracks network performance during normal operations. Performance monitoring includes real-time monitoring, during which metrics are collected and compared against thresholds; recent-past monitoring, in which metrics are collected and analyzed for trends that may lead to performance problems; and historical data analysis, in which metrics are collected and stored for later analysis.
The processing of various levels of sensitive information at distinctly different times. Under periods processing, the system must be purged of all information from one processing period before transitioning to the next, when there are different users who have differing authorizations.
A description of the type of authorized interactions that a subject can have with an object. Examples of permissions types include read, write, execute, add, modify, and delete.
A method of encrypting a message, also known as transposition; operates by rearranging the letters of the plaintext.
(1) The procedures that are established to ensure that all personnel who have access to sensitive information possess the required authority as well as appropriate clearances. (2) Procedures to ensure a person’s background; provides assurance of necessary trustworthiness.
Pretty Good Privacy; a form of encryption.
Physical Layer (PHY)
The layer of the OSI model that provides the transmission of bits through a communication channel by defining electrical, mechanical, and procedural specifications. It establishes protocols for voltage and data transmission timing and rules for “handshaking.”
The application of physical barriers and control procedures as preventive measures or countermeasures against threats to resources and sensitive information.
A collection of devices connected via Bluetooth technology in an ad hoc fashion. A piconet starts with two connected devices, such as a portable PC and a cellular phone, and can grow to eight connected devices.
Gaining unauthorized access to a system via another user’s legitimate connection. See between-the-lines entry. Also, an unauthorized person following an authorized person through a controlled door before it closes.
In computer architecture, a design in which the decode and execution cycles of one instruction are overlapped in time with the fetch cycle of the next instruction.
Plain old telephone system (POTS)
The original analog telephone system, which is still in widespread use today.
Message text in clear, human-readable form.
Platform for Privacy Preferences (P3P)
Proposed standards developed by the World Wide Web Consortium (W3C) to implement privacy practices on Web sites.
Point-to-Point Protocol (PPP)
A protocol that provides router-to-router and host-to-network connections over both synchronous and asynchronous circuits. PPP is the successor to SLIP.
Defines network connectivity that can be easily established, used, and then dismantled.
See Preferred Products List.
Pseudorandom bit sequence.
Preferred Products List (PPL)
A list of commercially produced equipment that meets TEMPEST and other requirements prescribed by the National Security Agency. This list is included in the NSA Information Systems Security Products and Services Catalogue, issued quarterly and available through the Government Printing Office.
The layer of the OSI model that negotiates data transfer syntax for the Application Layer and performs translations between different data types, if necessary.
Eliminating the displaying of characters in order to preserve their secrecy; for example, not displaying a password as it is keyed at the input terminal.
See symmetric- (private-) key encryption.
A set of instructions (for example, interrupt handling or special computer instructions) to control features such as storage protection features that are generally executable only when the automated system is operating in the executive state.
Pseudorandom number generator.
Implies sequential execution of instructions based on the von Neumann architecture of a CPU, memory, and input/output device. Variables are part of the sets of instructions used to solve a particular problem, and therefore, the data is not separate from the statements.
Synonymous with administrative security.
A program in execution. See domain and subject.
The person ultimately responsible for the overall procurement, development, integration, modification, operation, and maintenance of the IT system.
Protected Health Information (PHI)
Individually identifiable health information that is:
An informal description of the overall design of a system that delineates each of the protection mechanisms employed. A combination, appropriate to the evaluation class, of formal and informal techniques is used to show that the mechanisms are adequate to enforce the security policy.
Protection Profile (PP)
In the Common Criteria, an implementation-independent specification of the security requirements and protections of a product that could be built.
One of a hierarchy of privileged modes of a system that gives certain access rights to user programs and processes authorized to operate in a given mode.
Protection-critical portions of the TCB
Those portions of the TCB (Trusted Computing Base) whose normal function is to deal with access control between subjects and objects. Their correct operation is essential to the protection of the data on the system.
A set of rules and formats, semantic and syntactic, that permits entities to exchange information.
A method of determining or verifying requirements and design specifications. The prototype normally consists of network hardware and software that support a proposed solution. The approach to prototyping is typically a trial-and-error experimental process.
An apparent loophole deliberately implanted in an operating system program as a trap for intruders.
Public-switched telephone network; the general phone network.
See asymmetric key encryption.
Public-Key Cryptography Standards (PKCS)
A set of public-key cryptography standards that supports algorithms such as Diffie-Hellman and RSA, as well as algorithm-independent standards.
Public Law 100-235 (P.L. 100-235)
Also known as the Computer Security Act of 1987, this law creates a means for establishing minimum acceptable security practices for improving the security and privacy of sensitive information in federal computer systems. This law assigns responsibility to the National Institute of Standards and Technology for developing standards and guidelines for federal computer systems processing unclassified data. The law also requires establishment of security plans by all operators of federal computer systems that contain sensitive information.
In a multilevel security system, or MLS, a one-way information flow device or data diode. In an analog to a pump operation, it permits information flow in one direction only, from a lower level of security classification or sensitivity to a higher level. The pump is a convenient approach to multilevel security in that it can be used to put together systems withdifferent security levels.
The removal of sensitive data from an AIS, AIS storage device, or peripheral device with storage capacity at the end of a processing period. This action is performed in such a way that there is assurance proportional to the sensitivity of the data that the data cannot be reconstructed. An AIS must be disconnected from any external network before a purge. After a purge, the medium can be declassified by observing the review procedures of the respective agency.
A quantum computer is based on the principles of quantum mechanics. One principle is that of superposition, which states that atomic particles can exist in multiple states at the same time. Thus the fundamental unit of information in a quantum computer, the qubit, can exist in both the 0 and 1 states simultaneously. The ability of a qubit to represent a 0 or 1 simultaneously coupled with another quantum phenomenon called quantum interference permits a quantum computer to perform calculations at drastically higher speeds than conventional computers. Quantum computers have the potential of solving problems in polynomial time that, with conventional computers, require exponential time or are currently unsolvable.
Quantum cryptography provides the means for two users of a common communication channel to create a body of shared and secret information. This data is usually a random string of bits than can be used as a secret key for secure communication. Because of its basis in quantum mechanics, quantum cryptography theoretically guarantees that the communications will always be secure and that the transmitted information cannot be intercepted.
Remote Authentication Dial-In User Service.
RSA cipher algorithm 4.
A fundamental operation that results only in the flow of information from an object to a subject.
Permission to read information.
The advance planning and preparations that are necessary to minimize loss and to ensure the availability of the critical information systems of an organization.
The actions that are necessary to restore a system’s computational capability and data files after a system failure or outage/disruption.
A document of the United States National Security Agency (NSA) defining criteria for secure networks.
Reduced Instruction Set Computer (RISC)
A computer architecture designed to reduce the number of cycles required to execute an instruction. A RISC architecture uses simpler instructions but makes use of other features, such as optimizing compilers and large numbers of general-purpose registers in the processor and data caches, to reduce the number of instructions required.
An access-control concept that refers to an abstract machine that mediates all accesses to objects by subjects.
An implementation of the reference monitor concept. A security kernel is a type of reference-validation mechanism.
The probability of a given system performing its mission adequately for a specified period of time under expected operating conditions.
–A bridge connecting networks separated by longer distances. Organizations use leased 56 Kbps circuits, T1 digital circuits, and radio waves to provide such long-distance connections among remote sites.
Refers to the parallel processing of transactions to an alternate site, as opposed to a batch dump process such as electronic vaulting. A communications line is used to transmit live data as it occurs. This enables the alternate site to be fully operational at all times and introduces a very high level of fault tolerance.
A network component that provides internetworking functionality at the Physical Layer of a network’s architecture. A repeater amplifies network signals, extending the distance they can travel.
The portion of risk that remains after security measures have been applied.
Data left in storage after processing operations are complete but before degaussing or rewriting has taken place.
The process of ensuring that a resource not be directly accessible by a subject but that it be protected so that the reference monitor can properly mediate access to it.
Any area to which access is subject to special restrictions or controls for reasons of security or safeguarding of property or material.
Request for comment, the usual type of document in which Internet standards are promulgated.
Request for proposal.
A topology in which a set of nodes are joined in a closed loop.
(1) A combination of the likelihood that a threat will occur, the likelihood that a threat occurrence will result in an adverse impact, and the severity of the resulting impact. (2) The probability that a particular threat will exploit a particular vulnerability of the system.
The process of identifying security risks, determining their magnitude, and identifying areas needing safeguards. Risk analysis is a part of risk management. Synonymous with risk assessment.
Process of analyzing threats to an IT system, vulnerabilities of a system, and the potential impact that the loss of information or capabilities of a system would have on security. The resulting analysis is used as a basis for identifying appropriate and effective measures.
The disparity between the minimum clearance or authorization of system users and the maximum sensitivity (for example, classification and categories) of data processed by a system. See the publications CSC-STD-003-85 and CSC-STD-004-85 for a complete explanation of this term.
The total process of identifying, controlling, eliminating, or minimizing uncertain events that might affect system resources. It includes risk analysis, cost-benefit analysis, selection, implementation, tests, a security evaluation of safeguards, and an overall security review.
A network component that provides internetworking at the Network Layer of a network’s architecture by allowing individual networks to become part of a WAN. A router works by using logical and physical addresses to connect two or more separate networks. It determines the best path by which to send a packet of information.
Routing Information Protocol (RIP)
A common type of routing protocol. RIP bases its routing path on the distance (number of hops) to the destination. RIP maintains optimum routing paths by sending out routing update messages if the network topology changes.
(1) A serial communications interface. (2) The ARS-232n EIA standard that specifies up to 20-Kbps, 50-foot, serial transmission between computers and peripheral devices. Serial communication standards are defined by the Electronic Industries Association (EIA).
An EIA standard specifying electrical characteristics for balanced circuits (in other words, both transmit and return wires are at the same voltage above ground). RS-422 is used in conjunction with RS-449.
An EIA standard specifying electrical characteristics for unbalanced circuits (in other words, the return wire is tied to the ground). RS-423 is used in conjunction with RS-449.
An EIA standard specifying a 37-pin connector for high-speed transmission.
An EIA standard for multipoint communications lines.
A protocol that adds digital signatures and encryption to Internet MIME (Multipurpose Internet Mail Extensions).
See security safeguards.
Subcommittee on Automated Information Systems Security of the NTISSC.
An access control–based protection mechanism. It is commonly applied to restrict the access rights of mobile code that is downloaded from a Web site as an applet. The code is set up to run in a “sandbox” that blocks its access to the local workstation’s hard disk, thus preventing the code from malicious activity. The sandbox is usually interpreted by a virtual machine such as the Java Virtual Machine (JVM).
Abbreviation for sensitive but unclassified; an information designation.
A processor that executes one instruction at a time.
Searching through object residue to acquire unauthorized data.
Sensitive Compartmented Information.
Synchronous data link control.
Secure configuration management
The set of procedures that are appropriate for controlling changes to a system’s hardware and software structure for the purpose of ensuring that changes will not lead to violations of the system’s security policy.
A condition in which no subject can access any object in an unauthorized manner.
A subsystem that contains its own implementation of the reference monitor concept for those resources it controls. The secure subsystem, however, must depend on other controls and the base operating system for the control of subjects and the more primitive system objects.
Measures and controls that ensure the confidentiality, integrity, availability, and accountability of the information processed and stored by a computer.
Security critical mechanisms
Those security mechanisms whose correct operation is necessary to ensure that the security policy is enforced.
An evaluation that is performed to assess the degree of trust that can be placed in systems for the secure handling of sensitive information. One type, a product evaluation, is an evaluation performed on the hardware and software features and assurances of a computer product from a perspective that excludes the application environment. The other type, a system evaluation, is made for the purpose of assessing a system’s security safeguards with respect to a specific operational mission; it is a major step in the certification and accreditation process.
Security fault analysis
A security analysis, usually performed on hardware at the gate level, to determine the security properties of a device when a hardware fault is encountered.
The security-relevant functions, mechanisms, and characteristics of system hardware and software. Security features are a subset of system security safeguards.
A trusted subsystem that enforces a security policy on the data that pass through it.
An error of commission or omission in a system that might enable protection mechanisms to be bypassed.
Security flow analysis
A security analysis performed on a formal system specification that locates the potential flows of information within the system.
Security functional requirements
Requirements, preferably from the Common Criteria, Part 2, that when taken together specify the security behavior of an IT product or system.
Examination of an IT system to determine compliance with security policy, procedures, and practices.
The hardware, firmware, and software elements of a Trusted Computer Base (TCB) that implement the reference monitor concept. The security kernel must mediate all accesses, must be protected from modification, and must be verifiable as correct.
A piece of information that represents the security level of an object.
The combination of a hierarchical classification and a set of nonhierarchical categories that represents the sensitivity of information.
Elements of software, firmware, hardware, or procedures that are included in a system for the satisfaction of security specifications.
A statement of intent to counter specified threats and/or satisfy specified organizational security policies and assumptions.
The boundary where security controls are in effect to protect assets.
The set of laws, rules, and practices that regulates how an organization manages, protects, and distributes sensitive information.
Security policy model
A formal presentation of the security policy enforced by the system. It must identify the set of rules and practices that regulate how a system manages, protects, and distributes sensitive information. See Bell-LaPadula model and formal security policy model.
The series of activities that monitor, evaluate, test, certify, accredit, and maintain the system accreditation throughout the system life cycle.
The highest and lowest security levels that are permitted in or on a system, system component, subsystem, or network.
The types and levels of protection that are necessary for equipment, data, information, applications, and facilities to meet security policy.
Security requirements baseline
A description of minimum requirements necessary for a system to maintain an acceptable level of security.
The protective measures and controls that are prescribed to meet the security requirements specified for a system. Those safeguards can include (but are not necessarily limited to) the following: hardware and software security features, operating procedures, accountability procedures, access and distribution controls, management constraints, personnel security, and physical structures, areas, and devices. Also called safeguards.
A detailed description of the safeguards required to protect a system.
Security Target (ST)
(1) In the Common Criteria, a listing of the security claims for a particular IT security product. (2) A set of security functional and assurance requirements and specifications to be used as the basis for evaluating an identified product or system.
Security Test and Evaluation (ST&E)
Examination and analysis of the safeguards required to protect an IT system, as they have been applied in an operational environment, to determine the security posture of that system.
A process that is used to determine that the security features of a system are implemented as designed. This process includes hands-on functional testing, penetration testing, and verification.
Information that, if lost, misused, modified, or accessed by unauthorized individuals, could affect the national interest or the conduct of federal programs or the privacy to which individuals are entitled under Section 552a of Title 5, U.S. Code, but that has not been specifically authorized under criteria established by an executive order or an act of Congress to be kept classified in the interest of national defense or foreign policy. The concept of sensitive information can apply to private-sector entities as well.
A piece of information that represents the security level of an object. Sensitivity labels are used by the TCB as the basis for mandatory access control decisions.
An interface to provide serial communications service.
Serial Line Internet Protocol (SLIP)
An Internet protocol used to run IP over serial lines and dial-up connections.
One of the seven OSI model layers. Establishes, manages, and terminates sessions between applications.
Systems Engineering, Testing, and Analysis.
A type of authentication that assumes each station has received a secret shared key through a secure channel, independent from an 802.11 network. Stations authenticate through shared knowledge of the secret key. Use of shared-key authentication requires implementation of the 802.11 Wired Equivalent Privacy (WEP) algorithm.
Viewing sensitive information by looking over the shoulder of an operator at a terminal or a person viewing documents.
Simple Mail Transfer Protocol (SMTP)
The Internet e-mail protocol.
Simple Network Management Protocol (SNMP)
The network management protocol of choice for TCP/IP-based Internets. Widely implemented with 10BASE-T Ethernet. A network management protocol that defines information transfer among management information bases (MIBs).
simple security condition
See simple security property.
simple security property
A Bell-LaPadula security model rule enabling a subject read access to an object only if the security level of the subject dominates the security level of the object. Synonymous with simple security condition.
An OS loaded without Security Front End.
An automated information systems device that is used to process data of a single security level at any one time.
Short (or small) message service.
software development methodologies
Methodologies for specifying and verifying design programs for system development. Each methodology is written for a specific computer language. See Enhanced Hierarchical Development Methodology, Formal Development Methodology, Gypsy Verification Environment, and Hierarchical Development Methodology.
The science and art of specifying, designing, implementing, and evolving programs, documentation, and operating procedures whereby computers can be made useful to man.
A set of activities, methods, and practices that are used to develop and maintain software and associated products.
software process capability
Describes the range of expected results that can be achieved by following a software process.
software process maturity
The extent to which a software process is defined, managed, measured, controlled, and effective.
software process performance
The result achieved by following a software process.
General-purpose executive, utility, or software development tools and applications programs or routines that protect data that are handled by a system.
software system test and evaluation process
A process that plans, develops, and documents the quantitative demonstration of the fulfillment of all baseline functional performance and operational and interface requirements.
An attempt to gain access to a system by posing as an authorized user. Synonymous with impersonating, masquerading, or mimicking.
See System Security Authorization Agreement.
Secure Sockets Layer.
System security officer.
An optical fiber connector that uses a bayonet plug and socket.
See Security Test and Evaluation.
stand-alone (shared system)
A system that is physically and electrically isolated from all other systems and is intended to be used by more than one person, either simultaneously (for example, a system that has multiple terminals) or serially, with data belonging to one user remaining available to the system while another user uses the system (for example, a personal computer that has nonremovable storage media, such as a hard disk).
stand-alone (single-user system)
A system that is physically and electrically isolated from all other systems and is intended to be used by one person at a time, with no data belonging to other users remaining in the system (for example, a personal computer that has removable storage media, such as a floppy disk).
See * property (or star property).
A topology wherein each node is connected to a common central switch or hub.
State Delta Verification System
A system that is designed to give high confidence regarding microcode performance by using formulae that represent isolated states of a computation to check proofs concerning the course of that computation.
A variable that represents either the state of the system or the state of some system resource.
An object that supports both read and write access.
Structured Query Language (SQL)
An international standard for defining and accessing relational databases.
Subcommittee on Telecommunications Security of NTISSC.
Subcommittee on Automated Information Systems Security
The SAISS is composed of one voting member from each organization that is represented on the NTISSC.
Subcommittee on Telecommunications Security (STS)
NSDD-145 authorizes and directs the establishment, under the NTISSC, of a permanent subcommittee on Telecommunications Security. The STS is composed of one voting member from each organization that is represented on the NTISSC.
An active entity, generally in the form of a person, process, or device, that causes information to flow among objects or that changes the system state. Technically, a process/domain pair.
subject security level
A subject’s security level is equal to the security level of the objects to which it has both read and write access. A subject’s security level must always be dominated by the clearance of the user with which the subject is associated.
A processor that allows concurrent execution of instructions in the same pipelined stage. The term superscalar denotes multiple, concurrent operations performed on scalar values, as opposed to vectors or arrays that are used as objects of computation in array processors.
See executive state.
Switched Multimegabit Digital Service (SMDS)
A packet-switching connectionless data service for WANs.
symmetric- (private-) key encryption
Cryptographic system in which the sender and receiver both know a secret key that is used to encrypt and decrypt a message.
Synchronous Optical NETwork (SONET)
A fiber-optic transmission system for high-speed digital traffic. SONET is part of the B-ISDN standard.
A type of communications data synchronization whereby frames are sent within defined time periods. It uses a clock to control the timing of bits being sent. See asynchronous transmission.
A set of interrelated components consisting of mission, environment, and architecture as a whole. Also, a data processing facility.
system development methodologies
Methodologies developed through software engineering to manage the complexity of system development. Development methodologies include software engineering aids and high-level design analysis tools.
A system subject (user or process) or object.
system high security mode
A system and all peripherals protected in accordance with (IAW) requirements for the highest security level of material in the system; personnel with access have security clearance but not a need-to-know. See modes of operation.
A characteristic of a system when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.
system low security mode
The lowest security level supported by a system at a particular time or in a particular environment.
System Security Authorization Agreement (SSAA)
A formal agreement among the DAA(s), the CA, the IT system user representative, and the program manager. It is used throughout the entire DITSCAP to guide actions, document decisions, specify ITSEC requirements, document certification tailoring and level-of-effort, identify potential solutions, and maintain operational systems security.
System Security Officer (SSO)
See Information System Security Officer.
A type of testing that verifies the installation of the entire network. Testers normally complete system testing in a simulated production environment, simulating actual users in order to ensure the network meets all stated requirements.
Systems Network Architecture (SNA)
IBM’s proprietary network architecture.
Systems Security Steering Group
The senior government body established by NSDD-145 to provide top-level review and policy guidance for the telecommunications security and automated information systems security activities of the United States government. This group is chaired by the assistant to the President for National Security Affairs and consists of the Secretary of State, Secretary of Treasury, Secretary of Defense, Attorney General, Director of the Office of Management and Budget, and Director of Central Intelligence.
A standard specifying a time division–multiplexing scheme for point-to-point transmission of digital signals at 1.544 Mbps.
Technical Architecture Framework for Information Management.
An unauthorized modification that alters the proper functioning of an equipment or system in a manner that degrades the security or functionality that it provides.
Target of Evaluation (TOE)
In the Common Criteria, TOE refers to the product to be tested.
See Trusted Computing Base.
See DoD Trusted Computer System Evaluation Criteria.
An attack that can be perpetrated by circumventing or nullifying hardware and software protection mechanisms, rather than by subverting system personnel or other users.
A hardware, firmware, communication, or software flaw that leaves a computer processing system open for potential exploitation, either externally or internally - thereby resulting in a risk to the owner, user, or manager of the system.
A virtual terminal protocol used in the Internet, enabling users to log in to a remote host. Telnet is defined as part of the TCP/IP protocol suite.
Transient ElectroMagnetic Pulse Emanations Standard, the U.S. Government standard for control of spurious compromising emanations emitted by electrical equipment; also used to refer to the investigation, study, and control of such emanations.
The means used to uniquely identify a terminal to a system.
An executable test with a specific set of input values and a corresponding expected result.
A method that is used to exploit a vulnerability in a system, operation, or facility.
The examination of all actions and events that might adversely affect a system or operation.
Any circumstance or event with the potential to cause harm to an IT system in the form of destruction, disclosure, adverse modification of data, and/or denial of service.
Formal description and evaluation of threat to an IT system.
The analysis, assessment, and review of audit trails and other data that are collected for the purpose of searching for system events that might constitute violations or attempted violations of system security.
A computer protection system in which each subject maintains a list of unforgeable bit patterns called tickets, one for each object the subject is authorized to access. Compare with list-oriented.
A password that is valid only at a certain time of day or during a specified interval of time.
time-domain reflectometer (TDR)
Mechanism used to test the effectiveness of network cabling.
Transport Layer security.
A network that uses a logical token-passing access method. In contrast to a token-passing ring, permission to transmit is usually based on the node address rather than the position in the network. A token bus network uses a common cable set, with all signals broadcast across the entire LAN.
A local area network (LAN) standard developed by IBM that uses tokens to control access to the communication medium. A token ring provides multiple access to a ring-type network.. FDDI and IEEE 802.5 are token ring standards.
A nonprocedural description of system behavior at the most abstract level; typically, a functional specification that omits all implementation details.
A description of the network’s geographical layout of nodes and links.
A security model rule stating that an object’s security level cannot change while the object is being processed by an AIS.
A device for transmitting and receiving packets between the computer and the medium.
Transmission Control Protocol (TCP)
A commonly used protocol for establishing and maintaining communications between applications on different computers. TCP provides full-duplex, acknowledged, and flow-controlled service to upper-layer protocols and applications.
Transmission Control Protocol/ Internet Protocol (TCP/IP)
A de facto, industry-standard protocol for interconnecting disparate networks. TCP/IP comprises standard protocols that define both the reliable fullduplex transport level and the connectionless, best effort unit of information passed across an internetwork.
OSI model layer that provides mechanisms for the establishment, maintenance, and orderly termination of virtual circuits while shielding the higher layers from the network implementation details.
See back door.
A computer program that has an apparently or actually useful function but contains additional (hidden) functions that surreptitiously exploit the legitimate authorizations of the invoking process to the detriment of security or integrity.
trusted computer system
A system that employs sufficient hardware and software assurance measures to enable its use for simultaneous processing of a range of sensitive or classified information.
Trusted Computing Base (TCB)
The totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination of which is responsible for enforcing a security policy. A TCB consists of one or more components that together enforce a unified security policy over a product or system. The ability of a TCB to correctly enforce a unified security policy depends solely on the mechanisms within the TCB and on the correct input of parameters by system administrative personnel (for example, a user’s clearance level) related to the security policy.
A trusted method for distributing the TCB hardware, software, and firmware components, both originals and updates, that provides methods for protecting the TCB from modification during distribution and for the detection of any changes to the TCB that might occur.
trusted identification forwarding
An identification method used in networks whereby the sending host can verify that an authorized user on its system is attempting a connection to another host. The sending host transmits the required user authentication information to the receiving host. The receiving host can then verify that the user is validated for access to its system. This operation might be transparent to the user.
A mechanism by which a person at a terminal can communicate directly with the TCB. This mechanism can be activated only by the person or by the TCB and cannot be imitated by untrusted software.
A process whose incorrect or malicious execution is capable of violating system security policy.
The software portion of the TCB.
Type of medium using metallic-type conductors twisted together to provide a path for current flow. The wire in this medium is twisted in pairs to minimize the electromagnetic interference on a pair from another pair or other outside source.
Universal asynchronous receiver transmitter. A device that either converts parallel data into serial data for transmission or converts serial data into parallel data for receiving data.
A process that has not been evaluated or examined for adherence to the security policy. It might include incorrect or malicious code that attempts to circumvent the security mechanisms.
(1) A person or process that is accessing an AIS either by direct connections (for example, via terminals), or by indirect connections (in other words, preparing input data or receiving output that is not reviewed for content or classification by a responsible individual) (2) Person or process authorized to access an IT system.
The individual or organization that represents the user or user community in the definition of information system requirements.
User Datagram Protocol
A protocol in the TCP/IP suite that uses the underlying Internet Protocol (IP) to transport a message. This is an unreliable, connectionless delivery scheme. It does not use acknowledgments to ensure that messages arrive and does not provide feedback to control the rate of information flow. UDP messages can be lost, be duplicated, or arrive out of order.
A unique symbol or character string that is used by a system to identify a specific user.
Patterns of a user’s activity that can be used to detect changes in normal routines.
U.S Federal Computer Incident Response Center (FedCIRC)
FedCIRC provides assistance and guidance in incident response and provides a centralized approach to incident handling across U.S. government agency boundaries.
U.S.A. Provide Appropriate Tools Required to Intercept and Obstruct Terrorism (PATRIOT) Act of October 26, 2001
A law that permits the following:
Under the PATRIOT Act, the government has new powers to subpoena electronic records and to monitor Internet traffic. In monitoring information, the government can require the assistance of ISPs and network operators. This monitoring can even extend into individual organizations.
U.S. Uniform Computer Information Transactions Act (UCITA) of 1999
A model act that is intended to apply uniform legislation to software licensing.
An element of the DII providing information services to DoD users. Those services include Defense Information Systems Agency Mega-Centers, information processing, and wide-area network communications services.
An ITU standard for asynchronous 0–300 bps full-duplex modems.
An ITU standard for facsimile operations at 300 bps.
An ITU standard for 28,800 bps modems.
In DITSCAP, the determination of the correct implementation in the completed IT system with the security requirements and approach agreed on by the users, acquisition authority, and DAA.
validation (in software engineering)
To establish the fitness or worth of a software product for its operational mission.
Running mirrored data centers in separate locations.
The process of determining compliance of the evolving IT system specification, design, or code with the security requirements and approach agreed on by the users, acquisition authority, and the DAA. Also, the process of comparing two levels of system specification for proper correspondence (for example, a security policy model with top-level specification, top-level specification with source code, or source code with object code). This process might or might not be automated.
very-long-instruction-word (VLIW) processor
A processor in which multiple, concurrent operations are performed in a single instruction. The number of instructions is reduced relative to those in a scalar processor. However, for this approach to be feasible, the operations in each VLIW instruction must be independent of each other.
Lotus’s vendor-independent messaging system.
A self-propagating Trojan horse composed of a mission component, a trigger component, and a self-propagating component.
A weakness in system security procedures, system design, implementation, internal controls, and so on that could be exploited to violate system security policy.
A measurement of vulnerability that includes the susceptibility of a particular system to a specific attack and the opportunities that are available to a threat agent to mount that attack.
Systematic examination of an information system or product to determine the adequacy of security measures, identify security deficiencies, provide data from which to predict the effectiveness of proposed security measures, and confirm the adequacy of such measures after implementation.
Wireless Application Protocol. A standard commonly used for the development of applications for wireless Internet devices.
wide area network (WAN)
A network that interconnects users over a wide area, usually encompassing different metropolitan areas.
Wired Equivalency Privacy (WEP)
The algorithm of the 802.11 wireless LAN standard that is used to protect transmitted information from disclosure. WEP is designed to prevent the violation of the confidentiality of data transmitted over the wireless LAN. WEP generates secret shared encryption keys that both source and destination stations use to alter frame bits to avoid disclosure to eavesdroppers.
Describes any computing device that can access a network without a wired connection.
wireless metropolitan area network (wireless MAN)
Provides communications links between buildings, avoiding the costly installation of cabling or leasing fees and the downtime associated with system failures.
Wireless local area network.
work breakdown structure (WBS)
A diagram of the way a team will accomplish the project at hand by listing all tasks the team must perform and the products they must deliver.
An estimate of the effort or time needed by a potential intruder who has specified expertise and resources to overcome a protective measure.
work function (factor)
The difficulty in recovering plaintext from ciphertext, as measured by cost and/or time. The security of the system is directly proportional to the value of the work function. The work function need only be large enough to suffice for the intended application. If the message to be protected loses its value after a short period of time, the work function need only be large enough to ensure that the decryption would be highly infeasible in that period of time.
A fundamental operation that results only in the flow of information from a subject to an object.
Permission to write to an object.
An ITU standard for EDI.
An ITU standard for international address numbering.
An ITU standard for a circuit-switching network.
An ITU standard for an interface between a terminal and a packet-switching network. X.25 was the first public packet-switching technology, developed by the CCITT and offered as a service during the 1970s. It is still available today. X.25 offers connection-oriented (virtual circuit) service; it operates at 64 Kbps, which is too slow for some high-speed applications.
An ITU standard for OSI messaging.
An ITU standard for OSI directory services.
An ITU standard for packet switching between public networks.