Fastpath
access control, assurance, attack, audit, authentication, automated information system, availability, certification, Common Criteria for Information Technology Security, cryptography, evaluation, evidence, internet, key management, privacy, protection profile, public-key infrastructure, requirements, risk, risk management, security, security software, security target, software development, threat, trust, Trusted Computer System Evaluation Criteria, user,
3DES AADS ABC ACC ACH ACL ACO ADM ADP AE AH AICPA AIG AIN AIN AIRK AIS AJ AJP AK AKDC AKD/RCU AKMC AKMS ALC AMPS AMS AMS ANDVT ANSI AOSS APC API API APU ARPANET ASCII ASIM ASN.1 ASPJ ASSIST ASU ATM AUP AUTH AUTODIN AV AVP BBS BCA BCI BCP BER BIA BIN BLP BPI BPR BS7799 C2 C2W C3 C3I C4 CA C&A CA CA CAAT CADS CAPI CASE CAW CAW CBC CC1 CC2 CC CCA CCEP CCI CCITSE CCO CCTL CCTP CDMA CDS CDSA CDSA CEM CEOI CEPR CER CER CERT CERT CFB CFD CGI CHAP CIAC CIAC CIK CIK CIO CIP CIPSO CIRK CIRT CISSP CK CKG CKL CM CMCS CNA CNCS CND CNK COAST COBIT CoCo COCOMO COMPUSEC COMSEC CONOP COPS COR COR COSO COTS CPM CPS CPS CPU CRAM CRC CRL CRP CSE CSIRC CSIRT CSOR CSP CSP CSS CSS CSS CSS CSSM CSSO CSTVRP CTAK CTCPEC CT&E CTTA CUP DA DAA DAA DAA DAC DAC DAMA DASD DASS DBA DBMS DCE DCID DCL DCS DCS DCSP DD DDL DDoS DDP DDS DEA DEK DES DFD DIAP DIB DII DISN DITSCAP DLED DMA DML DMS DMZ DN DNS DOI DoS DPL DSA DSN DSS DSS DSVT DTD DTLS DTS DUA EA EAL EAM EAP EBT ECB ECC ECCM ECDSA ECM ECPL EDAC EDC EDESPL EDI EDM EDMS EES EFD EFP EFT EFTO EFTS EGADS EIS EISA EKMS ELINT ELSEC EMC EMI EMRT EMSEC EMSEC EMV EP EPL EQA ERP ERTZ ES ESA ESP ETL ETPL EUC EUCI EV EW FAX FCv1 FDDI FDIU FDMA FEP FIPS140 FIPS FIRST FNBDT FOCI FOUO FPC FPKI FSM FSRS FSTS FTAM FTLS FTP FTS GAO GCA GCCS GETS GIG GNIE GPS GRIP GSS-API GSSP GTS GUI GULS GWEN HDM HIPO HTML HTTP HUS HUSK I&A I&A IA IAB IANA IBAC IC ICANN ICMP ICQ ICRL ICU IDEA IDIOT IDS IEEE IEMATS IESG IETF IFF IFFN IIA IIRK IKE ILS IMAP4 INFOSEC INFOSEC IO I/O IP IPM IPRA IPsec IPSO IR IRK IRR IS ISA ISACA ISACF ISAKMP ISD ISDN IS/IT ISO ISO ISOC ISP ISS ISSA ISSE ISSM ISSO ISSO IT ITAR ITF ITSEC ITSEC ITU IUT IV IW KAK KDC KEA KEK KEK KG KMASE KMC KMI KMID KMID KMODC KMP KMPDU KMS KMSA KMUA KP KPK KSD KSOS KTC KVG L2F L2TP LAN LAN LDAP LEAD LEAF LKG LMD LMD/KP LME LMI LOCK LOTOS LPC LPD LPI LRIP LSI MAC MAC MAD MAN MAN MATSYM MCA MCCB MDC MEECN MEI MEP MER MHS MI MIB MIJI MIME MINTERM MIPS MISPC MISSI MISSI MLS MNS MOSS MRT MSE MSP MTBF MTBO MTSR MTTF MTTR NACAM NACSI NACSIM NAK Nak NAT NCCD NCS NCS NCS NCSC NCSC/TG004 NIAP NIC NII NISAC NIST NKSR NLSP NLZ NORA NPV NQA NSA NSAD NSD NSDD 145 NSDD NSEP NSI NSO NSTAC NSTISSAM NSTISSC NSTISSD NSTISSI NSTISSP NTCB NTIA NTISSAM NTISSD NTISSD NTISSI NTISSP NVLAP OADR OCR OCSP OFAC OFB OID OOP OPCODE OPSEC ORA OSE OSI OSI OSIRM OTAD OTAR OTAT OTP OTP OTT P1363 P2P PAA PAAP PAD PAE PAIIN PAIN PAL PAN PAP PBX PC PCA PCMCIA PCO PCT PCZ PDA PDCA PDR PDS PDS PDU PEM PERT PES PGP PIN PKA PKC PKCS PKI PKSD PNE PNEK POP3 POS PP PPD PPL PPP PPS PPTP PRBAC PROM PROPIN PSE PSL PSYOP PTM PWDS QA QA/QC QC QFD QOP RA RACE RAD RADIUS RAID RAM RAMP RBAC RC2 RC4 RFC RFI RFP RJE ROM RPC RQT RSA RSA SA SABI SAID SAISS SAO SAP SAP SAR SARK SASL SBU SCA SCI SCIF SCM SDE SDLC SDNRIU SDNS SDR SDSI SENV SET SF SFA SFP SFUG SHA-1 SHA S-HTTP SI SIGSEC SILS SIO SISS SKIP SMDS SMI S/MIME SML SMTP SMU SNMP SOF SP3 SP4 SPC SPC SPI SPI SPK SPKI SPKI/SDSI SPS SQA SQL SRA SRR SS-7 SSAA SSH SSL SSL SSO SSO SSP SSPI SSSO ST STD STE ST&E STS STU SUT SV SV&V SWOT TA TACACS+ TACTED TACTERM TAG TCB TCD TCP TCP/IP TCSEC TCSEC TD TDMA TED TEK TEP TESS TFM TFS TLS TLS TLSO TLSP TNI TNIEG TOE TPC TPEP TPI TQM TRANSEC TRB TRI-TAC TSA TSC TSCM TSEC TSF TSFI TSIG TSK TSP TTR UA UDP UIRK UIS UORA UPP UPS URI URL URN USDE VAN VPN V&V W3 WAIS WAN WAP WBS WWW XDM/X
Terms
- *-property
- (N) (Pronounced 'star property'.) See: 'confinement property' under Bell-LaPadula model. [RFC2828] (see also confinement property, model, Bell-LaPadula security model)
- 2-factor authentication
- Authentication processing using two factors, typically: 'something you have' and 'something you know'. [misc] (see also 3-factor authentication)
- 3-factor authentication
- Authentication processing using three factors: something you have, something you know, and something you are. [misc] (see also biometric authentication, challenge/response, passwords, personal identification number, tokens, authentication) (includes 2-factor authentication, authentication information)
- A1
- Highest level of trust defined in the Orange Book (Department
of Defense Trusted Computer System Evaluation Criteria, DoD
5200.28-STD). [NSTISSC] (see also evaluation, trust, Orange book)
- ABA Guidelines
- (N) 'American Bar Association (ABA) Digital Signature
Guidelines', a framework of legal principles for using digital
signatures and digital certificates in electronic commerce. [RFC2828] (see also certificate, digital signature)
- abend
- An unexpected processing termination that may indicate that
program coding was incorrectly performed and that earlier testing was
not adequate or not adequately controlled. Abend stands for abnormal
ending. [SRV] (see also failure, test)
- abort
- The termination of computer program execution prior to its completion. [SRV] (see also failure)
- Abrams, Jojodia, Podell essays (AJP)
- M. Abrams, S. Jajodia, and H. Podell, eds, Information
Security An Integrated Collection of Essays, IEEE Computer Society
Press, January 1995. [AJP] (see also security)
- Abstract Syntax Notation One (ASN.1)
- (N) A standard for describing data objects. (C)
OSI standards use ASN.1 to specify data formats for protocols. OSI
defines functionality in layers. Information objects at higher layers
are abstractly defined to be implemented with objects at lower layers.
A higher layer may define transfers of abstract objects between
computers, and a lower layer may define transfers concretely as strings
of bits. Syntax is needed to define abstract objects, and encoding
rules are needed to transform between abstract objects and bit strings.
(C) In ASN.1, formal names are written without spaces, and
separate words in a name are indicated by capitalizing the first letter
of each word except the first word. For example, the name of a CRL is
'certificateRevocationList'. [RFC2828] (see also certificate, public-key infrastructure) (includes Basic Encoding Rules, Distinguished Encoding Rules, object identifier)
- abuse of privilege
- When a user performs an action that they should not have, according to organizational policy or law. [AFSEC] (see also threat)
- acceptable level of risk
- A judicious and carefully considered assessment by the
appropriate authority that a computing activity or network meets the
minimum requirements of applicable security directives. The assessment
should take into account the value of assets; threats and
vulnerabilities; counter measures and operational requirements. [AFSEC] (see also counter measures, networks, threat)
- acceptable risk
- A concern that is acceptable to responsible management, due to the cost and magnitude of implementing security controls. [800-37]
The level of Residual Risk that has been determined to be a reasonable
level of potential loss/disruption for a specific IT system. [CIAO] (see also risk)
- acceptable use policy (AUP)
- A set of rules and guidelines that specify in more or less
detail the expectations in regard to appropriate use of systems or
networks. [RFC2504] It documents permitted system uses and activities for a specific user, and the consequences of noncompliance. [FFIEC]
This refers to policies that restrict the way in which a network may be
used. Usually, a network administrator makes and enforces decisions
dealing with acceptable use. [AFSEC] (see also networks, policy)
- acceptance criteria
- The criteria that a system or component must satisfy in order to be accepted by a user, customer, or other authorized entity. [IEEE610] (see also acceptance procedure)
- acceptance inspection
- The final inspection to determine whether or not a facility or
system meets the specified technical and performance standards. Note:
this inspection is held immediately after facility and software testing
and is the basis for commissioning or accepting the information system.
[AJP][NCSC/TG004] (see also software, test, acceptance procedure)
- acceptance procedure
- A procedure which takes objects produced during the
development, production, and maintenance processes for a Target of
Evaluation and, as a positive act, places them under the controls of a
Configuration Control system. [AJP][ITSEC] (see also software development, target of evaluation) (includes acceptance criteria, acceptance inspection, acceptance testing, object)
- acceptance testing
- Formal testing conducted to determine whether or not a system
satisfies its acceptance criteria and to enable the customer to
determine whether or not to accept the system. [IEEE610] Testing to determine whether products meet the requirements specified in the contract or by the user. [SRV] (see also acceptance procedure, test)
- access
- (1) A specific type of interaction between a subject and an
object that results in the flow of information from one to the other.
(2) The ability and the means necessary to approach, to store or
retrieve data, to communicate with, or to make use of any resource of
an ADP system. [TNI] (1) The ability and means to communicate
with (i.e. input to or receive output from) or otherwise make use of
any information, resource, or component in an information technology
(IT) product. (2) A specific type of interaction between a subject and
an object that results in the flow of information from one to the
other. Note: An individual does not have 'access' if the proper
authority or a physical, technical, or procedural measure prevents him
or her from obtaining knowledge or having an opportunity to alter
information, material, resources, or components. [AJP] (I)
The ability and means to communicate with or otherwise interact with a
system in order to use system resources to either handle information or
gain knowledge of the information the system contains. (O) 'A
specific type of interaction between a subject and an object that
results in the flow of information from one to the other.' (C)
In this Glossary, 'access' is intended to cover any ability to
communicate with a system, including one-way communication in either
direction. In actual practice, however, entities outside a security
perimeter that can receive output from the system but cannot provide
input or otherwise directly interact with the system, might be treated
as not having 'access' and, therefore, be exempt from security policy
requirements, such as the need for a security clearance. [RFC2828]
1) The right to enter or use a system and its resources; to read,
write, modify, or delete data; or to use software processes or network
bandwidth. 2) Opportunity to make use of an information system (IS)
resource. [CIAO] A specific type of interaction between a
subject and an object that results in the flow of information from one
to the other. [NCSC/TG004][TCSEC] A specific type of
interaction between a subject and an object that results in the flow of
information from one to the other. A subject's right to use an object. [SRV]
Ability and means to communicate with (i.e. input to or receive output
from), or otherwise make use of any information, resource, or component
in an Information Technology (IT) Product. Note: An individual does not
have 'access' if the proper authority or a physical, technical, or
procedural measure prevents them from obtaining knowledge or having an
opportunity to alter information, material, resources, or components. [FCv1] Opportunity to make use of an information system (IS) resource. [NSTISSC] (see also security) (includes access control, delete access, execute access, merge access, object, read access, remote access, subject, update access)
- access category
- One of the classes to which a user, program, or process may be
assigned on the basis of the resources or groups of resources that each
user, program, or process is authorized to use. [SRV] (see also access control)
- access control
- (1) The limiting of rights or capabilities of a subject to
communicate with other subjects, or to use functions or services in a
system or network. (2) Restrictions controlling a subject's access to
an object. [TNI] (1) The process of limiting access to the
resources of an information technology (IT) product only to authorized
users, programs, processes, systems (in a network), or other IT
products. (Synonymous with controlled access and limited access.) (2)
The limiting of rights or capabilities of a subject to communicate with
other subjects, or to use functions or services in a system or network.
(3) Restrictions controlling a subject's access to an object. [AJP] (I)
Protection of system resources against unauthorized access; a process
by which use of system resources is regulated according to security
policy and is permitted by only authorized entities (users, programs,
processes, or other systems) according to that policy. (O) 'The prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner.' [RFC2828]
1) Limiting access to information system resources to authorized users,
programs, processes, or other systems only. 2) Procedures and controls
that limit or detect access to MEI Resource Elements (People,
Technology, Applications, Data and/or Facilities) thereby protecting
these resources against loss of Integrity, Confidentiality
Accountability and/or Availability. [CIAO] A security service
that prevents the unauthorized use of information system resources
(hardware and software) only to authorized users and the unauthorized
disclosure or modification of data (stored and communicated). [IATF] Limiting access to information system resources only to authorized users, programs, processes, or other systems. [NSTISSC]
Process of limiting access to the resources of an IT product only to
authorized users, programs, processes, systems, or other IT products. [FCv1]
The process of limiting access to the resources of a system only to
authorized programs, processes, or other systems (in a network). [NCSC/TG004]
The process of limiting access to the resources of a system only to
authorized programs, processes, or other systems (in a network).
Synonymous with controlled access and limited access. [SRV] (see also Bell-LaPadula security model, Clark Wilson integrity model, Identification Protocol, Internet Protocol security, Kerberos, POSIX, TCB subset, accreditation range, anonymous login, application proxy, authentication, availability, availability service, compartment, computer security, confidentiality, controlled access protection, covert channel, domain, domain name system, exploitation, firewall, formulary, identification and authentication, integrity, labeled security protections, logical access, logical completeness measure, login, minimum essential infrastructure, national security information, network component, networks, permissions, proxy server, reference monitor, reference monitor concept, rule set, salt, simple network management protocol, software, spoofing, technological attack, threat consequence, ticket, unauthorized access, Automated Information System security, access, authorization, risk management, security, security-relevant event, trusted computing base, user) (includes Terminal Access Controller Access Control System, access category, access control center, access control list, access control mechanism, access control officer, access control service, access level, access mode, access period, access port, access profile, access type, centralized authorization, component reference monitor, context-dependent access control, controlled sharing, cookies, discretionary access control, failure access, fetch protection, file protection, file security, granularity, identity based access control, mandatory access control, need-to-know, network reference monitor, non-discretionary access control, partition rule base access control, role-based access control, sandboxed environment, secure state, security kernel, sensitivity label, system entry, technical policy)
- access control center (ACC)
- (I) A computer containing a database with entries that define a security policy for an access control service. (C)
An ACC is sometimes used in conjunction with a key center to implement
access control in a key distribution system for symmetric cryptography.
[RFC2828] (see also cryptography, key, access control)
- access control list (ACL)
- (1) A list of subjects authorized for specific access to an
object. (2) A list of entities, together with their access rights,
which are authorized to have access to a resource. [TNI] (1) A
mechanism implementing discretionary access control in an IT product
that identifies the users who may access an object and the type of
access to the object that a user is permitted. (2) A list of subjects
authorized for specific access to an object. (3) A list of entities,
together with their access rights, which are authorized to have access
to a resource. [AJP] (I) A mechanism that implements
access control for a system resource by enumerating the identities of
the computer system entities that are permitted to access the resource.
[RFC2828] A list of the subjects that are permitted to access an object and the access rights of each subject. [SRV]
Mechanism implementing discretionary access control in an IT product
that identifies the users who may access an object and the type of
access to the object that a user is permitted. [FCv1] Mechanism implementing discretionary and/or mandatory access control between subjects and objects. [IATF][NSTISSC] (see also communications security, access control, authorization) (includes ACL-based authorization)
- access control mechanism
- (1) Security safeguards designed to detect and prevent
unauthorized access, and to permit authorized access in an IT product.
(2) Hardware or software features, operating procedures, management
procedures, and various combinations of these designed to detect and
prevent unauthorized access and to permit authorized access in an
automated system. [AJP] Hardware or software features, operating
procedures, management procedures, and various combinations of these
designed to detect and prevent unauthorized access and to permit
authorized access in an automated system. [NCSC/TG004][SRV] Security safeguard designed to detect and deny unauthorized access and permit authorized access in an IT system. [NSTISSC] Security safeguards designed to detect and prevent unauthorized access, and to permit authorized access in an IT product. [FCv1] (see also software, unauthorized access, access control)
- access control officer (ACO)
- Designated individual responsible for limiting access to information systems resources. [NSTISSC] (see also access control)
- access control service
- (I) A security service that protects against a system
entity using system resource in a way not authorized by the system's
security policy; in short, protection of system resources against
unauthorized access. (C) This service includes protecting
against use of a resource in an unauthorized manner by an entity that
is authorized to use the resource in some other manner. The two basic
mechanisms for implementing this service are ACLs and tickets. [RFC2828] (see also unauthorized access, access control)
- access level
- The hierarchical portion of the security level used to
identify the sensitivity of data and the clearance or authorization of
users. Access level, in conjunction with the nonhierarchical
categories, forms the sensitivity label of an object. [NSTISSC]
The hierarchical portion of the security level used to identify the
sensitivity of data and the clearance or authorization of users. Note:
The access level, in conjunction with the non-hierarchical categories,
forms the sensitivity label of an object. [AJP][NCSC/TG004][SRV] (see also access control, security level)
- access list
- (IS) Compilation of users, programs, or processes and the
access levels and types to which each is authorized. (COMSEC) Roster of
persons authorized admittance to a controlled area. [NSTISSC] A list of users, programs, and/or processes and the specifications of access categories to which each is assigned. [NCSC/TG004][SRV] (see access control list)
- access mediation
- Process of monitoring and controlling access to the resources
of an IT product, including but not limited to the monitoring and
updating of policy attributes during accesses as well as the protection
of unauthorized or inappropriate accesses. [AJP][FCv1] (see access control)
- access mode
- (I) A distinct type of data processing operation-- e.g.
read, write, append, or execute--that a subject can potentially perform
on an object in a system. [RFC2828] (see also access control, automated information system)
- access period
- A segment of time, generally expressed in days or weeks, during which access rights prevail. [NSTISSC] A segment of time, generally expressed on a daily or weekly basis, during which access rights prevail. [AJP][NCSC/TG004][SRV] (see also access control)
- access port
- A logical or physical identifier that a computer uses to distinguish different terminal input/output data streams. [AJP][NCSC/TG004][SRV] (see also access control)
- access profile
- Associates each user with a list of protected objects the user may access. [NSTISSC] (see also access control)
- access type
- Privilege to perform action on an object. Read, write,
execute, append, modify, delete, and create are examples of access
types. [NSTISSC] The nature of an access right to a particular
device, program, or file (e.g. read, write, execute, append, modify,
delete, or create). [AJP][NCSC/TG004][SRV] (see also access control)
- accessibility
- The ability to obtain the use of a computer system resource,
or the ability and means necessary to store data, retrieve data, or
communicate with a system. [SRV]
- account aggregation
- A service that gathers information from many websites,
presents that information to the customer in a consolidated format and,
in some cases, may allow the customer to initiate activity on the
aggregated accounts. Aggregation services typically involve three
different entities: (1) The aggregator that offers the aggregation
service and maintains information on the customer's
relationships/accounts with other on-line providers. (2) The
aggregation target or website/entity from which the information is
gathered or extracted by means of direct data feeds or screen scraping.
(3) The aggregation customer who subscribes to aggregation services and
provides customer IDs and passwords for the account relationships to be
aggregated. [FFIEC]
- account authority digital signature (AADS)
- relying party obtains public key from its own account registery record for digital signature authentication [misc] (see also authentication, public-key infrastructure)
- account management
- Activities such as balance inquiry, statement balancing,
transfers between the customer's accounts at the same financial
institution, maintenance of personal information, etc. [FFIEC]
- accountability
- (1) Means of linking individuals to their interactions with an
IT product, thereby supporting identification of and recovery from
unexpected or unavoidable failures of the control objectives. (2) The
quality or state that enables actions on an ADP system to be traced to
individuals who may then be held responsible. These actions include
violations and attempted violation of the security policy, as well as
allowed actions. (3) The property that enables activities on a system
to be traced to individuals who may then be held responsible for their
actions. [AJP] (I) The property of a system (including
all of its system resources) that ensures that the actions of a system
entity may be traced uniquely to that entity, which can be held
responsible for its actions. (C) Accountability permits detection and subsequent investigation of security breaches. [RFC2828]
(IS) Process of tracing IS activities to a responsible source. (COMSEC)
Principle that an individual is entrusted to safeguard and control
equipment, keying material, and information and is answerable to proper
authority for the loss or misuse of that equipment or information. [NSTISSC]
1) Principle that responsibilities for ownership and/or oversight of IS
resources are explicitly assigned and that assignees are answerable to
proper authorities for stewardship of resources under their control. 2)
The explicit assignment of responsibilities for oversight of areas of
control to executives, managers, staff, owners, providers, and users of
MEI Resource Elements. [CIAO] Means of linking individuals to
their interactions with an IT product, thereby supporting
identification of and recovery from unexpected or unavoidable failures
of the control objectives. [FCv1] Property that allows auditing
of activities in an automated information system (AIS) to be traced to
persons who may then be held responsible for their actions. [IATF]
Property that allows the ability to identify, verify, and trace system
entities as well as changes in their status. Accountability is
considered to include authenticity and non-repudiation. [800-37]
The principle that individuals using a facility or a computer system
must be able to be identified. With accountability, violations or
attempted violation of system security can be traced to individuals who
can then be held responsible for their actions. [AFSEC] The
property that enables activities on a system to be traced to
individuals who may then be held responsible for their actions. [NCSC/TG004][SRV] The property that ensures that the actions of an entity may be traced uniquely to the entity. [SC27]
The quality or state which enables actions on an ADP system to be
traced to individuals who may then be held responsible. These actions
include violations and attempted violation of the security policy, as
well as allowed actions. [TNI] (see also audit, communications security, failure, minimum essential infrastructure, non-repudiation, quality, recovery, trust, security) (includes automated information system, identification, object, user)
- accounting legend code (ALC)
- Numeric code used to indicate the minimum accounting controls
required for items of accountable COMSEC material within the COMSEC
Material Control System. [NSTISSC] (see also communications security)
- accounting number
- Number assigned to an item of COMSEC material to facilitate its control. [NSTISSC] (see also communications security)
- accredit
- (see accreditation)
- accreditation
- (1) The procedure for accepting an IT system to process
sensitive information within a particular operational environment. (2)
The formal procedure for recognizing both the technical competence and
the impartiality of an IT test laboratory (evaluation body) to carry
out its associated tasks. (3) Formal declaration by a designated
approving authority that an Automated Information System (AIS) is
approved to operate in a particular security configuration using a
prescribed set of safeguards. (4) The managerial authorization and
approval granted to an ADP system or network to process sensitive data
in an operational environment, made on the basis of a certification by
designated technical personnel of the extent to which design and
implementation of the computer system meet pre-specified technical
requirements, e.g. TCSEC (Trusted Computer System Evaluation Criteria),
for achieving adequate data security. Management can accredit a system
to operate at a higher or lower level than the risk level recommended
(e.g. by the requirements guideline) for the certification level of the
computer system. If management accredits the system to operate at a
higher level than is appropriate for the certification level,
management is accepting the additional risk incurred. (5) A formal
declaration by the DAA (designated approving authority) that the AIS is
approved to operate in a particular security mode using a prescribed
set of safeguards. Accreditation is the official management
authorization for operation of an AIS and is based on the certification
process as well as other management considerations. The accreditation
statement affixes security responsibility with the DAA and shows that
due care has been taken for security. [AJP] (I) An
administrative declaration by a designated authority that an
information system is approved to operate in a particular security
configuration with a prescribed set of safeguards. (C) An
accreditation is usually based on a technical certification of the
computer system's security mechanisms. The terms 'certification' and
'accreditation' are used more in the U.S. Department of Defense and
other government agencies than in commercial organizations. However,
the concepts apply any place where managers are required to deal with
and accept responsibility for security risks. The American Bar
Association is developing accreditation criteria for CAs. [RFC2828]
A formal declaration by the DAA that the AIS is approved to operate in
a particular security mode using a perscribed set of safeguards.
Accreditation is the official management authorization for operation of
an AIS and is based on the certification process as well as other
management considerations. The accreditation statement affixes security
responsibility with the DAA and shows that due care has been taken for
security. [NCSC/TG004] A management's formal acceptance of the adequacy of a computer system's security. [SRV]
Formal declaration by a Designated Approving Authority (DAA) that an IS
is approved to operate in a particular security mode at an acceptable
level of risk, based on the implementation of an approved set of
technical, managerial, and procedural safeguards. [NSTISSC]
Formal declaration by a designated approving authority that an
Automated Information System (AIS) is approved to operate in a
particular security configuration using a prescribed set of safeguards.
[FCv1] Formal declaration by the responsible management
approving the operation of an automated system in a particular security
mode using a particular set of safeguards. Accreditation is the
official authorization by management for the operation of the computer
system, and acceptance by that management of the associated residual
risks. Accreditation is based on the certification process as well as
other management considerations. [SC27] Has two definitions
according to circumstances: a)the procedure for accepting an IT system
for use within a particular environment; b)the procedure for
recognizing both the technical competence and the impartiality of a
test laboratory to carry out its associated tasks. [ITSEC] The
authorization of an IT system to process, store, or transmit
information, granted by a management official. Accreditation, which is
required under OMB Circular A-130, is based on an assessment of the
management, operational, and technical controls associated with an IT
system. [800-37] The managerial authorization and approval,
granted to an ADP system or network to process sensitive data in an
operational environment, made on the basis of a certification by
designated technical personnel of the extent to which design and
implementation of the computer system meet pre-specified technical
requirements, e.g. TCSEC, for achieving adequate data security.
Management can accredit a system to operate at a higher/lower level
than the risk level recommended (e.g. by the Requirements Guideline-)
for the certification level of the computer system. If management
accredits the system to operate at a higher level than is appropriate
for the certification level, management is accepting the additional
risk incurred. [TNI] Two definitions according to circumstances:
1) Operational system accreditation: The authorization that is granted
for use of an IT system to process sensitive information in its
operational environment. (ANSI modified) 2) Laboratory accreditation:
The formal recognition that a testing laboratory is technically
competent to carry out its specified tasks. [JTC1/SC27] (see also Common Criteria Testing Laboratory, National Information Assurance partnership, accredited, approved technologies list, approved test methods list, cascading, certificate, certificate revocation list, certification phase, certifier, controlled security mode, dedicated security mode, evaluation, external security controls, multilevel security mode, networks, partitioned security mode, pre-certification phase, risk, security evaluation, site certification, system-high security mode, test, trust, trusted computer system, certification) (includes DoD Information Technology Security Certification and Accreditation Process, National Voluntary Laboratory Accreditation Program, Scope of Accreditation, accreditation authority, accreditation body, accreditation disapproval, accreditation multiplicity parameter, accreditation package, accreditation phase, accreditation range, approval/accreditation, automated information system, certification and accreditation, designated approving authority, full accreditation, interim accreditation, interim accreditation action plan, post-accreditation phase, private accreditation exponent, private accreditation information, public accreditation verification exponent, security, site accreditation, system accreditation, type accreditation)
- accreditation authority
- Entity trusted by all members of a group of entities for the purposes of the generation of private accreditation information. [SC27] (see also trust, accreditation)
- accreditation body
- An independent organization responsible for assessing the
performance of other organizations against a recognized standard, and
for formally confirming the status of those that meet the standard. [NIAP] (see also National Information Assurance partnership, accreditation)
- accreditation disapproval
- The system does not meet the security requirements and
security controls as stated in the security plan; residual risk is too
great, and mission criticality does not mandate the immediate
operational need. Therefore, the developmental system is not approved
for operation or, if the system is already operational, the operation
of the system is halted. [800-37] (see also risk, security, accreditation)
- accreditation multiplicity parameter
- Positive integer equal to the number of items of secret
accreditation information provided to an entity by the accreditation
authority. [SC27] (see also accreditation)
- accreditation package
- Product comprised of a System Security Plan (SSP) and a report documenting the basis for the accreditation decision. [NSTISSC] The accreditation letter and supporting documentation and rationale for the accreditation decision. [800-37] (see also accreditation)
- accreditation phase
- The accreditation phase is the third phase of the
certification and accreditation process. Its purpose is to complete the
final risk assessment on the IT system, update the security plan,
prepare the certification findings, and issue the accreditation
decision. [800-37] (see also risk, security, accreditation)
- accreditation range
- The accreditation range of a host with respect to a particular
network is a set of mandatory access control levels (according to
'Computer Security Requirements: Guidance for Applying the Department
of Defense Trusted Computer System Evaluation Criteria in Specific
Environments,' CSC-STD-003-85) for data storage, processing, and
transmission. The accreditation range will generally reflect the
sensitivity levels of data that the accreditation authority believes
the host can reliably keep segregated with an acceptable level of risk
in the context of the particular network for which the accreditation
range is given. Thus, although a host system might be accredited to use
the mandatory access control levels Confidential, Secret, and Top
Secret in stand-alone operation, it might have an accreditation range
consisting of the single value Top Secret for attachment to some
network. [AJP] (see also access control, computer security, evaluation, networks, risk, security, trust, trusted computer system, accreditation)
- accredited
- Formally confirmed by an accreditation body as meeting a
predetermined standard of impartiality and general technical,
methodological, and procedural competence. [NIAP] (see also accreditation, evaluation)
- accuracy
- A qualitative assessment of correctness, or freedom from error. [SRV]
- ACL-based authorization
- A scheme where the authorization agent consults an ACL to grant or deny access to a principal. [misc] (see also access control list, authorization) (includes distributed computing environment)
- acquirer
- (N) SET usage: 'The financial institution that
establishes an account with a merchant and processes payment card
authorizations and payments.' (O) 'The institution (or its
agent) that acquires from the card acceptor the financial data relating
to the transaction and initiates that data into an interchange system.'
[RFC2828] (see also Secure Electronic Transaction)
- acquisition plan
- A document that records management's decisions; contains the
requirements; provides appropriate analysis of technical options and
the life cycle plans for development, production, training, and support
of material items. [SRV] (see also analysis)
- acquisition strategy
- The conceptual framework for conducting systems acquisition,
encompassing the broad concepts and objectives that direct and control
the overall development, production, and deployment of a system. It
evolves in parallel with the system's maturation. It must be stable
enough to provide continuity but dynamic and flexible enough to
accommodate change. It is tailored to fit the needs for developing,
producing, and fielding the system. The set of decisions that
determines how products and services will be acquired, including
contracting method, contract duration, contract pricing, and
quantities. [SRV]
- active attack
- (see also attack)
- active content
- WWW pages which contain references to programs which are downloaded and executed automatically by WWW browsers. [SRV]
- active wiretapping
- The attaching of an unauthorized device, such as a computer
terminal, to a communications circuit for the purpose of obtaining
access to data through the generation of false messages or control
signals, or by altering the communications of legitimate users. [SRV] (see also communications, wiretapping)
- activity analysis
- The analysis and measurement (in terms of time, cost, and
throughput) of distinct units of work (activities) that make up a
process. [SRV] (see also analysis, security software)
- activity-based costing (ABC)
- (see also business process)
- ad hoc
- Something that is ad hoc or that is done on an ad hoc basis
happens or is done only when the situation makes it necessary or
desirable, rather than being arranged in advance or being part of a
general plan. [OVT]
- ad hoc testing
- Testing carried out using no recognised test case design technique. [OVT] (see also test)
- ad-lib test
- A test executed without prior planning; especially if the
expected test outcome is not predicted beforehand. An undocumented
test. [OVT] (see also test)
- adaptive predictive coding (APC)
-
- add-on security
- (I) 'The retrofitting of protection mechanisms,
implemented by hardware or software, after the [automatic data
processing] system has become operational.' [RFC2828] Incorporation of new hardware, software, or firmware safeguards in an operational IS. [NSTISSC]
The retrofitting of protection mechanisms, implemented by hardware or
software, after the computer system has become operational. [SRV] The retrofitting of protection mechanisms, implemented by hardware or software. [AJP][NCSC/TG004] (see also software, security)
- address
- A sequence of bits or characters that identifies the destination and the source of a transmission. [SRV]
- address indicator group (AIG)
-
- address spoofing
- A type of attack in which the attacker steals a legitimate
network (e.g. IP) address of a system and uses it to impersonate the
system that owns the address. [misc] (see also networks, masquerade, spoofing) (includes ip spoofing)
- adequate security
- Security commensurate with the risk and magnitude of harm
resulting from the loss, misuse, or unauthorized access to or
modification of information. [800-37] (see also risk, unauthorized access, security)
- administration documentation
- The information about a Target of Evaluation supplied by the developer for use by an administrator. [AJP][ITSEC] (see also target of evaluation)
- administrative access
- Individuals or terminals authorized to perform network administrator or system administrator functions. [FFIEC]
- administrative security
- (I) Management procedures and constraints to prevent unauthorized access to a system. (O)
'The management constraints, operational procedures, accountability
procedures, and supplemental controls established to provide an
acceptable level of protection for sensitive data.' (C) Examples include clear delineation and separation of duties, and configuration control. [RFC2828] The management constraints and supplemental controls established to provide an acceptable level of protection for data. [AJP][NCSC/TG004][NSAINT]
The management constraints and supplemental controls established to
provide an acceptable level of protection for data. Synonymous with
procedural security. [SRV] (see procedural security) (see also unauthorized access)
- administrator
- A person in contact with the Target of Evaluation who is responsible for maintaining its operational capability. [AJP][ITSEC] (see also target of evaluation)
- advanced development model (ADM)
- (see also software development)
- Advanced Encryption Standard
- (N) A future FIPS publication being developed by NIST
to succeed DES. Intended to specify an unclassified,
publicly-disclosed, symmetric encryption algorithm, available
royalty-free worldwide. [RFC2828] (see also encryption, National Institute of Standards and Technology, symmetric cryptography)
- advanced intelligence network (AIN)
- (see also networks)
- advanced intelligent network (AIN)
- An evolving architecture that allows rapid creation and modification of telecommunication services. [SRV] (see also networks)
- Advanced Mobile Phone Service (AMPS)
- The standard system for analog cellular telephone service in
the U.S. AMPS allocates frequency ranges within the 800 -- 900 MHz
spectrum to cellular telephones. Signals cover an area called a cell.
Signals are passed into adjacent cells as the user moves to another
cell. The analog service of AMPS has been updated to include digital
service. [IATF] (see also user)
- advanced narrowband digital voice terminal (ANDVT)
-
- Advanced Research Projects Agency Network (ARPANET)
- (see also networks)
- advanced self-protection jammer (ASPJ)
- (see also assurance, communications security)
- adversary
- (I) An entity that attacks, or is a threat to, a system. [RFC2828] Person or organization that must be denied accesses to information. [IATF] (see also threat, security)
- advisory
- Notification of significant new trends or developments
regarding the threat to the IS of an organization. This notification
may include analytical insights into trends, intentions, technologies,
or tactics of an adversary targeting ISs. [NSTISSC] (see also threat)
- agency
- Federal department, major organizational unit within a department, or independent agency. [CIAO]
- agent
- A program used in distributed denial of service (DDoS) attacks
that sends malicious traffic to hosts based on the instructions of a
handler. [800-61] (see also attack)
- aggregation
- (I) A circumstance in which a collection of information
items is required to be classified at a higher security level than any
of the individual items that comprise it. [RFC2828] (see also security)
- alarm reporting
- An OSI terms that refers to the communication of information
about a possible detected fault. This information generally includes
the identification of the network device or network resource in which
the fault was detected, the type of the fault, its severity, and its
probable cause. [SRV] (see also fault, identification, networks, security software)
- alarm surveillance
- The set of functions that enable: (1) the monitoring of the
communications network to detect faults and fault-related events or
conditions; (2) the logging of this information for future use in fault
detection and other network management activities; and (3) the analysis
and control of alarms, notifications, and other information about
faults to ensure that the resources of network management are directed
toward faults that affect the operation of the communications network.
Analysis of alarms consists of alarm filtering, alarm correlation, and
fault prediction. [SRV] (see also analysis, fault, networks, security software)
- alert
- A formatted message describing a circumstance relevant to
network security. Alerts are often derived from critical audit events. [NSAINT] Notice of specific attack directed at an organization’s IS resources. [CIAO] Notification that a specific attack has been directed at the IS of an organization. [NSTISSC] (see also attack, audit, communications security, networks, security)
- algorithm
- (I) A finite set of step-by-step instructions for a
problem-solving or computation procedure, especially one that can be
implemented by a computer. [RFC2828] A mathematical procedure
that can usually be explicitly encoded in a set of computer language
instructions that manipulate data. Cryptographic algorithms are
mathematical procedures used for such purposes as encrypting and
decrypting messages and signing documents digitally. [AJP] (see also Data Encryption Standard, cryptanalysis, cryptographic key, cryptographic module, cryptography, cyclic redundancy check, initialization vector, key-escrow system, metric) (includes Digital Signature Algorithm, International Data Encryption Algorithm, Rivest-Shamir-Adelman algorithm, asymmetric algorithm, crypto-algorithm, message digest algorithm 5, secure hash algorithm, symmetric algorithm)
- alias
- (I) A name that an entity uses in place of its real name, usually for the purpose of either anonymity or deception. [RFC2828] (see also anonymous, masquerade)
- alignment
- The degree of agreement, conformance, and consistency among
organizational purpose, mission, vision, and values; structures,
systems, and processes; and individual values, skills, and behaviors. [SRV]
- allowed traffic
- Packets forwarded as a result of the rule set of the device
under test/system under test (DUT/SUT). Firewalls typically are
configured to forward only those packets explicitly permitted in the
rule set. Forwarded packets must be included in calculating the bit
forwarding rate or maximum bit forwarding rate of the DUT/SUT. All
other packets must not be included in bit forwarding rate calculations.
[RFC2647] (see also bit forwarding rate, rule set, test)
- alternate COMSEC custodian
- Person designated by proper authority to perform the duties of
the COMSEC custodian during the temporary absence of the COMSEC
custodian. anti-jam Measures ensuring that transmitted information can
be received despite deliberate jamming attempts. [NSTISSC] (see also communications security)
- American institute of certified public accountants (AICPA)
-
- American National Standards Institute (ANSI)
- (N) A private, not-for-profit association of users,
manufacturers, and other organizations, that administers U.S. private
sector voluntary standards. (C) ANSI is the sole U.S.
representative to the two major non-treaty international standards
organizations, ISO and, via the U.S. National Committee (USNC), the
International Electrotechnical Commission (IEC). [RFC2828] organization responsible for approving standards, including computers and communications. [misc] (see also automated information system)
- American Standard Code for Information Interchange (ASCII)
- (see also automated information system)
- analog signal
- A continuous electrical signal whose amplitude varies in direct correlation with the original input. [SRV]
- analysis
- (see also evaluation, test, Federal Standard 1027, HMAC, Integrated CASE tools, SOF-basic, SOF-high, SOF-medium, TCB subset, acquisition plan, alarm surveillance, assessment, black-box testing, break, brute force, brute force attack, business case, chosen-ciphertext attack, chosen-plaintext attack, ciphertext-only attack, code coverage, correctness, cryptology, cryptoperiod, electronic security, elliptic curve cryptography, emanations security, emissions security, error seeding, evaluation assurance, fault injection, flaw hypothesis methodology, flooding, functional test case design, global requirements, independent validation and verification, instrumentation, judgment sample, known-plaintext attack, local requirements, model, national computer security assessment program, one-time pad, reference monitor, reference validation mechanism, risk assessment, risk identification, risk management, security test and evaluation, symbolic execution, system development, system development methodologies, threat event, threat monitoring, traffic flow confidentiality, transmission security, trust, trust level, vulnerability) (includes SWOT analysis, activity analysis, analysis of alternatives, boundary value analysis, business impact analysis, cost-risk analysis, cost/benefit analysis, covert channel analysis, cryptanalysis, cryptosystem analysis, dynamic analysis, emanations analysis, error analysis, fault analysis, gap analysis, information sharing and analysis center, mutation analysis, requirements analysis, risk analysis, root cause analysis, security fault analysis, security flow analysis, sensitivity analysis, signals analysis, static analysis, threat analysis, traffic analysis, value analysis, vulnerability analysis)
- analysis of alternatives
- The process of determining how an organization's information
needs will be met. It is an analysis to compare and evaluate the costs
and benefits of various alternatives for meeting a requirement for the
purpose of selecting the alternative that is most advantageous to the
organization. [SRV] (see also analysis)
- ankle-biter
- A person who aspires to be a hacker/cracker but has very
limited knowledge or skills related to AIS's. Usually associated with
young teens who collect and use simple malicious programs obtained from
the Internet. [NSAINT] (see also threat)
- anomaly
- An anomaly is a rule or practice that is different from what
is normal or usual, and which is therefore unsatisfactory. Anything
observed in the documentation or operation of software that deviates
from expectations based on previously verified software products or
reference documents. [OVT] Any condition that departs from the
expected. This expectation can come from documentation (e.g.
requirements specifications, design documents, user documents) or from
perceptions or experiences. An anomaly is not necessarily a problem in
the software, but a deviation from the expected, so that errors,
defects, faults, and failures are considered anomalies. [SRV] (see also bug, failure, fault, software)
- anomaly detection
- Detecting intrusions by looking for activity that is different from the user’s or system’s normal behavior. [CIAO] (see also security software)
- anomaly detection model
- A model where intrusions are detected by looking for activity that is different from the user's or system's normal behavior. [NSAINT] (see also model, security policy model)
- anonymity
- A security service that prevents the disclosure of information that leads to the identification of the end users. [IATF] (see also identification, user)
- anonymous
- (I) The condition of having a name that is unknown or concealed. (C)
An application may require security services that maintain anonymity of
users or other system entities, perhaps to preserve their privacy or
hide them from attack. To hide an entity's real name, an alias may be
used. For example, a financial institution may assign an account
number. Parties to a transaction can thus remain relatively anonymous,
but can also accept the transaction as legitimate. Real names of the
parties cannot be easily determined by observers of the transaction,
but an authorized third party may be able to map an alias to a real
name, such as by presenting the institution with a court order. In
other applications, anonymous entities may be completely untraceable. [RFC2828] (see also alias, attack, privacy, security)
- anonymous and guest login
- Services may be made available without any kind of
authentication. This is commonly done, for instance, with the FTP
protocol to allow anonymous access. Other systems provide a special
account named 'guest' to provide access, typically restricting the
privileges of this account. [RFC2504] (see also authentication)
- anonymous login
- (I) An access control feature (or, rather, an access
control weakness) in many Internet hosts that enables users to gain
access to general-purpose or public services and resources on a host
(such as allowing any user to transfer data using File Transfer
Protocol) without having a pre-established, user-specific account
(i.e., user name and secret password). (C) This feature exposes
a system to more threats than when all the users are known,
pre-registered entities that are individually accountable for their
actions. A user logs in using a special, publicly known user name (e.g.
'anonymous', 'guest', or 'ftp'). To use the public login name, the user
is not required to know a secret password and may not be required to
input anything at all except the name. In other cases, to complete the
normal sequence of steps in a login protocol, the system may require
the user to input a matching, publicly known password (such as
'anonymous') or may ask the user for an e-mail address or some other
arbitrary alphanumeric string. [RFC2828] (see also access control, passwords, threat, internet)
- anti-jam
- Measures ensuring that transmitted information can be received despite deliberate jamming attempts. [IATF] (see also communications security)
- anti-jamming (AJ)
- (see also communications security)
- anti-spoof
- Measures preventing an opponent's participation in an IT system. [NSTISSC] (see also spoofing, security software)
- antivirus software
- Computer programs that offer protection from viruses by making
additional checks of the integrity of the operating system and
electronic files. Also known as virus protection software [FFIEC] (see also virus, security software)
- appendix
- A string of bits formed by the signature and an optional text field. [SC27]
- applet
- A small program that typically is transmitted with a Web page. [FFIEC]
Small applications written in various programming languages which are
automatically downloaded and executed by applet-enabled WWW browsers. [SRV] (see also world wide web)
- applicant
- An entity (organisation, individual etc.) which requests the assignment of a register entry and entry label. [SC27]
- application
- 1) All application systems, internal and external, utilized in
support of the core process. 2) A software package designed to perform
a specific set of functions, such as word processing or communications.
[CIAO] A computer program designed to perform specific functions, such as inventory control, scheduling, and payroll. [SRV] A program that performs a function directly for a user, such as ftp and telnet. [misc] (see also software)
- application controls
- Controls related to individual application systems, which help
ensure that transactions are valid, complete, authorized, processed,
and reported. [SRV] Controls related to transactions and data
within application systems. Application controls ensure the
completeness and accuracy of the records and the validity of the
entries made resulting from both programmed processing and manual data
entry. Examples of application controls include data input validation,
agreement of batch totals and encryption of data transmitted [FFIEC] (see also security controls)
- application entity (AE)
-
- application gateway firewall
- A type of firewall system that runs an application, called a
proxy, that acts like the server to the Internet client. The proxy
takes all requests from the Internet client and, if allowed, forwards
them to the Intranet server. Application gateways are used to make
certain that the Internet client and the Intranet server are using the
proper application protocol for communicating. Popular proxies include
Telnet, ftp, and http. Building proxies requires knowledge of the
application protocol. [misc] (see also firewall)
- application generator
- A type of tool that uses software designs and/or requirements
to generate entire software applications automatically, including
program source code and program control statements. [SRV] (see also software)
- application level gateway
- A firewall system in which service is provided by processes
that maintain complete TCP connection state and sequencing. Application
level firewalls often re-address traffic so that outgoing traffic
appears to have originated from the firewall, rather than the internal
host. [NSAINT] (see also application proxy, firewall)
- application program interface (API)
- A set of standard software interrupts, calls, and data formats
that application programs use to initiate contact with network
services, mainframe communications programs, telephone equipment, or
program-to-program communications. [IATF] System access point or
library function that has a well-defined syntax and is accessible from
application programs or user code to provide well-defined
functionality. [AJP][FCv1] (see also networks, security, software)
- application programming interface (API)
- The interface between the application software and the
application platform, across which all services are provided. The API
is primarily in support of application portability, but system and
application interoperability is also supported by a communication API. [SRV] (see also software)
- application proxy
- A proxy service that is set up and torn down in response to a
client request, rather than existing on a static basis. Circuit proxies
always forward packets containing a given port number if that port
number is permitted by the rule set. Application proxies, in contrast,
forward packets only once a connection has been established using some
known protocol. When the connection closes, a firewall using
application proxies rejects individual packets, even if they contain
port numbers allowed by a rule set. [RFC2647] An application
that forwards application traffic through a firewall. It is also called
a proxy server. Proxies tend to be specific to the protocol they are
designed to forward, and may provide increased access control or audit.
[SRV] (see also application level gateway, access control, audit, firewall, proxy) (includes forwarder, gateway)
- application software
- Programs that perform specific tasks, such as word processing,
database management, or payroll. Software that interacts directly with
some nonsoftware system (e.g. human, robot, etc.). [SRV] (see also software)
- application system
- An integrated set of computer programs designed to serve a
well-defined function and having specific input, processing, and output
activities (e.g., general ledger, manufacturing resource planning,
human resource management). [FFIEC] (see also automated information system)
- application-level firewall
- A firewall system in which service is provided by processes
that maintain complete TCP connection state and sequencing; application
level firewalls often re-address traffic so that outgoing traffic
appears to have originated from the firewall, rather than the internal
host. In contrast to packet filtering firewalls, this firewall must
have knowledge of the application data transfer protocol and often has
rules about what may be transmitted and what may not. [IATF] (see also firewall, security)
- approach
- The method used or steps taken in setting about a task, problem, etc. [SC27]
- approval for service use (ASU)
-
- approval/accreditation
- The official authorization that is granted to an ADP system to
process sensitive information in its operational environment, based
upon comprehensive security evaluation of the computer system's
hardware, firmware, and software security design, configuration, and
implementation, and of the other system procedural, administrative,
physical, TEMPEST, personnel, and communications security controls. [AJP][TCSEC] (see also TEMPEST, communications security, evaluation, security, software, accreditation)
- approved technologies list
- The list of approved information technology areas maintained
by the NIAP Oversight Body which can be selected by a CCTL in choosing
its scope of accreditation, that is, the types of IT security
evaluations that can be conducted using NVLAP accredited test methods. [NIAP] (see also accreditation, computer security, evaluation, test, Common Criteria Testing Laboratory, National Information Assurance partnership)
- approved test methods list
- The list of approved test methods maintained by the NIAP
Oversight Body which can be selected by a CCTL in choosing its scope of
accreditation, that is, the types of IT security evaluations that it
will be authorized to conduct using NVLAP accredited test methods. [NIAP] (see also accreditation, computer security, evaluation, Common Criteria Testing Laboratory, National Information Assurance partnership, test)
- architectural design
- A phase of the development process wherein the top-level definition and design of a Target of Evaluation are specified. [AJP][ITSEC] (see also software development, target of evaluation)
- architecture
- A description of all functional activities to be performed to
achieve the desired mission, the system elements needed to perform the
functions, and the designation of performance levels of those system
elements. An architecture also includes information on the
technologies, interfaces, and location of functions and is considered
an evolving description of an approach to achieving a desired mission. [SRV]
- archive
- (I) (1.) Noun: A collection of data that is stored for
a relatively long period of time for historical and other purposes,
such as to support audit service, availability service, or system
integrity service. (2.) Verb: To store data in such way. (C) A
digital signature may need to be verified many years after the signing
occurs. The CA--the one that issued the certificate containing the
public key needed to verify that signature--may not stay in operation
that long. So every CA needs to provide for long-term storage of the
information needed to verify the signatures of those to whom it issues
certificates. [RFC2828] (see also archiving, audit, backup, certificate, digital signature, key, public-key infrastructure, recovery)
- archiving
- Moving electronic files no longer being used to less accessible and usually less expensive storage media for safe keeping. [SRV] (see also archive, backup)
- area interswitch rekeying key (AIRK)
- (see also key)
- areas of control
- Collectively, controls consist of the policies, procedures,
practices and organizational structures designed to provide reasonable
assurance that business objectives will be achieved and that undesired
events will be prevented or detected and corrected. [CIAO]
- areas of potential compromise
- These broad topical areas represent categories where losses
can occur that will impact both a department or agency's MEI and its
ability to conduct core missions. [CIAO] (see also minimum essential infrastructure, vulnerability)
- ARPANET
- (N) Advanced Research Projects Agency Network, a
pioneer packet-switched network that was built in the early 1970s under
contract to the U.S. Government, led to the development of today's
Internet, and was decommissioned in June 1990. [RFC2828] (see also internet, networks)
- as is process model
- A model that portrays how a business process is currently
structured. In process improvement efforts, it is used to establish a
baseline for measuring subsequent business improvement actions and
progress. [SRV] (see also baseline, business process, model)
- assembly
- Group of parts, elements, subassemblies, or circuits that are removable items of COMSEC equipment. [NSTISSC] (see also communications security)
- assessment
- Surveys and Inspections; an analysis of the vulnerabilities of
an AIS. Information acquisition and review process designed to assist a
customer to determine how best to use resources to protect information
in systems. [NSAINT] Verification of a deliverable against a
standard using the corresponding method to establish compliance and
determine the assurance. [SC27] (see also analysis)
- asset
- Anything that has value to the organization, its business operations and their continuity. [SC27] Anything that has value to the organization. [SC27]
Anything that has value to the organization. [ISO/IEC PDTR 13335-1
(11/2001)] Anything that has value to the organization, its business
operations and their continuity. [SC27] Information or resources to be protected by the counter measures of a TOE. [CC2][CC21][SC27] Information resources that support an organization's mission. [SRV] (see also counter measures, target of evaluation)
- assignment
- A data item which is a function of the witness and possibly of
a part of the message, and forms part of the input to the signature
function. [SC27] A data item which is a function of the witness
and possibly of a part of the message, and forms part of the input to
the signature function. [ISO/IEC 14888-1: 1998, ISO/IEC 9796-3:
2000] The specification of an identified parameter in a component. [SC27]
Requirement in a protection profile taken directly as stated, without
change, from the list of components or derived by placing a bound on a
threshold definition. Note: The assignment of environment-specific
requirements to generic component requirements is performed when a
component requirement corresponds to an environment-specific
requirement. [AJP][FCv1] The specification of an identified parameter in a component. [CC2][CC21][SC27] (see also protection profile)
- association
- (I) A cooperative relationship between system entities, usually for the purpose of transferring information between them. [RFC2828] (see also risk)
- assurance
- (1) The degree of confidence that a TOE adequately fulfills
the security requirements. (2) A measure of confidence that the
security features and architecture of an AIS accurately mediate and
enforce the security policy. Note: The two main aspects of assurance
are effectiveness and correctness (ITSEC - European Information
Technology Security Evaluation Criteria) or development and evaluation
assurance (Federal Criteria). [AJP] (I) (1.) An attribute
of an information system that provides grounds for having confidence
that the system operates such that the system security policy is
enforced. (2.) A procedure that ensures a system is developed and
operated as intended by the system's security policy. [RFC2828]
A measure of confidence that a security feature and architecture of an
automated information system mediates and enforces a security policy. [IATF]
A measure of confidence that the security features and architecture of
an AIS accurately mediate and enforce the security policy. [NCSC/TG004][NSAINT]
Confidence that a computer system design meets its requirements, that
its implementation meets its specification, or that some specific
property is satisfied. [SRV] Grounds for confidence that a
system design meets its requirements, or that its implemented satisfies
specifications, or that some specific property is satisfied. [CIAO] Grounds for confidence that an entity meets its security objectives. [CC2][CC21][SC27]
Grounds for confidence that an entity meets its security objectives.
[ISO/IEC 15408-1: 1999] Performance of appropriate activities or
processes to instill confidence that a deliverable meets its security
objectives. [SC27] Performance of appropriate activities or processes to instill confidence that a deliverable meets its security objectives. [SC27] The confidence that may be held in the security provided by a Target of Evaluation. [ITSEC]
The degree of confidence that a TOE adequately fulfills the security
requirements. Note: The two main aspects of assurance are effectiveness
and correctness. [JTC1/SC27] (see also advanced self-protection jammer, augmentation, authentication, bebugging, closed security environment, communications deception, component dependencies, component extensibility, component hierarchy, computer security, computing security methods, confidence coefficient, confidentiality, controlled access protection, data privacy, demilitarized zone, electronic protection, environmental failure protection, error seeding, exploit, extension, fetch protection, file protection, functional protection requirements, hardening, information protection policy, infrastructure protection, level of protection, lock-and-key protection system, minimum level of protection, network security, non-repudiation, open security environment, package, physical protection, port protection device, privacy protection, product rationale, protection needs elicitation, protection philosophy, protection profile, protection profile family, protection ring, protection-critical portions of the TCB, purge, quality of protection, security evaluation, security goals, security target, suspicious activity report, trusted computer system, trusted computing system, validation, European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, evaluation, security, target of evaluation) (includes National Information Assurance partnership, assurance approach, assurance authority, assurance component, assurance element, assurance level, assurance method, assurance profile, assurance results, assurance scheme, assurance stage, automated information system, configuration management, correctness, defense-wide information assurance program, development assurance, development assurance component, development assurance package, development assurance requirements, effectiveness, evaluation assurance, evaluation assurance component, evaluation assurance package, evaluation assurance requirements, identification and authentication, information assurance, infrastructure assurance, process assurance, profile assurance, quality assurance, quality assurance/control, rating, robustness, software quality assurance, test)
- assurance approach
- A grouping of assurance methods according to the aspect examined. [SC27] (see also assurance)
- assurance authority
- A person or body responsible (accountable) for the selection,
implementation and acceptance of assurance. NOTE - In specific schemes
or organisations, the term for assurance authority may be different
such as evaluation authority. [SC27] (see also assurance)
- assurance component
- Security assurance components are used to express ordered sets
of requirements for developer and evaluator actions, and for the
content and presentation of evaluation deliverables. Components are
grouped into families (e.g. High Level Design) and into classes (e.g.
Development). [CC1] (see also Common Criteria for Information Technology Security Evaluation, assurance, component)
- assurance element
- A process or activity of an assurance method, in itself recognised to provide reproducible assurance results. [SC27] (see also assurance)
- assurance level
- (I) Evaluation usage: A specific level on a
hierarchical scale representing successively increased confidence that
a target of evaluation adequately fulfills the requirements. [RFC2828]
In evaluation criteria, a specific level on a hierarchical scale
representing successively increased confidence that a TOE adequately
fulfills the security requirements. [AJP][JTC1/SC27] The
amount of assurance obtained according to the specific scale used by
the assurance method. The amount of assurance obtained generally is
related to the effort expended on the activities performed. NOTE - The
assurance level may not be measurable in quantitative terms. [SC27] (see also assurance)
- assurance method
- Documented set of assurance elements recognised to obtain reproducible assurance results. [SC27] (see also assurance)
- assurance profile
- An assurance requirement for a TOE whereby different levels of
confidence are required in different security enforcing functions. [AJP][ITSEC] (see also assurance)
- assurance results
- Documented numerical or qualitative assurance statement obtained by applying an assurance method. [SC27] (see also assurance)
- assurance scheme
- The administrative and regulatory framework under which an
assurance method is applied by an assurance authority within a specific
community or organisation. [SC27] (see also assurance)
- assurance stage
- The deliverable life cycle stage on which a given assurance
method is focused. The overall deliverable assurance takes into account
the results of the assurance methods applied throughout the deliverable
life cycle. [SC27] (see also assurance)
- asymmetric algorithm
- An encryption algorithm that requires two different keys for
encryption and decryption. These keys are commonly referred to as the
public and private keys. Asymmetric algorithms are slower than
symmetric algorithms. Furthermore, speed of encryption may be different
than the speed of decryption. Generally asymmetric algorithms are
either used to exchange symmetric session keys or to digitally sign a
message. RSA, RPK, and ECC are examples of asymmetric algorithms. [IATF][misc] (see also algorithm, asymmetric cryptography) (includes Diffie-Hellman, Rivest-Shamir-Adleman, elliptic curve cryptosystem, private key, public key, public-key cryptography standards)
- asymmetric cipher
- Alternative term for asymmetric encipherment system. [SC27] (see also asymmetric cryptography)
- asymmetric cryptographic algorithm
- An encryption algorithm that requires two different keys for
encryption and decryption. These keys are commonly referred to as the
public and private keys. Asymmetric algorithms are slower than
symmetric algorithms. Furthermore, speed of encryption may be different
than the speed of decryption. Generally asymmetric algorithms are
either used to exchange symmetric session keys or to digitally sign a
message. RSA, RPK, and ECC are examples of asymmetric algorithms. [IATF][misc] (see also encryption, key)
- asymmetric cryptographic technique
- A cryptographic technique that uses two related
transformations, a public transformation (defined by the public key)
and a private transformation (defined by the private key). The two
transformations have the property that, given the public
transformation, it is computationally infeasible to derive the private
transformation. [SC27] A cryptographic technique that uses two
related transformations, a public transformation (defined by the public
key) and a private transformation (defined by the private key). The two
transformations have the property that, given the public
transformation, it is computationally infeasible to derive the private
transformation. NOTE - A system based on asymmetric cryptographic
techniques can either be an encipherment system, a signature system, a
combined encipherment and signature system, or a key agreement system.
With asymmetric cryptographic techniques there are four elementary
transformations: sign and verify for signature systems, encipher and
decipher for encipherment systems. The signature and decipherment
transformation are kept private by the owning entity, whereas the
corresponding verification and encipherment transformation are
published. There exist asymmetric cryptosystems (e.g. RSA) where the
four elementary functions may be achieved by only two transformations:
one private transformation suffices for both signing and decrypting
messages, and one public transformation suffices for both verifying and
encrypting messages. However, since this is not the general case,
throughout ISO/IEC 9798 the four elementary transformations and the
corresponding keys are kept separate. [SC27] A cryptographic
technique that uses two related transformations, a public
transformation (defined by the public key) and a private transformation
(defined by the private key). The two transformations have the property
that, given the public transformation, it is computationally infeasible
to derive the private transformation. NOTE - A system based on
asymmetric cryptographic techniques can either be an encipherment
system, a signature system, a combined encipherment and signature
system, or a key agreement system. With asymmetric cryptographic
techniques there are four elementary transformations: sign and verify
for signature systems, encipher and decipher for encipherment systems.
The signature and decipherment transformation are kept private by the
owning entity, whereas the corresponding verification and encipherment
transformation are published. There exist asymmetric cryptosystems
(e.g. RSA) where the four elementary functions may be achieved by only
two transformations: one private transformation suffices for both
signing and decrypting messages, and one public transformation suffices
for both verifying and encrypting messages. However, since this is not
the general case, throughout ISO/IEC 9798 the four elementary
transformations and the corresponding keys are kept separate. [ISO/IEC
9798-1: 1997] A cryptographic technique that uses two related
transformations, a public transformation (defined by the public key)
and a private transformation (defined by the private key). The two
transformations have the property that, given the public
transformation, it is computationally infeasible to derive the private
transformation. [ISO/IEC 11770-1: 1996, ISO/IEC FDIS 15946-3 (02/2001)]
A cryptographic technique that uses two related transformations, a
public transformation (defined by the public key) and a private
transformation (defined by the private key). The two transformations
have the property that, given the public transformation, it is
computationally infeasible to derive the private transformation. NOTE -
A system based on asymmetric cryptographic techniques can either be an
encipherment system, a signature system, a combined encipherment and
signature system, or a key agreement system. With asymmetric
cryptographic techniques there are four elementary transformations:
sign and verify for signature systems, encipher and decipher for
encipherment systems. The signature and the decipherment transformation
are kept private by the owning entity, whereas the corresponding
verification and encipherment transformation are published. There exist
asymmetric cryptosystems (e.g. RSA) where the four elementary functions
may be achieved by only two transformations: one private transformation
suffices for both signing and decrypting messages, and one public
transformation suffices for both verifying and encrypting messages.
However, since this does not conform to the principle of key
separation, throughout this part of ISO/IEC 11770 the four elementary
transformations and the corresponding keys are kept separate. [ISO/IEC
11770-3: 1999] Cryptographic technique that uses two related
transformations, a public transformation (defined by the public key)
and a private transformation (defined by the private key). The two
transformations have the property that, given the public
transformation, it is computationally infeasible to derive the private
transformation. [SC27] A cryptographic technique that uses two
related transformations, a public transformation (defined by the public
key) and a private transformation (defined by the private key). The two
transformations have the property that, given the public
transformation, it is computationally infeasible to derive the private
transformation. NOTE - A system based on asymmetric cryptographic
techniques can either be an encipherment system, a signature system, a
combined encipherment and signature system, or a key agreement system.
With asymmetric cryptographic techniques there are four elementary
transformations: sign and verify for signature systems, encipher and
decipher for encipherment systems. The signature and the decipherment
transformation are kept private by the owning entity, whereas the
corresponding verification and encipherment transformation are
published. There exist asymmetric cryptosystems (e.g. RSA) where the
four elementary functions may be achieved by only two transformations:
one private transformation suffices for both signing and decrypting
messages, and one public transformation suffices for both verifying and
encrypting messages. However, since this does not conform to the
principle of key separation, throughout this part of ISO/IEC 11770 the
four elementary transformations and the corresponding keys are kept
separate. [SC27] Cryptographic technique that uses two related
transformations, a public transformation (defined by the public key)
and a private transformation (defined by the private key). The two
transformations have the property that, given the public
transformation, it is computationally infeasible to derive the private
transformation. [SC27] (see also asymmetric cryptography)
- asymmetric cryptography
- (I) A modern branch of cryptography (popularly known as
'public-key cryptography') in which the algorithms employ a pair of
keys (a public key and a private key) and use a different component of
the pair for different steps of the algorithm. (C) Asymmetric
algorithms have key management advantages over equivalently strong
symmetric ones. First, one key of the pair does not need to be known by
anyone but its owner; so it can more easily be kept secret. Second,
although the other key of the pair is shared by all entities that use
the algorithm, that key does not need to be kept secret from other,
non-using entities; so the key distribution part of key management can
be done more easily. (C) For encryption: In an asymmetric
encryption algorithm, when Alice wants to ensure confidentiality for
data she sends to Bob, she encrypts the data with a public key provided
by Bob. Only Bob has the matching private key that is needed to decrypt
the data. (C) For signature: In an asymmetric digital signature
algorithm, when Alice wants to ensure data integrity or provide
authentication for data she sends to Bob, she uses her private key to
sign the data (i.e., create a digital signature based on the data). To
verify the signature, Bob uses the matching public key that Alice has
provided. (C) For key agreement: In an asymmetric key agreement
algorithm, Alice and Bob each send their own public key to the other
person. Then each uses their own private key and the other's public key
to compute the new key value. [RFC2828] (see also authentication, confidentiality, digital signature, encryption, key) (includes asymmetric algorithm, asymmetric cipher, asymmetric cryptographic technique, asymmetric encipherment system, asymmetric encryption algorithm, asymmetric key pair, asymmetric signature system, public key derivation function, public key information, public key system)
- asymmetric encipherment system
- A system based on asymmetric cryptographic techniques whose
public transformation is used for encipherment and whose private
transformation is used for decipherment. [SC27] A system based
on asymmetric cryptographic techniques whose public transformation is
used for encipherment and whose private transformation is used for
decipherment. [ISO/IEC 9798-1: 1997, ISO/IEC 11770-3: 1999, ISO/IEC
FDIS 15946-3 (02/2001)] System based on asymmetric cryptographic
techniques whose public transformation is used for encipherment and
whose private transformation is used for decipherment. NOTE - An
asymmetric encipherment system is an asymmetric cryptographic technique
that is also an encryption algorithm. [SC27] System based on
asymmetric cryptographic techniques whose public transformation is used
for encipherment and whose private transformation is used for
decipherment. NOTE - An asymmetric encipherment system is an asymmetric
cryptographic technique that is also an encryption algorithm. [SC27] (see also asymmetric cryptography, system)
- asymmetric encryption algorithm
- Alternative term for asymmetric encipherment system. [SC27] (see also asymmetric cryptography)
- asymmetric key pair
- A pair of related keys where the private key defines the
private transformation and the public key defines the public
transformation. [SC27] A pair of related keys where the private
key defines the private transformation and the public key defines the
public transformation. [ISO/IEC 9798-1: 1997, ISO/IEC 11770-3: 1999,
ISO/IEC FDIS 15946-3 (02/2001)] Pair of related keys where the private
key defines the private transformation and the public key defines the
public transformation. [SC27] Pair of related keys where the
private key defines the private transformation and the public key
defines the public transformation. [SC27] (see also asymmetric cryptography)
- asymmetric signature system
- A system based on asymmetric cryptographic techniques whose
private transformation is used for signing and whose public
transformation is used for verification. [SC27] (see also asymmetric cryptography, system)
- asynchronous attacks
- Attacks that take advantage of dynamic system actions and the ability to manipulate the timing of those actions. [AFSEC] (see also attack)
- asynchronous communication
- Two modems communicating asynchronously rely upon each one to
send the other start and stop signals in order to pace the exchange of
information. [SRV] (see also communications)
- asynchronous transfer mode (ATM)
- A dedicated connection switching technology that organizes
digital data into fixed byte cell units and transmits those units over
a physical medium using digital signal technology. It is implemented by
hardware, therefore, very fast processing and switching speeds are
possible. [IATF] A fast-packet technology that was developed for
use in area networks using fixed-length cells. It appears to be the
best alternative for multimedia applications where data are mixed with
voice, images, or full-motion video. [SRV] (see also networks, security)
- attack
- (I) An assault on system security that derives from an
intelligent threat, i.e., an intelligent act that is a deliberate
attempt (especially in the sense of a method or technique) to evade
security services and violate the security policy of a system.
- Active
vs. passive: An 'active attack' attempts to alter system resources or
affect their operation. A 'passive attack' attempts to learn or make
use of information from the system but does not affect system
resources.
- Insider vs. outsider: An 'inside attack' is an
attack initiated by an entity inside the security perimeter (an
'insider'), i.e., an entity that is authorized to access system
resources but uses them in a way not approved by those who granted the
authorization. An 'outside attack' is initiated from outside the
perimeter, by an unauthorized or illegitimate user of the computer
system (an 'outsider'). In the Internet, potential outside attackers
range from amateur pranksters to organized criminals, international
terrorists, and hostile governments.
(C) The term 'attack' relates to some other basic security terms as shown in the following diagram:
+ - - - - - - - - - - - - + + - - - - + + - - - - - - - - - - -+
| An Attack: | |Counter- | | A System Resource: |
| i.e., A Threat Action | | measure | | Target of the Attack |
| +----------+ | | | | +-----------------+ |
| | Attacker |<==================||<========= | |
| | i.e., | Passive | | | | | Vulnerability | |
| | A Threat |<=================>||<========> | |
| | Agent | or Active | | | | +-------|||-------+ |
| +----------+ Attack | | | | VVV |
| | | | | Threat Consequences |
+ - - - - - - - - - - - - + + - - - - + + - - - - - - - - - - -+
[RFC2828]
1) A discrete malicious action of debilitating intent inflicted by one
entity upon another. A threat might attack a critical infrastructure to
destroy or incapacitate it. 2) Intentional attempt to bypass the
physical or information security measures and controls protecting an IT
system. [CIAO] An attempt to bypass security controls on a
computer. An active attack alters data. A passive attack releases data.
Whether an attack will succeed depends on the vulnerability of the
computer system and the effectiveness of existing counter measures. [AFSEC]
An attempt to bypass security controls on a computer. The attack may
alter, release, or deny data. Whether an attack will succeed depends on
the vulnerability of the computer system and the effectiveness of
existing counter measures. [NSAINT] An attempt to bypass
security controls on a computer. The attack may alter, release, or deny
data. Whether an attack will succeed depends on the vulnerability of
the computer system and the effectiveness of existing countermeasures.
The act of trying to bypass security controls on a system. An attack
may be active, resulting in the alteration of data; or passive,
resulting in the release of data. Note: The fact that an attack is made
does not necessarily mean that it will succeed. The degree of success
depends on the vulnerability of the system or activity and the
effectiveness of existing countermeasures. [OVT] An attempt to exploit an IT system vulnerability. [SC27]
The act of trying to bypass security controls on a system. An attack
may be active, resulting in the alteration of data; or passive,
resulting in the release of data. Note: The fact that an attack is made
does not necessarily mean that it will succeed. The degree of success
depends on the vulnerability of the computer system or activity and the
effectiveness of existing counter measures. [AJP][NCSC/TG004][SRV] The intentional act of attempting to bypass security controls on an automated information system. [IATF] Type of incident involving the intentional act of attempting to bypass one or more security controls of an IT system. [NSTISSC] (see also security software, Authentication Header, Diffie-Hellman, POP3 APOP, SOF-basic, SOF-high, SOF-medium, agent, alert, anonymous, attack signature recognition, availability, bastion host, checksum, computer emergency response team/ coordination center, cookies, counter measures, cryptanalysis, elliptic curve cryptography, exploit, flaw hypothesis methodology, handler, hash function, hijacking, honeypot, indicator, internet, key validation, mailbombing, manipulation detection code, nonce, precursor, privacy system, protected checksum, salt, security audit, security management infrastructure, signature, strength of a requirement, strength of function, strength of mechanisms, survivability, threat consequence, tiger team, traceability, trusted process, victim, vulnerability, vulnerability assessment, incident, risk, security, threat) (includes C2-attack, ICMP flood, IP splicing/hijacking, SYN flood, Star Trek attack, TTY watcher, active attack, asynchronous attacks, attack potential, attack signature, between-the-lines-entry, blended attack, browsing, brute force, brute force attack, check_password, chosen-ciphertext attack, chosen-plaintext attack, ciphertext-only attack, computer intrusion, computer network attack, cut-and-paste attack, cyberattack, data diddling, data driven attack, demon dialer, denial of service, dictionary attack, eavesdropping, electronic attack, flooding, hijack attack, impersonation, insider attack, interleaving attack, keystroke monitoring, known-plaintext attack, laboratory attack, leapfrog attack, man-in-the-middle, masquerade attack, masquerading, mimicking, nak attack, outside attack, outsider attack, pagejacking, passive attack, penetration, perpetrator, phreaking, piggyback attack, ping of death, ping sweep, port scan, reflection attack, replay attack, rootkit, scanning, scavenging, shoulder surfing, smurf, smurfing, social engineering, spoofing, spoofing attack, subversion, tampering, technical attack, technological attack, terminal hijacking, timing attacks, tunneling attack, warehouse attack, wiretapping)
- attack potential
- The perceived potential for success of an attack, should an
attack be launched, expressed in terms of an attacker's expertise,
resources and motivation. [CC2][CC21][OVT][SC27] (see also attack)
- attack signature
- Activities or alterations to an IS indicating an attack or attempted attack, detectable by examination of audit trail logs. [CIAO] (see also audit, attack, attack signature recognition)
- attack signature recognition
- To recognize specific identifiable characteristics technical, procedural, or equipment-based of known attack profiles. [CIAO] (see also attack, security software) (includes attack signature, virus signature)
- attention character
- In Trusted Computing Base (TCB) design, a character entered
from a terminal that tells the TCB the user wants a secure
communications path from the terminal to some trusted code to provide a
secure service for the user. [NSTISSC] (see also communications, trust, user)
- attribute
- A characteristic that describes a person, thing, or event. An inherent quality that an item either has or does not have. [SRV]
Attributes are properties of an entity. An entity is said to be
described by its attributes. In a database, the attributes of an entity
have their analogues in the fields of a record. In an object database,
instance variables may be considered attributes of the object. [SRV] (see also quality)
- attribute authority
- (I) A CA that issues attribute certificates. (O) 'An authority, trusted by the verifier to delegate privilege, which issues attribute certificates.' [RFC2828] An entity trusted by one or more entities to create and sign attribute certificates. Note that a CA may also be an AA. [SC27] (see also certificate, trust, public-key infrastructure)
- attribute certificate
- (I) A digital certificate that binds a set of
descriptive data items, other than a public key, either directly to a
subject name or to the identifier of another certificate that is a
public-key certificate. (O) 'A set of attributes of a user
together with some other information, rendered unforgeable by the
digital signature created using the private key of the CA which issued
it.' (O) 'A data structure that includes some attribute values
and identification information about the owner of the attribute
certificate, all digitally signed by an Attribute Authority. This
authority's signature serves as the guarantee of the binding between
the attributes and their owner.' (C) A public-key certificate
binds a subject name to a public key value, along with information
needed to perform certain cryptographic functions. Other attributes of
a subject, such as a security clearance, may be certified in a separate
kind of digital certificate, called an attribute certificate. A subject
may have multiple attribute certificates associated with its name or
with each of its public-key certificates. (C) An attribute certificate might be issued to a subject in the following situations:
- Different
lifetimes: When the lifetime of an attribute binding is shorter than
that of the related public-key certificate, or when it is desirable not
to need to revoke a subject's public key just to revoke an attribute.
- Different
authorities: When the authority responsible for the attributes is
different than the one that issues the public-key certificate for the
subject. (There is no requirement that an attribute certificate be
issued by the same CA that issued the associated public-key
certificate.)
[RFC2828] (see also cryptography, digital signature, identification, key, certificate)
- attribute sampling
- In attribute sampling, the selected sampling units are
measured or evaluated in terms of whether they have the attribute of
interest, and some statistical measure (statistic) is computed from
these measurements to estimate the proportion of the population that
has the attribute. [SRV]
- audit
- A family of security controls in the technical class dealing
with ensuring activity involving access to and modification of
sensitive or critical files is logged, monitored, and possible security
violations investigated. [800-37] A service that keeps a detailed record of events. [IATF]
An independent examination of a work product or set of work products to
assess compliance with specifications, standards, contractual
agreements, or other criteria. [IEEE610] Independent review and
examination of records and activities to assess the adequacy of system
controls, to ensure compliance with established policies and
operational procedures, and to recommend necessary changes in controls,
policies, or procedures. [NSTISSC] Independent review and
examination of records and activities to assess the adequacy of system
controls, to ensure compliance with established security policies and
procedures, and/or to recommend necessary changes in controls,
policies, or procedures to meet security objectives. [CIAO]
Independent review and examination of records and activities to
determine compliance with established usage policies and to detect
possible inadequacies in product technical security policies of their
enforcement. [AJP][FCv1] The independent examination of
records and activities to ensure compliance with established controls,
policy, and operational procedures, and to recommend any indicated
changes in controls, policy, or procedures. [NSAINT] The
independent examination of records to access their veracity and
completeness. To record independently and examine documents or system
activity (e.g. logins and logouts, file accesses, security violations).
[AFSEC] (see also Identification Protocol, accountability, alert, application proxy, archive, attack signature, distributed computing environment, functional component, gap analysis, host based, independence, intrusion detection, intrusion detection system, key management, key-escrow, keystroke monitoring, login, network based, network component, population, sas 70 report, secure single sign-on, security features, security software, sniffer, system security officer, threat monitoring, vulnerability analysis, work program, security) (includes audit charter, audit plan, audit program, audit service, audit software, audit trail, auditing tool, computer operations, audit, and security technology, computer-assisted audit technique, information systems audit and control association, information systems audit and control foundation, multihost based auditing, security audit, test, vulnerability audit)
- audit charter
- A document approved by the board of directors that defines the
IT audit function's responsibility, authority to review records, and
accountability. [FFIEC] (see also audit)
- audit plan
- A description and schedule of audits to be performed in a
certain period of time (ordinarily a year). It includes the areas to be
audited, the type of work planned, the high-level objectives and scope
of the work and includes other items such as budget, resource
allocation, schedule dates, and type of report issued. [FFIEC] (see also audit)
- audit program
- The audit policies, procedures, and strategies that govern the audit function, including IT audit. [FFIEC] (see also audit)
- audit service
- (I) A security service that records information needed
to establish accountability for system events and for the actions of
system entities that cause them. [RFC2828] (see also audit)
- audit software
- Generic software consisting of computer programs to analyze
data stored on computer media. The software can be used to sample data,
compare data fields, match data files, perform computations, etc. [SRV] (see also audit, software)
- audit trail
- (1) A set of records that collectively provide documentary
evidence of processing used to aid in tracing from original
transactions forward to related records and reports, and/or backward
from records and reports to their component source transactions. (2) A
chronological record of system activities that is sufficient to enable
the reconstruction, reviewing, and examination of the sequence of
environments and activities surrounding or leading to an operation, a
procedure, or an event in a transaction from its inception to final
results. (3) Information collected or used to facilitate a security
audit. Note: Audit trail may apply to information in an IT product or
an AIS or to the transfer of COMSEC (communications security) material.
[AJP] (1) A set of records that collectively provide documentary
evidence of processing used to aid in tracing from original
transactions forward to related records and reports, and/or backward
from records and reports to their component source transactions. (2)
Information collected or used to facilitate a Security Audit. [TNI]
A chronological record of system activities that is sufficient to
enable the reconstruction, reviewing, and examination of the sequence
of environments and activities surrounding or leading to an operation,
a procedure, or an event in a transaction from its inception to final
results. [NCSC/TG004][SRV] A chronological record of
system activities to enable the reconstruction and examination of the
sequence of events and/or changes in an event. Note: Audit trail may
apply to information in an IT product or an AIS or to the transfer of
COMSEC material. [FCv1] A chronological record of system
activities which is sufficient to enable the reconstruction, review,
and examination of the sequence of events and activities surrounding or
leading to each event in the path of a transaction from its inception
to the output of final results. The ability to trace data or
transactions from origination to output and back. [SRV] A set of
records that collectively provide documentary evidence of processing
used to aid in tracing from original transactions forward to related
records and reports, and/or backward from records and reports to their
component source transactions. [TCSEC] Chronological record of
system activities or message routing that permits reconstruction and
examination of a sequence of events. [CIAO] Chronological record
of system activities to enable the reconstruction and examination of
the sequence of events and/or changes in an event. Audit trail may
apply to information in an IS, to message routing in a communications
system, or to the transfer of COMSEC material. [NSTISSC] In
computer security systems, a chronological record of system resource
usage. This includes user login, file access, other various activities,
and whether any actual or attempted security violations occurred,
legitimate and unauthorized. [NSAINT] In computer security
systems, a chronological record of when users login, how long they are
engaged in various activities, what they were doing, whether any actual
or attempted security violations occurred. An automated or manual set
of chronological records of system activities that may enable the
reconstruction and examination of a sequence of events and/or changes
in an event. [AFSEC] (see also logging, communications security, computer security, evidence, audit, threat monitoring) (includes automated information system, security audit trail)
- auditing tool
- Tools to analyze computer systems or networks in regard to
their security status or in relation to the set of services provided by
them. COPS (Computer Oracle Password and Security analyzer) and SATAN
(Security Administrator's Tool for Analyzing Networks) are famous
examples of such tools. [RFC2504] (see also networks, passwords, audit)
- augmentation
- The addition of one or more assurance component(s) from Part 3 to an EAL or assurance package. [CC2][CC21][SC27] (see also assurance)
- authentic signature
- (I) A signature (particularly a digital signature) that can be trusted because it can be verified. [RFC2828] (see also digital signature, trust)
- authenticate
- (1) To verify the identity of a user, device, or other entity
in a system, often as a prerequisite to allowing access to resources in
a system. (2) To verify the integrity of data that have been stored,
transmitted, or otherwise exposed to possible unauthorized
modification. [NCSC/TG004][SRV] (1) To verify the
identity of a user, user device, or other entity, or the integrity of
data stored, transmitted, or otherwise exposed to unauthorized
modification in an IT product. (2) To verify the validity of a claimed
identity of a user, device, or other entity in a system, often as a
prerequisite to allowing access to resources in a system. (3) To verify
the integrity of data that have been stored, transmitted, or otherwise
exposed to possible unauthorized modification. [AJP] (I) Verify (i.e., establish the truth of) an identity claimed by or for a system entity. (D)
In general English usage, this term usually means 'to prove genuine'
(e.g. an art expert authenticates a Michelangelo painting). But the
recommended definition carries a much narrower meaning. For example, to
be precise, an ISD SHOULD NOT say 'the host authenticates each received
datagram'. Instead, the ISD SHOULD say 'the host authenticates the
origin of each received datagram'. In most cases, we also can say 'and
verifies the datagram's integrity', because that is usually implied. (D)
ISDs SHOULD NOT talk about authenticating a digital signature or
digital certificate. Instead, we 'sign' and then 'verify' digital
signatures, and we 'issue' and then 'validate' digital certificates. [RFC2828] In networking, to establish the validity of a user or an object (i.e., communications server). [AFSEC] To establish the validity of a claimed identity. [NSAINT][TCSEC]
To verify the identity of a user, user device, or other entity, or the
integrity of data stored, transmitted, or otherwise exposed to
unauthorized modification in an IS, or to establish the validity of a
transmission. [NSTISSC] Verify the identity of a user, user
device, or other entity, or the integrity of data stored, transmitted,
or otherwise exposed to unauthorized modification in an IT product. [FCv1] (see also certificate, digital signature, networks, public-key infrastructure, user)
- authentication
- (1) To establish the validity of a claimed identity. (2) To
provide protection against fraudulent transactions by establishing the
validity of a message, station, individual, or originator. [TNI]
(1) To establish the validity of a claimed identity. (2) To provide
protection against fraudulent transactions by establishing the validity
of a message, station, individual, or originator. (3) Means of
verifying an entity's (e.g. individual user's, machine's, or software
component's) eligibility to receive specific categories of information.
[AJP] (I) The process of verifying an identity claimed by or for a system entity. (C) An authentication process consists of two steps:
- Identification
step: Presenting an identifier to the security system. (Identifiers
should be assigned carefully, because authenticated identities are the
basis for other security services, such as access control service.)
- Verification
step: Presenting or generating authentication information that
corroborates the binding between the entity and the identifier.
[RFC2828]
Authentication refers to mechanisms which are used to verify the
identity of a user. The process of authentication typically requires a
name and a password to be supplied by the user as proof of his
identity. [RFC2504] Means of verifying an entity's (e.g.
individual user, machine, software component) eligibility to receive
specific categories of information. [FCv1] Providing assurance
regarding the identity of a subject or object, for example ensuring
that a particular user is who he or she claims to be. [SRV]
Security measure designed to establish the validity of a transmission,
message, or originator, or a means of verifying an individual's
authorization to access specific types of information. [CIAO]
Security measure designed to establish the validity of a transmission,
message, or originator, or a means of verifying an individual's
authorization to receive specific categories of information. [800-37][IATF][NSTISSC]
The process of verifying that a user requesting a network resource is
who he, she, or it claims to be, and vice versa. Trust is a critical
concept in network security. Any network resource (such as a file
server or printer) typically requires authentication before granting
access. Authentication takes many forms, including but not limited to
IP addresses; TCP or UDP port numbers; passwords; external token
authentication cards; and biometric identification such as signature,
speech, or retina recognition systems. The entity being authenticated
might be the client machine (for example, by proving that a given IP
source address really is that address, and not a rogue machine spoofing
that address) or a user (by proving that the user really is who he,
she, or it claims to be). Servers might also authenticate themselves to
clients. Testers should be aware that in an increasingly mobile
society, authentication based on machine-specific criteria such as an
IP address or port number is not equivalent to verifying that a given
individual is making an access request. At this writing systems that
verify the identity of users are typically external to the firewall,
and may introduce additional latency to the overall SUT. [RFC2647] The process of verifying the claimed identity of an individual user, machine, software component, or any other entity. [FFIEC] The provision of assurance of the claimed identity of an entity. [SC27]
To positively verify the identity of a user, device, or other entity in
a system, often as a prerequisite to allowing access to resources in a
system. [NSAINT] To positively verify the identity of a user,
device, or other entity in a system, often as a prerequisite to
allowing access to resources in a system. The verification of the
integrity of data that have been stored, transmitted, or otherwise
exposed to possible unauthorized modification. [AFSEC] (see also COMSEC control program, COMSEC equipment, Diffie-Hellman, FIPS approved security method, Generic Security Service Application Program Interface, IMAP4 AUTHENTICATE, IP splicing/hijacking, IPsec Key Exchange, IT security, Internet Engineering Task Force, Internet Protocol security, Internet Security Association and Key Management Protocol, Lightweight Directory Access Protocol, OAKLEY, POP3 APOP, POP3 AUTH, Post Office Protocol, version 3, Rivest-Shamir-Adleman, S/Key, SOCKS, Secure Electronic Transaction, Terminal Access Controller Access Control System, The Exponential Encryption System, X.509, access control, account authority digital signature, anonymous and guest login, assurance, asymmetric cryptography, authorization, biometrics, call back, certificate policy, certificate revocation list, certificate status responder, certification authority digital signature, challenge and reply, challenge/response, claimant, code, common data security architecture, communications security, computer cryptography, credentials, critical security parameters, crypto-algorithm, cryptographic key, data integrity service, data key, defense-wide information assurance program, dictionary attack, digital id, digital signature, distributed computing environment, domain name system, dongle, encapsulating security payload, entity, exchange multiplicity parameter, fingerprint, handshaking procedures, hash function, impersonation, information assurance, information systems security, interleaving attack, keyed hash, keying material, man-in-the-middle, masquerading, message integrity code, network component, non-repudiation, non-repudiation service, one-time passwords, origin authenticity, password system, passwords, personal identification number, point-to-point protocol, pretty good privacy, privacy enhanced mail, proxy, proxy server, public-key forward secrecy, realm, registration, registration authority, replay attack, sandboxed environment, secret, secure shell, secure socket layer, security association identifier, security controls, security mechanism, simple network management protocol, single sign-on, software, spoofing, system entity, system entry, test, third party trusted host model, tokens, trust, trusted identification, trusted identification forwarding, trusted third party, user, user identifier, validate vs. verify, verifier, vulnerability, quality of protection, security) (includes 3-factor authentication, Authentication Header, Challenge Handshake Authentication Protocol, Challenge-Response Authentication Mechanism, Data Authentication Algorithm, Distributed Authentication Security Service, Extensible Authentication Protocol, Password Authentication Protocol, Simple Authentication and Security Layer, authentication code, authentication data, authentication exchange, authentication service, authentication system, authentication token, authentication tools, biometric authentication, data authentication code, data authentication code vs. Data Authentication Code, data origin authentication, data origin authentication service, entity authentication, entity authentication of A to B, explicit key authentication from A to B, identification and authentication, implicit key authentication from A to B, key authentication, low-cost encryption/authentication device, message authentication code, message authentication code algorithm, message authentication code vs. Message Authentication Code, mutual authentication, mutual entity authentication, peer entity authentication, peer entity authentication service, privacy, authentication, integrity, identification, non-repudiation, privacy, authentication, integrity, non-repudiation, simple authentication, source authentication, strong authentication, unilateral authentication)
- authentication code
- (D) ISDs SHOULD NOT use this term as a synonym for any
form of checksum, whether cryptographic or not. The word
'authentication' is misleading because the mechanism involved usually
serves a data integrity function rather than an authentication
function, and the word 'code' is misleading because it implies that
either encoding or encryption is involved or that the term refers to
computer software. [RFC2828] (see also cryptography, encryption, software, authentication)
- authentication data
- Information used to verify the claimed identity of a user. [CC2][CC21][SC27] (see also authentication)
- authentication exchange
- (I) A mechanism to verify the identity of an entity by means of information exchange. (O) 'A mechanism intended to ensure the identity of an entity by means of information exchange.' [RFC2828] (see also authentication)
- Authentication Header (AH)
- (I) An Internet IPsec protocol designed to provide
connectionless data integrity service and data origin authentication
service for IP datagrams, and (optionally) to provide protection
against replay attacks. (C) Replay protection may be selected by
the receiver when a security association is established. AH
authenticates upper-layer protocol data units and as much of the IP
header as possible. However, some IP header fields may change in
transit, and the value of these fields, when the packet arrives at the
receiver, may not be predictable by the sender. Thus, the values of
such fields cannot be protected end-to-end by AH; protection of the IP
header by AH is only partial when such fields are present. (C)
AH may be used alone, or in combination with the IPsec ESP protocol, or
in a nested fashion with tunneling. Security services can be provided
between a pair of communicating hosts, between a pair of communicating
security gateways, or between a host and a gateway. ESP can provide the
same security services as AH, and ESP can also provide data
confidentiality service. The main difference between authentication
services provided by ESP and AH is the extent of the coverage; ESP does
not protect IP header fields unless they are encapsulated by AH. [RFC2828]
A field that immediately follows the IP header in an IP datagram and
provides authentication and integrity checking for the datagram. [NSAINT] An IP device used to provide connectionless integrity and data origin authentication for IP datagrams. [IATF] (see also attack, confidentiality, Internet Protocol security, authentication, security protocol)
- authentication information
- (I) Information used to verify an identity claimed by or for an entity. (C) Authentication information may exist as, or be derived from, one of the following:
- Something the entity knows.
- Something the entity possesses.
- Something the entity is.
[RFC2828] (see also 3-factor authentication)
- authentication service
- (I) A security service that verifies an identity claimed by or for an entity. (C)
In a network, there are two general forms of authentication service:
data origin authentication service and peer entity authentication
service. [RFC2828] (see also networks, authentication)
- authentication system
- Cryptosystem or process used for authentication. [NSTISSC] (see also cryptography, authentication, system)
- authentication token
- A portable authenticating device that uses techniques such as challenge/response and time-based code sequences. [misc] (see also authentication, tokens)
- authentication tools
- (see also authentication, security software)
- authenticator
- Means used to confirm the identity of a station, originator, or individual. [NSTISSC] The means used to confirm the identity or to verify the eligibility of a station, originator, or individual. [AJP][NCSC/TG004]
- authenticity
- (I) The property of being genuine and able to be verified and be trusted. [RFC2828] The principle that ensures that a message is received in exactly the same form in which it was sent. [AFSEC]
The property that ensures that the identity of a subject or resource is
the one claimed. Authenticity applies to entities such as users,
processes, systems and information. [SC27] (see also trust, integrity)
- authority
- (D) 'An entity, responsible for the issuance of certificates.' (C)
ISDs SHOULD NOT use this term as a synonym for AA, CA, RA, ORA, or
similar terms, because it may cause confusion. Instead, use the full
term at the first instance of usage and then, if it is necessary to
shorten text, use the style of abbreviation defined in this Glossary. (C)
ISDs SHOULD NOT use this definition for any PKI entity, because the
definition is ambiguous with regard to whether the entity actually
issues certificates (e.g. attribute authority or certification
authority) or just has accountability for processes that precede or
follow signing (e.g. registration authority). [RFC2828] (see also certificate, certification, public-key infrastructure)
- authority certificate
- (D) 'A certificate issued to an authority (e.g. either to a certification authority or to an attribute authority).' (C)
ISDs SHOULD NOT use this term or definition because they are ambiguous
with regard to which specific types of PKI entities they address. [RFC2828] (see also certification, certificate)
- authority revocation list
- (I) A data structure that enumerates digital
certificates that were issued to CAs but have been invalidated by their
issuer prior to when they were scheduled to expire. (O) 'A
revocation list containing a list of public-key certificates issued to
authorities, which are no longer considered valid by the certificate
issuer.' [RFC2828] (see also certificate, key)
- authorization
- Access privileges granted to a user, program, or process. [CIAO][NSTISSC] Access rights granted to a user, program, or process. [AJP][FCv1] Determining whether a subject is trusted to act for a given purpose, for example allowed to read a particular file. [SRV] The granting of access rights to a user, program, or process. [NCSC/TG004]
The process of determining what types of activities are permitted.
Usually, authorization is in the context of authentication. Once you
have authenticated a user, the user may be authorized different types
of access or activity. [AFSEC][IATF] The process of
giving access to parts of a system, typically based on the business
needs and the role of the individual within the business. [FFIEC] The process of granting or denying permission for different types of access or activity. [misc] (see also authorize, authentication, authorized person, hacker, intruder, intrusion, intrusion detection, least privilege, trust, vulnerability, user) (includes ACL-based authorization, access control, access control list, authorized, authorized user, centralized authorization, list-oriented, multilevel security, permissions, privilege, regrade, secure single sign-on, system security authorization agreement, ticket-oriented)
- authorize
- (I) (1.) An 'authorization' is a right or a permission
that is granted to a system entity to access a system resource. (2.) An
'authorization process' is a procedure for granting such rights. (3.)
To 'authorize' means to grant such a right or permission. (O)
SET usage: 'The process by which a properly appointed person or persons
grants permission to perform some action on behalf of an organization.
This process assesses transaction risk, confirms that a given
transaction does not raise the account holder's debt above the
account's credit limit, and reserves the specified amount of credit.
(When a merchant obtains authorization, payment for the authorized
amount is guaranteed--provided, of course, that the merchant followed
the rules associated with the authorization process.)' [RFC2828] (see also authorization, Secure Electronic Transaction) (includes delegation)
- authorize processing
- Occurs when management authorizes a system based on an
assessment of management, operational and technical controls. By
authorizing processing in a system the management official accepts the
risk associated with it. [800-37] (see also risk)
- authorized
- Entitled to a specific mode of access. [AJP][FCv1] (see also no-lone zone, authorization)
- authorized person
- A person who has a need-to-know for classified information in
the performance of official duties and who has been granted a personnel
clearance at the required level. [AFSEC] (see also authorized user, authorization)
- authorized user
- A user who may, in accordance with the TSP, perform an operation. [CC2][CC21][SC27] (see also authorized person, authorization)
- authorized vendor
- Manufacturer of INFOSEC equipment authorized to produce
quantities in excess of contractual requirements for direct sale to
eligible buyers. Eligible buyers are typically U.S. Government
organizations or U.S. Government contractors. authorized vendor program
Program in which a vendor, producing an (AVP) INFOSEC product under
contract to NSA, is authorized to produce that product in numbers
exceeding the contracted requirements for direct marketing and sale to
eligible buyers. Eligible buyers are typically U.S. Government
organizations or U.S. Government contractors. Products approved for
marketing and sale through the AVP are placed on the endorsed
cryptographic products list (ECPL). [NSTISSC] (see also cryptography)
- authorized vendor program (AVP)
-
- auto-manual system (AMS)
- (see also system)
- automated clearing house (ACH)
- Computer-based clearing and settlement facility for interchange of electronic debits and credits among financial institutions. [FFIEC]
- automated data processing (ADP)
- (see automated information system)
- automated data processing security
- (see Automated Information System security)
- automated data processing system
- An assembly of computer hardware, firmware, and software
configured for the purpose of classifying, sorting, calculating,
computing, summa, transmitting and receiving, storing, and retrieving
data, with a minimum of human intervention. [AJP][TCSEC] (see also software, automated information system, system)
- automated information system (AIS)
- (1) Any equipment or interconnected systems or subsystems of
equipment that are used in the automatic acquisition, storage,
manipulation, management, movement, control, display, switching,
interchange, transmission, or reception of data and include computer
software, firmware, and hardware. (2) An assembly of computer hardware,
software, and/or Automated Information System (AIS) firmware configured
to collect, create, communicate, compute, disseminate, process, store,
and/or control data or information. Note: Included are computers, word
processing systems, networks or other electronic information handling
systems, and associated equipment. [AJP] (I) An organized
assembly of resources and procedures-- i.e., computing and
communications equipment and services, with their supporting facilities
and personnel--that collect, record, process, store, transport,
retrieve, or display information to accomplish a specified set of
functions. [RFC2828] An assembly of computer hardware, software
and/or firmware configured to collect, create, communicate, compute,
disseminate, process, store, and/or control data or information. [NCSC/TG004]
Any equipment or interconnected systems or subsystems of equipment that
is used in the automatic acquisition, storage, manipulation,
management, movement, control, display, switching, interchange,
transmission or reception of data and includes computer software,
firmware, and hardware. Note: Included are computers, word processing
systems, networks, or other electronic information handling systems,
and associated equipment. [FCv1] The entire infrastructure,
organization, personnel, and components for the collection, processing,
storage, transmission, display, dissemination, and disposition of
information. [IATF] (see also American National Standards Institute, American Standard Code for Information Interchange, PCMCIA, application system, backus-naur form, computer, data synchronization, digital document, direct access storage device, extended industry standard architecture, fiber distributed data interface, frame relay, industry standard architecture, input/output, language, laptop computer, large scale integration, legacy data, logged in, network protocol stack, nibble, object code, object-oriented programming, personal computer, personal computer memory card international association, personal digital assistant, read-only memory, remote procedure call, reusability, rotational delay, safety-critical software, screen scraping, software, standard generalized markup language, structured query language, system resources, workflow, workload, accountability, accreditation, assurance, audit trail, certification, declassification of AIS storage media, designated approving authority, modes of operation, security, system) (includes Automated Information System security, CPU time, International organization for standardization, access mode, automated data processing system, bastion host, batch mode, batch processing, big-endian, bit, byte, central processing unit, centralized data processing, client server, computer abuse, data, data administration, data aggregation, data architecture, data contamination, data control language, data definition language, data dictionary, data flow diagram, data input, data management, data manipulation language, data processing, data reengineering, data storage, data structure, data validation, database administration, debugging, direct memory access, distributed data processing, distributed processing, fail soft, front-end processor, host, host based, host to front-end protocol, host-based firewall, information architecture, information center, information engineering, information environment, information flow, information operations, information ratio, information technology, information technology system, interface control unit, life cycle management, logical system definition, master file, memory scavenging, million instruction per second, multihost based auditing, networks, random access memory, remote job entry, remote terminal emulation, screened host firewall, workstation)
- Automated Information System security
- Measures and controls that protect an AIS against denial of
service and unauthorized (accidental or intentional) disclosure,
modification, or destruction of AISs and data. AIS security includes
consideration of all hardware and/or software functions,
characteristics, and/or features; operational procedures,
accountability procedures, and access controls at the central computer
facility, remote computer, and terminal facilities; management
constraints; physical structures and devices; and personnel and
communication controls needed to provide an acceptable level of risk
for the AIS and for the data and information contained in the AIS. It
includes the totality of security safeguards needed to provide an
acceptable protection level for an AIS and for data handled by an IT
product. [AJP][NCSC/TG004] (see also computer security, denial of service, security software, software, automated information system, risk management, subcommittee on Automated Information System security, system) (includes IT Security Evaluation Criteria, IT Security Evaluation Methodology, IT security, IT security certification, access control, communications security, emissions security, physical security, security safeguards)
- automated key distribution
- The distribution of cryptographic keys, usually in encrypted
form, using electronic means, such as a computer network (e.g.
down-line key loading, the automated key distribution protocols of ANSI
X9.17). [FIPS140] The distribution of cryptographic keys, usually in encrypted form, using electronic means, such as a computer network. [SRV] (see also networks, key, key management)
- automated key management center (AKMC)
- (see also key)
- automated key management system (AKMS)
- (see also key, system)
- automated office support systems (AOSS)
- (see also system)
- automated security incident measurement (ASIM)
- Monitors network traffic and collects information on targeted unit networks by detecting unauthorized network activity. [NSAINT] (see also networks, incident, security software)
- automated security monitoring
- All security features needed to provide an acceptable level of
protection for hardware, software, and classified, sensitive,
unclassified or critical data, material, or processes in the system. [NSAINT] The use of automated procedures to ensure that security controls are not circumvented. [AJP][NCSC/TG004][SRV]
Use of automated procedures to ensure security controls are not
circumvented or the use of these tools to track actions taken by
subjects suspected of misusing the IS. [NSTISSC] (see also software, risk management, security software)
- automatic digital network (AUTODIN)
- (see also networks)
- automatic key distribution center (AKDC)
- (see also key)
- automatic key distribution/rekeying control unit (AKD/RCU)
- (see also key)
- automatic log-on
- A feature offered by some aggregation services allowing
customers to log on by clicking on a hyperlink and thereby causing the
usernames and passwords stored at the aggregator to be used to log onto
other websites. [FFIEC]
- automatic remote rekeying (AK)
- Procedure to rekey a distant crypto-equipment electronically without specific actions by the receiving terminal operator. [NSTISSC] (see also key)
- autonomous message switch (AMS)
-
- auxiliary power unit (APU)
-
- auxiliary vector (AV)
-
- availability
- (1) The ability to access a specific resource within a
specific time frame as defined within the IT product specification. (2)
The ability to use or access objects and resources as required. The
property relates to the concern that information objects and other
system resources are accessible when needed and without undue delay.
(3) The prevention of the unauthorized withholding of information
resources. [AJP] (I) The property of a system or a system
resource being accessible and usable upon demand by an authorized
system entity, according to performance specifications for the system;
i.e., a system is available if it provides services according to the
system design whenever users request them. (O) 'The property of being accessible and usable upon demand by an authorized entity.' [RFC2828]
1) Timely, reliable access to data and information services for
authorized users. 2) The ability to have access to MEI Resource
Elements when required by the mission and core supporting process(es),
both now and in the future. It also concerns the safeguarding of those
resources and associated capabilities. [CIAO] Ability to access a specific resource within a specific time frame as defined within the IT product specification. [FCv1]
Assurance that information, services, and IT system resources are
accessible to authorized users and/or system-related processes on a
timely and reliable basis and are protected from denial of service. [800-37] Assuring information and communications services will be ready for use when expected. [NSAINT][OVT]
Computer hardware and software system working efficiently and the
system is able to recover quickly and completely if a disaster occurs.
The principle that ensures that computer systems and data are working
and available to users. Denial of Service is an attack on availability.
[AFSEC] The ability to use or access objects and resources as
required. The property relates to the concern that information objects
and other system resources are accessible when needed and without undue
delay. [JTC1/SC27] The prevention of the unauthorized withholding of information resources. [ITSEC][NIAP] The probability that a given resource will be usable during a given time period. [SRV] The property of being accessible and usable upon demand by an authorized entity. [IATF][SC27] The property that a given resource will be usable during a given time period. [SRV] Timely, reliable access to data and information services for authorized users. [NSTISSC] (see also Common Criteria for Information Technology Security, IT security, National Computer Security Center, access control, attack, computer abuse, computer emergency response team, computer related controls, computer security, critical, defense-in-depth, defense-wide information assurance program, denial of service, entry-level certification, failure, hardening, information assurance, information security, intrusion, levels of concern, maintainability, mid-level certification, minimum essential infrastructure, mirroring, post-accreditation phase, reliability, remediation, requirements for procedures and standards, retro-virus, security, security controls, security event, security goals, security policy, software, token management, top-level certification, trustworthy system, turnaround time, uniform resource name, user, vaulting, vulnerability, risk management) (includes availability of data, availability service, business continuity plan, business impact analysis, contingency plan, contingency planning, object, privacy, authentication, integrity, non-repudiation, recovery, token backup)
- availability of data
- The state when data are in the place needed by the user, at the time the user needs them, and in the form needed by the user. [OVT] (see also user, availability)
- availability service
- (I) A security service that protects a system to ensure its availability. (C)
This service addresses the security concerns raised by
denial-of-service attacks. It depends on proper management and control
of system resources, and thus depends on access control service and
other security services. [RFC2828] (see also access control, availability)
- back door
- (I) A hardware or software mechanism that (a) provides
access to a system and its resources by other than the usual procedure,
(b) was deliberately left in place by the system's designers or
maintainers, and (c) usually is not publicly known. (C) For
example, a way to access a computer other than through a normal login.
Such access paths do not necessarily have malicious intent; e.g.
operating systems sometimes are shipped by the manufacturer with
privileged accounts intended for use by field service technicians or
the vendor's maintenance programmers. [RFC2828] A hole in the
security of a computer system deliberately left in place by designers
or maintainers. Synonymous with trap door; A hidden software or
hardware mechanism used to circumvent security controls. A breach
created intentionally for the purpose of collecting, altering or
destroying data. [AFSEC] A hole in the security of a computer
system deliberately left in place by designers or maintainers.
Synonymous with trap door; a hidden software or hardware mechanism used
to circumvent security controls. [NSAINT] Hidden software or hardware mechanism used to circumvent security controls. [NSTISSC] Synonymous with trapdoor. [SRV] (see also trap door, software, threat)
- back up vs. backup
- (I) Verb 'back up': To store data for the purpose of creating a backup copy. (I)
Noun/adjective 'backup': (1.) A reserve copy of data that is stored
separately from the original, for use if the original becomes lost or
damaged. (2.) Alternate means to permit performance of system functions
despite a disaster to system resources. [RFC2828] (see also contingency plan)
- backup
- Copy of files and applications made to avoid loss of data and facilitate recovery in the event of a system crash. [CIAO] Copy of files and programs made to facilitate recovery, if necessary. [NSTISSC] (see also archive, archiving, fallback procedures, mirroring, vaulting, recovery)
- backup generations
- A methodology for creating and storing backup files whereby
the youngest (or most recent file) is referred to as the 'son,' the
prior file is called the 'father,' and the file two generations older
is the 'grandfather.' This backup methodology is frequently used to
refer to master files for financial applications. [FFIEC] (see also contingency plan)
- backup operations
- Methods for accomplishing essential business tasks subsequent
to disruption of a computer facility and for continuing operations
until the facility is sufficiently restored. [SRV] (see also business process, contingency plan)
- backup plan
- Synonymous with contingency plan. [SRV] (see also contingency plan)
- backup procedures
- The provisions made for the recovery of data files and program
libraries and for restart or replacement of computer equipment after
the occurrence of a system failure or a disaster. [SRV] (see also failure, recovery)
- backus-naur form
- (also Backus normal form), a metalanguage used to formally
describe the syntax of another language. A metalanguage used to
formally describe the syntax of a language. [OVT] (see also automated information system)
- baggage
- (D) ISDs SHOULD NOT use this term to describe a data
element except when stated as 'SET(trademark) baggage' with the
following meaning: (O) SET usage: An 'opaque encrypted tuple,
which is included in a SET message but appended as external data to the
PKCS encapsulated data. This avoids superencryption of the previously
encrypted tuple, but guarantees linkage with the PKCS portion of the
message.' [RFC2828] (see also encryption, Secure Electronic Transaction)
- bandwidth
- (1) A characteristic of a communication channel that is the
amount of information that can be passed through it in a given amount
of time, usually expressed in bits per second. (2) Rate at which
information is transmitted through a channel. Note: Bandwidth was
originally a term used in analog communication, measured in hertz, and
related to the information rate by the 'sampling theorem' (generally
attributed to H. Nyquist, although the theorem was in fact known before
Nyquist used it in communication theory). Nyquist's sampling theorem
says that the information rate in bits (samples) per second is at most
twice the bandwidth in hertz of an analog signal created from a square
wave. In a covert-channel context, 'bandwidth' is given in bits per
second rather than hertz and is commonly used, in a nonstandard use of
terminology, as a synonym for information rate. [AJP] (I)
Commonly used to mean the capacity of a communication channel to pass
data through the channel in a given amount of time. Usually expressed
in bits per second. [RFC2828] A characteristic of a
communication channel that is the amount of information that can be
passed through it in a given amount of time, usually expressed in bits
per second. [TCSEC] In communications, the difference between
the highest and lowest frequencies in a given range. In computer
networks, greater bandwidth indicates faster data-transfer capabilities
(i.e., the rate at which information can be transmitted in
bits/second.) [SRV] Rate at which information is transmitted
through a channel. Note: Bandwidth is originally a term used in analog
communication, measured in Hertz, and related to information rate by
the 'sampling theorem' (generally attributed to H. Nyquist although the
theorem was in fact known before Nyquist used it in communication
theory). Nyquist's sampling theorem says that the information rate in
bits (samples) per second is at most twice the bandwidth in Hertz of an
analog signal created from a square wave. In a covert-channel context
'bandwidth' is given in bits/ second rather than Hertz and is commonly
used, in an abuse of terminology, as a synonym for information rate. [FCv1] (see also channel capacity, communications, networks)
- bank identification number (BIN)
- (N) The digits of a credit card number that identify the issuing bank. (O) SET usage: The first six digits of a primary account number. [RFC2828] (see also Secure Electronic Transaction, identification)
- banking and finance
- A critical infrastructure characterized by entities, such as
retail and commercial organizations, investment institutions, exchange
boards, trading houses, and reserve systems, and associated operational
organizations. Also includes government operations, and support
activities, that are involved in all manner of monetary transactions,
including its storage for saving purposes, its investment for income
purposes, its exchange for payment purposes, and its disbursement in
the form of loans and other financial instruments. [CIAO] (see also critical infrastructure)
- banner
- Display on an IS that sets parameters for system or data use. [NSTISSC]
- barograph
- A recording barometer. [SRV]
- barometer
- An instrument for measuring atmospheric pressure, used in
weather forecasting and in determining elevation. It gives notice of
fluctuations. It is an indicator of atmospheric pressure. [SRV]
- baseline
- A specification or product that has been formally reviewed and
agreed upon, that thereafter serves as the basis for further
development, and that can be changed only through formal change control
procedures. [IEEE610] A version of software used as a starting point for later versions. [SRV] (see also as is process model, interface control document, release, revision, security target, site accreditation, software, software library, software system test and evaluation process, version, security) (includes baseline architecture, baseline controls, baseline management, baselining, security requirements baseline)
- baseline architecture
- The initial architecture that is or can be used as a starting point for subsequent architectures, or to measure progress. [SRV] (see also baseline)
- baseline controls
- A minimum set of safeguards established for a system or organization. [SC27] (see also security controls, baseline)
- baseline management
- In configuration management, the application of technical and
administrative direction to designate the documents and changes to
those documents that formally identify and establish baselines at
specific times during the life cycle of a configuration item. [IEEE610] (see also baseline, configuration management)
- baselining
- Monitoring resources to determine typical utilization patterns so that significant deviations can be detected. [800-61]
Obtaining data on the current process that provide the metrics against
which to compare improvements and to use in benchmarking. [SRV] (see also baseline)
- basic component
- A component that is identifiable at the lowest hierarchical level of a specification produced during design. [AJP][ITSEC] (see also component)
- Basic Encoding Rules (BER)
- (I) A standard for representing ASN.1 data types as strings of octets. [RFC2828] (see also Abstract Syntax Notation One) (includes Distinguished Encoding Rules)
- bastion host
- (I) A strongly protected computer that is in a network
protected by a firewall (or is part of a firewall) and is the only host
(or one of only a few hosts) in the network that can be directly
accessed from networks on the other side of the firewall. (C)
Filtering routers in a firewall typically restrict traffic from the
outside network to reaching just one host, the bastion host, which
usually is part of the firewall. Since only this one host can be
directly attacked, only this one host needs to be very strongly
protected, so security can be maintained more easily and less
expensively. However, to allow legitimate internal and external users
to access application resources through the firewall, higher layer
protocols and services need to be relayed and forwarded by the bastion
host. Some services (e.g. DNS and SMTP) have forwarding built in; other
services (e.g. TELNET and FTP) require a proxy server on the bastion
host. [RFC2828] A host system that is a strong point in the
network's security perimeter. Bastion hosts should be configured to be
particularly resistant to attack. In a host-based firewall, the bastion
host is the platform on which the firewall software is run. Bastion
hosts are also referred to as gateway hosts. [SRV] A system that
has been hardened to resist attack, and which is installed on a network
in such a way that it is expected to potentially come under attack.
Often are components of firewalls. [AFSEC] (see also attack, networks, software, automated information system, firewall)
- batch mode
- Grouping all files related to a specific job and transmitting
them as a unit. Also referred to as deferred-time or off-line
processing. [SRV] (see also automated information system)
- batch processing
- Data or transactions are accumulated over a period of time and then processed in a single run. [SRV] (see also automated information system)
- bebugging
- Planting errors in computer programs to ensure that all known
errors are detected. It determines whether a set of test cases is
adequate. [SRV] (see also error seeding, assurance, test)
- Bell-LaPadula model
- (N) A formal, mathematical, state-transition model of security policy for multilevel-secure computer systems. (C)
The model separates computer system elements into a set of subjects and
a set of objects. To determine whether or not a subject is authorized
for a particular access mode on an object, the clearance of the subject
is compared to the classification of the object. The model defines the
notion of a 'secure state', in which the only permitted access modes of
subjects to objects are in accordance with a specified security policy.
It is proven that each state transition preserves security by moving
from secure state to secure state, thereby proving that the system is
secure. (C) In this model, a multilevel-secure system satisfies several rules, including the following:
- 'Confinement
property' (also called '*-property', pronounced 'star property'): A
subject has write access to an object only if classification of the
object dominates the clearance of the subject.
- 'Simple
security property': A subject has read access to an object only if the
clearance of the subject dominates the classification of the object.
- 'Tranquility property': The classification of an object does not change while the object is being processed by the system.
[RFC2828]
An information-flow security model couched in terms of subjects and
objects and based on the concept that information shall not flow to an
object of lesser or noncomparable classification. [SRV] (see Bell-LaPadula security model)
- Bell-LaPadula security model
- (1) A formal state-transition model of computer security
policy that describes a set of access control rules. In this formal
model, the entities in a system are divided into abstract sets of
subjects and objects. The notion of a secure state is defined, and it
is proven that each state transition preserves security by moving from
secure state to secure state, thereby inductively proving that the
system is secure. A system state is defined to be 'secure' if the only
permitted access modes of subjects to objects are in accordance with a
specific security policy. To determine whether a specific access mode
is allowed, the clearance of a subject is compared with the
classification of the object, and a determination is made as to whether
the subject is authorized for the specific access mode. The
clearance/classifications scheme is expressed in terms of a lattice.
(2) A formal state-transition model of a technical security policy for
an AIS that presents: (a) access constraints, (b) allowed state
transitions (called 'rules of operation'), and (c) a proof that the
allowed state transitions guarantee satisfaction of the constraints. [AJP]
A formal state transition model of computer security policy that
describes a set of access control rules. In this formal model, the
entities in a system are divided into abstract sets of subjects and
objects. The notion of a secure state is defined and it is proven that
each state transition preserves security by moving from secure state to
secure state; thus, inductively proving that the system is secure. A
system state is defined to be 'secure' if the only permitted access
modes of subjects to objects are in accordance with a specific security
policy. to determine whether or not a specific access mode is allowed,
the clearance of a subject is compared to the classification of the
object and a determination is made as to whether the subject is
authorized for the specific access mode. The clearance/classification
scheme is expressed in terms of a lattice. [TCSEC] A formal
state transition model of computer security policy that describes a set
of access control rules. In this formal model, the entities in a system
are divided into abstract sets of subjects and objects. The notion of a
secure state is defined and it is proven that each state transition
preserves security by moving from secure state to secure state; thus,
inductively proving that the system is secure. A system state is
defined to be 'secure' if the only permitted access modes of subjects
to objects are in accordance with a specific security policy. to
determine whether or not a specific access mode is allowed, the
clearance of a subject is compared to the classification of the object
and a determination is made as to whether the subject is authorized for
the specific access mode. The clearance/classifications scheme is
expressed in terms of a lattice. For further information see Bell, D.
Elliott and LaPadula, Leonard J., Secure Computer Systems: Unified
Exposition and MULTICS Interpretation, MTR 2997, The MITRE Corporation,
April 1974. (AD/A 020 445). [TNI] A formal state transition
model of computer security policy that describes a set of access
control rules. In this formal model, the entities in a system are
divided into abstract sets of subjects and objects. The notion of a
secure state is defined, and it is proven that each state transition
preserves security by moving from secure state to secure state, thereby
inductively proving that the system is secure. A system state is
defined to be 'secure' if the only permitted access modes of subjects
to objects are in accordance with a specific security policy. to
determine whether or not a specific access mode is allowed, the
clearance of a subject is compared to the classification of the object,
and a determination is made as to whether the subject is authorized for
the specific access mode. [NCSC/TG004] Any formal
state-transition model of a technical security policy for an AIS that
presents (a) Access Constraints (including initial-state constraints
and variants or the simple security), (b) allowed state transitions
(called 'rules of operation'), and (c) a proof that the allowed state
transitions guarantee satisfaction of the constraints. [FCv1]
Formal-state transition model of computer security policy that
describes a formal set of access controls based on information
sensitivity and subject authorizations. [NSAINT] (see also access control, classification level, computer security, confinement property, formal security policy model, model, security model) (includes *-property, lattice, lattice model, object, simple security condition, simple security property, subject, tranquility, trusted subject)
- benchmark
- (1) A test of the performance and capabilities of newly
developed software using actual or simulated workloads. (2) A method to
improve business processes. A measurement or standard that serves as a
point of reference by which process performance is measured. User
constructed tests that verify the performance of a proposed computer
system by measuring its ability to execute a group of user programs
representative of projected workload within certain predetermined user
time requirements. [SRV] A standard against which measurements or comparisons can be made. [IEEE610] (see also business process, evaluation, software, test)
- benchmarking
- A structured approach for identifying the best practices from
industry and government, and comparing and adapting them to the
organization's operations. Such as approach is aimed at identifying
more efficient and effective processes for achieving intended results
and at suggesting ambitious goals for productivity, product/service
quality, and process improvement. [SRV] (see also quality)
- benign
- Condition of cryptographic data that cannot be compromised by
human access. benign environment Nonhostile environment that may be
protected from external hostile elements by physical, personnel, and
procedural security countermeasures. [NSTISSC] (see also counter measures, cryptography)
- benign environment
- A nonhostile environment that may be protected from external
hostile elements by physical, personnel, and procedural security
counter measures. [AFSEC][AJP][NCSC/TG004] (see also counter measures, security)
- best practices
- The processes, practices, and systems identified in public and
private organizations that performed exceptionally well and are widely
recognized as improving an organization's performance and efficiency in
specific areas. Successfully identifying and applying best practices
can reduce business expenses and improve organizational efficiency.
Best practices can be applied to all functions within an organization.
Business practices that have been shown to improve an organization's IT
function, as well as other business functions. [SRV] (see also business process, recommended practices, risk management)
- between-the-lines-entry
- Access that an unauthorized user gets, typically by tapping the terminal that is inactive at the time, of a legitimate user. [AFSEC]
Access, obtained through the use of active wiretapping by an
unauthorized user, to a momentarily inactive terminal of a legitimate
user assigned to a communications channel. [SRV] Unauthorized access obtained by tapping the temporarily inactive terminal of a legitimate user. [AJP][NCSC/TG004] (see also unauthorized access, attack) (includes piggyback)
- beyond A1
- (O) (1.) Formally, a level of security assurance that
is beyond the highest level of criteria specified by the TCSEC. (2.)
Informally, a level of trust so high that it cannot be provided or
verified by currently available assurance methods, and particularly not
by currently available formal methods. [RFC2828] A level of
trust defined by the Trusted Computer System Evaluation Criteria
(TCSEC) that is beyond the state-of-the-art technology available at the
time the criteria were developed. It includes all the A1-level features
plus additional ones not required at the A1 level. [NCSC/TG004]
A level of trust defined by the U.S. DoD (Department of Defense)
Trusted Computer System Evaluation Criteria (TCSEC) that is beyond the
state-of-the-art technology available at the time the criteria were
developed. It includes all the A1-level features plus additional ones
not required at the A1 level. [AJP] Level of trust defined by
the DoD Trusted Computer System Evaluation Criteria (TCSEC) to be
beyond the state-of-the-art technology. It includes all the Al-level
features plus additional ones not required at the Al-level. [NSTISSC] (see also evaluation, security, trusted computer system)
- bias
- The existence of a factor that causes an estimate made on the
basis of a sample to differ systematically from the population
parameter being estimated. Bias may originate from poor sample design,
deficiencies in carrying out the sampling process, or an inherent
characteristic of the measuring or estimating technique used. [SRV]
- Biba Integrity model
- A formal security model for the integrity of subjects and objects in a system. [NSAINT] (see also Biba model, formal security policy model, model)
- Biba model
- An integrity model in which no subject may depend on a less trusted object, including another subject. [SRV] (see also Biba Integrity model, trust, model)
- big-endian
- A method of storage of multi-byte numbers with the most significant bytes at the lowest memory addresses. [SC27]
A method of storage of multi-byte numbers with the most significant
bytes at the lowest memory addresses. [ISO/IEC 10118-1: 2000] [SC27] (see also automated information system)
- bilateral trust
- when business arrangements are based on formal and informal
agreements that involve only two companies and that trust is limited to
those companies or a subset of their employees. [misc] (see also business process, public-key infrastructure, trust)
- bill payment
- An e-banking application whereby customers direct the
financial institution to transfer funds to the account of another
person or business. Payment is typically made by ACH credit or by the
institution (or bill payment servicer) sending a paper check on the
customer's behalf. [FFIEC] (see also internet)
- bill presentment
- An e-banking service whereby a business submits an electronic
bill or invoice directly to the customer's financial institution. The
customer can view the bill/invoice on-line and, if desired, pay the
bill through an electronic payment. [FFIEC] (see also internet)
- bind
- (I) To inseparably associate by applying some
mechanism, such as when a CA uses a digital signature to bind together
a subject and public key in a public-key certificate. [RFC2828] (see also certificate, digital signature, key, public-key infrastructure)
- binding
- An acknowledgment by a trusted third party that associates an
entity's identity with its public key. This may take place through: (1)
a certification authority's generation of a public key certificate, (2)
a security officer's verification of an entity's credentials and
placement of the entity's public key and identifier in a secure
database, or (3) an analogous method. Denotes the association of a name
(such as a variable declaration) with a class. [SRV] Process of
associating a specific communications terminal with a specific
cryptographic key or associating two related elements of information. [NSTISSC] (see also cryptography, key, security, trust)
- binding of functionality
- An aspect of the assessment of the effectiveness of a Target
of Evaluation, namely, the ability of its security enforcing functions
and mechanisms to work together in a way that is mutually supportive
and provides an integrated and effective whole. [ITSEC] (see also security, target of evaluation)
- binding of security functionality
- The ability of security enforcing functions and mechanisms to
work together in a way that is mutually supportive and provides an
integrated and effective whole. [AJP][JTC1/SC27] (see also security)
- biometric authentication
- (I) A method of generating authentication information
for a person by digitizing measurements of a physical characteristic,
such as a fingerprint, a hand shape, a retina pattern, a speech pattern
(voiceprint), or handwriting. [RFC2828] (see also 3-factor authentication, authentication) (includes thumbprint)
- biometrics
- Automated methods of authenticating or verifying an individual based on a physical or behavioral characteristic. [IATF][NSTISSC]
The method of verifying a person's identify by analyzing a unique
physical attribute of the individual (e.g., fingerprint, retinal
scanning). [FFIEC] (see also authentication, security)
- bit
- (I) The smallest unit of information storage; a
contraction of the term 'binary digit'; one of two symbols--'0' (zero)
and '1' (one)
--that are used to represent binary numbers. [RFC2828] Short for binary digit - 0 or 1. Keys are strings of bits. [AJP] (see also automated information system)
- bit error rate
- Ratio between the number of bits incorrectly received and the total number of bits transmitted in a telecommunications system. [NSTISSC] (see also communications)
- bit forwarding rate
- The number of bits per second of allowed traffic a DUT/SUT can
be observed to transmit to the correct destination interface(s) in
response to a specified offered load. This definition differs
substantially from section of RFC 1242 and section 3.6.1 of RFC 2285.
Unlike both RFCs 1242 and 2285, this definition introduces the notion
of different classes of traffic: allowed, illegal, and rejected (see
definitions for each term). For benchmarking purposes, it is assumed
that bit forwarding rate measurements include only allowed traffic.
Unlike RFC 1242, there is no reference to lost or retransmitted data.
Forwarding rate is assumed to be a goodput measurement, in that only
data successfully forwarded to the destination interface is measured.
Bit forwarding rate must be measured in relation to the offered load.
Bit forwarding rate may be measured with differed load levels, traffic
orientation, and traffic distribution. Unlike RFC 2285, this
measurement counts bits per second rather than frames per second.
Testers interested in frame (or frame-like) measurements should use
units of transfer. [RFC2647] (see also allowed traffic, goodput, illegal traffic, rejected traffic, test, unit of transfer)
- BLACK
- (I) Designation for information system equipment or
facilities that handle (and for data that contains) only ciphertext
(or, depending on the context, only unclassified information), and for
such data itself. This term derives from U.S. Government COMSEC
terminology. [RFC2828] Designation applied to information
systems, and to associated areas, circuits, components, and equipment,
in which national security information is encrypted or is not
processed. [NSTISSC] (see also communications security, cryptography, security)
- black-box testing
- A method of verifying that software functions perform correctly without examining the internal program logic. [SRV] (see also analysis, functional test case design, functional testing, software, stress testing, test)
- blended attack
- Malicious code that uses multiple methods to spread. [800-61] (see also attack)
- block
- A bit-string of length L1, i.e., the length of the first input to the round-function. [SC27] A bit-string of length L1,
i.e., the length of the first input to the round-function. [ISO/IEC
FDIS 9797-2 (09/2000), ISO/IEC CD 10118-3 (11/2001)] A string of bits
of length Lf, which shall be an integer multiple of 16. [ISO/IEC 10118-4: 1998] A bit-string of length n. [ISO/IEC 9797-1: 1999] String of bits of defined length. [SC27] A bit-string of length n. [SC27] A string of bits of length Lf, which shall be an integer multiple of 16. [SC27] String of bits of defined length. [SC27]
- block chaining
- The encipherment of information such that each block of
ciphertext is cryptographically dependent upon the preceding ciphertext
block. [SC27] The encipherment of information such that each
block of ciphertext is cryptographically dependent upon the preceding
ciphertext block. [ISO 8372: 1987] The encipherment of information such
that each block of ciphertext is cryptographically dependent upon the
preceding ciphertext block. [SC27] (see also cipher block chaining)
- block cipher
- (I) An encryption algorithm that breaks plaintext into
fixed-size segments and uses the same key to transform each plaintext
segment into a fixed-size segment of ciphertext. (C) For
example, Blowfish, DEA, IDEA, RC2, and SKIPJACK. However, block cipher
can be adapted to have a different external interface, such as that of
a stream cipher, by using a mode of operation to 'package' the basic
algorithm. [RFC2828] Symmetric encryption algorithm with the
property that the encryption process operates on a block of plaintext,
i.e. a string of bits of a specified length, to yield a ciphertext
block. [SC27] (see also encryption, key)
- block cipher key
- A key that controls the operation of a block cipher. [SC27] (see also key)
- Blowfish
- (N) A symmetric block cipher with variable-length key
(32 to 448 bits) designed in 1993 by Bruce Schneier as an unpatented,
license-free, royalty-free replacement for DES or IDEA. [RFC2828] (see also key, symmetric cryptography)
- blue box devices
- Created by crackers and phone hackers ('phreakers') to break
into the telephone system to make calls that bypass billing procedures.
[AFSEC] (see also threat)
- bomb
- A general synonym for crash, normally of software or operating system failures. [AFSEC][NSAINT] (see also failure, software, threat)
- boot sector virus
- A virus that plants itself in a system's boot sector and infects the master boot record. [800-61] (see also virus)
- bounce
- An electronic mail message that is undeliverable and returns an error to the sender. [AFSEC] (see also email)
- boundary
- Software, hardware, or physical barrier that limits access to a system or part of a system. [NSTISSC]
- boundary value
- A data value that corresponds to a minimum or maximum input,
internal, or output value specified for a system or component. An input
value or output value which is on the boundary between equivalence
classes, or an incremental distance either side of the boundary. [OVT] (see also stress testing)
- boundary value analysis
- (NBS) A selection technique in which test data are chosen to
lie along 'boundaries' of the input domain [or output range] classes,
data structures, procedure parameters, etc. Choices often include
maximum, minimum, and trivial values or parameters. This technique is
often called stress testing. A test case design technique for a
component in which test cases are designed which include
representatives of boundary values. [OVT] (see also test, analysis)
- boundary value coverage
- The percentage of boundary values of the component's equivalence classes which have been exercised by a test case suite. [OVT] (see also test)
- boundary value testing
- A testing technique using input values at, just below, and
just above, the defined limits of an input domain; and with input
values causing outputs to be at, just below, and just above, the
defined limits of an output domain. [OVT] (see also test)
- branch coverage
- Metric of the number of branches executed under test; '100%
branch coverage' means that every branch in a program has been executed
at least once under some test (also link coverage). [OVT] (see also test)
- brand
- (I) A distinctive mark or name that identifies a product or business entity. (O)
SET usage: The name of a payment card. Financial institutions and other
companies have founded payment card brands, protect and advertise the
brands, establish and enforce rules for use and acceptance of their
payment cards, and provide networks to interconnect the financial
institutions. These brands combine the roles of issuer and acquirer in
interactions with cardholders and merchants. [RFC2828] (see also networks, Secure Electronic Transaction)
- brand certification authority (BCA)
- (O) SET usage: A CA owned by a payment card brand, such as MasterCard, Visa, or American Express. [RFC2828] (see also certification, Secure Electronic Transaction, public-key infrastructure)
- brand CRL identifier (BCI)
- (O) SET usage: A digitally signed list, issued by a
BCA, of the names of CAs for which CRLs need to be processed when
verifying signatures in SET messages. [RFC2828] (see also digital signature, Secure Electronic Transaction, public-key infrastructure)
- breach
- The successful defeat of security controls which could result
in a penetration of the system. A violation of controls of a particular
information system such that information assets or system components
are unduly exposed. [AFSEC][NSAINT][OVT] (see also security, threat)
- break
- (I) Cryptographic usage: To successfully perform
cryptanalysis and thus succeed in decrypting data or performing some
other cryptographic function, without initially having knowledge of the
key that the function requires. (This term applies to encrypted data
or, more generally, to a cryptographic algorithm or cryptographic
system.)$ bridge (I) A computer that is a gateway between two networks (usually two LANs) at OSI layer 2. [RFC2828] (see also analysis, cryptography, encryption, key, networks)
- brevity list
- List containing words and phrases used to shorten messages. [NSTISSC]
- bridge
- A device that connects similar or dissimilar LANs together to form an extended LAN. [SRV] A device that connects two networks or network segments; similar to a router but protocol-independent [CIAO] (see also router)
- British Standard 7799 (BS7799)
- (N) Part 1 is a standard code of practice and provides
guidance on how to secure an information system. Part 2 specifies the
management framework, objectives, and control requirements for
information security management systems. The certification scheme works
like ISO 9000. It is in use in the UK, the Netherlands, Australia, and
New Zealand and might be proposed as an ISO standard or adapted to be
part of the Common Criteria. [RFC2828] (see also certification, security)
- broadband network
- A type of local area network on which transmissions travel as
radio-frequency signals over separate inbound and outbound channels.
Stations on a broadband network are connected by coaxial or fiber-optic
cable. The cable itself can be made to carry data, voice, and video
simultaneously over multiple transmission channels. This complex
transmission is accomplished by the technique called frequency-division
multiplexing, in which individual channels are separated by frequency
and buffered from one another by guard bands of frequencies that are
not used for transmission. A broadband network is capable of high-speed
operation, but it is more expensive than a baseband network and can be
difficult to install. Such a network is based on the same technology as
is used by cable television. Broadband transmission is sometimes called
wideband transmission. [SRV] (see also networks)
- brouters
- Brouters are routers that can also bridge; they route one or more protocols and bridge all other network traffic. [SRV] (see also networks)
- browser
- (I) An client computer program that can retrieve and display information from servers on the World Wide Web. (C) For example, Netscape's Navigator and Communicator, and Microsoft's Explorer. [RFC2828] A client program used to interact on the WWW. [SRV] (see also world wide web)
- browsing
- Act of searching through IS storage to locate or acquire
information, without necessarily knowing the existence or format of
information being sought. [NSTISSC] The act of searching through
storage to locate or acquire information without necessarily knowing
the existence or the format of the information being sought. [AJP][NCSC/TG004][SRV] (see also attack)
- brute force
- (I) A cryptanalysis technique or other kind of attack
method involving an exhaustive procedure that tries all possibilities,
one-by-one. (C) For example, for ciphertext where the analyst
already knows the decryption algorithm, a brute force technique to
finding the original plaintext is to decrypt the message with every
possible key. [RFC2828] A primitive programming style
(ignorance), one in which the programmer relies on the computer's
processing power instead of using his or her own intelligence to
simplify the problem, often ignoring problems of scale and applying
naive methods suited to small problems directly to large ones. [AFSEC] (see also analysis, cryptography, key, attack)
- brute force attack
- (I) A cryptanalysis technique or other kind of attack method
involving an exhaustive procedure that tries all possibilities,
one-by-one. (C) For example, for ciphertext where the analyst already
knows the decryption algorithm, a brute force technique to finding the
original plaintext is to decrypt the message with every possible key. [OVT] (see also analysis, cryptography, attack)
- buffer overflow
- This happens when more data is put into a buffer or holding
area than the buffer can handle. This is due to a mismatch in
processing rates between the producing and consuming processes. This
can result in system crashes or the creation of a back door leading to
system access. [NSAINT] This happens when more data is put into
a buffer or holding area, then the buffer can handle. This is due to a
mismatch in processing rates between the producing and consuming
processes. [AFSEC] This happens when more data is put into a
buffer or holding area, then the buffer can handle. This is due to a
mismatch in processing rates between the producing and consuming
processes. This can result in system crashes or the creation of a back
door leading to system access. [OVT] (see also threat)
- bug
- A fault in a program which causes the program to perform in an unintended or unanticipated manner. [OVT] An unwanted and unintended property of a program or piece of hardware, especially one that causes it to malfunction. [NSAINT] An unwanted or unintended property of a program or piece of hardware that causes it to malfunction. [AFSEC] (see also anomaly, defect, error, exception, fault, threat)
- bulk encryption
- Simultaneous encryption of all channels of a multichannel telecommunications link. [NSTISSC] (see also encryption)
- bulletin board services (systems) (BBS)
- (see also system)
- business case
- A structured proposal for business improvement that functions
as a decision package for organizational decision makers. A business
case includes an analysis of business process performance and
associated needs or problems, proposed alternative solutions,
assumptions, constraints, and risk-adjusted cost/benefit analysis. [SRV] (see also analysis, risk, business process)
- business continuity plan (BCP)
- A comprehensive written plan to maintain or resume business in the event of a disruption. [FFIEC] (see also risk, availability, business process)
- business impact analysis (BIA)
- The process of identifying the potential impact of uncontrolled, non-specific events on an institution's business processes. [FFIEC] (see also analysis, availability, business process, risk analysis)
- business process
- (see also as is process model, backup operations, benchmark, best practices, bilateral trust, change management, contingency plan, continuity of services and operations, core or key process, hardening, integrity, legacy systems, mission critical system, process management approach, recovery site, remediation, simulation modeling, to be process model, total quality management, workload, world class organizations) (includes activity-based costing, business case, business continuity plan, business impact analysis, business process improvement, business process reengineering, constructive cost model, cost reimbursement contract, cost-risk analysis, cost/benefit, cost/benefit analysis, rolling cost forecasting technique)
- business process improvement (BPI)
- A methodology used for making continuous, incremental improvements in existing business processes. [SRV] (see also business process, quality)
- business process reengineering (BPR)
- A systematic, disciplined improvement approach that critically
examines, rethinks, and redesigns mission-delivery processes in order
to achieve dramatic improvements in performance in areas important to
customers and stakeholders. A methodology used for seeking radical
changes to business processes. [SRV] (see also quality, business process)
- bypass label processing (BLP)
-
- byte
- (I) A fundamental unit of computer storage; the
smallest addressable unit in a computer's architecture. Usually holds
one character of information and, today, usually means eight bits. (C)
Larger than a 'bit', but smaller than a 'word'. Although 'byte' almost
always means 'octet' today, bytes had other sizes (e.g. six bits, nine
bits) in earlier computer architectures. [RFC2828] (see also automated information system)
- C2-attack
- Prevent effective C2 of adversary forces by denying
information to, influencing, degrading or destroying the adversary C2
system. [NSAINT] (see also C2-protect, attack)
- C2-protect
- Maintain effective command and control of own forces by
turning to friendly advantage or negating adversary effort to deny
information to, influence, degrade, or destroy the friendly C2 system.
(Pending approval in JP 1-02) [NSAINT] (see also C2-attack, command and control, Orange book, security)
- CA certificate
- (I) 'A certificate for one CA issued by another CA.' (C)
That is, a digital certificate whose holder is able to issue digital
certificates. A v3 X.509 public-key certificate may have a
'basicConstraints' extension containing a 'cA' value that specifically
'indicates whether or not the public key may be used to verify
certificate signatures.' [RFC2828] (see also digital signature, key, certificate)
- call back
- (I) An authentication technique for terminals that
remotely access computer via telephone lines. The host system
disconnects the caller and then calls back on a telephone number that
was previously authorized for that terminal. [RFC2828] A
procedure established for positively identifying a terminal dialing
into a computer system by disconnecting the calling terminal and
reestablishing the connection by the computer system's dialing the
telephone number of the calling terminal. Synonymous with dial-back. [SRV]
A procedure for identifying a remote terminal. In a call back, the host
system disconnects the caller and then dials the authorized telephone
number of the remote terminal to reestablish the connection. [AJP][NCSC/TG004]
Procedure for identifying and authenticating a remote IS terminal,
whereby the host system disconnects the terminal and reestablishes
contact. [NSTISSC] (see also authentication, security)
- call back security
- Procedure for identifying a remote AIS terminal, whereby the
host system disconnects the caller and then dials the authorized
telephone number of the remote terminal to re-establish the connection.
[AFSEC] (see also security)
- Canadian Trusted Computer Product Evaluation Criteria (CTCPEC)
- Canadian secure products criteria. [AJP] (see also Common Criteria for Information Technology Security Evaluation, criteria, trust)
- candidate TCB subset
- The identification of the hardware, firmware, and software
that make up the proposed TCB subset, along with the identification of
its subjects and objects; one of the conditions for evaluation by
parts. [AJP][TDI] (see also evaluation, identification, software, trusted computing base) (includes object, subject)
- canister
- Type of protective package used to contain and dispense key in punched or printed tape form. [NSTISSC]
- capability
- (I) A token, usually an unforgeable data value
(sometimes called a 'ticket') that gives the bearer or holder the right
to access a system resource. Possession of the token is accepted by a
system as proof that the holder has been authorized to access the
resource named or indicated by the token. (C) This concept can be implemented as a digital certificate. [RFC2828]
A protected identifier that both identifies the object and specifies
the access rights to be allowed to the accessor who possesses the
capability. In a capability-based system, access to protected objects
such as files is granted if the would-be accessor possesses a
capability for the object. [AJP][NCSC/TG004] Protected
identifier that both identifies the object and specifies the access
rights to be allowed to the subject who possesses the capability. In a
capability-based system, access to protected objects such as files is
granted if the would-be subject possesses a capability for the object. [NSTISSC]
The ability of a suitably organized, trained, and equipped entity to
access, penetrate, or alter government or privately owned information
or communications systems and/or to disrupt, deny, or destroy all or
part of a critical infrastructure. [CIAO] (see also certificate, critical infrastructure, public-key infrastructure, risk, tokens) (includes object)
- capacity
- Positive integer indicating the number of bits available within the signature for the recoverable part of the message. [SC27]
- CAPSTONE chip
- (N) An integrated circuit (the Mykotronx, Inc. MYK-82)
with a Type II cryptographic processor that implements SKIPJACK, KEA,
DSA, SHA, and basic mathematical functions to support asymmetric
cryptography, and includes the key escrow feature of the CLIPPER chip. [RFC2828] (see also Fortezza, cryptography, key, National Security Agency)
- card backup
- (see token backup)
- cardholder
- (I) An entity that has been issued a card. (O)
SET usage: 'The holder of a valid payment card account and user of
software supporting electronic commerce.' A cardholder is issued a
payment card by an issuer. SET ensures that in the cardholder's
interactions with merchants, the payment card account information
remains confidential. [RFC2828] (see also software, Secure Electronic Transaction)
- cardholder certificate
- (O) SET usage: A digital certificate that is issued to
a cardholder upon approval of the cardholder's issuing financial
institution and that is transmitted to merchants with purchase requests
and encrypted payment instructions, carrying assurance that the account
number has been validated by the issuing financial institution and
cannot be altered by a third party. [RFC2828] (see also encryption, tokens, Secure Electronic Transaction, certificate)
- cardholder certification authority (CCA)
- (O) SET usage: A CA responsible for issuing digital
certificates to cardholders and operated on behalf of a payment card
brand, an issuer, or another party according to brand rules. A CCA
maintains relationships with card issuers to allow for the verification
of cardholder accounts. A CCA does not issue a CRL but does distribute
CRLs issued by root CAs, brand CAs, geopolitical CAs, and payment
gateway CAs. [RFC2828] (see also certificate, certification, tokens, Secure Electronic Transaction, public-key infrastructure)
- cascading
- Downward flow of information through a range of security
levels greater than the accreditation range of a system network or
component. [NSTISSC] (see also accreditation, networks)
- CASE tools
- A class of software tools that provide plans, models, and
designs. CASE tools enforce consistency across multiple diagrams and
store information, built up by analysts and designers, in a central
repository. Software tools that assist with software design,
requirements traceability, code generation, testing and other software
engineering activities. A software program that provides partial or
total automation of a single function within the software life cycle. [SRV] (see also model, software, test)
- CAST
- (N) A design procedure for symmetric encryption
algorithms, and a resulting family of algorithms, invented by C.A.
(Carlisle Adams) and S.T. (Stafford Tavares). [RFC2828] (see also encryption, symmetric cryptography)
- category
- (1) A grouping of objects to which a non-hierarchical
restrictive label is applied (e.g. proprietary, compartmented
information). Subjects must be privileged to access a category. (2)
Restrictive label that has been applied to both classified and
unclassified data, thereby increasing the requirement for protection
of, and restricting the access to, the data. Note: Examples include
sensitive compartmented information and proprietary information.
Individuals are granted access to a special category of information
only after being granted formal access authorization. [AJP] (I)
A grouping of sensitive information items to which a non-hierarchical
restrictive security label is applied to increase protection of the
data. [RFC2828] A grouping of objects to which an
non-hierarchical restrictive label is applied (e.g. proprietary,
compartmented information). Subjects must be privileged to access a
category. [TNI] A restrictive label that has been applied to
classified or unclassified data as a means of increasing the protection
of the data and further restricting access to the data. [NCSC/TG004] Restrictive label applied to classified or unclassified information to limit access. [NSTISSC]
Restrictive label that has been applied to both classified and
unclassified data, thereby increasing the requirement for protection
of, and restricting the access to, the data. Note: Examples include
sensitive compartmented information and proprietary information.
Individuals are granted access to special category information only
after being granted formal access authorization. [FCv1] (see also security) (includes object)
- cause and effect diagram
- (see fishbone diagram)
- CCI assembly
- Device embodying a cryptographic logic or other COMSEC design
that NSA has approved as a Controlled Cryptographic Item (CCI). It
performs the entire COMSEC function, but depends upon the host
equipment to operate. [NSTISSC] (see also communications security, cryptography)
- CCI component
- Part of a Controlled Cryptographic Item (CCI) that does not
perform the entire COMSEC function but depends upon the host equipment,
or assembly, to complete and operate the COMSEC function. [NSTISSC] (see also communications security, cryptography)
- CCI equipment
- Telecommunications or information handling equipment that
embodies a Controlled Cryptographic Item (CCI) component or CCI
assembly and performs the entire COMSEC function without dependence on
host equipment to operate. [NSTISSC] (see also communications, communications security, cryptography)
- CCITT
- (N) Acronym for French translation of International Telephone and Telegraph Consultative Committee. Now renamed ITU-T. [RFC2828] (see also ITU-T)
- cell
- In cellular systems, the smallest geographic area defined for mobile communications systems. [SRV]
- cellular telephone
- A wireless telephone that communicates using radio wave
antenna towers, each serving a particular 'cell' of a city or other
geographical area. Areas where cellular phones do not work are referred
to as 'dead zones.' [FFIEC]
- cellular transmission
- Data transmission via interchangeable wireless (radio)
communications in a network of numerous small geographic cells. Most
current technology is analog - represented as electrical levels, not
bits. However, the trend is toward digital cellular data transmission. [AJP] (see also communications, networks)
- center for information technology excellence
- Will recognize public and private training facilities meeting
federally defined standards in security training, to train and certify
current Federal IT security personnel and maintain their skill levels
throughout their careers. [CIAO]
- central office of record (COR)
- Office of a federal department or agency that keeps (COR)
records of accountable COMSEC material held by elements subject to its
oversight. [NSTISSC] (see also communications security)
- central processing unit (CPU)
- (see also automated information system)
- centralized authorization
- A scheme in which a central, third-party authorization agent
is consulted for access control. All access control rules are defined
in the database of the central authorization agent. [misc] (see also access control, authorization)
- centralized data processing
- A concept by which an organization maintains all computing
equipment at a single site (host), and the supporting field-office(s)
have no effective data processing capabilities. [SRV] (see also automated information system)
- centrally-administered network
- A network of systems which is the responsibility of a single
group of administrators who are not distributed but work centrally to
take care of the network. [RFC2504] (see also networks)
- certificate
- (I) General English usage: A document that attests to the truth of something or the ownership of something. (C) Security usage: See: capability, digital certificate. (C) PKI usage: See: attribute certificate, public-key certificate. [RFC2828]
A declaration by an independent authority operating in accordance with
ISO Guide 58, Calibration and testing laboratory accreditation systems
- General requirements for operation and recognition, confirming that
an evaluation pass statement is valid. [SC27] A digitally signed
data structure defined in the X.509 standard that binds the identity of
a certificate holder (or subject) to a public key. [SRV] An
electronic identifier from a certificate authority that includes the CA
signature made with its private key. The authenticity of the signature
is validated by other users who trust the CA's public key. [misc] An entity's data rendered unforgeable with the private or secret key of a certification authority. [SC27]
An entity's data rendered unforgeable with the private or secret key of
a certification authority. [ISO/IEC WD 13888-1 (11/2001)] A declaration
by an independent authority operating in accordance with ISO Guide 58,
Calibration and testing laboratory accreditation systems - General
requirements for operation and recognition, confirming that an
evaluation pass statement is valid. [SC27] Certificates are data
which is used to verify digital signatures. A certificate is only as
trustworthy as the agency which issued it. A certificate is used to
verify a particular signed item, such as an Email message or a web
page. The digital signature, the item and the certificate are all
processed by a mathematical program. It is possible to say, if the
signature is valid, that 'According to the agency which issued the
certificate, the signer was (some name)'. [RFC2504] Record holding security information about an AIS user and vouches to the truth and accuracy of the information it contains. [IATF][NSTISSC] (see also ABA Guidelines, Abstract Syntax Notation One, Cryptographic Message Syntax, Distinguished Encoding Rules, Federal Public-key Infrastructure, MISSI user, Minimum Interoperability Specification for PKI Components, On-line Certificate Status Protocol, PKCS #10, PKIX, RA domains, SET private extension, SET qualifier, X.500 Directory, X.509, X.509 authority revocation list, X.509 certificate revocation list, accreditation, archive, attribute authority, authenticate, authority, authority revocation list, bind, capability, cardholder certification authority, certificate authority, certificate chain, certificate chain validation, certificate creation, certificate expiration, certificate extension, certificate holder, certificate management, certificate owner, certificate policy, certificate policy qualifier, certificate reactivation, certificate rekey, certificate renewal, certificate request, certificate revocation, certificate revocation list, certificate revocation tree, certificate serial number, certificate status responder, certificate update, certificate user, certificate validation, certification authority workstation, certification hierarchy, certification path, certification policy, certification practice statement, certification request, certify, common name, compromised key list, critical, cross-certification, cryptoperiod, delta CRL, digital id, directory vs. Directory, distinguished name, distribution point, domain, end entity, evaluation, extension, geopolitical certificate authority, hierarchy management, indirect certificate revocation list, invalidity date, issue, issuer, key, key lifetime, key material identifier, merchant certification authority, mesh PKI, organizational registration authority, path discovery, path validation, payment gateway certification authority, personality label, policy, policy approving authority, policy creation authority, policy mapping, privilege management infrastructure, registration, registration authority, relying party, repository, revocation, revocation date, revocation list, root, secure hypertext transfer protocol, security event, slot, strong authentication, subject, subordinate certification authority, test, ticket, token management, trust-file PKI, trusted key, unforgeable, v1 CRL, v2 CRL, valid signature, validate vs. verify, validity period, world wide web, Multilevel Information System Security Initiative, Secure Electronic Transaction, certification authority, pretty good privacy, privacy enhanced mail, user, web of trust) (includes CA certificate, X.509 attribute certificate, X.509 certificate, X.509 public-key certificate, attribute certificate, authority certificate, cardholder certificate, cross-certificate, digital certificate, encryption certificate, merchant certificate, organizational certificate, public-key certificate, root certificate, self-signed certificate, signature certificate, trusted certificate, v1 certificate, v2 certificate, v3 certificate, valid certificate)
- certificate authority (CA)
- (D) ISDs SHOULD NOT use this term because it looks like
sloppy use of 'certification authority', which is the term standardized
by X.509. [RFC2828] The entity or organization that attests
using a digital certificate that a particular electronic message comes
from a specific individual or system. [FFIEC] (see certification authority) (see also certificate, certification, test, public-key infrastructure)
- certificate authority workstation (CAW)
-
- certificate chain
- (D) ISDs SHOULD NOT use this term because it duplicates the meaning of a standardized term. [RFC2828] (see also certificate, certification, public-key infrastructure)
- certificate chain validation
- (D) ISDs SHOULD NOT use this term because it duplicates
the meaning of standardized terms and mixes concepts in a potentially
misleading way. Instead, use 'certificate validation' or 'path
validation', depending on what is meant. [RFC2828] (see also certificate, public-key infrastructure)
- certificate creation
- (I) The act or process by which a CA sets the values of a digital certificate's data fields and signs it. [RFC2828] (see also certificate, public-key infrastructure)
- certificate directory
- A directory containing a well defined (sub)set of public key
certificates. This directory can contain certificates from different
Certification Authorities. [SC27] (see also public-key infrastructure)
- certificate domain
- Collection of entities using public key certificates created
by a single Certification Authority (CA) or a collection of CAs
operating under a single security policy. [SC27] (see also security)
- certificate domain parameters
- Cryptographic parameters specific to a certificate domain and
which are known and agreed by all members of the certificate domain. [SC27] (see also cryptography, public-key infrastructure)
- certificate expiration
- (I) The event that occurs when a certificate ceases to be valid because its assigned lifetime has been exceeded. [RFC2828] (see also certificate, public-key infrastructure)
- certificate extension
- (see also certificate, extension)
- certificate holder
- (D) ISDs SHOULD NOT use this term as a synonym for the
subject of digital certificate because the term is potentially
ambiguous. For example, the term could also refer to a system entity,
such as repository, that simply has possession of a copy of the
certificate. [RFC2828] (see also certificate)
- certificate management
- (I) The functions that a CA may perform during the life cycle of a digital certificate, including the following:
- Acquire and verify data items to bind into the certificate.
- Encode and sign the certificate.
- Store the certificate in a directory or repository.
- Renew, rekey, and update the certificate.
- Revoke the certificate and issue a CRL.
[RFC2828] Process whereby certificates (as defined above) are generated, stored, protected, transferred, loaded, used, and destroyed. [NSTISSC] (see also certificate, key, public-key infrastructure)
- certificate management services
- All services needed for the maintenance of the lifecycle of
certificates, including registration, certification, distribution, and
revocation of certificates. [SC27] (see also public-key infrastructure)
- certificate owner
- (D) ISDs SHOULD NOT use this term as a synonym for the
subject of digital certificate because the term is potentially
ambiguous. For example, the term could also refer to a system entity,
such as corporation, that has acquired a certificate to operate some
other entity, such as a Web server. [RFC2828] (see also certificate, world wide web)
- certificate policy
- (I) 'A named set of rules that indicates the
applicability of a certificate to a particular community and/or class
of application with common security requirements.' (C) A
certificate policy can help a certificate user decide whether a
certificate should be trusted in a particular application. 'For
example, a particular certificate policy might indicate applicability
of a type of certificate for the authentication of electronic data
interchange transactions for the trading goods within a given price
range.' (C) A v3 X.509 public-key certificate may have a
'certificatePolicies' extension that lists certificate policies,
recognized by the issuing CA, that apply to the certificate and govern
its use. Each policy is denoted by an object identifier and may
optionally have certificate policy qualifiers.(C) SET usage:
Every SET certificate specifies at least one certificate policy, that
of the SET root CA. SET uses certificate policy qualifiers to point to
the actual policy statement and to add qualifying policies to the root
policy. [RFC2828] (see also authentication, certificate, key, trust, Secure Electronic Transaction, public-key infrastructure)
- certificate policy qualifier
- (I) Information that pertains to a certificate policy
and is included in a 'certificatePolicies' extension in a v3 X.509
public-key certificate. [RFC2828] (see also certificate, key, public-key infrastructure)
- certificate reactivation
- (I) The act or process by which a digital certificate,
which a CA has designated for revocation but not yet listed on a CRL,
is returned to the valid state. [RFC2828] (see also certificate, public-key infrastructure)
- certificate rekey
- (I) The act or process by which an existing public-key
certificate has its public key value changed by issuing a new
certificate with different (usually new) public key. (C) For an
X.509 public-key certificate, the essence of rekey is that the subject
stays the same and a new public key is bound to that subject. Other
changes are made, and the old certificate is revoked, only as required
by the PKI and CPS in support of the rekey. If changes go beyond that,
the process is a 'certificate update'. (O) MISSI usage: To rekey
a MISSI X.509 public-key certificate means that the issuing authority
creates a new certificate that is identical to the old one, except the
new one has a new, different KEA key; or a new, different DSS key; or
new, different KEA and DSS keys. The new certificate also has a
different serial number and may have a different validity period. A new
key creation date and maximum key lifetime period are assigned to each
newly generated key. If a new KEA key is generated, that key is
assigned new KMID. The old certificate remains valid until it expires,
but may not be further renewed, rekeyed, or updated. [RFC2828] (see also certificate, key, Multilevel Information System Security Initiative, public-key infrastructure)
- certificate renewal
- (I) The act or process by which the validity of the
data binding asserted by an existing public-key certificate is extended
in time by issuing a new certificate. (C) For an X.509
public-key certificate, this term means that the validity period is
extended (and, of course, a new serial number is assigned) but the
binding of the public key to the subject and to other data items stays
the same. The other data items are changed, and the old certificate is
revoked, only as required by the PKI and CPS to support the renewal. If
changes go beyond that, the process is a 'certificate rekey' or
'certificate update'. [RFC2828] (see also certificate, key, public-key infrastructure)
- certificate request
- (D) ISDs SHOULD NOT use this term because it looks like
imprecise use of a term standardized by PKCS #10 and used in PKIX.
Instead, use the standard term, 'certification request'. [RFC2828] (see also certificate, certification, public-key infrastructure)
- certificate revocation
- (I) The event that occurs when a CA declares that a
previously valid digital certificate issued by that CA has become
invalid; usually stated with a revocation date. (C) In X.509, a
revocation is announced to potential certificate users by issuing a CRL
that mentions the certificate. Revocation and listing on a CRL is only
necessary before certificate expiration. [RFC2828] (see also certificate, public-key infrastructure) (includes revocation)
- certificate revocation list (CRL)
- (I) A data structure that enumerates digital
certificates that have been invalidated by their issuer prior to when
they were scheduled to expire. (O) 'A signed list indicating a
set of certificates that are no longer considered valid by the
certificate issuer. After a certificate appears on a CRL, it is deleted
from a subsequent CRL after the certificate's expiry. CRLs may be used
to identify revoked public-key certificates or attribute certificates
and may represent revocation of certificates issued to authorities or
to users. The term CRL is also commonly used as a generic term applying
to all the different types of revocation lists, including CRLs, ARLs,
ACRLs, etc.' [RFC2828] A list of revoked but unexpired certificates issued by a certification authority. [SRV]
A record of all revoked certificates produced by a common Issuer; a
certificate is revoked when any data in it changes before it expires,
e.g. when a user moves and changes addresses. [IATF] List of
invalid certificates (as defined above) that (CRL) have been revoked by
the issuer. certification Comprehensive evaluation of the technical and
nontechnical security safeguards of an IS to support the accreditation
process that establishes the extent to which a particular design and
implementation meets a set of specified security requirements. [NSTISSC] list of nonvalid user certificates that must be checked as part of every authentication or encryption process. [misc] (see also accreditation, authentication, certificate, evaluation, key, certification authority, user) (includes revocation list)
- certificate revocation tree
- (I) A mechanism for distributing notice of certificate
revocations; uses a tree of hash results that is signed by the tree's
issuer. Offers an alternative to issuing a CRL, but is not supported in
X.509. [RFC2828] (see also certificate, hash)
- certificate serial number
- (I) An integer value that (a) is associated with, and
may be carried in, a digital certificate; (b) is assigned to the
certificate by the certificate's issuer; and (c) is unique among all
the certificates produced by that issuer. (O) 'An integer value, unique within the issuing CA, which is unambiguously associated with a certificate issued by that CA.' [RFC2828] (see also certificate)
- certificate status responder
- (N) FPKI usage: A trusted on-line server that acts for
a CA to provide authenticated certificate status information to
certificate users. Offers an alternative to issuing a CRL, but is not
supported in X.509. [RFC2828] (see also authentication, certificate, trust, public-key infrastructure)
- certificate update
- (I) The act or process by which non-key data items
bound in an existing public-key certificate, especially authorizations
granted to the subject, are changed by issuing a new certificate. (C)
For an X.509 public-key certificate, the essence of this process is
that fundamental changes are made in the data that is bound to the
public key, such that it is necessary to revoke the old certificate.
(Otherwise, the process is only a 'certificate rekey' or 'certificate
renewal'.) [RFC2828] (see also certificate, key, public-key infrastructure)
- certificate user
- (I) A system entity that depends on the validity of
information (such as another entity's public key value) provided by a
digital certificate. (O) 'An entity that needs to know, with certainty, the public key of another entity.' (C)
The system entity may be a human being or an organization, or device or
process under the control of a human or an organization. (D) ISDs SHOULD NOT use this term as a synonym for the 'subject' of a certificate. [RFC2828] (see also certificate, key, user)
- certificate validation
- (I) An act or process by which a certificate user establishes that the assertions made by a digital certificate can be trusted. (O)
'The process of ensuring that a certificate is valid including possibly
the construction and processing of a certification path, and ensuring
that all certificates in that path have not expired or been revoked.' (C)
To validate a certificate, a certificate user checks that the
certificate is properly formed and signed and currently in force:
- Checks
the signature: Employs the issuer's public key to verify the digital
signature of the CA who issued the certificate in question. If the
verifier obtains the issuer's public key from the issuer's own
public-key certificate, that certificate should be validated, too. That
validation may lead to yet another certificate to be validated, and so
on. Thus, in general, certificate validation involves discovering and
validating a certification path.
- Checks the syntax and
semantics: Parses the certificate's syntax and interprets its
semantics, applying rules specified for and by its data fields, such as
for critical extensions in an X.509 certificate.
- Checks
currency and revocation: Verifies that the certificate is currently in
force by checking that the current date and time are within the
validity period (if that is specified in the certificate) and that the
certificate is not listed on a CRL or otherwise announced as invalid.
(CRLs themselves require similar validation process.)
[RFC2828] (see also certificate, certification, digital signature, key, trust, public-key infrastructure)
- certification
- (1) Comprehensive evaluation of the technical and nontechnical
security features of an AIS and other safeguards, made in support of
the approval/accreditation process, to establish the extent to which a
particular design and implementation meet a set of specified security
requirements. Note: There remain two other definitions in active common
usage that differ according to circumstances. (2) The issue of a formal
statement confirming the results of an evaluation, and that the
evaluation criteria used were correctly applied. Synonym for IT
security certification. [AJP] (I) Information system
usage: Technical evaluation (usually made in support of an
accreditation action) of an information system's security features and
other safeguards to establish the extent to which the system's design
and implementation meet specified security requirements. (I)
Digital certificate usage: The act or process of vouching for the truth
and accuracy of the binding between data items in a certificate. (I)
Public key usage: The act or process of vouching for the ownership of a
public key by issuing a public-key certificate that binds the key to
the name of the entity that possesses the matching private key. In
addition to binding a key to a name, a public-key certificate may bind
those items to other restrictive or explanatory data items. (O)
SET usage: 'The process of ascertaining that a set of requirements or
criteria has been fulfilled and attesting to that fact to others,
usually with some written instrument. A system that has been inspected
and evaluated as fully compliant with the SET protocol by duly
authorized parties and process would be said to have been certified
compliant.' [RFC2828] Comprehensive evaluation of the technical
and nontechnical security features of an AIS and other safeguards, made
in support of the accreditation process, to establish the extent to
which a particular design and implementation meets a set of specified
security requirements. [FCv1] Procedure by which a third party
gives written assurance that a deliverable (product, system or service)
conforms to specified requirements. [SC27] The administrative act of approving a computer system for use in a particular application. [SRV]
The comprehensive evaluation of the technical and non-technical
security controls of an IT system to support the accreditation process
that establishes the extent to which a particular design and
implementation meets a set of specified security requirements. [800-37]
The comprehensive evaluation of the technical and nontechnical security
features of an AIS and other safeguards, made in support of the
accreditation process, that establishes the extent to which a
particular design and implementation meet a specified set of security
requirements. [NCSC/TG004][OVT] The issue of a formal
statement confirming the results of an evaluation, and that the
evaluation criteria used were correctly applied. [ITSEC] The
technical evaluation of a system's security features, made as part of
and in support of the approval/accreditation process, that establishes
the extent to which a particular system's design and implementation
meet a set of specified security requirements. [TCSEC][TNI] (see also British Standard 7799, Internet Policy Registration Authority, MISSI user, RA domains, SET qualifier, SSO PIN, authority, authority certificate, brand certification authority, cardholder certification authority, certificate authority, certificate chain, certificate request, certificate validation, certification authority workstation, certification hierarchy, certification path, certification policy, certification practice statement, certification request, computer security, extension, external security controls, geopolitical certificate authority, hierarchical PKI, hierarchy management, hierarchy of trust, key, merchant certification authority, path discovery, path validation, payment gateway certification authority, penetration test, policy approving authority, policy certification authority, policy creation authority, pre-authorization, privacy enhanced mail, public-key certificate, public-key infrastructure, root, root certificate, security event, security program manager, security test & evaluation, subordinate certification authority, test, top CA, trust, trust chain, trust hierarchy, trust-file PKI, trusted certificate, trusted key, validate vs. verify, Multilevel Information System Security Initiative, Secure Electronic Transaction) (includes IT security certification, accreditation, automated information system, certification agent or certifier, certification authority, certification body, certification phase, entry-level certification, evaluation, mid-level certification, pre-certification phase, requirements, security certification level, site certification, top-level certification)
- certification agent or certifier
- The individual (and supporting team) responsible for making an
independent technical and non-technical evaluation of a system based on
the security requirements and security controls documented in the
security plan. The certifier assesses the vulnerabilities in the
system, determines if the security controls are correctly implemented
and effective, and identifies the level of residual risk. [800-37] (see also risk, security, certification)
- certification and accreditation (C&A)
- Certification is the comprehensive evaluation of the technical
and nontechnical security features of an IS and other safeguards, made
in support of the accreditation process, to establish the extent to
which a particular design and implementation meets a set of specified
requirements. Accreditation is the formal declaration by a DAA that an
IS approved to operate in a particular security mode using a prescribed
set of safeguards at an acceptable level of risk. [IATF] (see also accreditation, evaluation, requirements, risk)
- certification authorities (CA)
- (see also public-key infrastructure)
- certification authority (CA)
- (I) An entity that issues digital certificates
(especially X.509 certificates) and vouches for the binding between the
data items in a certificate. (O) 'An authority trusted by one or
more users to create and assign certificates. Optionally, the
certification authority may create the user's keys.' (C)
Certificate users depend on the validity of information provided by a
certificate. Thus, a CA should be someone that certificate users trust,
and usually holds an official position created and granted power by a
government, a corporation, or some other organization. A CA is
responsible for managing the life cycle of certificates and, depending
on the type of certificate and the CPS that applies, may be responsible
for the life cycle of key pairs associated with the certificates. [RFC2828]
A centre trusted to create and assign public key certificates.
Optionally, the certification authority may create and assign keys to
the entities. [SC27] A trusted agent that issues digital
certificates to principals. Certification authorities may themselves
have a certificate that is issued to them by other certification
authorities. The highest certification authority is called the root CA.
[IATF][misc] A trusted entity that issues certificates to
end entities and other CAs. CAs issue CRLs periodically, and post
certificates and CRLs to a repository. [SRV]
Commercial-off-the-shelf (COTS) workstation with workstation (CAW) a
trusted operating system and special purpose application software that
is used to issue certificates. [NSTISSC] Third level of the
Public Key Infrastructure (PKI) Certification Management Authority
responsible for issuing and revoking user certificates, and exacting
compliance to the PKI policy as defined by the parent Policy Creation
Authority (PCA). [NSTISSC] (see also key, user, certification, public-key infrastructure, trust) (includes certificate, certificate revocation list, credentials, cross-certification, non-repudiation, root CA)
- certification authority digital signature (CADS)
- relying party uses certificate manufactured by a certification
authority to obtain the public key for digital signature authentication
[misc] (see also authentication, public-key infrastructure)
- certification authority workstation (CAW)
- (I) A computer system that enables a CA to issue
digital certificates and supports other certificate management
functions as required. [RFC2828] (see also certificate, certification, public-key infrastructure)
- certification body
- An independent and impartial national organization that performs certification. [AJP][ITSEC] (see also certification)
- certification hierarchy
- (I) A tree-structured (loop-free) topology of
relationships among CAs and the entities to whom the CAs issue
public-key certificates. (C) In this structure, one CA is the
top CA, the highest level of the hierarchy. The top CA may issue
public-key certificates to one or more additional CAs that form the
second highest level. Each of these CAs may issue certificates to more
CAs at the third highest level, and so on. The CAs at the second-lowest
of the hierarchy issue certificates only to non-CA entities, called
'end entities' that form the lowest level. Thus, all certification
paths begin at the top CA and descend through zero or more levels of
other CAs. All certificate users base path validations on the top CA's
public key. (O) MISSI usage: A MISSI certification hierarchy has three or four levels of CAs:
- A CA at the highest level, the top CA, is a 'policy approving authority'.
- A CA at the second-highest level is a 'policy creation authority'.
- A CA at the third-highest level is a local authority called a 'certification authority'.
- A CA at the fourth-highest (optional) level is a 'subordinate certification authority'. (O) PEM usage: A PEM certification hierarchy has three levels of CAs:
- The highest level is the 'Internet Policy Registration Authority'.
- A CA at the second-highest level is a 'policy certification authority'.
- A CA at the third-highest level is a 'certification authority'. (O) SET usage: A SET certification hierarchy has three or four levels of CAs:
- The highest level is a 'SET root CA'.
- A CA at the second-highest level is a 'brand certification authority'.
- A CA at the third-highest (optional) level is a 'geopolitical certification authority'.
- A CA at the fourth-highest level is a 'cardholder CA', a 'merchant CA', or a 'payment gateway CA'.
[RFC2828] (see also certificate, certification, internet, key, Multilevel Information System Security Initiative, Secure Electronic Transaction, public-key infrastructure)
- certification package
- Product of the certification effort documenting the detailed results of the certification activities. [NSTISSC]
Product of the certification effort documenting the detailed results of
the certification activities. The certification package includes the
security plan, developmental and/or operational ST&E re ports, risk
assessment report, and certifier's statement. [800-37]
- certification path
- (I) An ordered sequence of public-key certificates (or
a sequence of public-key certificates followed by one attribute
certificate) that enables a certificate user to verify the signature on
the last certificate in the path, and thus enables the user to obtain
certified public key (or certified attributes) of the entity that is
the subject of that last certificate. (O) 'An ordered sequence
of certificates of objects in the [X.500 Directory Information Tree]
which, together with the public key of the initial object in the path,
can be processed to obtain that of the final object in the path.'
[X509, R2527] (C) The path is the 'list of certificates needed
to allow a particular user to obtain the public key of another.' The
list is 'linked' in the sense that the digital signature of each
certificate (except the first) is verified by the public key contained
in the preceding certificate; i.e., the private key used to sign a
certificate and the public key contained in the preceding certificate
form a key pair owned by the entity that signed. (C) In the
X.509 quotation in the previous 'C' paragraph, the word 'particular'
points out that a certification path that can be validated by one
certificate user might not be able to be validated by another. That is
because either the first certificate should be a trusted certificate
(it might be a root certificate) or the signature on the first
certificate should be verified by a trusted key (it might be a root
key), but such trust is defined relative to each user, not absolutely
for all users. [RFC2828] An ordered sequence of certificates,
leading from a certificate whose public key is known by a client, to a
certificate whose public key is to be validated by the client. [SRV] (see also certificate, certification, digital signature, key, trust, public-key infrastructure)
- certification phase
- The certification phase is the second phase of the
certification and accreditation process. Its purpose is to demonstrate
through independent assessments using selected verification techniques
and verification procedures that the security controls for the IT
system have been implemented correctly and are effective in their
application. [800-37] (see also accreditation, security, verification, certification)
- certification policy
- (D) ISDs SHOULD NOT use this term. Instead, use either
'certificate policy' or 'certification practice statement', depending
on what is meant. [RFC2828] (see also certificate, certification, public-key infrastructure)
- certification practice statement (CPS)
- (I) 'A statement of the practices which a certification authority employs in issuing certificates.' [ABA96, R2527] (C)
A CPS is a published security policy that can help a certificate user
to decide whether a certificate issued by a particular CA can be
trusted enough to use in a particular application. A CPS may be (a) a
declaration by a CA of the details of the computer system and practices
it employs in its certificate management operations, (b) part of a
contract between the CA and an entity to whom a certificate is issued,
(c) a statute or regulation applicable to the CA, or (d) a combination
of these types involving multiple documents. (C) A CPS is
usually more detailed and procedurally oriented than certificate
policy. A CPS applies to a particular CA or CA community, while a
certificate policy applies across CAs or communities. A CA with a
single CPS may support multiple certificate policies, which may be used
for different application purposes or by different user communities.
Multiple CAs, each with different CPS, may support the same certificate
policy. [RFC2828] (see also certificate, certification, trust, public-key infrastructure)
- certification request
- (I) A algorithm-independent transaction format, defined
by PCKS #10 and used in PKIX, that contains a DN, a public key, and
optionally a set of attributes, collectively signed by the entity
requesting certification, and sent to a CA, which transforms the
request to an X.509 public-key certificate or another type of
certificate. [RFC2828] (see also certificate, certification, key, public-key infrastructure)
- certification service
- The service of creating and assigning certificates performed by a CA and described in ISO/IEC 9594-8: 1995. [SC27] (see also public-key infrastructure)
- certification test and evaluation (CT&E)
- Software and hardware security tests conducted evaluation (CT&E) during development of an IT system. [NSTISSC] (see also evaluation, test)
- certified information systems security professional (CISSP)
- (see also computer security, system)
- certified TEMPEST technical
- An experienced, technically qualified U.S. authority (CTTA)
Government employee who has met established certification requirements
in accordance with NSTISSC-approved criteria and has been appointed by
a U.S. Government Department or Agency to fulfill CTTA
responsibilities. [NSTISSC] (see also TEMPEST)
- Certified TEMPEST Technical Authority (CTTA)
- (see also TEMPEST)
- certifier
- Individual responsible for making a technical judgment of the
computer system's compliance with stated requirements, identifying and
assessing the risks associated with operating the system, coordinating
the certification activities, and consolidating the final certification
and accreditation packages. [NSTISSC] (see also accreditation)
- certify
- (I) Issue a digital certificate and thus vouch for the
truth, accuracy, and binding between data items in the certificate,
such as the identity of the certificate's subject and the ownership of
a public key. (C) To 'certify a public key' means to issue a
public-key certificate that vouches for the binding between the
certificate's subject and the key. (I) The act by which a CA
employs measures to verify the truth, accuracy, and binding between
data items in a digital certificate. (C) A description of the measures used for verification should be included in the CA's CPS. [RFC2828] (see also certificate, key, public-key infrastructure)
- CGI scripts
- Allows for the creation of dynamic and interactive web pages.
They also tend to be the most vulnerable part of a web server (besides
the underlying host security). [NSAINT] (see also common gateway interface, software, threat, world wide web)
- challenge
- A data item chosen at random and sent by the verifier to the
claimant, which is used by the claimant, in conjunction with secret
information held by the claimant, to generate a response which is sent
to the verifier. [SC27] (see also challenge/response)
- challenge and reply
- Prearranged procedure in which a subject requests
authentication authentication of another and the latter establishes
validity with a correct reply. [NSTISSC] (see also authentication)
- Challenge Handshake Authentication Protocol (CHAP)
- (I) A peer entity authentication method for PPP, using
a randomly-generated challenge and requiring a matching response that
depends on a cryptographic hash of the challenge and a secret key. [RFC2828] (see also cryptography, hash, key, authentication, challenge/response, security protocol)
- Challenge-Response Authentication Mechanism (CRAM)
- (I) IMAP4 usage: A mechanism, intended for use with
IMAP4 AUTHENTICATE, by which an IMAP4 client uses a keyed hash to
authenticate itself to an IMAP4 server. (C) The server includes
a unique timestamp in its ready response to the client. The client
replies with the client's name and the hash result of applying MD5 to a
string formed from concatenating the timestamp with a shared secret
that is known only to the client and the server. [RFC2828] (see also hash, key, shared secret, authentication, challenge/response)
- challenge/response
- (I) An authentication process that verifies an identity
by requiring correct authentication information to be provided in
response to a challenge. in a system, the authentication information is
usually a value that is required to be computed in response to an
unpredictable challenge value. [RFC2828] A type of
authentication in which a user responds correctly (usually by
performing some calculation based on the time and/or the user's secret
key) to a challenge (usually a numeric, unpredictable one). [AFSEC] An authentication procedure that requires calculating a correct response to an unpredictable challenge. [SRV]
An authentication technique whereby a server sends an unpredictable
challenge to the user, who computes a response using some form of
authentication token. [IATF][misc] (see also 3-factor authentication, Extensible Authentication Protocol, IMAP4 AUTHENTICATE, POP3 AUTH, authentication, tokens, user) (includes Challenge Handshake Authentication Protocol, Challenge-Response Authentication Mechanism, challenge)
- change control and life cycle management
- Procedures and controls that prevent unauthorized programs or modifications to an existing program from being implemented. [CIAO] (see also software development)
- change management
- Activities involved in (1) defining and instilling new values,
attitudes, norms, and behaviors within an organization that support new
ways of doing work and overcome resistance to change; (2) building
consensus among customers and stakeholders on specific changes designed
to better meet their needs; and (3) planning, testing, and implementing
all aspects of the transition from one organizational structure or
business process to another. [SRV] (see also business process, test)
- channel
- (I) An information transfer path within a system. [RFC2828] An information transfer path within a system. May also refer to the mechanism by which the path is effected. [AJP][TCSEC] (includes communication channel, covert channel, covert storage channel, covert timing channel, exploitable channel, internal communication channel, overt channel, security-compliant channel, trusted channel)
- channel capacity
- Maximum possible error-free rate, measured in bits per second, at which information can be sent along a communications path. [AJP][FCv1] (see also bandwidth, communications)
- check character
- Added character which may be used to verify the accuracy of a string by a mathematical relationship to that string. [SC27] (see also error detection code, integrity) (includes check character system)
- check character system
- Set of rules for generating check characters and checking strings incorporating check characters. [SC27] (see also check character, system)
- check digits
- A digit in an account number that is calculated from the other
digits in the account number and is used to check the account number's
correctness/validity. [FFIEC]
- check word
- Cipher text generated by cryptographic logic to detect failures in cryptography. [NSTISSC] (see also cryptography)
check_password
- check_password
- A hacking program used for cracking VMS passwords. [NSAINT] (see also passwords, attack)
- checksum
- (I) A value that (a) is computed by a function that is
dependent on the contents of a data object and (b) is stored or
transmitted together with the object, for the purpose of detecting
changes in the data. (C) To gain confidence that a data object
has not been changed, an entity that later uses the data can compute a
checksum and compare it with the checksum that was stored or
transmitted with the object. (C) Computer systems and networks
employ checksums (and other mechanisms) to detect accidental changes in
data. However, active wiretapping that changes data could also change
an accompanying checksum to match the changed data. Thus, some checksum
functions by themselves are not good counter measures for active
attacks. To protect against active attacks, the checksum function needs
to be well-chosen, and the checksum result needs to be
cryptographically protected. [RFC2828] A computed value that's
dependent upon the contents of a packet; the value is sent with the
packet when transmitted, and the receiving system computes a new
'checksum' and compares the two values to determine whether or not the
data was received correctly. [misc] Digits or bits summed according to arbitrary rules and used to verify the integrity of data. [SRV] Value computed on data to detect error or manipulation during transmission. [NSTISSC] Value computed, via some parity or hashing algorithm, on information requiring protection against error or manipulation. [IATF] (see also attack, counter measures, cryptography, hash, networks, integrity)
- Chernobyl packet
- A network packet that induces a broadcast storm and network
meltdown. Typically an IP Ethernet datagram that passes through a
gateway with both source and destination Ether and IP address set as
the respective broadcast addresses for the subnetworks being gated
between. [AFSEC] Also called Kamikaze Packet. A network packet
that induces a broadcast storm and network meltdown. Typically an IP
Ethernet datagram that passes through a gateway with both source and
destination Ethernet and IP address set as the respective broadcast
addresses for the subnetworks being gated between. [NSAINT] (see also networks, threat)
- chief information officer (CIO)
- Agency official that provides advice and other assistance to
the head of the agency and other senior management personnel to ensure
that information technology is acquired and information resources are
managed in a manner that implements the policies and procedures of the
Congress and the priorities established by the head of the agency.
Section 5125(a) of the Information Technology Management Reform Act of
1996 (ITMRA) establishes the position of Chief Information Officer
(CIO) by amending Section 33506 of the Paperwork Reduction Act of 1995,
44 U.S.C. Chapter 35. [CIAO]
- chosen-ciphertext attack
- (I) A cryptanalysis technique in which the analyst
tries to determine the key from knowledge of plaintext that corresponds
to ciphertext selected (i.e., dictated) by the analyst. [RFC2828] (see also analysis, key, attack)
- chosen-plaintext attack
- (I) A cryptanalysis technique in which the analyst
tries to determine the key from knowledge of ciphertext that
corresponds to plaintext selected (i.e., dictated) by the analyst. [RFC2828] (see also analysis, cryptography, key, attack)
- cipher
- (I) A cryptographic algorithm for encryption and decryption. [RFC2828] Alternative term for encryption algorithm. [SC27]
Any cryptographic system in which arbitrary symbols or groups of
symbols, represent units of plain text, or in which units of plain text
are rearranged, or both. [NSTISSC] (see also encryption)
- cipher block chaining (CBC)
- (I) An block cipher mode that enhances electronic codebook mode by chaining together blocks of ciphertext it produces. (C)
This mode operates by combining (exclusive OR-ing) the algorithm's
ciphertext output block with the next plaintext block to form the next
input block for the algorithm. [RFC2828] (see also block chaining)
- cipher feedback (CFB)
- (I) An block cipher mode that enhances electronic code
book mode by chaining together the blocks of ciphertext it produces and
operating on plaintext segments of variable length less than or equal
to the block length. (C) This mode operates by using the
previously generated ciphertext segment as the algorithm's input (i.e.,
by 'feeding back' the ciphertext) to generate an output block, and then
combining (exclusive OR-ing) that output block with the next plaintext
segment (block length or less) to form the next ciphertext segment. [RFC2828] (see also cryptography)
- cipher text auto-key (CTAK)
- Cryptographic logic that uses previous cipher text (CTAK) to generate a key stream. [NSTISSC] (see also key)
- ciphertext
- (I) Data that has been transformed by encryption so
that its semantic information content (i.e., its meaning) is no longer
intelligible or directly available. (O) 'Data produced through the use of encipherment. The semantic content of the resulting data is not available.' [RFC2828] Data which has been transformed to hide its information content. [SC27] Enciphered information. [NSTISSC][SC27] The encrypted form of a plaintext message of data. [SRV]
The result of transforming plaintext with an encryption algorithm. Also
known as cryptotext. It is encrypted (enciphered) data. [SRV] (see also encryption)
- ciphertext key
- (see encrypted key)
- ciphertext-only attack
- (I) A cryptanalysis technique in which the analyst
tries to determine the key solely from knowledge of intercepted
ciphertext (although the analyst may also know other clues, such as the
cryptographic algorithm, the language in which the plaintext was
written, the subject matter of the plaintext, and some probable
plaintext words.) [RFC2828] (see also analysis, key, attack)
- ciphony
- Process of enciphering audio information, resulting in encrypted speech. [NSTISSC]
- circuit control officer (CCO)
-
- circuit level gateway
- One form of a firewall. Validates TCP and UDP sessions before
opening a connection. Creates a handshake, and once that takes place
passes everything through until the session is ended. [NSAINT] (see also circuit proxy, firewall)
- circuit proxy
- A proxy service that statically defines which traffic will be
forwarded. The key difference between application and circuit proxies
is that the latter are static and thus will always set up a connection
if the DUT/SUT's rule set allows it. For example, if a firewall's rule
set permits ftp connections, a circuit proxy will always forward
traffic on TCP port 20 (ftp-data) even if no control connection was
first established on TCP port 21 (ftp-control). [RFC2647] (see also circuit level gateway, firewall, proxy)
- circuit switching
- A method of opening communications lines, as through the
telephone system, creating a physical link between the initiating and
receiving parties. In circuit switching, the connection is made at a
switching center, which physically connects the two parties and
maintains an open line between them for as long as needed. Circuit
switching is typically used in modem communications on the dial-up
telephone network, and it is also used on a smaller scale in privately
maintained communications networks. [SRV] (see also communications, networks)
- civil liberties
- Those individual rights and freedoms protected by the Constitution, the Bill of Rights, and Federal law and regulations. [CIAO]
- claimant
- An entity which is or represents a principal for the purposes
of authentication. A claimant includes the functions necessary for
engaging in authentication exchanges on behalf of a principal. [SC27] (see also authentication)
- Clark Wilson integrity model
- An approach to providing data integrity for common commercial
activities, including software engineering concepts of abstract data
types, separation of privilege, allocation of least privilege, and
nondiscretionary access control. [SRV] (see also access control, software, model)
- class 2, 3, 4, or 5
- (O) U.S. Department of Defense usage: Levels of PKI assurance based on risk and value of information to be protected:
- Class
2: For handling low-value information (unclassified, not
mission-critical, or low monetary value) or protection of system-high
information in low- to medium-risk environment.
- Class 3: For
handling medium-value information in low- to medium-risk environment.
Typically requires identification of a system entity as a legal person,
rather than merely a member of an organization.
- Class 4: For
handling medium- to high-value information in any environment.
Typically requires identification of an entity as legal person, rather
than merely a member of an organization, and a cryptographic hardware
token for protection of keying material.
- Class 5: For handling high-value information in a high-risk environment.
[RFC2828] (see also identification, key, tokens, public-key infrastructure)
- class
- A generic description of an object type, consisting of
instance variables and method definitions. A set of objects that share
a common structure and a common behavior. Class definitions are
templates from which individual objects can be created. [SRV] A grouping of families that share a common focus. [CC2][CC21][SC27]
- class hierarchy
- Classes can be organized naturally into structures (tree or
network) called class hierarchies. In a hierarchy, a class may have
zero or more superclasses above it. A class may have zero or more
classes below, referred to as its subclasses. [SRV] (see also networks)
- class object
- Class object is a class definition. Class definitions are objects that are instances of a generic class, or metaclass. [SRV]
- classification
- A classification is the separation or ordering of objects (or
specimens) into classes [WEBOL 1998]. Classifications that are created
non-empirically are called a priori classifications [...; Simpson 1961;
WEBOL 1998]. Classifications that are created empirically by looking at
the data are called a posteriori classifications [...; Simpson 1961;
WEBOL 1998]. [OVT] (see classification level)
- classification level
- (I) (1.) A grouping of classified information to which
a hierarchical, restrictive security label is applied to increase
protection of the data. (2.) The level of protection that is required
to be applied to that information. [RFC2828] (see also Bell-LaPadula security model, Internet Protocol Security Option, clearance level, compartment, confinement property, controlled security mode, dedicated security mode, dominated by, dominates, downgrade, lattice model, mode of operation, modes of operation, multilevel security, multilevel security mode, non-discretionary security, regrade, risk index, sanitize, security, security label, security level, security situation, sensitivity label, system-high security mode, user) (includes classified, default classification, secret, sensitive, sensitive but unclassified, trust level)
- classified
- (I) Refers to information (stored or conveyed, in any
form) that is formally required by a security policy to be given data
confidentiality service and to be marked with a security label (which
in some cases might be implicit) to indicate its protected status. (C)
The term is mainly used in government, especially in the military,
although the concept underlying the term also applies outside
government. In the U.S. Department of Defense, for example, it means
information that has been determined pursuant to Executive Order 12958
('Classified National Security Information', April 1995) or any
predecessor order to require protection against unauthorized disclosure
and is marked to indicate its classified status when in documentary
form. [RFC2828] (see also unclassified, confidentiality, security, classification level)
- classified information
- Information that has been determined pursuant to Executive
Order 12958 or any predecessor Order, or by the Atomic Energy Act of
1954, as amended, to require protection against unauthorized disclosure
and is marked to indicate its classified status. [NSTISSC]
- clean system
- (I) A computer system in which the operating system and
application system software and files have just been freshly installed
from trusted software distribution media. (C) A clean system is not necessarily in a secure state. [RFC2828]
A computer which has been freshly installed with its operating system
and software obtained from trusted software distribution media. As more
software and configuration are added to a computer, it becomes
increasingly difficult to determine if the computer is 'clean' or has
been compromised by viruses, trojan horse or misconfiguration which
reduces the security of the computer system. [RFC2504] (see also risk, security, software, trust, system)
- clearance
- The official determination of a person's trustworthiness, based on a records review and past behavior. [800-37]
The process of transmitting, reconciling, and in some cases, confirming
payment orders or financial instrument transfer instructions prior to
settlement. [FFIEC] (see security clearance)
- clearance level
- (I) The security level of information to which a security clearance authorizes a person to have access. [RFC2828] (see also classification level, security, security clearance)
- clearing
- Removal of data from an IS, its storage devices, and other
peripheral devices with storage capacity, in such a way that the data
may not be reconstructed using common system capabilities (i.e.,
keyboard strokes); however, the data may be reconstructed using
laboratory methods. Cleared media may be reused at the same
classification level or at a higher level. Overwriting is one method of
clearing. [NSTISSC]
- cleartext
- (I) Data in which the semantic information content (i.e., the meaning) is intelligible or is directly available. (O) 'Intelligible data, the semantic content of which is available.' (D)
ISDs SHOULD NOT use this term as a synonym for 'plaintext', the input
to an encryption operation, because the plaintext input to encryption
may itself be ciphertext that was output from another operation. [RFC2828] Alternative term for plaintext. [SC27] Intelligible data, the semantic content of that is available. [AJP][FCv1] (see also encryption)
- client
- (I) A system entity that requests and uses a service provided by another system entity, called a 'server'. (C)
Usually, the requesting entity is a computer process, and it makes the
request on behalf of a human user. In some cases, the server may itself
be a client of some other server. [RFC2828] Depending on the
point of view, a client might be a computer system which an end-user
uses to access services hosted on another computer system called a
server. 'Client' may also refer to a program or a part of a system that
is used by an end-user to access services provided by another program
(for example, a web browser is a client that accesses pages provided by
a Web Server). [RFC2504]
- client server
- The client/server model states that a client (user), whether a
person or a computer program, may access authorized services from a
server (host) connected anywhere on the distributed computer system.
The services provided include database access, data transport, data
processing, printing, graphics, electronic mail, word processing, or
any other service available on the system. These services may be
provided by a remote mainframe using long haul communications or within
the user's workstation in real-time or delayed (batch) transaction
mode. Such an open access model is required to permit true horizontal
and vertical integration. [SRV] (see also communications, model, automated information system)
- Clipper chip
- (N) The Mykotronx, Inc. MYK-82, an integrated
microcircuit with a cryptographic processor that implements the
SKIPJACK encryption algorithm and supports key escrow. (C) The
key escrow scheme for a chip involves a SKIPJACK key common to all
chips that protects the unique serial number of the chip, and a second
SKIPJACK key unique to the chip that protects all data encrypted by the
chip. The second key is escrowed as split key components held by NIST
and the U.S. Treasury Department. [RFC2828] A tamper-resistant
VLSI chip designed by NSA for encrypting voice communications. It
conforms to the Escrow Encryption Standard (EES) and implements the
Skipjack encryption algorithm. [NSAINT] (see also cryptography, encryption, key, tamper, National Institute of Standards and Technology, National Security Agency) (includes Law Enforcement Access Field)
- closed security environment
- (O) U.S. Department of Defense usage: A system
environment that meets both of the following conditions: (a)
Application developers (including maintainers) have sufficient
clearances and authorizations to provide an acceptable presumption that
they have not introduced malicious logic. (b) Configuration control
provides sufficient assurance that system applications and the
equipment they run on are protected against the introduction of
malicious logic prior to and during the operation of applications. [RFC2828]
An environment in which both of the following conditions hold true: (1)
Application developers (including maintainers) have sufficient
clearances and authorizations to provide an acceptable presumption that
they have not introduced malicious logic and (2) configuration control
provides sufficient assurance that applications and the equipment are
protected against the introduction of malicious logic prior to and
during the operation of system applications. [AJP][NCSC/TG004]
Environment providing sufficient assurance that applications and
equipment are protected against the introduction of malicious logic
during an IS life cycle. Closed security is based on a system's
developers, operators, and maintenance personnel having sufficient
clearances, authorization, and configuration control. [NSTISSC] (see also assurance, security, software development)
- closed user group
- A closed user group permits users belonging to a group to
communicate with each other, but precludes communications with other
users who are not members of the group. [AJP][TNI] (see also user)
- cluster sample
- A simple random sample in which each sampling unit is a collection of elements. [SRV]
- coaxial cable
- A cable that consists of two conductors, a center wire inside
a cylindrical shield that is grounded. The shield is typically made of
braided wire and is insulated from the center wire. The shield
minimizes electrical and radio-frequency interference; signals in a
coaxial cable do not affect nearby components, and potential
interference from these components does not affect the signal carried
on the [SRV]
- code
- (I) noun: A system of symbols used to represent information, which might originally have some other representation. (D)
ISDs SHOULD NOT use this term as synonym for the following: (a)
'cipher', 'hash', or other words that mean 'a cryptographic algorithm';
(b) 'ciphertext'; or (c) 'encrypt', 'hash', or other words that refer
to applying a cryptographic algorithm. (D) ISDs SHOULD NOT this
word as an abbreviation for the following terms: country code, cyclic
redundancy code, Data Authentication Code, error detection code,
Message Authentication Code, object code, or source code. To avoid
misunderstanding, use the fully qualified term, at least at the point
of first usage. [RFC2828] (COMSEC) System of communication in
which arbitrary groups of letters, numbers, or symbols represent units
of plain text of varying length. [NSTISSC] In computer
programming, a set of symbols used to represent characters and format
commands and instructions in a program. Source code refers to the set
of commands and instructions making up a program. [CIAO] (see also authentication, communications security, encryption, hash)
- code amber
- Significantly debilitate the ability of the Agency to fulfill
its mission, critical national security or national economic security
functions or provide continuity of government services. [CIAO] (see also critical infrastructure, threat)
- code book
- Document containing plain text and code equivalents in a
systematic arrangement, or a technique of machine encryption using a
word substitution technique. [NSTISSC] (see also encryption)
- code coverage
- An analysis method that determines which parts of the software
have been executed (covered) by the test case suite and which parts
have not been executed and therefore may require additional attention. [OVT] (see also analysis, test)
- code division multiple access (CDMA)
- A digital cellular phone spread spectrum technology that
assigns a code to all speech bits, sends a scrambled transmission of
the encoded speech over the air and reassembles the speech to its
original format. [IATF] (see also cryptography, security)
- code green
- No appreciable impact on Agency missions. [CIAO] (see also critical infrastructure)
- code group
- Group of letters, numbers, or both in a code system used to represent a plain text word, phrase, or sentence. [NSTISSC]
- code red
- Prevent the Agency from fulfilling its mission, critical
national security or national economic security functions or from
providing continuity of core government services. From the perspective
of an attacker, this would constitute a 'Kill.' [CIAO] (see also critical infrastructure, threat)
- code vocabulary
- Set of plain text words, numerals, phrases, or sentences for which code equivalents are assigned in a code system. [NSTISSC]
- coded switch system (CSS)
- (see also system)
- coding
- Creating the software used by the computer from program flowcharts or pseudocode. [SRV] (see also software)
- coefficient of variation
- The ratio produced by dividing the standard deviation by the
mean value. It provides an indication of the consistency of the data. [SRV]
- cold site
- An alternate site with necessary electrical and communications
connections and computer equipment, but no running system, maintained
by an organization to facilitate prompt resumption of service after a
disaster. [CIAO] (see also hot site, disaster recovery)
- cold start
- Procedure for initially keying crypto-equipment. command
authority Individual responsible for the appointment of user
representatives for a department, agency, or organization and their key
ordering privileges. [NSTISSC] (see also cryptography, user)
- collision-resistant hash function
- A hash function satisfying the following property:
- it is computationally infeasible to find any two distinct inputs which map to the same output.
NOTE - Computational feasibility depends on the specific security requirements and environment. [SC27] (see also hash)
- color change
- (I) In a system that is being operated in periods
processing mode, the act of purging all information from one processing
period and then changing over to the next processing period. [RFC2828]
- command and control (C2)
- (see also C2-protect, Defense Information Infrastructure) (includes command and control warfare, command, control, and communications, command, control, communications and computers, command, control, communications and intelligence, global command and control system, nuclear command and control document)
- command and control warfare (C2W)
- The integrated use of operations security, military deception,
psychological operations, electronic warfare, and physical destruction,
mutually supported by intelligence, to deny information to, influence,
degrade, or destroy adversary command and control capabilities, while
protecting friendly command and control capabilities against such
actions. Command and control warfare is an application of information
operations in military operations and is a subset of information
warfare. C2W is both offensive and defensive. [NSAINT] (see also security, command and control, warfare)
- command, control, and communications (C3)
- (see also command and control, communications)
- command, control, communications and computers (C4)
- (see also command and control, communications)
- command, control, communications and intelligence (C3I)
- (see also command and control, communications)
- Commercial COMSEC
- Relationship between NSA and industry in which Endorsement
Program (CCEP) NSA provides the COMSEC expertise (i.e., standards,
algorithms, evaluations, and guidance) and industry provides design,
development, and production capabilities to produce a type 1 or type 2
product. Products developed under the CCEP may include modules,
subsystems, equipment, systems, and ancillary devices. [NSTISSC] (see also evaluation, communications security)
- Commercial COMSEC Endorsement Program (CCEP)
- (see also communications security)
- commercial off the shelf (COTS)
- (includes COTS software)
- commercial software
- Software available through lease or purchase in the commercial
market from an organization representing itself to have ownership of
marketing rights in the software. [SRV] (see also software)
- Committee of sponsoring organizations (of the Treadway Commission) (COSO)
-
- Common Criteria
- Provides a comprehensive, rigorous method for specifying
security function and assurance requirements for products and systems.
(Information Technology Security Evaluation Criteria [ITSEC]) [NSTISSC]
The Common Criteria for Information Technology Security Evaluation
[CC98] is a catalog of security functional and assurance requirements
and has a central role in the National Information Assurance Program. [IATF] (see also Common Criteria for Information Technology Security, computer security)
- Common Criteria for Information Technology Security (CC)
- (N) 'The Common Criteria' is a standard for evaluating
information technology products and systems, such as operating systems,
computer networks, distributed systems, and applications. It states
requirements for security functions and for assurance measures. (C)
Canada, France, Germany, the Netherlands, the United Kingdom, and the
United States (NIST and NSA) began developing this standard in 1993,
based on the European ITSEC, the Canadian Trusted Computer Product
Evaluation Criteria (CTCPEC), and the U.S. 'Federal Criteria for
Information Technology Security' (FC) and its precursor, the TCSEC.
Work was done in cooperation with ISO/IEC Joint Technical Committee 1
(Information Technology), Subcommittee 27 (Security Techniques),
Working Group 3 (Security Criteria). Version 2.1 of the Criteria is
equivalent to ISO's International Standard 15408. The U.S. Government
intends that this standard eventually will supersede both the TCSEC and
FIPS PUB 140-1. (C) The standard addresses data confidentiality,
data integrity, and availability and may apply to other aspects of
security. It focuses on threats to information arising from human
activities, malicious or otherwise, but may apply to non-human threats.
It applies to security measures implemented in hardware, firmware, or
software. It does not apply to (a) administrative security not related
directly to technical security, (b) technical physical aspects of
security such as electromagnetic emanation control, (c) evaluation
methodology or administrative and legal framework under which the
criteria may be applied, (d) procedures for use of evaluation results,
or (e) assessment of inherent qualities of cryptographic algorithms. [RFC2828] Evolving international security evaluation criteria being developed by the US, Canada, the UK, Germany, and France. [AJP] (see also Common Criteria, National Security Agency, availability, confidentiality, cryptography, emanation, emanations security, evaluation, networks, software, threat, trust, National Institute of Standards and Technology, computer security, security) (includes Common Criteria for Information Technology Security Evaluation, National Information Assurance partnership)
- Common Criteria for Information Technology Security Evaluation (CCITSE)
- The Common Criteria for Information Technology Security
Evaluation is a joint effort between North America and certain European
countries to develop a single set of international criteria for use as
the basis for evaluation of IT security properties. The requirements
can also be used, in conjunction with a risk assessment, for the
selection of appropriate IT security measures. [misc] (see also risk, Common Criteria for Information Technology Security, computer security, criteria, evaluation) (includes Canadian Trusted Computer Product Evaluation Criteria, European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, Trusted Computer System Evaluation Criteria, assurance component, common criteria version 1.0, common criteria version 2.0, component dependencies, component extensibility, component hierarchy, component operations, evaluation assurance level, functional component, protection profile, security target, trusted gateway)
- Common Criteria Testing Laboratory (CCTL)
- Within the context of the NIAP Common Criteria Evaluation and
Validation Scheme, an IT security evaluation facility, accredited by
the U.S. National Voluntary Laboratory Accreditation Program (NVLAP)
and approved by the NIAP Oversight Body to conduct CC-based
evaluations. [NIAP] (see also accreditation, computer security, evaluation, National Information Assurance partnership, test) (includes Evaluation Technical Report, Evaluation Work Plan, Monitoring of Evaluations, Scope of Accreditation, Validation Certificate, approved technologies list, approved test methods list, deliverables list, designated laboratories list, designating authority, designation policy, observation reports)
- Common Criteria Testing Program (CCTP)
- NIAP program described in the NIAP Common Criteria Evaluation and Validation Scheme [NIAP] (see also evaluation, National Information Assurance partnership, test)
- common criteria version 1.0 (CC1)
- Common Criteria Editorial Board, Common Criteria for Information Technology Security Evaluation, Version 1.0, 96/01/31. [CC1] (see also computer security, Common Criteria for Information Technology Security Evaluation)
- common criteria version 2.0 (CC2)
- Common Criteria for Information Technology Security Evaluation, Version 2.0, May, 1998. [CC2] (see also computer security, Common Criteria for Information Technology Security Evaluation)
- common data security
- A set of layered security services that address communications
and data security architecture (CDSA) problems in the emerging PC
business space. The CDSA consists of three basic layers: A set of
system security services, The Common Security Services Manager (CSSM),
and Add-in Security Modules (CSPs, TPs, CLs, DLs). [Intel] (see also common data security architecture)
- common data security architecture (CDSA)
- Intel's multi-API security framework for encryption and authentication. [Intel] (see also authentication) (includes common data security, common security, common security services manager, cryptographic service, cryptographic service providers)
- Common Evaluation Methodology (CEM)
- (see also National Information Assurance partnership, evaluation)
- common fill device (CFD)
- One of a family of devices developed to read-in, transfer, or store key. [NSTISSC]
- common gateway interface (CGI)
- CGI is the method that Web servers use to allow interaction between servers and programs. [NSAINT]
The CGI programs are insecure programs that allow the web server to
execute an external program when particular uniform resource locators
(URLs) are accessed. [SRV] (see also world wide web) (includes CGI scripts)
- common interswitch rekeying key (CIRK)
- (see also key)
- Common IP Security Option (CIPSO)
- (see also security)
- common name
- (I) A alphanumeric string that (a) may be a part of the
X.500 DN of a Directory object ('commonName' attribute), (b) is a
(possibly ambiguous) name by which the object is commonly known in some
limited scope (such as an organization), and (c) conforms to the naming
conventions of the country or culture with which it is associated.
X.509 public-key certificate.) (C) For example, 'Dr. E. F. Moore', 'The United Nations', or '12-th Floor Laser Printer'. [RFC2828] (see also certificate, key, public-key infrastructure)
- common security
- The central layer of the Common Data Security Architecture
(CDSA) Services Manager defines six key service components:
Cryptographic Services Manager, Trust Policy Services Manager,
Certificate Library Services Manager, Data Storage Library Services
Manager, Integrity Services Manager, and Security Context Manager. The
CSSM binds together all the security services required by PC
applications. In particular, it facilitates linking digital
certificates to cryptographic actions and trust protocols. [Intel] (see also public-key infrastructure, trust, common data security architecture)
- common security services manager (CSSM)
- (see also common data security architecture)
- common vulnerabilities and exposures
- A simplified dictionary/nomenclature being developed through
collaborative effort of the cyber community in order to provide common
names for publicly known vulnerabilities (design flaws) and exposures
(risky services). [CIAO] (see also exposure, vulnerability)
- communication and data security architecture (CDSA)
- (see common data security architecture)
- communication channel
- The physical media and devices that provide the means for
transmitting information from one component of a network to (one or
more) other components. [AJP][TNI] (see also networks, channel, communications) (includes internal communication channel)
- communication equipment room (CER)
- (see also communications)
- communication link
- The physical means of connecting one location to another for the purpose of transmitting and/or receiving data. [AJP][TNI] (see also communications)
- communications
- A family of security controls in the technical class dealing
with ensuring that communications are appropriately protected by
encryption or PDSs, that controlled interfaces are installed and
appropriately configured as required to protect the IT system, and that
dial-in and remote access is appropriately controlled, protected, and
monitored. [800-37] (see also CCI equipment, Integrated services digital network, OSI architecture, active wiretapping, attention character, bandwidth, bit error rate, cellular transmission, channel capacity, circuit switching, client server, cross-talk, dial-up, dial-up line, digital telephony, distributed processing, electronic commerce, electronic data interchange, extraction resistance, frequency hopping, gateway, help desk, host, information processing standard, information superhighway, information technology, information technology system, interface, internet control message protocol, internet protocol, internetwork, line conditioning, line conduction, link, local loop, local-area netwokr, message indicator, multicast, network architecture, network configuration, network device, network management architecture, network management protocol, network weaving, open system interconnection model, operations code, outage, privacy system, protocol, protocol suite, remote access, remote terminal emulation, secure hypertext transfer protocol, secure socket layer, signaling, simple network management protocol, subnetwork, telecommuting, teleprocessing, trusted gateway, tunnel, user data protocol, virtual private network, wide-area network, communications security, networks) (includes asynchronous communication, command, control, and communications, command, control, communications and computers, command, control, communications and intelligence, communication channel, communication equipment room, communication link, communications cover, communications electronics operating instruction, communications profile, communications protocol, data communications, defense communications system, imitative communications, internal communication channel, private communication technology, protected communications, telecommunications)
- communications cover
- Concealing or altering of characteristic communications patterns to hide information that could be of value to an adversary. [NSTISSC] (see also communications)
- communications deception
- Deliberate transmission, retransmission, or alteration of
communications to mislead an adversary's interpretation of the
communications. [NSTISSC] (see also assurance, security)
- communications electronics operating instruction (CEOI)
- (see also communications)
- communications profile
- Analytic model of communications associated with an
organization or activity. The model is prepared from a systematic
examination of communications content and patterns, the functions they
reflect, and the communications security measures applied. [NSTISSC] (see also communications security, communications)
- communications protocol
- A set of rules or standards designed to enable computers to
connect with one another and to exchange information with as little
error as possible. [SRV] (see also communications)
- communications security (COMSEC)
- (I) Measures that implement and assure security
services in a communication system, particularly those that provide
data confidentiality and data integrity and that authenticate
communicating entities. (C) Usually understood to include
cryptographic algorithms and key management methods and processes,
devices that implement them, and the life cycle management of keying
material and devices. [RFC2828] Measures and controls taken to
deny unauthorized (COMSEC) persons information derived from
telecommunications and to ensure the authenticity of such
telecommunications. Communications security includes cryptosecurity,
transmission security, emission security, and physical security of
COMSEC material. [NSTISSC] Measures and controls taken to deny
unauthorized persons information derived from telecommunications and to
ensure the authenticity of such telecommunications. [IATF]
Measures taken to deny unauthorized persons information derived from
telecommunications of an entity concerning national or organizational
security, and to ensure the authenticity of such telecommunications.
Communications security includes crypto-security, transmission
security, emission security, and physical security of communications
security material and information. [AJP] Measures taken to deny
unauthorized persons information derived from telecommunications of the
U.S. Government concerning national security, and to ensure the
authenticity of such telecommunications. Communications security
includes crypto-security, transmission security, emission security, and
physical security of communications security material and information. [NCSC/TG004] (see also BLACK, CCI assembly, CCI component, CCI equipment, CRYPTO, FIPS PUB 140-1, Federal Public-key Infrastructure, RED, RED/BLACK separation, Secure Data Exchange, TSEC nomenclature, access control list, accountability, accounting legend code, accounting number, alert, approval/accreditation, assembly, audit trail, authentication, central office of record, code, communications profile, computer emergency response team, confidentiality, cryptography, data transfer device, design controlled spare parts, direct shipment, drop accountability, electronic attack, electronic key management, electronic key management system, electronically generated key, element, encryption algorithm, fill device, fixed COMSEC facility, frequency hopping, incident, information security, key, key distribution center, limited maintenance, local management device/key processor, long title, mandatory modification, network sponsor, optional modification, procedural security, protective packaging, repair action, security architecture, security incident, security net control station, short title, supersession, systems security steering group, test key, time-compliance date, traditional, transmission security, trusted path, two-person integrity, updating, user representative, Automated Information System security) (includes COMSEC Material Control System, COMSEC Parent Switch, COMSEC Resources Program, COMSEC Subordinate Switch, COMSEC Utility Program, COMSEC account, COMSEC account audit, COMSEC aid, COMSEC boundary, COMSEC chip set, COMSEC control program, COMSEC custodian, COMSEC end-item, COMSEC equipment, COMSEC facility, COMSEC incident, COMSEC insecurity, COMSEC manager, COMSEC material, COMSEC modification, COMSEC module, COMSEC monitoring, COMSEC profile, COMSEC survey, COMSEC system data, COMSEC training, Commercial COMSEC, Commercial COMSEC Endorsement Program, Internet Protocol security, National COMSEC Advisory Memorandum, National COMSEC Information Memorandum, National COMSEC Instruction, advanced self-protection jammer, alternate COMSEC custodian, anti-jam, anti-jamming, communications, communications security element, crypto-security, emissions security, meaconing, intrusion, jamming, and interference, network security, network security architecture, network security architecture and design, network security officer, subcommittee on telecommunications security, telecommunications security)
- communications security element (CSE)
- (see also communications security)
- community string
- (I) A community name in the form of an octet string that serves as cleartext password in SNMP version 1. [RFC2828] (see also passwords)
- compartment
- (1) A designation applied to a type of sensitive information,
indicating the special handling procedures to be used for the
information and the general class of people who may have access to the
information. It can refer to the designation of information belonging
to one or more categories. (2) A class of information in the U.S.
Government that has need-to-know access controls beyond those normally
provided for access to Confidential, Secret, or Top Secret information.
[AJP] (I) A grouping of sensitive information items that
require special access controls beyond those normally provided for the
basic classification level of the information. (C) The term is usually understood to include the special handling procedures to be used for the information. [RFC2828]
A class of information that has need-to-know access controls beyond
those normally provided for access to Confidential, Secret or Top
Secret information. [NCSC/TG004] A designation applied to a type
of sensitive information, indicating the special handling procedures to
be used for the information and the general class of people who may
have access to the information. It can refer to the designation of
information belonging to one or more categories. [TNI] (see also access control, classification level)
- compartment key (CK)
- (see also key)
- compartmentalization
- A nonhierarchical grouping of sensitive information used to
control access to data more finely than with hierarchical security
classification alone. [NSTISSC]
- compartmented mode
- INFOSEC mode of operation wherein each user with direct or
indirect access to a system, its peripherals, remote terminals, or
remote hosts has all of the following: (a) valid security clearance for
the most restricted information processed in the system; (b) formal
access approval and signed nondisclosure agreements for that
information which a user is to have access; and (c) valid need-to-know
for information which a user is to have access. [NSTISSC] (see also user)
- compartmented security mode
- (see also modes of operation, security)
- competition
- Activity of two or more entities taken in consideration of
each other to achieve differing objectives. The commercial analogue of
military combat. [CIAO]
- compiler
- A computer program that translates large sections of source code into object code the computer can understand. [SRV] (see also source code, software development)
- completeness
- The degree to which all of the software's required functions
and design constraints are present and fully developed in the software
requirements, software design, and code. [SRV] (see also software)
- component
- (1) A device or set of devices consisting of hardware, along
with its firmware and/or software, that performs a specific function on
a computer communications network. A component is a part of the larger
system and may itself consist of other components. Examples include
modems, telecommunications controllers, message switches, technical
control devices, host computers, gateways, communications subnets, and
so on. (2) An identifiable and self-contained portion of a Target of
Evaluation that is subjected to security evaluation. (3) An
organization that is part of a larger organization, e.g. a U.S. Defense
Component. (4) A requirement that is part of a larger set of
requirements that may be called a package. e.g. protection profiles are
assembled from components. Groups of components can be assembled into
predefined packages. [AJP] A device or set of devices,
consisting of hardware, along with its firmware, and/or software that
performs a specific function on a computer communications network. A
component is a part of the larger system, and may itself consist of
other components. Examples include modems, telecommunications
controllers, message switches, technical control devices, host
computers, gateways, communications subnets, etc. [TNI] An IT
assembly, or part thereof, that is essential to the operation of some
larger IT assembly and is an immediate subdivision of the IT assembly
to which it belongs, (e.g., a trusted guard, biometrics device, or
firewall would be a component of a computer system.). [800-37] An identifiable and self-contained portion of a TOE that is subjected to security evaluation. [JTC1/SC27] An identifiable and self-contained portion of a Target of Evaluation. [ITSEC]
An object of testing. An integrated assembly of one or more units
and/or associated data objects or one or more components and/or
associated data objects. By this (recursive) definition, a component
can be anything from a unit to a system. [OVT] The smallest selectable set of elements that may be included in a PP, an ST, or a package. [CC2][CC21][SC27] (see also networks, software, test, component dependencies, component extensibility, component hierarchy, component operations, component reference monitor, construction of TOE requirements, target of evaluation) (includes assurance component, basic component, development assurance component, evaluation assurance component, functional component, functional unit, network component)
- component dependencies
- Dependencies may exist between components. Dependencies arise
when a component is not self-sufficient and relies upon the presence of
another component. Dependencies may exist between functional
components, between assurance components and between functional and
assurance components. [CC1] (see also assurance, Common Criteria for Information Technology Security Evaluation) (includes component)
- component extensibility
- The addition to an ST of functional or assurance requirement
not defined in the common criteria (CC). Note that the use of such
extensions requires the prior approval of a certification body, and may
be a barrier to the mutual recognition of evaluation results. [CC1] (see also assurance, Common Criteria for Information Technology Security Evaluation) (includes component, security target)
- component hierarchy
- The hierarchy of functional and assurance requirements,
provided by the Common Criteria is: Class => Family => Component
=> Element. [CC1] (see also assurance, Common Criteria for Information Technology Security Evaluation) (includes component)
- component operations
- Common criteria (CC) components may be used exactly as defined
in the common criteria, or they may be tailored through the use of
permitted operations to meet a specific security policy or counter a
specific threat. Each component identifies and defines any permitted
operations, the circumstances under which it may be applied and the
results of the application. Permitted operations are: assignment;
selection and refinement. [CC1] (see also Common Criteria for Information Technology Security Evaluation) (includes component, security policy, threat)
- component reference monitor
- An access-control concept that refers to an abstract machine
that mediates all access to objects within a component by subjects
within the component. [AJP][TNI] (see also access control) (includes component, object, subject)
- compromise
- A violation of the security policy of a system such that unauthorized disclosure of sensitive information may have occurred. [NCSC/TG004]
A violation of the security policy of a system such that unauthorized
disclosure of sensitive information may have occurred. The unauthorized
disclosure, modification, substitution, or use of sensitive data
(including plaintext cryptographic keys and other critical security
parameters). [SRV] A violation of the security system such that an unauthorized disclosure of sensitive information may have occurred. [AJP][TNI]
An intrusion into a computer system where unauthorized disclosure,
modification or destruction of sensitive information may have occurred [NSAINT]
An intrusion into a computer system where unauthorized disclosure,
modification or destruction of sensitive information may have occurred.
A violation of the security policy of a system such that unauthorized
disclosure of sensitive information may have occurred. [OVT]
Disclosure of information of data to unauthorized persons, or a
violation of the security policy of a system in which unauthorized
intentional or unintentional disclosure, modification, destruction, or
loss of an object may have occurred. [IATF] The unauthorized
disclosure, modification, substitution or use of sensitive data
(including plaintext cryptographic keys and other critical security
parameters). [FIPS140] Type of incident where information is
disclosed to unauthorized persons or a violation of the security policy
of a system in which unauthorized intentional or unintentional
disclosure, modification, destruction, or loss of an object may have
occurred. [NSTISSC] (see also cryptography, key, security, incident, threat) (includes data compromise, security compromise)
- compromised key list (CKL)
- (O) MISSI usage: A list that identifies keys for which unauthorized disclosure or alteration may have occurred. (C)
A CKL is issued by an CA, like a CRL is issued. But a CKL lists only
KMIDs, not subjects that hold the keys, and not certificates in which
the keys are bound. [RFC2828] A list with the Key Material
Identifier (KMID) of every user with compromised key material; key
material is compromised when a card and its personal identification
number (PIN) are uncontrolled or the user has become a threat to the
security of the computer system. [IATF] (see also certificate, identification, Multilevel Information System Security Initiative, key, public-key infrastructure, threat, user)
- compromising emanation performance requirement (CEPR)
- (see also emanations security, risk)
- compromising emanations
- Unintentional data-related or intelligence-bearing signals
that, if intercepted and analyzed, disclose the information
transmission received, handled, or otherwise processed by any
information processing equipment. [AJP][NCSC/TG004]
Unintentional signals that, if intercepted and analyzed, would disclose
the information transmitted, received, handled, or otherwise processed
by information systems equipment. [NSTISSC] (see also TEMPEST, emanations security, threat)
- computer
- A machine that can be programmed in code to execute a set of
instructions (program). In an IS, the term 'computer' usually refers to
the components inside the case: the motherboard, memory chips, and
internal storage disk(s). [CIAO] (see also automated information system)
- computer abuse
- Intentional or reckless misuse, alteration, disruption, or destruction of information processing resources. [NSTISSC]
The misuse, alteration, disruption, or destruction of data processing
resources. The key aspect is that it is intentional and improper. [AJP][NCSC/TG004]
The willful or negligent unauthorized activity that affects the
availability, confidentiality, or integrity of computer resources.
Computer abuse includes fraud, embezzlement, theft, malicious damage,
unauthorized use, denial of service, and misappropriation. [AFSEC][NSAINT] (see also availability, confidentiality, denial of service, automated information system, threat)
- computer architecture
- The set of layers and protocols (including formats and
standards that different hardware and software must comply with to
achieve stated objectives) which define a computer system. Computer
architecture features can be available to application programs and
system programmers in several modes, including a protected mode. e.g.
the system-level features of computer architecture may include: (1)
memory management, (2) protection, (3) multitasking, (4) input/output,
(5) exceptions and multiprocessing, (6) initialization, (7)
coprocessing and multiprocessing, (8) debugging, and (9) cache
management. [AJP] (see also software, security architecture) (includes object)
- computer cryptography
- The use of a crypto-algorithm in a computer, microprocessor,
or microcomputer to perform encryption or decryption to protect
information or to authenticate users, sources, or information. [AJP][NCSC/TG004] Use of a crypto-algorithm program by a computer to authenticate or encrypt/decrypt information. [NSTISSC] (see also authentication)
- computer emergency response team (CERT)
- (I) An organization that studies computer and network
INFOSEC in order to provide incident response services to victims of
attacks, publish alerts concerning vulnerabilities and threats, and
offer other information to help improve computer and network security. (C)
For example, the CERT Coordination Center at Carnegie-Mellon University
(sometimes called 'the' CERT) and the Computer Incident Advisory
Capability. [RFC2828] A federally funded research and
development center at Carnegie Mellon University. They focus on
Internet security vulnerabilities, provide incident response services
to sites that have been the victims of attack, publish security alerts,
research security and survivability in wide-area-networked computing,
and develop site security information. They can be found at
www.cert.org. [IATF] An organization chartered by an information
system owner to coordinate and/or accomplish necessary actions in
response to computer emergency incidents that threaten the availability
or integrity of its information systems. (DoDD 5160.54) [CIAO] Formed by ARPA in 1988 to take proactive steps to alert people to computer security issues. [misc] (see also Computer Incident Advisory Capability, availability, communications security, computer security, computer security incident response team, incident, integrity, internet, networks, threat, security) (includes Forum of Incident Response and Security Teams, computer emergency response teams' coordination center)
- computer emergency response team/ coordination center
- An element of the Networked Systems Survivability Program of
the Software Engineering Institute at Carnegie Mellon University. It
keeps track of attacks on the Internet and issues advisories. [CIAO] (see also attack, internet)
- computer emergency response teams' coordination center
- (see also computer emergency response team)
- computer forensics
- The practice of gathering, retaining, and analyzing
computer-related data for investigative purposes in a manner that
maintains the integrity of the data. [800-61]
- computer fraud
- Computer-related crimes involving deliberate misrepresentation or alteration of data in order to obtain something of value. [AFSEC][NSAINT]
Computer-related crimes involving deliberate misrepresentation,
alteration, or disclosure of data to obtain something of value (usually
for monetary gain). A computer system must have been involved in the
perpetration or cover-up of the act or series of acts. A computer
system might have been involved through improper manipulation of input
data, output or results, applications programs, data files, computer
operations, communications, or computer hardware, systems software, or
firmware. [AJP][NCSC/TG004] Misrepresentation,
alteration, or disclosure of data in order to obtain something of value
(usually for monetary gain). A computer system must have been involved
in the perpetration or coverup of the act or series of acts. A computer
system might have been involved through improper manipulation of input
data; output or results; applications programs; data files; computer
operations; communications; or computer hardware, systems software, or
firmware. [SRV] (see also software, fraud, threat)
- Computer Incident Advisory Capability (CIAC)
- (N) A computer emergency response team in the U.S. Department of Energy. [RFC2828] (see also computer emergency response team, incident)
- computer incident assessment capability (CIAC)
- (see also incident)
- computer intrusion
- An incident of unauthorized access to data or an Automated Information System (AIS). [IATF] (see also unauthorized access, attack, incident, intrusion)
- computer network
- (I) A collection of host computers together with the subnetwork or internetwork through which they can exchange data. (C)
This definition is intended to cover systems of all sizes and types,
ranging from the complex Internet to a simple system composed of a
personal computer dialing in as a remote terminal of another computer. [RFC2828] A set of computers that are connected and able to exchange data. [CIAO] (see also internet, networks)
- computer network attack (CNA)
- Operations to disrupt, deny, degrade, or destroy information
resident in computers and computer networks, or the computers and
networks themselves. (DODD S-3600.1 of 9 Dec 96) [NSAINT] (see also attack, networks)
- computer network defense (CND)
- (see also networks)
- computer operations, audit, and security technology (COAST)
- is a multiple project, multiple investigator laboratory in
computer security research in the Computer Sciences Department at
Purdue University. It functions with close ties to researchers and
engineers in major companies and government agencies. Its research is
focused on real-world needs and limitations, with a special focus on
security for legacy computing systems. [NSAINT] (see also computer security, audit)
- computer oracle and password system (COPS)
- A computer network monitoring system for Unix machines.
Software tool for checking security on shell scripts and C programs.
Checks for security weaknesses and provides warnings. [NSAINT] (see also networks, passwords, software, security software, system)
- computer related controls
- A comprehensive name to include both general controls and
application controls. These controls help ensure the confidentiality,
integrity, and availability of data. [SRV] (see also availability, confidentiality, security controls)
- computer related crime
- Any illegal act for which knowledge of computer technology is involved for its investigation, perpetration, or prosecution. [AFSEC] (see also threat)
- computer security (COMPUSEC)
- (I) Measures that implement and assure security services in a system, particularly those that assure access control service. (C)
Usually understood to include functions, features, and technical
characteristics of computer hardware and software, especially operating
systems. [RFC2828] Measures and controls that ensure
confidentiality, integrity and availability of information system
assets including hardware, software, firmware and information being
processed, stored, or communicated. [IATF] Measures and controls
that ensure confidentiality, integrity, and availability of IS assets,
including hardware, firmware, software, and information being
processed, stored, and communicated. [CIAO][NSTISSC]
Technological and managerial procedures applied to computer systems to
ensure the availability, integrity and confidentiality of information
managed by the computer system. [NSAINT] (see also Automated Information System security, IT security, information systems security, Bell-LaPadula security model, Common Criteria, Common Criteria Testing Laboratory, Evaluation Work Plan, Federal Criteria Vol. I, Federal Information Processing Standards, Forum of Incident Response and Security Teams, National Security Decision Directive 145, National Voluntary Laboratory Accreditation Program, Orange book, Scope of Accreditation, Trusted Computer System Evaluation Criteria, Yellow book, access control, accreditation range, approved technologies list, approved test methods list, assurance, audit trail, availability, certification, common criteria version 1.0, common criteria version 2.0, computer emergency response team, computer operations, audit, and security technology, confidentiality, conformant validation certificate, control, correctness, covert channel, criteria, dedicated mode, degausser, degausser products list, deliverables list, designated, designated laboratories list, dominates, endorsed tools list, evaluated products list, evaluation, observation reports, partitioned security mode, party, preferred products list, procedural security, protection profile, public law 100-235, residual risk, risk treatment, security architecture, security purpose, security requirements, security target, security-compliant channel, sensitive information, software, subcommittee on telecommunications security, suspicious event, system high mode, systems security steering group, tamper, technology area, trusted network interpretation, security) (includes Common Criteria for Information Technology Security, Common Criteria for Information Technology Security Evaluation, Computer Security Objects Register, DoD Information Technology Security Certification and Accreditation Process, European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, IS security architecture, IT Security Evaluation Criteria, IT Security Evaluation Methodology, IT security certification, IT security policy, IT security product, Information Systems Security products and services catalogue, Information Technology Security Evaluation Criteria, Multilevel Information System Security Initiative, National Computer Security Center, National Computer Security Center glossary, National Security Telecommunications and Information Systems Security Advisory/Information Memorandum, National Security Telecommunications and Information Systems Security Committee, National Security Telecommunications and Information Systems Security Directive, National Security Telecommunications and Information Systems Security Instruction, National Security Telecommunications and Information Systems Security Policy, National Telecommunications and Information Systems Security Advisory Memoranda/Instructions, National Telecommunications and Information Systems Security Directive, National Telecommunications and Information Systems Security Instruction, National Telecommunications and Information Systems Security Policy, Subcommittee on Information Systems Security, certified information systems security professional, computer security emergency response team, computer security incident, computer security incident response capability, computer security incident response team, computer security intrusion, computer security object, computer security subsystem, computer security technical vulnerability reporting program, computing security methods, emissions security, information system security officer, information systems security association, information systems security engineering, information systems security equipment modification, information systems security manager, information systems security officer, information systems security policy, multilevel information systems security initiative, national computer security assessment program, national telecommunications and information system security directives, program automated information system security incident support team, subcommittee on Automated Information System security)
- computer security emergency response team (CERT)
- (see also computer security)
- computer security incident
- Any intrusion or attempted intrusion into a computer system. Incidents can include probes of multiple computer systems. [AFSEC]
Any intrusion or attempted intrusion into an automated information
system (AIS). Incidents can include probes of multiple computer
systems. [NSAINT] (see also computer security, incident)
- computer security incident response capability (CSIRC)
- (see also computer security, incident)
- computer security incident response team (CIRT) (CSIRT)
- (I) An organization 'that coordinates and supports the
response to security incidents that involve sites within a defined
constituency.' (C) To be considered a CSIRT, an organization must do as follows:
- Provide a (secure) channel for receiving reports about suspected security incidents.
- Provide assistance to members of its constituency in handling the incidents.
- Disseminate incident-related information to its constituency and other involved parties.
[RFC2828]
A capability set up for the purpose of assisting in responding to
computer security-related incidents; also called a Computer Incident
Response Team (CIRT) or a CIRC (Computer Incident Response Center,
Computer Incident Response Capability). [800-61] (see also computer emergency response team, computer security, incident)
- computer security intrusion
- Any event of unauthorized access or penetration to a computer system. [AFSEC] Any event of unauthorized access or penetration to an automated information system (AIS). [NSAINT] (see also unauthorized access, computer security, intrusion)
- computer security object
- (I) The definition or representation of a resource,
tool, or mechanism used to maintain a condition of security in
computerized environments. Includes many elements referred to in
standards that are either selected or defined by separate user
communities. [RFC2828] (see also security software, computer security)
- Computer Security Objects Register (CSOR)
- (N) A service operated by NIST is establishing a
catalog for computer security objects to provide stable object
definitions identified by unique names. The use of this register will
enable the unambiguous specification of security parameters and
algorithms to be used in secure data exchanges. (C) The CSOR
follows registration guidelines established by the international
standards community and ANSI. Those guidelines establish minimum
responsibilities for registration authorities and assign the top
branches of an international registration hierarchy. Under that
international registration hierarchy the CSOR is responsible for the
allocation of unique identifiers under the branch {joint-iso-ccitt(2)
country(16) us(840) gov(101) csor(3)}. [RFC2828] (see also National Institute of Standards and Technology, computer security)
- computer security subsystem
- A device designed to provide limited computer security features in a larger system environment. [AJP][NCSC/TG004] Hardware/software designed to provide computer security features in a larger system environment. [NSTISSC] (see also computer security, system)
- computer security technical vulnerability reporting program (CSTVRP)
- A program that focuses on technical vulnerabilities in
commercially available hardware, firmware, and software products
acquired by DoD. CSTVRP provides for the reporting, cataloging, and
discreet dissemination of technical vulnerability and corrective
measure information to DoD components on a need-to-know basis. [NCSC/TG004]
A program that focuses on technical vulnerabilities in commercially
available hardware, firmware, and software products acquired by the
Federal Government. CSTVRP provides for the reporting, cataloging, and
discreet dissemination of technical vulnerability and corrective
measure information to Defense Components on a need-to-know basis. [AJP] (see also software, computer security)
- computer-aided software engineering (CASE)
- The creation of software using well-defined design techniques
and development methodology, supported by computer-based automation
tools. [SRV] (see also software)
- computer-assisted audit technique (CAAT)
- A collection of computer programs, such as generalized audit
software, test-data generators, sampling programs, utility software
aids, or customized audit programs. [SRV] (see also software, test, audit)
- computing security methods
- Computing security methods are security safeguards implemented
within the IS, using the networking, hardware, software, and firmware
of the IS. This includes the following: (1) the hardware, firmware, and
software that implements security functionality and (2) the design,
implementation, and verification techniques used to ensure that system
assurance requirements are satisfied. [SRV] (see also assurance, networks, software, computer security)
- COMSEC account
- Administrative entity, identified by an account number, used
to maintain accountability, custody, and control of COMSEC material. [NSTISSC] (see also communications security)
- COMSEC account audit
- Examination of the holdings, records, and procedures of a
COMSEC account ensuring all accountable COMSEC material is properly
handled and safeguarded. [NSTISSC] (see also communications security)
- COMSEC aid
- COMSEC material that assists in securing telecommunications
and is required in the production, operation, or maintenance of COMSEC
systems and their components. COMSEC keying material,
callsign/frequency systems, and supporting documentation, such as
operating and maintenance manuals, are examples of COMSEC aids. [NSTISSC] (see also key, communications security)
- COMSEC boundary
- Definable perimeter encompassing all hardware, firmware, and
software components performing critical COMSEC functions, such as key
generation and key handling and storage. [NSTISSC] (see also key, communications security)
- COMSEC chip set
- Collection of NSA approved microchips. [NSTISSC] (see also communications security)
- COMSEC control program
- Computer instructions or routines controlling or affecting the
externally performed functions of key generation, key distribution,
message encryption/decryption, or authentication. [NSTISSC] (see also authentication, encryption, key, communications security)
- COMSEC custodian
- Person designated by proper authority to be responsible for
the receipt, transfer, accounting, safeguarding, and destruction of
COMSEC material assigned to a COMSEC account. [NSTISSC] (see also communications security)
- COMSEC end-item
- Equipment or combination of components ready for use in a COMSEC application. [NSTISSC] (see also communications security)
- COMSEC equipment
- Equipment designed to provide security to telecommunications
by converting information to a form unintelligible to an unauthorized
interceptor and, subsequently, by reconverting such information to its
original form for authorized recipients; also, equipment designed
specifically to aid in, or as an essential element of, the conversion
process. COMSEC equipment includes crypto-equipment, crypto-ancillary
equipment, cryptoproduction equipment, and authentication equipment. [NSTISSC] (see also authentication, cryptography, communications security)
- COMSEC facility
- Space used for generating, storing, repairing, or using COMSEC material. [NSTISSC] (see also communications security)
- COMSEC incident
- (see also communications security, incident)
- COMSEC insecurity
- COMSEC incident that has been investigated, evaluated, and
determined to jeopardize the security of COMSEC material or the secure
transmission of information. [NSTISSC] (see also incident, communications security)
- COMSEC manager
- Person who manages the COMSEC resources of an organization. [NSTISSC] (see also communications security)
- COMSEC material
- Item designed to secure or authenticate telecommunications.
COMSEC material includes, but is not limited to key, equipment,
devices, documents, firmware, or software that embodies or describes
cryptographic logic and other items that perform COMSEC functions. [NSTISSC]
Logistics and accounting system through which Control System (CMCS)
COMSEC material marked 'CRYPTO' is distributed, controlled, and
safeguarded. Included are the COMSEC central offices of record,
cryptologistic depots, and COMSEC accounts. COMSEC material other than
key may be handled through the CMCS. [NSTISSC] (see also cryptography, key, communications security)
- COMSEC Material Control System (CMCS)
- (see also communications security, system)
- COMSEC modification
- (see also communications security, information systems security equipment modification)
- COMSEC module
- Removable component that performs COMSEC functions in a telecommunications equipment or system. [NSTISSC] (see also communications security)
- COMSEC monitoring
- Act of listening to, copying, or recording transmissions of
one's own official telecommunications to analyze the degree of
security. [NSTISSC] (see also communications security)
- COMSEC Parent Switch (CPS)
- (see also communications security)
- COMSEC profile
- Statement of COMSEC measures and materials used to protect a given operation, system, or organization. [NSTISSC] (see also communications security)
- COMSEC Resources Program (CRP)
- (see also communications security)
- COMSEC Subordinate Switch (CSS)
- (see also communications security)
- COMSEC survey
- Organized collection of COMSEC and communications information relative to a given operation, system, or organization. [NSTISSC] (see also communications security)
- COMSEC system data
- Information required by a COMSEC equipment or system to enable it to properly handle and control key. [NSTISSC] (see also key, communications security)
- COMSEC training
- Teaching of skills relating to COMSEC accounting, use of
COMSEC aids, or installation, use, maintenance, and repair of COMSEC
equipment. concept of operations (CONOP) Document detailing the method,
act, process, or effect of using an IT system. [NSTISSC] (see also communications security)
- COMSEC Utility Program (CUP)
- (see also communications security)
- concealment system
- A method of achieving confidentiality in which sensitive information is hidden by embedding it in irrelevant data. [AJP][NCSC/TG004] (see also confidentiality, security, system)
- concept of operations (CONOP)
- Describes how the system would be used to accomplish objectives. [IATF] Document detailing the method, act, process, or effect of using an IT system. [CIAO] (see also internet, security)
- concurrency control
- A controlling mechanism that prevents multiple users from executing inconsistent actions on the database. [SRV]
- concurrent connections
- The aggregate number of simultaneous connections between hosts
across the DUT/SUT, or between hosts and the DUT/SUT. The number of
concurrent connections a firewall can support is just as important a
metric for some users as maximum bit forwarding rate. While
'connection' describes only a state and not necessarily the transfer of
data, concurrency assumes that all existing connections are in fact
capable of transferring data. If a data cannot be sent over a
connection, that connection should not be counted toward the number of
concurrent connections. Further, this definition assumes that the
ability (or lack thereof) to transfer data on a given connection is
solely the responsibility of the DUT/SUT. For example, a TCP connection
that a DUT/SUT has left in a FIN_WAIT_2 state clearly should not be
counted. But another connection that has temporarily stopped
transferring data because some external device has restricted the flow
of data is not necessarily defunct. The tester should take measures to
isolate changes in connection state to those effected by the DUT/SUT. [RFC2647] (see also test, connection)
- confidence
- A belief that a deliverable will perform in the way expected
or claimed (i.e. properly, trustworthy, enforce security policy,
reliably, effectively). [SC27] (see also security, trust)
- confidence coefficient
- A measure (usually expressed as a percentage) of the degree of
assurance that the estimate obtained from a sample differs from the
population parameter being estimated by less than the measure of
precision (sampling error). [SRV] (see also assurance)
- confidence interval
- An estimate of a population parameter that consists of a range
of values bounded by statistics called upper and lower confidence
limits. [SRV]
- confidence level
- A number, stated as a percentage, that expresses the degree of
certainty associated with an interval estimate of a population
parameter. It is the probability that an estimate based on a random
sample falls within a specified range. [SRV]
- confidence limits
- Two statistics that form the upper and lower bounds of a confidence interval. [SRV]
- confidentiality
- (1) The assurance that information is not disclosed to
inappropriate entities or processes. (2) The property that information
is not made available or disclosed to unauthorized entities. (3) The
prevention of the unauthorized disclosure of information. (4) The
concept of holding sensitive data in confidence, limited to an
appropriate set of individuals or organizations. [AJP] 1)
Assurance that information is not disclosed to unauthorized persons,
processes, or devices. 2) The protection of sensitive information from
unauthorized disclosure and sensitive facilities from physical,
technical or electronic penetration or exploitation. [CIAO] A
concept that applies to data that must be held in confidence and that
describes the status and degree of protection that must be provided for
such data about individuals as well as organizations. [SRV] A
security service that prevents unauthorized disclosure of information
residing on a computer, transiting a local network, or flowing over a
public Internet. [IATF] Assurance that information in an IT system is not disclosed to unauthorized persons, processes or devices. [800-37] Assurance that information is not disclosed to inappropriate entities or processes. [FCv1] Assurance that information is not disclosed to unauthorized persons, processes, or devices. [NSTISSC] Assuring information will be kept secret, with access limited to appropriate persons. [NSAINT]
Assuring information will be kept secret, with access limited to
appropriate persons. The concept of holding sensitive data in
confidence, limited to an appropriate set of individuals or
organizations. [OVT] Ensuring that data is disclosed only to authorized subjects. [SRV] The concept of holding sensitive data in confidence, limited to an appropriate set of individuals or organizations. [NCSC/TG004] The prevention of the unauthorized disclosure of information. [ITSEC][NIAP] The principle that keeps information from being disclosed to anyone not authorized to access it. Synonymous with secrecy. [AFSEC] The property that information is not made available or disclosed to unauthorized entities. [JTC1/SC27] The property that information is not made available or disclosed to unauthorized individuals, entities, or processes. [SC27][TNI] The property that sensitive information is not disclosed to unauthorized individuals, entities or processes. [FIPS140] (see also Authentication Header, Common Criteria for Information Technology Security, Generic Security Service Application Program Interface, Generic Upper Layer Security, IT security, Internet Protocol security, NULL encryption algorithm, Secure Electronic Transaction, access control, assurance, asymmetric cryptography, classified, communications security, computer abuse, computer related controls, computer security, concealment system, data privacy, data security, defense-in-depth, defense-wide information assurance program, digital envelope, encapsulating security payload, encryption algorithm, entry-level certification, hybrid encryption, information assurance, information security, internet, intrusion, key recovery, levels of concern, mid-level certification, networks, passive, post-accreditation phase, privacy enhanced mail, privacy programs, privacy protection, public-key infrastructure, requirements for procedures and standards, secure shell, secure socket layer, security controls, security event, security goals, security policy, simple network management protocol, symmetric cryptography, top-level certification, transmission security, vulnerability, wrap, privacy, security) (includes cryptographic algorithm for confidentiality, data confidentiality, data confidentiality service, traffic flow confidentiality)
- configuration
- In configuration management, the functional and physical
characteristics of hardware or software as set forth in technical
documentation or achieved in a product. [IEEE610] Selection of one of the sets of possible combinations of features of a system or Target of Evaluation. [AJP][FCv1] The relative or functional arrangement of components in a system. [SRV] The selection of one of the sets of possible combinations of features of a Target of Evaluation. [ITSEC] (see also software, configuration management, target of evaluation)
- configuration control
- (1) A system of controls imposed on changing controlled
objects produced during the development, production, and maintenance
processes for a Target of Evaluation. (2) Management of changes made to
a system's hardware, firmware, software, and documentation throughout
the development and operational life of the computer system. (3) The
process of controlling modifications to the system's hardware,
firmware, software, and documentation that provides sufficient
assurance that the system is protected against the introduction of
improper modification before, during, and after system implementation. [AJP] (I)
The process of regulating changes to hardware, firmware, software, and
documentation throughout the development and operational life of a
system. (C) Configuration control helps protect against
unauthorized or malicious alteration of a system and thus provides
assurance of system integrity. [RFC2828] A system of controls
imposed on changing controlled objects produced during the development,
production, and maintenance processes for a Target of Evaluation. [ITSEC]
An element of configuration management, consisting of the evaluation,
coordination, approval or disapproval, and implementation of changes to
configuration items after formal establishment of their configuration
identification. [IEEE610] Management of changes made to a
system's hardware, firmware, software, and documentation throughout the
development and operational life of the computer system. [TNI]
Process of controlling modifications to hardware, firmware, software,
and documentation to ensure that an IS is protected against improper
modification before, during, and after system implementation. [CIAO][NSTISSC]
The process of controlling modifications to the system's hardware,
firmware, software, and documentation that provides sufficient
assurance that the system is protected against the introduction of
improper modification before, during, and after system implementation.
Compare to configuration management. [NCSC/TG004][SRV] (see also identification, software, configuration management, target of evaluation) (includes object)
- configuration identification
- An element of configuration management, consisting of
selecting the configuration items for a system and recording their
functional and physical characteristics in technical documentation. [IEEE610] (see also configuration management, identification)
- configuration item
- An aggregation of hardware or computer programs or any of its discrete portions which satisfies an end use function. [SRV]
An aggregation of hardware, software, or both, that is designated for
configuration management and treated as a single entity in the
configuration management process. [IEEE610] (see also software, configuration management)
- configuration management (CM)
- A discipline applying technical and administrative direction
and surveillance to identify and document the functional and physical
characteristics of a configuration item, control changes to those
characteristics, record and report change processing and implementation
status, and verify compliance with specified requirements. [IEEE610]
A family of security controls in the management class dealing with the
control of changes made to hardware, software, firm ware,
documentation, test, test fixtures, and test documentation throughout
the life cycle of an IT system. [800-37] A procedure for
applying technical and administrative direction and surveillance to:
(1) identify and document the functional and physical characteristics
of an item or system, (2) control any changes to such characteristics,
and (3) record and report the change, process, and implementation
status. The process of controlling the software and documentation so
they remain consistent as they are developed or changed. The
configuration management process must be carefully tailored to the
capacity, size, scope, phase of the life cycle, maturity, and
complexity of the computer system involved. [SRV] Management of
security features and assurances through control of changes made to
hardware, software, firmware, documentation, test, test fixtures, and
test documentation throughout the life cycle of an IT system. [CIAO][IATF][NSTISSC]
The management of security features and assurances through control of
changes made to a system's hardware, software, firmware, documentation,
test, test fixtures, and test documentation throughout the development
and operational life of the computer system. [AJP][NCSC/TG004]
The management of security features and assurances through control of
changes made to a system's hardware, software, firmware, documentation,
test, test fixtures, and test documentation throughout the development
and operational life of the computer system. Compare to configuration
control. [SRV] (see also software, test, assurance, risk management, software development) (includes baseline management, configuration, configuration control, configuration identification, configuration item, secure configuration management)
- confinement
- The prevention of the leaking of sensitive data from a program. [AJP][NCSC/TG004] (see also risk) (includes confinement channel, confinement property)
- confinement channel
- (see also covert channel, covert timing channel, confinement)
- confinement property
- A subject has write access to an object only if classification of the object dominates the clearance of the subject. [RFC2828] (see also *-property, Bell-LaPadula security model, classification level, confinement)
- conformant validation certificate
- A validation certificate issued by or under the authority of a
Party in accordance with the terms of an agreement on the mutual
recognition of certificates in the field of IT security. [NIAP] (see also computer security, security, validation)
- congruence
- Property of a set of integers which differ from each other by
a multiple of the modulus. Congruence is indicated by the symbol º .
For example, 39 º 6 (mod 11) indicates that 39 and 6 are congruent with
respect to the modulus 11, i.e., 39 - 6 = 33, which is a multiple of
11. [SC27] Property of a set of integers which differ from each
other by a multiple of the modulus. Congruence is indicated by the
symbol º . For example, 39 º
6 (mod 11) indicates that 39 and 6 are congruent with respect to the
modulus 11, i.e., 39 - 6 = 33, which is a multiple of 11. [SC27]
- connection
- A liaison, in the sense of a network interrelationship,
between two hosts for a period of time. The liaison is established (by
an initiating host) for the purpose of information transfer (with the
associated host). The period of time is the time required to carry out
the intent of the liaison (e.g. transfer of a file, a chatter session,
or delivery of mail). In many cases, a connection (in the sense of this
glossary) will coincide with a host-host connection (in a special
technical sense) that is established via TCP (Transmission Control
Protocol) or an equivalent protocol. However, a connection (liaison)
can also exist when only a protocol such as IP (Internet Protocol) is
in use. (IP has no concept of a connection that persists for a period
of time.) Hence, the notion of connection can be independent of the
particular protocols in use during a liaison of two hosts. [AJP]
A liaison, in the sense of a network interrelationship, between two
hosts for a period of time. The liaison is established (by an
initiating host) for the purpose of information transfer (with the
associated host); the period of time is the time required to carry out
the intent of the liaison (e.g. transfer of a file, a chatter session,
delivery of mail). In many cases, a connection (in the sense of this
glossary) will coincide with a host-host connection (in a special
technical sense) established via TCP or equivalent protocol. However a
connection (liaison) can also exist when only a protocol such as IP is
in use (IP has no concept of a connection that persists for a period of
time). Hence, the notion of connection as used here is independent of
the particular protocols in use during a liaison of two hosts. [TNI]
A state in which two hosts, or a host and the DUT/SUT, agree to
exchange data using a known protocol. A connection is an abstraction
describing an agreement between two nodes: One agrees to send data and
the other agrees to receive it. [RFC2647] (see also data source, networks, firewall) (includes concurrent connections, connection establishment, connection establishment time, connection maintenance, connection overhead, connection teardown, connection teardown time)
- connection establishment
- The data exchanged between hosts, or between a host and the
DUT/SUT, to initiate a connection. Connection-oriented protocols like
TCP have a proscribed handshaking procedure when launching a
connection. When benchmarking firewall performance, it is import to
identify this handshaking procedure so that it is not included in
measurements of bit forwarding rate or UOTs per second. Testers may
also be interested in measurements of connection establishment time
through or with a given DUT/SUT. [RFC2647] (see also security association, test, connection)
- connection establishment time
- The length of time needed for two hosts, or a host and the
DUT/SUT, to agree to set up a connection using a known protocol. Each
connection-oriented protocol has its own defined mechanisms for setting
up a connection. For purposes of benchmarking firewall performance,
this shall be the interval between receipt of the first bit of the
first octet of the packet carrying a connection establishment request
on a DUT/SUT interface until transmission of the last bit of the last
octet of the last packet of the connection setup traffic headed in the
opposite direction. This definition applies only to connection-oriented
protocols such as TCP. For connectionless protocols such as UDP, the
notion of connection establishment time is not meaningful. [RFC2647] (see also connection)
- connection maintenance
- The data exchanged between hosts, or between a host and the
DUT/SUT, to ensure a connection is kept alive. Some implementations of
TCP and other connection-oriented protocols use 'keep-alive' data to
maintain a connection during periods where no user data is exchanged.
When benchmarking firewall performance, it is useful to identify
connection maintenance traffic as distinct from UOTs per second. Given
that maintenance traffic may be characterized by short bursts at
periodical intervals, it may not be possible to describe a steady-state
forwarding rate for maintenance traffic. One possible approach is to
identify the quantity of maintenance traffic, in bytes or bits, over a
given interval, and divide through to derive a measurement of
maintenance traffic forwarding rate. [RFC2647] (see also connection)
- connection overhead
- The degradation in bit forwarding rate, if any, observed as a
result of the addition of one connection between two hosts through the
DUT/SUT, or the addition of one connection from a host to the DUT/SUT.
The memory cost of connection establishment and maintenance is highly
implementation-specific. This metric is intended to describe that cost
in a method visible outside the firewall. It may also be desirable to
invert this metric to show the performance improvement as a result of
tearing down one connection. [RFC2647] (see also connection)
- connection teardown
- The data exchanged between hosts, or between a host and the
DUT/SUT, to close a connection. Connection-oriented protocols like TCP
follow a stated procedure when ending a connection. When benchmarking
firewall performance, it is important to identify the teardown
procedure so that it is not included in measurements of bit forwarding
rate or UOTs per second. Testers may also be interested in measurements
of connection teardown time through or with a given DUT/SUT. [RFC2647] (see also test, connection)
- connection teardown time
- The length of time needed for two hosts, or a host and the
DUT/SUT, to agree to tear down a connection using a known protocol.
Each connection-oriented protocol has its own defined mechanisms for
dropping a connection. For purposes of benchmarking firewall
performance, this shall be the interval between receipt of the first
bit of the first octet of the packet carrying a connection teardown
request on a DUT/SUT interface until transmission of the last bit of
the last octet of the last packet of the connection teardown traffic
headed in the opposite direction. This definition applies only to
connection-oriented protocols such as TCP. For connectionless protocols
such as UDP, the notion of connection teardown time is not meaningful. [RFC2647] (see also connection)
- connectionless data integrity service
- (I) A security service that provides data integrity
service for an individual IP datagram, by detecting modification of the
datagram, without regard to the ordering of the datagram in a stream of
datagrams. (C) A connection-oriented data integrity service
would be able to detect lost or reordered datagrams within a stream of
datagrams. [RFC2828] (see also security)
- connectivity
- The property of the TOE which allows interaction with IT
entities external to the TOE. This includes exchange of data by wire or
by wireless means, over any distance in any environment or
configuration. [CC2][CC21][SC27] (see also target of evaluation)
- consequence management
- Includes measures to protect public health and safety, restore
essential government services, and provide emergency relief to
governments, businesses, and individuals affected by the consequences
of terrorism. The laws of the United States assign primary authority to
the States to respond to the consequences of terrorism; the Federal
Government provides assistance as required. [CIAO] (see also risk management)
- consistency
- The degree of uniformity, standardization, and freedom from contradiction among the documents or parts of system or component. [IEEE610] (see also database management system)
- constant surveillance service (CSS)
-
- construction
- The process of creating a Target of Evaluation. [AJP][ITSEC] (see also target of evaluation)
- construction of TOE requirements
- An intermediate combination of components is a package. The
package permits the expression of a set of requirements which meet an
identifiable subset of security objectives. A package is intended to be
reusable and to define requirements which are known to be useful and
effective in meeting the identified objectives. A package may be used
in the construction of larger packages, PPs, and STs. [CC1] (see also requirements, target of evaluation) (includes component, security target)
- constructive cost model (COCOMO)
- (see also business process)
- consumers
- Individuals or groups responsible for specifying requirements
for IT product security (e.g. policy makers and regulatory officials,
system architects, integrators, acquisition managers, product
purchasers, and end-users). [AJP][FCv1] (see also user)
- contamination
- The intermixing of data at different sensitivity and
need-to-know levels. The lower level data is said to be contaminated by
the higher level data; thus, the contaminating (higher level) data may
not receive the required level of protection. [AJP][NCSC/TG004]
Type of incident involving the introduction of data of one security
classification or security category into data of a lower security
classification or different security category. [NSTISSC] (see also fetch protection, file protection, incident, risk)
- context-dependent access control
- Access control in which access is determined by the specific circumstances under which the data is being accessed. [AJP][TDI] (see also access control)
- contingency key
- Key held for use under specific operational conditions or in support of specific contingency plans. [NSTISSC] (see also key)
- contingency plan
- (I) A plan for emergency response, backup operations,
and post-disaster recovery in a system as part of a security program to
ensure availability of critical system resources and facilitate
continuity of operations in a crisis. [RFC2828] A plan for
emergency response, backup operations, and post-disaster recovery
maintained by an activity as a part of its security program that will
ensure the availability of critical resources and facilitate the
continuity of operations in an emergency situation. [AFSEC][AJP][NCSC/TG004]
A plan for responding to the loss or failure of a system. The plan
describes the necessary steps to take in order to ensure the continuity
of core business processes. It includes emergency response, backup
operations, and post-disaster recovery. Synonymous with disaster plan
and emergency plan. [SRV] Plan maintained for emergency
response, backup operations, and post-disaster recovery for an IS, to
ensure availability of critical resources and facilitate the continuity
of operations in an emergency. [CIAO] Plan maintained for
emergency response, backup operations, and post-disaster recovery for
an IS, to ensure the availability of critical resources and to
facilitate the continuity of operations in an emergency situation. [NSTISSC] (see also business process, failure, recovery, availability) (includes back up vs. backup, backup generations, backup operations, backup plan, disaster plan, disaster recovery, disaster recovery plan, emergency plan, recovery procedures, redundancy)
- contingency planning
- A family of security controls in the operations class dealing
with emergency response, backup operations, and post-disaster recovery
for an IT system, to ensure the availability of critical resources and
to facilitate the continuity of operations in an emergency situation. [800-37] (see also recovery, security, availability)
- continuity of services and operations
- Controls to ensure that, when unexpected events occur,
departmental / agency MEI services and operations, including computer
operations, continue without interruption or are promptly resumed and
critical and sensitive data are protected through adequate contingency
and business recovery plans and exercises. [CIAO] (see also business process, minimum essential infrastructure, recovery, risk management)
- continuous process improvement
- An ongoing effort to incrementally improve how products and services are provided and internal operations are conduced. [SRV] (see also quality)
- continuous signature service (CSS)
-
- contract
- An agreement between two or more legally competent parties, in
the proper form, on a legal subject matter or purpose, for a legal
consideration. [SRV]
- contracting officer representative (COR)
-
- contractor special security officer (CSSO)
- (see also security)
- control
- In the context of information technology security, the term
'control' is normally considered to be synonymous with 'safeguard'. [SC27] (see also computer security, security)
- control class
- A grouping of security controls, organized by control
families, that all fall under the same broad category. For example,
there are three general classes of security controls, (i.e.,
management, operational, and technical) in NIST Special Publications
800-18, 800-37, and 800-53. [800-37] (see also security)
- control family
- A grouping of security controls that fall under the same more
specific category, which are often interrelated and interdependent, and
which should be considered as a group. [800-37] (see also security)
- control identification list
- A list of all of the security controls that should be added to
the security plan and implemented based on the criticality/sensitivity
needs identified by the agency. [800-37] (see also security)
- control information
- information that is entered into a cryptographic module for the purposes of directing the operation of the module. [FIPS140] (see also cryptographic module)
- control objectives
- A statement of the desired result or purpose to be achieved by implementing control procedures in a particular IT activity. [CIAO] Required result of protecting information within an IT product and its immediate environment. [AJP][FCv1] (see also risk management)
- control objectives for information and related technology (COBIT)
-
- control zone
- The space, expressed in feet of radius, surrounding equipment
processing sensitive information, that is under sufficient physical and
technical control to preclude an unauthorized entry or compromise. [AJP][NCSC/TG004] (see also security)
- controlled access
- (see access control)
- controlled access protection
- The C2 level of protection described in the Trusted Computer
System Evaluation Criteria (Orange Book). Its major characteristics
are: individual accountability, audit, access control, and object
reuse. [NSTISSC] (see also access control, assurance, evaluation, trust)
- controlled cryptographic item (CCI)
- Secure telecommunications or information (CCI) handling
equipment, or associated cryptographic component, that is unclassified
but governed by a special set of control requirements. Such items are
marked 'CONTROLLED CRYPTOGRAPHIC ITEM' or, where space is limited,
'CCI.' [NSTISSC] (see also cryptography)
- controlled security mode
- (D) ISDs SHOULD NOT use this term. It was defined in an
earlier version of the U.S. Department of Defense policy that regulates
system accreditation, but was subsumed by 'partitioned security mode'
in the current version. (C) The term refers to a mode of
operation of an information system, wherein at least some users with
access to the system have neither a security clearance nor a
need-to-know for all classified material contained in the system.
However, separation and control of users and classified material on the
basis, respectively, of clearance and classification level are not
essentially under operating system control like they are in 'multilevel
security mode'. (C) Controlled mode was intended to encourage
ingenuity in meeting the security requirements of Defense policy in
ways less restrictive than 'dedicated security mode' and 'system high
security mode', but at a level of risk lower than that generally
associated with the true 'multilevel security mode'. This was to be
accomplished by implementation of explicit augmenting measures to
reduce or remove a substantial measure of system software vulnerability
together with specific limitation of the security clearance levels of
users permitted concurrent access to the system. [RFC2828] (see also accreditation, classification level, software, multilevel security)
- controlled sharing
- Condition existing when access control is applied to all users and components of an IT system. [NSTISSC] The condition that exists when access control is applied to all users and components of a system. [AJP][NCSC/TG004] (see also access control)
- controlled space
- Three-dimensional space surrounding IS equipment, within which
unauthorized persons are denied unrestricted access and are either
escorted by authorized persons or are under continuous physical or
electronic surveillance. [NSTISSC]
- controlling authority
- Official responsible for directing the operation of a
cryptonet and for managing the operational use and control of keying
material assigned to the cryptonet. [NSTISSC] (see also cryptography)
- conversion
- Changing data and/or existing software into another format. [SRV] (see also software)
- cookies
- (I) access control usage: A synonym for 'capability' or 'ticket' in an access control system. (I)
IPsec usage: Data exchanged by ISAKMP to prevent certain
denial-of-service attacks during the establishment of a security
association. (I) HTTP usage: Data exchanged between an HTTP
server and a browser (a client of the server) to store state
information on the client side and retrieve it later for server use. (C)
An HTTP server, when sending data to a client, may send along cookie,
which the client retains after the HTTP connection closes. A server can
use this mechanism to maintain persistent client-side state information
for HTTP-based applications, retrieving the state information in later
connections. A cookie may include a description of the range of URLs
for which the state is valid. Future requests made by the client in
that range will also send the current value of the cookie to the
server. Cookies can be used to generate profiles of web usage habits,
and thus may infringe on personal privacy. [RFC2828] A message given by a Web server to a Web browser, stored by the Web browser, and returned to the Web server when requested. [FFIEC]
Cookies register information about a visit to a web site for future use
by the server. A server may receive information of cookies of other
sites as well which create concern in terms of breach of privacy. [RFC2504] (see also attack, internet, privacy, world wide web, access control)
- cooperative key generation (CKG)
- Electronically exchanging functions of locally generated,
random components, from which both terminals of a secure circuit
construct traffic encryption key or key encryption key for use on that
circuit. [NSTISSC] (see also encryption, key)
- coordinated universal time
- (N) UTC is derived from International Atomic Time (TAI)
by adding number of leap seconds. The International Bureau of Weights
and Measures computes TAI once each month by averaging data from many
laboratories. [RFC2828] (see also GeneralizedTime, UTCTime)
- core or key process
- - Business processes that are vital to the organization's success and survival. [SRV] (see also business process)
- corporate security policy
- The set of laws, rules, and practices that regulate how assets
including sensitive information are managed, protected, and distributed
within a user organization. [AJP][ITSEC] (see also policy, security policy)
- correctness
- (1) A property of a representation of a Target of Evaluation
such that it accurately reflects the stated security target for that
system or product. Correctness consists of determining if the
description and implementation are consistent. There are levels of
correctness that depend on the evidence requirements and the intensity
of verification and analysis. (2) In security evaluation, the
preservation of relevant properties between successive levels of
representations. Examples of representations could be top-level
functional specification, detailed design specification, and actual
implementation. This is an aspect of assurance. (3) Correctness in the
draft Federal Criteria equates to assurance in the European Information
Technology Security Evaluation Criteria. Development and evaluation
assurance constitute correctness criteria. Effectiveness is addressed
in vetting of protection profiles. (4) The extent to which a program
satisfies its specifications. [AJP] A property of a
representation of a Target of Evaluation such that it accurately
reflects the stated security target for that system or product. [ITSEC]
In security evaluation, the preservation of relevant properties between
successive levels of representations. Examples of representations could
be: top-level functional specification, detailed design specification,
actual implementation. An aspect of assurance. [JTC1/SC27] The degree to which software or its components is free from faults and/or meets specified requirements and/or user needs. [SRV] The extent to which a program satisfies its specifications. [TNI] (see also analysis, computer security, evidence, fault, security target, software, European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, assurance, integrity)
- correctness integrity
- (I) Accuracy and consistency of the information that
data values represent, rather than of the data itself. Closely related
to issues of accountability and error handling. [RFC2828] (see also integrity)
- correctness proof
- (I) A mathematical proof of consistency between a
specification for system security and the implementation of that
specification. [RFC2828] A mathematical proof of consistency between a specification and its implementation. [NSTISSC] (see also security)
- corruption
- A threat action that undesirably alters system operation by adversely modifying system functions or data. [RFC2828] (see also threat consequence)
- cost reimbursement contract
- A contract that provides for payment of allowable incurred costs to the extent prescribed in the contract. [SRV] (see also business process)
- cost-risk analysis
- The assessment of the costs of providing data protection for a system versus the cost of losing or compromising the data. [AJP][NCSC/TG004][OVT] (see also analysis, business process, risk analysis)
- cost/benefit
- A criterion for comparing programs and alternatives when
benefits can be valued in dollars. Also referred to as the benefit-cost
ratio, which is a function of equivalent benefits and equivalent costs.
[SRV] (see also business process)
- cost/benefit analysis
- A technique to compare the various costs associated with an
investment with the benefits that it proposes to return. Both tangible
and intangible factors should be addressed and accounted for. [SRV] (see also analysis, business process)
- COTS software
- Commercial Off the Shelf - Software acquired by government
contract through a commercial vendor. This software is a standard
product, not developed by a vendor for a particular government project.
[NSAINT][OVT] (see also mass-market software, commercial off the shelf, software)
- counter
- A bit array of length n bits which is used in the
Counter Mode; its value when considered as the binary representation of
an integer increases by one (modulo 2n) after each block of plaintext is processed. [SC27]
- counter measures
- (I) An action, device, procedure, or technique that
reduces a threat, a vulnerability, or an attack by eliminating or
preventing it, by minimizing the harm it can cause, or by discovering
and reporting it so that corrective action can be taken. (C) In
an Internet protocol, a counter measure may take the form of protocol
feature, an element function, or a usage constraint. [RFC2828] A
specific technique, product or procedure that is implemented to subvert
or remedy the effects of an attack or attack scenario. [IATF] Action, device, procedure, technique, or other measure that reduces the vulnerability of an IT system. [NSTISSC]
Action, device, procedure, technique, or other measure that reduces the
vulnerability of an automated information system. Counter measures that
are aimed at specific threats and vulnerabilities involve more
sophisticated techniques as well as activities traditionally perceived
as security. [AFSEC][NSAINT] Any action, device, procedure, technique, or other measure that reduces the vulnerability of a system, such as an AIS. [AJP][FCv1] Any action, device, procedure, technique, or other measure that reduces the vulnerability of a threat to a system. [NCSC/TG004][SRV] (see also acceptable level of risk, asset, attack, benign, benign environment, checksum, information systems security engineering, internet, key, layered solution, level of protection, physical security, residual risk, risk analysis, risk assessment, security audit, security software, technology, vulnerability, work factor, risk management, threat) (includes electronic counter-countermeasures, electronic countermeasures, non-technical countermeasure, security counter measures, technical countermeasure, technical surveillance countermeasures)
- country code
- (I) An identifier that is defined for a nation by ISO. (C)
For each nation, ISO Standard 3166 defines a unique two-character
alphabetic code, a unique three-character alphabetic code, and a
three-digit code. Among many uses of these codes, the two-character
codes are used as top-level domain names. [RFC2828]
- coverage
- Any metric of completeness with respect to a test selection
criterion. Without qualification, usually means branch or statement
coverage. [OVT] (see also test)
- covert channel
- (1) A communication channel that allows a process to transfer
information in a manner that violates the system's security policy. A
covert channel typically communicates by exploiting a mechanism not
intended to be used for communication. (2) The use of a mechanism not
intended for communication to transfer information in a way that
violates security. (3) Unintended and/or unauthorized communications
path that can be used to transfer information in a manner that violates
an AIS security policy. [AJP] (I) A intra-system channel
that permits two cooperating entities, without exceeding their access
authorizations, to transfer information in a way that violates the
system's security policy. (O) 'A communications channel that
allows two cooperating processes to transfer information in a manner
that violates the system's security policy.' (C) The cooperating
entities can be either two insiders or an insider and an outsider. Of
course, an outsider has no access authorization at all. A covert
channel is a system feature that the system architects neither designed
nor intended for information transfer:
- 'Timing channel': A
system feature that enable one system entity to signal information to
another by modulating its own use of a system resource in such a way as
to affect system response time observed by the second entity.
- 'Storage
channel': A system feature that enables one system entity to signal
information to another entity by directly or indirectly writing a
storage location that is later directly or indirectly read by the
second entity.
[RFC2828] A communication channel
that allows a process to transfer information in a manner that violates
the system's security policy. [TCSEC] A communications channel
that allows a process to transfer information in a manner that violates
the system's security policy. A covert channel typically communicates
by exploiting a mechanism not intended to be used for communication. [TNI]
A communications channel that allows two cooperating processes to
transfer information in a manner that violates a security policy, but
without violating the access control. [SRV] A communications
channel that allows two cooperating processes to transfer information
in a manner that violates the system's security policy. [AFSEC][NCSC/TG004]
Any communication channel that can be exploited by a process to
transfer information in a manner that violates the system's security
policy. [IATF] The use of a mechanism not intended for communication to transfer information in a way which violates security. [ITSEC]
Unintended and/or unauthorized communications path that can be used to
transfer information in a manner that violates an AIS security policy. [FCv1][NSTISSC] (see also overt channel, security-compliant channel, access control, computer security, confinement channel, exploit, channel, exploitable channel) (includes covert storage channel, covert timing channel)
- covert channel analysis
- Determination of the extent to which the security policy model
and subsequent lower-level program descriptions may allow unauthorized
access to information. [NSTISSC] (see also unauthorized access, analysis)
- covert storage channel
- A covert channel that involves the direct or indirect writing
of a storage location by one process and the direct or indirect reading
of the storage location by another process. Covert storage channels
typically involve a finite resource (e.g. sectors on a disk) that is
shared by two subjects at different security levels. [AJP][FCv1][NCSC/TG004][TCSEC][TNI]
Covert channel involving the direct or indirect writing to a storage
location by one process and the direct or indirect reading of the
storage location by another process. Covert storage channels typically
involve a finite resource (e.g., sectors on a disk) that is shared by
two subjects at different security levels. [NSTISSC] (see also channel, covert channel) (includes subject)
- covert timing channel
- (1) A covert channel by which a process signals information to
another process by modulating its own use of system resources (e.g. CPU
time) in such a way that this manipulation affects the real response
time observed by the second process. (2) A communications channel that
allows two cooperating processes to transfer information in a manner
that violates the system's security policy. [AJP] A covert
channel in which one process signals information to another by
modulating its own use of system resources (e.g. CPU time) in such a
way that this manipulation affects the real response time observed by
the second process. [NCSC/TG004][TCSEC][TNI] A
covert channel in which one process signals information to another
process by modulating its own use of system resources (e.g. CPU time)
in such a way that this manipulation affects the real response time
observed by the second process. [FCv1] Covert channel in which
one process signals information to another process by modulating its
own use of system resources (e.g., central processing unit time) in
such a way that this manipulation affects the real response time
observed by the second process. [NSTISSC] (see also confinement channel, channel, covert channel)
- CPU time
- The amount of time that a job or transaction uses a central processing unit (CPU) to complete processing. [SRV] (see also automated information system)
- crack
- A popular hacking tool used to crack passwords. System
administrators also use Crack to assess weak passwords by novice users
in order to better secure his/her system. [AFSEC] A popular
hacking tool used to decode encrypted passwords. System administrators
also use Crack to assess weak passwords by novice users in order to
enhance the security of the AIS. [NSAINT] (see also cryptography, passwords, threat) (includes crack root, cracker, cracking)
- crack root
- To defeat the security system of a UNIX machine and gain root system privileges thereby. [AFSEC] (see also crack)
- cracker
- (I) Someone who tries to break the security of, and gain access to, someone else's system without being invited to do so. [RFC2828]
A cracker is an individual who attempts to access computer systems
without authorization. These individuals are often malicious, as
opposed to hackers, and have many means at their disposal for breaking
into a system. [RFC1983] One who breaks security on a system. A person who engages in computer and telecommunications intrusion. [AFSEC] One who breaks security on an AIS. [NSAINT]
This term is used to describe attackers, intruders or other bad guys
that do not play by the rules and try to circumvent security mechanisms
and/or attack individuals and organisations. [RFC2504] (see also crack, hacker)
- cracking
- The act of breaking into a computer system. [AFSEC][NSAINT] (see also crack)
- crash
- A sudden, usually drastic failure of a computer system. [AFSEC][NSAINT] The sudden and complete failure of a computer system or component. [OVT] (see also failure, threat)
- credentials
- (I) Data that is transferred or presented to establish either a claimed identity or the authorizations of a system entity. (O) 'Data that is transferred to establish the claimed identity of an entity.' [RFC2828] A credential is the information one entity presents to another to authenticate the other's identity. [IATF]
A credential is what one principal presents to another to authenticate
itself. For mutual authentication, both parties exchange credentials.
Credentials are issued by an authentication agent or a certification
authority. Depending on the model for authentication, credentials may
only be valid for a session, or they may have longer validity periods.
Digital certificates are credentials that typically last for a year or
two. Tickets are credentials that are only good for a session, which
typically does not last more than several hours. [misc] Information, passed from one entity to another, used to establish the sending entity's access rights. [NSTISSC] (see also authentication, model, certification authority) (includes digital certificate, ticket)
- crisis management
- Includes measures to identify, acquire, and plan the use of
resources needed to anticipate, prevent, and/or resolve a threat or act
of terrorism. The laws of the United States assign primary authority to
the Federal Government to prevent and respond to acts of terrorism;
State and local governments provide assistance as required. Crisis
management is predominantly a law enforcement response. Based on the
situation, a Federal crisis management response may be supported by
technical operations, and by Federal consequence management, which may
operate concurrently. [CIAO] (see also risk management)
- criteria
- Examples of other criteria are the European Information
Technology Security Evaluation Criteria (Europe), Canadian Trusted
Computer Product Evaluation Criteria, Federal Criteria for Information
Technology Security: Draft (US), and the forthcoming Common Criteria
for Information Technology Security (international). [AJP] (see also computer security, evaluation, security, trust) (includes Canadian Trusted Computer Product Evaluation Criteria, Common Criteria for Information Technology Security Evaluation, European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, Trusted Computer System Evaluation Criteria)
- criteria of control (CoCo)
-
- critical
- (I) 'Critical' system resource: A condition of a
service or other system resource such that denial of access to (i.e.,
lack of availability of) that resource would jeopardize a system user's
ability to perform a primary function or would result in other serious
consequences. (N) 'Critical' extension: Each extension of an
X.509 certificate (or CRL) is marked as being either critical or
non-critical. If an extension is critical and a certificate user (or
CRL user) does not recognize the extension type or does not implement
its semantics, then the user is required to treat the certificate (or
CRL) as invalid. If an extension is non-critical, user that does not
recognize or implement that extension type is permitted to ignore the
extension and process the rest of the certificate (or CRL). [RFC2828] (see also availability, certificate, public-key infrastructure, risk)
- critical asset
- An asset that supports national security, national economic security, and/or crucial public health and safety activities. [CIAO] (see also vulnerability)
- critical elements
- Important security-related focus areas for the system with each critical element addressed by one or more security controls. [800-37] (see also security)
- critical financial markets
- Financial markets whose operations are critical to the U.S.
economy, including markets for fed funds, foreign exchange, commercial
paper, and government, corporate, and mortgage-backed securities. [FFIEC]
- critical infrastructure
- 'Physical or cyber-based system essential to the minimum operations of the economy and government.' (PDD-63 definition) [CIAO] Those physical and cyber-based systems essential to the minimum operations of the economy and government. [NSTISSC]
Those systems and assets, both physical and cyber, so vital to the
Nation that their incapacity or destruction would have a debilitating
impact on national security, national economic security, and/or
national public health and safety. [CIAO] (see also capability, destruction, government services, incapacitation, infrastructure assurance, natural disaster, partnership, risk assessment, sector coordinator, sector liaison, risk management) (includes banking and finance, code amber, code green, code red, electrical power systems, emergency services, gas and oil production, storage and transportation, information and communications, infrastructure protection, transportation, utility, water supply system)
- critical mechanism
- A mechanism within a Target of Evaluation whose failure would create a security weakness. [AJP][ITSEC] (see also failure, security, target of evaluation)
- critical path method (CPM)
-
- critical security parameters (CSP)
- Security-related information (e.g. cryptographic keys,
authentication data such as passwords and PINs) appearing in plaintext
or otherwise unprotected form and whose disclosure or modification can
compromise the security of a cryptographic module or the security of
the information protected by the module. [SRV] security-related
information (e.g. cryptographic keys, authentication data such as
passwords and PINs) appearing in plaintext or otherwise unprotected
form and whose disclosure or modification can compromise the security
of a cryptographic module or the security of the information protected
by the module. [FIPS140] (see also authentication, cryptography, key, passwords, security policy)
- criticality/sensitivity
- A measure of the importance and nature of the information
processed, stored, and transmitted by the IT system to the
organization's mission and day-to-day operations. [800-37]
- cross-certificate
- (see also cross-certification, certificate)
- cross-certification
- (I) The act or process by which two CAs each certify a
public key of the other, issuing a public-key certificate to that other
CA. (C) Cross-certification enables users to validate each
other's certificate when the users are certified under different
certification hierarchies. [RFC2828] when two CA's issue certificates to each other after establishing a trust relationship. [misc] (see also certificate, cross-certificate, key, certification authority)
- cross-talk
- An unwanted transfer of energy from one communications channel to another channel. [SRV] (see also communications)
- cryptanalysis
- (I) The mathematical science that deals with analysis
of a cryptographic system in order to gain knowledge needed to break or
circumvent the protection that the system is designed to provide. (O)
'The analysis of a cryptographic system and/or its inputs and outputs
to derive confidential variables and/or sensitive data including
cleartext.' (C) The 'O' definition states the traditional goal
of cryptanalysis--convert the ciphertext to plaintext (which usually is
cleartext) without knowing the key--but that definition applies only to
encryption systems. Today, the term is used with reference to all kinds
of cryptographic algorithms and key management, and the 'I' definition
reflects that. In all cases, however, a cryptanalyst tries to uncover
or reproduce someone else's sensitive data, such as cleartext, a key,
or an algorithm. The basic cryptanalytic attacks on encryption systems
are ciphertext-only, known-plaintext, chosen-plaintext, and
chosen-ciphertext; and these generalize to the other kinds of
cryptography. [RFC2828] Definition 1) The analysis of a
cryptographic system and/or its inputs and outputs to derive
confidential variables and/or sensitive data including cleartext.
Definition 2) Operations performed in converting encrypted messages to
plain text without initial knowledge of the crypto-algorithm and/or key
employed in the encryption. [NSAINT] Operations performed in
converting encrypted messages to plain text without initial knowledge
of the crypto-algorithm and/or key employed in the encryption. [NSTISSC]
The steps and operations performed in converting encrypted messages
into plaintext without initial knowledge of the key employed in the
encryption algorithm. [SRV] Transforming encrypted data into plaintext without having prior knowledge of encryption parameters or processes. [RFC2828] (see also algorithm, attack, encryption, key, analysis, threat consequence)
- CRYPTO
- (D) Except as part of certain long-established terms
listed in this Glossary, ISDs SHOULD NOT use this abbreviated term
because it may be misunderstood. Instead, use 'cryptography' or
'cryptographic'. [RFC2828] Marking or designator identifying
COMSEC keying material used to secure or authenticate
telecommunications carrying classified or sensitive U.S. Government or
U.S. Government-derived information. [NSTISSC] (see also communications security, key)
- crypto-alarm
- Circuit or device that detects failures or aberrations in the
logic or operation of crypto-equipment. Crypto-alarm may inhibit
transmission or may provide a visible and/or audible alarm. [NSTISSC] (see also cryptography)
- crypto-algorithm
- A well-defined procedure or sequence of rules or steps used to
produce a key stream or ciphertext from plaintext and vice versa. [AJP][NCSC/TG004]
Well-defined procedure or sequence of rules or steps, or a series of
mathematical equations used to describe cryptographic processes such as
encryption/decryption, key generation, authentication, signatures, etc.
[NSTISSC] (see also authentication, encryption, algorithm)
- crypto-ancillary equipment
- Equipment designed specifically to facilitate efficient or
reliable operation of crypto-equipment, without performing
cryptographic functions itself. [NSTISSC] (see also cryptography)
- crypto-equipment
- Equipment that embodies a cryptographic logic. [NSTISSC] (see also cryptography)
- crypto-ignition key (CIK)
- Device or electronic key used to unlock the secure mode of crypto-equipment. [IATF][NSTISSC] (see also key)
- crypto-ignition plug (CIP)
- (see also cryptography)
- crypto-security
- Component of COMSEC resulting from the provision of technically sound cryptosystems and their proper use. [NSTISSC] The security or protection resulting from the proper use of technically sound cryptosystems. [AJP][NCSC/TG004][SRV] (see also communications security)
- cryptographic
- Pertaining to, or concerned with, cryptography. [NSTISSC] (see also cryptography)
- cryptographic algorithm
- (I) An algorithm that employs the science of
cryptography, including encryption algorithms, cryptographic hash
algorithms, digital signature algorithms, and key agreement algorithms.
[RFC2828] (see also digital signature, encryption, hash, key)
- cryptographic algorithm for confidentiality
- A cryptographic algorithm for confidentiality is defined as an
algorithm which transforms data in order to hide or reveal its
information content and which uses at least one secret parameter. This
definition includes both symmetric algorithms (e.g. DES and FEAL) and
asymmetric algorithms (e.g. RSA and Rabin). In the case of a symmetric
algorithm the data is hidden and revealed using a secret parameter. In
the case of an asymmetric algorithm the data is hidden using a public
parameter and revealed using a secret parameter. [SC27] (see also confidentiality, cryptography)
- Cryptographic Application Program Interface
- An interface standard that provides a means for isolating a
computer platform from the details of the implementation of
cryptographic functions. [IATF] (see also encryption, security)
- cryptographic application programming interface (CAPI)
- (I) The source code formats and procedures through
which an application program accesses cryptographic services, which are
defined abstractly compared to their actual implementation. [RFC2828] The Cryptographic Application Programming Interface for Microsoft. [MSC] (see also software)
- cryptographic boundary
- an explicitly defined contiguous perimeter that establishes the physical bounds of a cryptographic module. [FIPS140] (see also cryptographic module) (includes physical protection)
- cryptographic card
- (I) A cryptographic token in the form of a smart card or a PC card. [RFC2828] (see also tokens)
- cryptographic check function
- A cryptographic transformation which takes as input a secret
key and an arbitrary string, and which gives a cryptographic check
value as output. The computation of a correct check value without
knowledge of the secret key shall be infeasible. [SC27] (see also cryptography)
- cryptographic check value
- Information which is derived by performing a cryptographic transformation on the data unit. [SC27]
Information which is derived by performing a cryptographic
transformation on the data unit. NOTE - The cryptographic check value
is the output of the cryptographic check function. [SC27]
Information which is derived by performing a cryptographic
transformation on the data unit. [ISO/IEC 9798-1: 1997, ISO/IEC
11770-3: 1999] Information which is derived by performing a
cryptographic transformation on the data unit. NOTE - The cryptographic
check value is the output of the cryptographic check function. [SC27] (see also cryptography)
- cryptographic component
- (I) A generic term for any system component that involves cryptography. [RFC2828]
Hardware or firmware embodiment of the cryptographic logic. A
cryptographic component may be a modular assembly, a printed wiring
assembly, a microcircuit, or a combination of these items. [NSTISSC] (see also hash)
- cryptographic device services (CDS)
- (see also cryptography)
- cryptographic equipment room (CER)
- Controlled-access room in which cryptosystems are (CER) located. [NSTISSC] (see also cryptography)
- cryptographic functions
- A set of procedures that provide basic cryptographic
functionality using various algorithms for key generation, random
number generation, encryption, decryption, and message digesting. [IATF]
A set of procedures that provide basic cryptographic functionality. The
functionality includes using various algorithms for key generation,
random number generation, encryption, decryption, and message
digesting. [misc] (see also encryption, key)
- cryptographic hash function
- A (mathematical) function that maps values from a large domain
into a smaller range. The function satisfies the following properties:
(1) it is computationally infeasible to find any input that maps to any
prespecified output (one-way) and (2) it is computationally infeasible
to find any two distinct inputs that map to the same output (collision
free). [SRV] A process that computes a value (referred to as a
hashword) from a particular data unit in a manner that, when a hashword
is protected, manipulation of the data is detectable. [NSAINT] (see also hash function, hash)
- cryptographic ignition key (CIK)
- (I) A physical (usually electronic) token used to
store, transport, and protect cryptographic keys. (Sometimes
abbreviated as 'crypto ignition key'.) (C) A typical use is to
divide a split key between a CIK and a cryptographic module, so that it
is necessary to combine the two to regenerate a key-encrypting key and
thus activate the module and other keys it contains. [RFC2828] (see also encryption, tokens, key)
- cryptographic initialization
- Function used to set the state of a cryptographic logic prior to key generation, encryption, or other operating mode. [NSTISSC] (see also encryption)
- cryptographic key
- (I) Usually shortened to just 'key'. An input parameter that varies the transformation performed by a cryptographic algorithm. (O) 'A sequence of symbols that controls the operations of encipherment and decipherment.' (C)
If a key value needs to be kept secret, the sequence of symbols
(usually bits) that comprise it should be random, or at least
pseudo-random, because that makes the key hard for an adversary to
guess. [RFC2828] A parameter used in conjunction with a
cryptographic algorithm that determines: (1) the transformation of
plaintext data into ciphertext data, (2) the transformation of
ciphertext data into plaintext data, (3) a digital signature computed
from data, (4) the verification of a digital signature computed from
data, or (5) a data authentication code computed from data. The
cryptographic key is an input to an encryption device that results in
cryptotext. A parameter used by a cryptographic process that makes the
process completely defined and usable only by those having that key. [SRV]
A parameter used in conjunction with a cryptographic algorithm that
determines: the transformation of plaintext data into ciphertext data,
the transformation of ciphertext data into plaintext data, a digital
signature computed from data, the verification of a digital signature
computed from data, or a data authentication code (DAC) computed from
data. [FIPS140] (see also algorithm, authentication, encryption, key)
- cryptographic key component
- A parameter that is combined via a bit-wise exclusive-OR
operation with one or more other identically sized key component(s) to
form a plaintext cryptographic key. [FIPS140] (see also cryptography)
- cryptographic logic
- The embodiment of one (or more) crypto-algorithm(s) along with
alarms, checks, and other processes essential to effective and secure
performance of the cryptographic process(es). [NSTISSC] (see also cryptography)
- Cryptographic Message Syntax
- (I) A encapsulation syntax for digital signatures, hashes, and encryption of arbitrary messages. (C)
CMS was derived from PKCS #7. CMS values are specified with ASN.1 and
use BER encoding. The syntax permits multiple encapsulation with
nesting, permits arbitrary attributes to be signed along with message
content, and supports a variety of architectures for digital
certificate-based key management. [RFC2828] (see also certificate, digital signature, encryption, hash, key, public-key infrastructure)
- cryptographic module
- (I) A set of hardware, software, firmware, or some
combination thereof that implements cryptographic logic or processes,
including cryptographic algorithms, and is contained within the
module's cryptographic boundary, which is an explicitly defined
contiguous perimeter that establishes the physical bounds of the
module. [RFC2828] The set of hardware, software, firmware, or
some combination thereof that implements cryptographic logic or
processes, including cryptographic algorithms, and is contained within
the cryptographic boundary of the module. [FIPS140][SRV] (see also algorithm, software) (includes control information, cryptographic boundary, cryptographic module security policy, data path, firmware, hardware, input data, microcode, operator, output data)
- cryptographic module security policy
- A precise specification of the security rules under which a
cryptographic module must operate, including the security rules derived
from the requirements of this standard and the additional security
rules imposed by the manufacturer. [FIPS140] (see also cryptographic module, policy, security policy)
- cryptographic randomization
- Function that randomly determines the transmit state of a cryptographic logic. [NSTISSC] (see also cryptography)
- cryptographic service
- Modules that provide secure key storage and cryptographic
functions. The Providers (CSPs) modules may be software only or
hardware with software drivers. The cryptographic functions provided
may include: Bulk encryption and decryption, Digital signing,
Cryptographic hash, Random number generation, and Key exchange. [Intel] (see also hash, software, common data security architecture)
- cryptographic service providers (CSP)
- (see also common data security architecture)
- cryptographic synchronization
- The co-ordination of the encipherment and decipherment processes. [SC27] (see also cryptography)
- cryptographic system
- (I) A set of cryptographic algorithms together with the
key management processes that support use of the algorithms in some
application context. (C) This 'I' definition covers a wider range of algorithms than the following 'O' definition: (O)
'A collection of transformations from plaintext into ciphertext and
vice versa [which would exclude digital signature, cryptographic hash,
and key agreement algorithms], the particular transformation(s) to be
used being selected by keys. The transformations are normally defined
by a mathematical algorithm.' [RFC2828] (see also digital signature, hash, key, system)
- cryptographic token
- (I) A portable, user-controlled, physical device used
to store cryptographic information and possibly perform cryptographic
functions. (C) A smart token may implement some set of
cryptographic algorithms and may implement related algorithms and key
management functions, such as a random number generator. A smart
cryptographic token may contain a cryptographic module or may not be
explicitly designed that way. [RFC2828] (see also key, tokens)
- cryptography
- (1) The principles, means, and methods for rendering
information unintelligible, and for restoring encrypted information to
intelligible form. (2) The transformation of ordinary text, or
'plaintext,' into coded form by encryption and the transformation of
coded text into plaintext by decryption. Cryptography can be used to
support digital signature, key management or exchange, and
communications privacy. [AJP] (I) The mathematical
science that deals with transforming data to render its meaning
unintelligible (i.e., to hide its semantic content), prevent its
undetected alteration, or prevent its unauthorized use. If the
transformation is reversible, cryptography also deals with restoring
encrypted data to intelligible form. (O) 'The discipline which
embodies principles, means, and methods for the transformation of data
in order to hide its information content, prevent its undetected
modification and/or prevent its unauthorized use. . . . Cryptography
determines the methods used in encipherment and decipherment.' [RFC2828]
Art or science concerning the principles, means, and methods for
rendering plain information unintelligible and for restoring encrypted
information to intelligible form. [NSTISSC] Science of
encrypting plain data and information into a form intelligible only to
authorized persons who are able to decrypt it. [CIAO] The art of
science concerning the principles, means, and methods for rendering
plain text unintelligible and for converting encrypted messages into
intelligible form. [NSAINT] The discipline that embodies
principles, means, and methods for the transformation of data to hide
its information content, prevent its undetected modification, prevent
its unauthorized use or a combination thereof. Cryptography deals with
the transformation of ordinary text (plaintext) into coded form
(ciphertext) by encryption and transformation of ciphertext into
plaintext by decryption. [SRV] The principles, means, and
methods for rendering information unintelligible, and for restoring
encrypted information to intelligible form. [NCSC/TG004] (see also BLACK, CAPSTONE chip, CCI assembly, CCI component, CCI equipment, COMSEC equipment, COMSEC material, Challenge Handshake Authentication Protocol, Clipper chip, Common Criteria for Information Technology Security, Distributed Authentication Security Service, FIPS PUB 140-1, HMAC, IEEE P1363, International Traffic in Arms Regulations, Internet Security Association and Key Management Protocol, MD2, MD4, MD5, MIME Object Security Services, PC card, QUADRANT, RED/BLACK separation, Secure Hash Standard, access control center, algorithm, attribute certificate, authentication code, authentication system, authorized vendor, benign, binding, break, brute force, brute force attack, certificate domain parameters, check word, checksum, chosen-plaintext attack, code division multiple access, cold start, communications security, compromise, controlling authority, crack, critical security parameters, cut-and-paste attack, cyclic redundancy check, data driven attack, data items' representation, domain of interpretation, emissions security, end entity, end-to-end security, endorsed for unclassified, environmental failure protection, environmental failure testing, extraction resistance, feedback buffer, fill device, hash, hash function, information, initialize, integrity check, intelligent threat, interface, internetwork private line, known-plaintext attack, message authentication code, message authentication code algorithm, message authentication code vs. Message Authentication Code, message indicator, national security system, non-repudiation, one-time pad, one-time passwords, one-time tape, one-way function, operations manager, out of band, permuter, personal security environment, personalization service, plain text, port, primary account number, privacy, random, rekey, scavenging, seal, security event, semantic security, shared secret, simple network management protocol, status information, steganography, strong authentication, system indicator, ticket, time-stamp token, traffic analysis, traffic padding, traffic-flow security, trap door, trusted path, two-person control, unforgeable, updating, user partnership program, validate vs. verify, work factor, wrap, zeroize) (includes National Cryptologic School, Type III cryptography, cipher feedback, controlled cryptographic item, crypto-alarm, crypto-ancillary equipment, crypto-equipment, crypto-ignition plug, cryptographic, cryptographic algorithm for confidentiality, cryptographic check function, cryptographic check value, cryptographic device services, cryptographic equipment room, cryptographic key component, cryptographic logic, cryptographic randomization, cryptographic synchronization, cryptonet control station, cryptosynchronization, embedded cryptographic system, embedded cryptography, encipherment algorithm, encrypt, endorsed cryptographic products list, endorsed for unclassified cryptographic information, manual cryptosystem, rapid automatic cryptographic equipment, synchronous crypto-operation)
- cryptology
- (I) The science that includes both cryptography and cryptanalysis, and sometimes is said to include steganography. [RFC2828] Field encompassing both cryptography and cryptanalysis. [NSTISSC] The science which deals with hidden, disguised, or encrypted communications. [NSAINT] (see also analysis)
- cryptonet
- (I) A group of system entities that share a secret cryptographic key for a symmetric algorithm. [RFC2828] Stations holding a common key. [NSTISSC] (see also key)
- cryptonet control station (CNCS)
- (see also cryptography)
- cryptonet key (CNK)
- (see also key)
- cryptoperiod
- (I) The time span during which a particular key is authorized to be used in a cryptographic system. (C)
A cryptoperiod is usually stated in terms of calendar or clock time,
but sometimes is stated in terms of the maximum amount of data
permitted to be processed by a cryptographic algorithm using the key.
Specifying a cryptoperiod involves a tradeoff between the cost of
rekeying and the risk of successful cryptanalysis. (C) Although
we deprecate its prefix, this term is long-established in COMPUSEC
usage. In the context of certificates and public keys, 'key lifetime'
and 'validity period' are often used instead. [RFC2828] The time
span during which a specific key is authorized for use or in which the
keys for a given system may remain in effect. [SRV] Time span during which each key setting remains in effect. [NSTISSC] (see also analysis, certificate, key, public-key infrastructure)
- cryptosynchronization
- Process by which a receiving decrypting cryptographic logic
attains the same internal state as the transmitting encrypting logic. [NSTISSC] (see also cryptography)
- cryptosystem
- (D) ISDs SHOULD NOT use this term as an abbreviation for cryptographic system. [RFC2828] Associated INFOSEC items interacting to provide a single means of encryption or decryption. [NSTISSC] (see also encryption, system)
- cryptosystem analysis
- Process of establishing the exploitability of a cryptosystem,
normally by reviewing transmitted traffic protected or secured by the
system under study. [NSTISSC] (see also analysis, system)
- cryptosystem evaluation
- Process of determining vulnerabilities of a cryptosystem. [NSTISSC] (see also evaluation, system)
- cryptosystem review
- Examination of a cryptosystem by the controlling authority
ensuring its adequacy of design and content, continued need, and proper
distribution. [NSTISSC] (see also system)
- cryptosystem survey
- Management technique in which actual holders of a cryptosystem
express opinions on the system's suitability and provide usage
information for technical evaluations. [NSTISSC] (see also evaluation, system)
- cultural assumptions
- Beliefs about the internal workings and external environment
of an organization which, having worked well in the past, have
gradually come to be taken for granted, and which provide the basis for
group consensus about common events and circumstances. Cultural
assumptions function as the unifying themes of organizational culture. [SRV]
- customer
- Groups or individuals who have a business relationship with
the organization; those who receive and use or are directly affected by
the products and services of the organization. Customers include direct
recipients of products and services, internal customers who produce
services and products for final recipients, and other organizations and
entities that interact with an organization to produce services and
products. [SRV] (see user)
- cut-and-paste attack
- (I) An active attack on the data integrity of
ciphertext, effected by replacing sections of ciphertext with other
ciphertext, such that the result appears to decrypt correctly but
actually decrypts to plaintext that is forged to the satisfaction of
the attacker. [RFC2828] (see also cryptography, attack)
- cyberattack
- Exploitation of the software vulnerabilities of information technology-based control components. [CIAO] (see also attack)
- cyberspace
- Describes the world of connected computers and the society that gathers around them. Commonly known as the Internet. [NSAINT] Describes the world of connected computers and the society that surrounds them. Commonly known as the Internet. [CIAO] (see also internet)
- cycle time
- The time that elapses from the beginning to the end of a process. [SRV]
- cyclic redundancy check (CRC)
- (I) Sometimes called 'cyclic redundancy code'. A type
of checksum algorithm that is not a cryptographic hash but is used to
implement data integrity service where accidental changes to data are
expected. [RFC2828] Error checking mechanism that checks data integrity by computing a polynomial algorithm based checksum. [NSTISSC]
Use of an algorithm for generating error detection bits in a data link
protocol. The receiving station performs the same calculation as the
transmitting station. If the results differ, then one or more bits are
in error. [SRV] (see also algorithm, cryptography, hash)
- dangling threat
- Set of properties about the external environment for which
there is no corresponding vulnerability and therefore no implied risk. [NSTISSC] (see also threat)
- dangling vulnerability
- Set of properties about the internal environment for which there is no corresponding threat and, therefore, no implied risk. [NSTISSC] (see also vulnerability)
- dark-side hacker
- A criminal or malicious hacker. [AFSEC][NSAINT] (see also threat)
- data
- (I) Information in a specific physical representation,
usually a sequence of symbols that have meaning; especially a
representation of information that can be processed or produced by a
computer. [RFC2828] All data (electronic and hard copy) and
information required to support the core process. This includes
numbers, characters, images or other method of recording, in a form
which can be assessed by a human or (especially) input into a computer,
stored and processed there, or transmitted on some
digital/communication’s channel. [CIAO] Basic facts about a transaction that can be processed and communicated. [SRV] Information with a specific physical representation. [AJP][TCSEC] (see also automated information system)
- data administration (DA)
- (see also automated information system)
- data aggregation
- The compilation of unclassified individual data systems and
data elements resulting in the totality of the information being
classified. [NSTISSC] (see also automated information system)
- data architecture
- The compilation of data, including who creates and uses it-and
how-presents a stable basis for the processes and information used by
the organization to accomplish its mission. [SRV] (see also automated information system)
- Data Authentication Algorithm
- (N) A keyed hash function equivalent to DES cipher block chaining with IV = 0. (D) ISDs SHOULD NOT use the uncapitalized form of this term as a synonym for other kinds of checksums. [RFC2828] (see also hash, key, authentication)
- data authentication code (DAC)
- A cryptographic checksum, based on DES (see FIPS PUB 113);
also known as a Message Authentication Code (MAC) in ANSI standards. [FIPS140]
Applying the data authentication algorithm to data generates a data
authentication code. The code is a mathematical function of both the
data and a cryptographic key. When the integrity of the data is to be
verified, the code is generated on the current data and compared with
the previously generated code. If the two values are equal, the
integrity (i.e., authenticity) of the data is verified. A data
authentication code is also known as a message authentication code in
ANSI standards. [SRV] (see also message authentication code, hash function, key, National Institute of Standards and Technology, authentication, integrity)
- data authentication code vs. Data Authentication Code
- (N) Capitalized: 'The Data Authentication Code' refers
to a U.S. Government standard for a checksum that is computed by the
Data Authentication Algorithm. (Also known as the ANSI standard Message
Authentication Code.) (D) Not capitalized: ISDs SHOULD NOT use
'data authentication code' as a synonym for another kind of checksum,
because this term mixes concepts in a potentially misleading way.
Instead, use 'checksum', 'error detection code', 'hash', 'keyed hash',
'Message Authentication Code', or 'protected checksum', depending on
what is meant. [RFC2828] (see also hash, key, authentication)
- data communications
- Information exchanged between end-systems in machine-readable form. [SRV] (see also communications)
- data compromise
- (I) A security incident in which information is exposed
to potential unauthorized access, such that unauthorized disclosure,
alteration, or use of the information may have occurred. [RFC2828] (see also unauthorized access, compromise, incident)
- data confidentiality
- (I) 'The property that information is not made
available or disclosed to unauthorized individuals, entities, or
processes [i.e., to any unauthorized system entity].' . (D) ISDs SHOULD NOT use this term as a synonym for 'privacy', which is a different concept. [RFC2828] The state that exists when data is held in confidence and is protected from unauthorized disclosure. [AJP][TNI] (see also confidentiality, data privacy)
- data confidentiality service
- (I) A security service that protects data against unauthorized disclosure. (D) ISDs SHOULD NOT use this term as a synonym for 'privacy', which is a different concept. [RFC2828] (see also confidentiality)
- data contamination
- A deliberate or accidental process or act that results in a change in the integrity of the original data. [SRV] (see also automated information system)
- data control language (DCL)
- (see also automated information system)
- data definition language (DDL)
- (see also automated information system)
- data dictionary (DD)
- In a database management program, an on-screen listing of all
the database files, indices, views, and other files relevant to a
database application. [SRV] (see also automated information system)
- data diddling
- An attack in which the attacker changes the data while en route from source to destination. [misc] (see also attack)
- data driven attack
- A form of attack that is encoded in innocuous seeming data
which is executed by a user or a process to implement an attack. A data
driven attack is a concern for firewalls, since it may get through the
firewall in data form and launch an attack against a system behind the
firewall. [NSAINT] A form of attack that is encoded in innocuous
seeming data which is executed by a users or other software to
implement an attack. In the case of firewalls, a data driven attack is
a concern since it may get through the firewall in data form and launch
an attack against a system behind the firewall. [AFSEC] (see also cryptography, software, attack)
- Data Encryption Algorithm (DEA)
- (N) A symmetric block cipher, defined as part of the
U.S. Government's Data Encryption Standard. DEA uses a 64-bit key, of
which 56 bits are independently chosen and 8 are parity bits, and maps
a 64-bit block into another 64-bit block. (C) This algorithm is
usually referred to as 'DES'. The algorithm has also been adopted in
standards outside the Government (e.g.,). [RFC2828] (see also encryption, key, symmetric cryptography)
- data encryption key (DEK)
- (I) A cryptographic key that is used to encipher application data. [RFC2828] A cryptographic key used for encrypting and decrypting data. [SRV] used for the encryption of message text and for the computation of message integrity checks (signatures). [misc] (see also encryption, key) (includes data key)
- Data Encryption Standard (DES)
- (1) A cryptographic algorithm for the protection of
unclassified data, published in U.S. Federal Information Processing
Standard (FIPS) 46. The DES, which was approved by the U.S. National
Institute of Standards and Technology (NIST), is intended for public
and government use. (2) A NIST Federal Information Processing Standard
and commonly used secret key cryptographic algorithm for encrypting and
decrypting data and performing other functions. e.g. DES can be used to
check message integrity. DES specifies a key length of 56 bits. [AJP] (N)
A U.S. Government standard that specifies the Data Encryption Algorithm
and states policy for using the algorithm to protect unclassified,
sensitive data. [RFC2828] A 56-bit, private key, symmetric
cryptographic algorithm for the protection of unclassified computer
data issued as Federal Information Processing Standard Publication. [IATF]
A cryptographic algorithm for the protection of unclassified data,
published in Federal Information Processing Standard (FIPS) 46. The
DES, which was approved by the U.S. National Institute of Standards and
Technology, is intended for public and government use. [NCSC/TG004]
A cryptographic algorithm for the protection of unclassified data. The
DES, which was approved by the National Institute of Standards and
Technology (NIST) in the U.S., is intended for public and government
use. [SRV] Cryptographic algorithm, designed for the protection
of unclassified data and published by the National Institute of
Standards and Technology (NIST) in Federal Information Processing
Standard (FIPS) Publication 46. [NSTISSC] Definition 1) (DES) An
unclassified crypto algorithm adopted by the National Bureau of
Standards for public use. Definition 2) A cryptographic algorithm for
the protection of unclassified data, published in Federal Information
Processing Standard (FIPS) 46. The DES, which was approved by the
National Institute of Standards and Technology (NIST), is intended for
public and government use. [NSAINT] (see also algorithm, Federal Information Processing Standards, National Institute of Standards and Technology, encryption, key, symmetric algorithm) (includes initialization vector)
- data flow diagram (DFD)
- (see also automated information system)
- data input
- A data item which depends on the entire message and forms a part of the input to the signature function. [SC27]
A data item which depends on the entire message and forms a part of the
input to the signature function. NOTE - Signature generation function
is the signature process which is determined by signature key and the
domain parameter. [SC27] A data item which depends on the entire
message and forms a part of the input to the signature function.
[ISO/IEC 9796-3: 2000] A data item which depends on the entire message
and forms a part of the input to the signature function. NOTE -
Signature generation function is the signature process which is
determined by signature key and the domain parameter. [SC27] (see also automated information system)
- data integrity
- (1) The property that data has not been altered or destroyed
in an unauthorized manner. (2) The state that exists when computerized
data is the same as that in the source documents and has not been
exposed to accidental or malicious alteration or destruction. [AJP]
(1) The state that exists when computerized data is the same as that in
the source documents and has not been exposed to accidental or
malicious alteration or destruction. (2) The property that data has not
been exposed to accidental or malicious alteration or destruction. [TNI] (I) The property that data has not been changed, destroyed, or lost in an unauthorized or accidental manner. (O) 'The property that information has not been modified or destroyed in an unauthorized manner.' (C)
Deals with constancy of and confidence in data values, not with the
information that the values represent or the trustworthiness of the
source of the values. [RFC2828] A condition existing when data
is unchanged from its source and has not been accidentally or
maliciously modified, altered, or destroyed. [CIAO] Condition
existing when data is unchanged from its source and has not been
accidentally or maliciously modified, altered, or destroyed. [800-37][NSTISSC]
It is the concept of being able to ensure that data or voice
transmissions can be maintained in an unimpaired condition and are not
subjected to unauthorized modification whether that modification is
intentional or inadvertent. [SRV] The property that data has not been altered or destroyed in an unauthorized manner. [JTC1/SC27][SC27] The property that data meet an a priori expectation of quality. [NCSC/TG004]
The state that exists when computerized data is the same as that in the
source documents and has not been exposed to accidental or malicious
alteration or destruction. [TCSEC] (see also quality, trust, data security, integrity)
- data integrity service
- (I) A security service that protects against
unauthorized changes to data, including both intentional change or
destruction and accidental change or loss, by ensuring that changes to
data are detectable. (C) A data integrity service can only
detect a change and report it to an appropriate system entity; changes
cannot be prevented unless the system is perfect (error-free) and no
malicious user has access. However, a system that offers data integrity
service might also attempt to correct and recover from changes. (C)
Relationship between data integrity service and authentication
services: Although data integrity service is defined separately from
data origin authentication service and peer entity authentication
service, it is closely related to them. Authentication services depend,
by definition, on companion data integrity services. Data origin
authentication service provides verification that the identity of the
original source of a received data unit is as claimed; there can be no
such verification if the data unit has been altered. Peer entity
authentication service provides verification that the identity of peer
entity in a current association is as claimed; there can be no such
verification if the claimed identity has been altered. [RFC2828] (see also authentication, integrity)
- data items' representation
- A data item or some representation thereof such as a cryptographic hash value. [SC27] (see also cryptography, hash)
- data key
- A cryptographic key that is used to cryptographically process data (e.g. encrypt, decrypt, sign, authenticate). [FIPS140][SRV] (see also authentication, data encryption key, key, key recovery)
- data management
- Providing or controlling access to data stored in a computer and to the use of input or output devices. [SRV] (see also automated information system)
- data manipulation language (DML)
- (see also automated information system)
- data origin authentication
- (I) 'The corroboration that the source of data received is as claimed.' [RFC2828] Corroborating the source of data is as claimed. [NSTISSC] The corroboration that the source of data received is as claimed. [SRV] (see also authentication)
- data origin authentication service
- (I) A security service that verifies the identity of a system entity that is claimed to be the original source of received data. (C)
This service is provided to any system entity that receives or holds
the data. Unlike peer entity authentication service, this service is
independent of any association between the originator and the
recipient, and the data in question may have originated at any time in
the past. (C) A digital signature mechanism can be used to
provide this service, because someone who does not know the private key
cannot forge the correct signature. However, by using the signer's
public key, anyone can verify the origin of correctly signed data. (C) This service is usually bundled with connectionless data integrity service. data integrity service. [RFC2828] (see also digital signature, key, authentication)
- data path
- The physical or logical route over which data passes; a physical data path may be shared by multiple logical data paths. [FIPS140] (see also cryptographic module)
- data privacy
- (D) ISDs SHOULD NOT use this term because it mix
concepts in a potentially misleading way. Instead, use either 'data
confidentiality' or 'privacy', depending on what is meant. [RFC2828] The reasonable assurance that data cannot be viewed by anyone other than its intended recipient. [misc] (see also assurance, confidentiality, data security, privacy) (includes data confidentiality)
- data processing
- A sequence of steps to record, classify, and summarize data using a computer program. [SRV] (see also automated information system)
- data reengineering
- A system-level process that purifies data definitions and
values. This process establishes meaningful, non-redundant data
definitions and valid, consistent data values. [SRV] (see also automated information system)
- data security
- (I) The protection of data from disclosure, alteration,
destruction, or loss that either is accidental or is intentional but
unauthorized. (C) Both data confidentiality service and data integrity service are needed to achieve data security. [RFC2828] Protection of data from unauthorized (accidental or intentional) modification, destruction, or disclosure. [NSTISSC] The protection of data from unauthorized (accidental or intentional) modification, destruction, or disclosure. [AJP][NCSC/TG004][SRV] (see also confidentiality, security) (includes data integrity, data privacy)
- data source
- A host capable of generating traffic to the DUT/SUT. One data
source may emulate multiple users or hosts. In addition, one data
source may offer traffic to multiple network interfaces on the DUT/SUT.
The term 'data source' is deliberately independent of any number of
users. It is useful to think of data sources simply as traffic
generators, without any correlation to any given number of users. [RFC2647] (see also connection, firewall, networks) (includes user)
- data storage
- A means for storing information from which data is submitted
for delivery, or into which data is put by the delivery authority. [SC27] (see also automated information system)
- data string
- A string of bits which is the input to a hash function. [SC27] String of bits which is the input to a hash function. [SC27]
String of bits which is the input to a hash function. [ISO/IEC FDIS
9797-2 (09/2000)] A string of bits which is the input to a hash
function. [SC27] (see also hash)
- data structure
- The logical relationships among data units and the description
of attributes or features of a piece of data (e.g. type, length). [SRV] (see also automated information system)
- data synchronization
- The comparison and reconciliation of interdependent data files at the same time so that they contain the same information. [FFIEC] (see also automated information system)
- data transfer device (DTD)
- Fill device designed to securely store, transport, and
transfer electronically both COMSEC and TRANSEC key, designed to be
backward compatible with the previous generation of COMSEC common fill
devices, and programmable to support modern mission systems. [NSTISSC] (see also communications security)
- data validation
- Ensuring that data are correct by detecting errors and omissions. [SRV] (see also automated information system)
- database administration (DBA)
- (see also automated information system)
- database management system (DBMS)
- A computer system whose main function is to facilitate the
sharing of a common set of data among many different users. It may or
may not maintain semantic relationships among the data items. [AJP][TDI]
Computer software used to create, store, retrieve, change, manipulate,
sort, format, and print information in a database. Also, software that
controls the organization, storage, retrieval, security and integrity
of data in a database. [SRV] (see also Directory Access Protocol, security, software, system) (includes consistency, metadata, transaction, view, view definition)
- datagram
- (I) 'A self-contained, independent entity of data
carrying sufficient information to be routed from the source to the
destination.' [RFC2828] A self-contained, independent entity of data that can be routed from a source to its destination. [misc]
In packet switching, a self-contained packet, independent of other
packets, that carries information sufficient for routing from the
originating data terminal equipment to the destination data terminal
equipment, without relying on earlier exchanges between the equipment
and the network. Unlike virtual call service, there are no call
establishment or clearing procedures, and the network does not
generally provide protection against loss, duplication, or misdelivery.
[SRV] (see also networks)
- deadlock
- A situation wherein two or more processes are unable to proceed because each is waiting for another to do something. [AFSEC] (see also deadly embrace, threat)
- deadly embrace
- Same as DEADLOCK, though usually used only when exactly two processes are involved. [AFSEC] (see also deadlock, threat)
- debilitated
- A condition of defense or economic security characterized by ineffectualness. [CIAO] (see also risk)
- debug
- To detect, locate, and correct errors and faults in computer software. [SRV] (see also fault, software)
- debugger
- One who engages in the intuitive art of correctly determining the cause (e.g., bug) of a set of symptoms. [OVT]
- debugging
- (see also automated information system)
- deception
- A circumstance or event that may result in an authorized entity receiving false data and believing it to be true. [RFC2828] (see also threat consequence)
- decertification
- Revocation of the certification of an IS item or equipment for cause. [NSTISSC]
- decipher
- (D) ISDs SHOULD NOT use this term as a synonym for 'decrypt', except in special circumstances. [RFC2828] Convert enciphered text to plain text by means of a cryptographic system. [NSTISSC] To convert, by use of the appropriate key, enciphered text into its equivalent plain text. [SRV] (see also key)
- decipherment
- (D) ISDs SHOULD NOT use this term as a synonym for 'decryption', except in special circumstances. [RFC2828] Alternative term for decryption. [SC27] The reversal of a corresponding encipherment. [SC27]
The reversal of a corresponding encipherment. [ISO/IEC 9797-1: 1999,
ISO/IEC 9798-1: 1997, ISO/IEC 11770-1: 1996, ISO/IEC 11770-3: 1999,
ISO/IEC FDIS 15946-3 (02/2001)] Alternative term for decryption. [SC27]
- decision support systems (DSS)
- (see also system)
- declassification of AIS storage media
- An administrative decision or procedure to remove or reduce the security classification of the subject media. [AJP][NCSC/TG004] (see also security) (includes automated information system, subject)
- decode
- (I) Convert encoded data back to its original form of representation. (D) ISDs SHOULD NOT use this term as a synonym for 'decrypt', because that would mix concepts in a potentially misleading way. [RFC2828] Convert encoded text to plain text by means of a code. [NSTISSC]
- decomposition
- Breaking down a process into subprocesses and activities. [SRV]
Requirement in a protection profile that spans several components.
Note: The decomposition of a specific requirement becomes necessary
when that requirement must be assigned to multiple components of the
generic product requirements during the interpretation process. [AJP][FCv1] (see also protection profile)
- decrypt
- (I) Cryptographically restore ciphertext to the plaintext form it had before encryption. [RFC2828] Generic term encompassing decode and decipher. [NSTISSC]
To convert encrypted text, ciphertext, into its equivalent plaintext
through the use of a cryptographic algorithm. The term decrypt covers
the meanings of decipher and decode. [SRV] (see also encryption)
- decryption
- Reversal of a corresponding encipherment. [SC27] The process of changing ciphertext into plaintext. [SRV] (see also encryption)
- dedicated loop encryption device (DLED)
- (see also encryption)
- dedicated mode
- IS security mode of operation wherein each user, with direct
or indirect access to the system, its peripherals, remote terminals, or
remote hosts, has all of the following: a. valid security clearance for
all information within the system; b. formal access approval and signed
nondisclosure agreements for all the information stored and/or
processed (including all compartments, subcompartments, and/or special
access programs); and c. valid need-to-know for all information
contained within the IS. When in the dedicated security mode, a system
is specifically and exclusively dedicated to and controlled for the
processing of one particular type or classification of information,
either for full-time operation or for a specified period of time. [NSTISSC] (see also computer security, user)
- dedicated security mode
- (I) A mode of operation of an information system,
wherein all users have the clearance or authorization, and the
need-to-know, for all data handled by the system. In this mode, the
system may handle either a single classification level or category of
information or a range of levels and categories. (C) This mode
is defined formally in U.S. Department of Defense policy regarding
system accreditation, but the term is also used outside the Defense
Department and outside the Government. [RFC2828] The mode of
operation in which the system is specifically and exclusively dedicated
to and controlled for the processing of one particular type or
classification of information, either for full-time operation or for a
specific period of time. [TNI] (see also accreditation, classification level, modes of operation, security)
- default account
- (I) A system login account (usually accessed with a
user name and password) that has been predefined in a manufactured
system to permit initial access when the system is first put into
service. (C) Sometimes, the default user name and password are
the same in each copy of the computer system. In any case, when the
system is put into service, the default password should immediately be
changed or the default account should be disabled. [RFC2828] (see also passwords)
- default classification
- A temporary classification reflecting the highest
classification being processed in a system. The default classification
is included in the caution statement affixed to the object. [AJP][NCSC/TG004]
Temporary classification reflecting the highest classification being
processed in an IT system. Default classification is included in the
caution statement affixed to an object. [NSTISSC] (see also classification level) (includes object)
- defect
- Any state of unfitness for use, or nonconformance to specifications. [SRV] Nonconformance to requirements. [OVT] (see also bug, failure, fault, risk)
- defense
- The confidence that Americans' lives and personal safety, both
at home and abroad, are protected and the United States' sovereignty,
political freedom, and independence, with its values, institutions, and
territory intact are maintained. [CIAO] (see also threat)
- defense communications system (DCS)
- (see also communications, system)
- defense courier service (DCS)
-
- Defense Information Infrastructure (DII)
- The shared or interconnected system of computers,
communications, data applications, security, people, training and other
support structures serving DoD local, national, and worldwide
information needs. DII connects DoD mission support, command and
control, and intelligence computers through voice, telecommunications,
imagery, video, and multimedia services. It provides information
processing and services to the subscribers over the Defense Information
Systems Network and includes command and control, tactical,
intelligence, and commercial communications systems used to transmit
DoD information. (Pending approval in JP 1-02) [NSAINT] (see also command and control, networks, security)
- Defense Information System Network (DISN)
- (see also networks, system)
- defense message system (DMS)
- (see also system)
- defense switched network (DSN)
- (see also networks)
- defense-in-depth
- A two-fold approach to securing an IT system: (1) layering
security controls within a given IT asset and among assets, and (2)
ensuring appropriate robustness of the solution as determined by the
relative strength of the security controls and the confidence that the
controls are implemented correctly, are effective in their application,
and will perform as intended. This combination produces layers of
technical and non-technical controls that ensures the confidentiality,
integrity, and availability of the information and IT system resources.
[800-37] The security approach whereby layers of protection are
needed to establish an adequate security posture for a system; strategy
is based on concept that attacks must penetrate multiple protections
that have been placed throughout the system to be successful. [IATF] (see also availability, confidentiality, security)
- defense-wide information assurance program (DIAP)
- This Department of Defense (DoD) program provides for the
planning, coordination, integration, and oversight of the DoD
information assurance resources to assure the availability, integrity,
authentication, confidentiality, and non-repudiation of the DoD's
mission essential and mission support information. [IATF] (see also authentication, availability, confidentiality, non-repudiation, assurance)
- Defensive Information Operations
- A process that integrates and coordinates policies and
procedures, operations, personnel, and technology to protect
information and defend information systems. Defensive information
operations are conducted through information assurance, physical
security, operations security, counter-deception, counter-psychological
operations, counter-intelligence, electronic protect, and special
information operations. Defensive information operations ensure timely,
accurate, and relevant information access while denying adversaries the
opportunity to exploit friendly information and information systems for
their own purposes. (Pending approval in JP 1-02) [NSAINT] (see also exploit, security)
- degauss
- (1) To apply a variable, alternating current (AC) field for
the purpose of demagnetizing magnetic recording media, usually tapes.
The process involves increasing the AC field gradually from zero to
some maximum value and back to zero, which leaves a very low residue of
magnetic induction on the media. (2) Loosely, to erase. [SRV] (N)
Apply a magnetic field to permanently remove, erase, or clear data from
a magnetic storage medium, such as a tape or disk. Reduce magnetic flux
density to zero by applying a reversing magnetic field. [RFC2828] To reduce magnetic flux density to zero by applying a reverse magnetizing field. [AJP][NCSC/TG004] (see also erasure)
- degausser
- (N) An electrical device that can degauss magnetic storage media. [RFC2828] An electrical device that can generate a magnetic field for the purpose of degaussing magnetic storage media. [AJP]
An electrical device that can generate a magnetic field for the purpose
of degaussing magnetic storage media. Degausser Products List (DPL) A
list of commercially produced degaussers that meet National Security
Agency specifications. This list is included in the NSA Information
Systems Security Products and Services Catalogue, and is available
through the Government Printing Office. [NCSC/TG004] (see also computer security, National Security Agency, degausser products list)
- degausser products list (DPL)
- A list of commercially produced degaussers that meet U.S.
National Security Agency (NSA) specifications. This list is included in
NSA's 'Information Systems Security Products and Services Catalogue,'
available through the U.S. Government Printing Office. [AJP] (see also computer security, Information Systems Security products and services catalogue, National Information Assurance partnership, National Security Agency) (includes degausser)
- degaussing
- Procedure that reduces the magnetic flux to virtual zero by applying a reverse magnetizing field. Also called demagnetizing. [NSTISSC]
- degrees of freedom
- A random sample of size n is said to have n-1 degrees of
freedom for estimating the population variance, in the sense that there
are n-1 independent deviations from the sample mean on which to base
such an estimate. [SRV]
- delegated accrediting authority (DAA)
-
- delegated development program
- INFOSEC program in which the Director, NSA, delegates, on a
case by case basis, the development and/or production of an entire
telecommunications product, including the INFOSEC portion, to a lead
department or agency. [NSTISSC]
- delegation
- The ability to empower a principal to act on behalf of another principal. [misc] (see also authorize)
- delete access
- The ability to erase or remove data or programs [CIAO] (see also access)
- deliberate exposure
- Intentional release of sensitive data to an unauthorized entity. [RFC2828] (see also threat consequence)
- deliverable
- The object of an assurance assessment. An object may be a
Protection Profile (PP) or Security Target (ST) as defined by ISO 15408
or a product, system, service, process, or environmental factor (i.e.
personnel, organisation). NOTE - ISO 9000:2000 holds that a service is
a type of product and 'product and/or service' when used in the ISO
9000 family of standards. [SC27] (see also security, security target)
- deliverables list
- A document produced by a CCTL containing the definition of the
documents comprising the security target, all representations of the
TOE, and developer support required to conduct an IT security
evaluation in accordance with the laboratory's evaluation work plan. [NIAP] (see also computer security, security target, Common Criteria Testing Laboratory, National Information Assurance partnership, target of evaluation)
- delivery
- The process whereby a copy of the Target of Evaluation is transferred from the developer to a customer. [AJP][ITSEC] (see also target of evaluation)
- delivery authority
- An authority trusted by the sender to deliver the data from
the sender to the receiver, and to provide the sender with evidence on
the submission and transport of data upon request. [SC27] (see also evidence, trust)
- delta CRL
- (I) A partial CRL that only contains entries for X.509
certificates that have been revoked since the issuance of a prior, base
CRL. This method can be used to partition CRLs that become too large
and unwieldy. [RFC2828] (see also certificate, public-key infrastructure)
- demand assigned multiple access (DAMA)
-
- demilitarized zone (DMZ)
- A computer or small subnetwork that sits between a trusted
internal network, such as a corporate private LAN, and an untrusted
external network, such as the public Internet. [FFIEC] A network
segment or segments located between protected and unprotected networks.
As an extra security measure, networks may be designed such that
protected and unprotected segments are never directly connected.
Instead, firewalls (and possibly public resources such as HTTP or FTP
servers) reside on a so-called DMZ network. DMZ networks are sometimes
called perimeter networks. [RFC2647] (see also assurance, rule set, firewall) (includes protected network, unprotected network)
- demon dialer
- A program which repeatedly calls the same telephone number.
This is benign and legitimate for access to a BBS or malicious when
used as a denial of service attack. [NSAINT] A program which
repeatedly calls the same telephone number. This is benign and
legitimate for access to a BBS, or malign when used as a prank for
denial of service attack. This includes any action that causes
unauthorized destruction, modification, or delay of service. Delay or
partial denial is more often called degradation of service. Synonymous
with interdiction. [AFSEC] (see also denial of service, attack)
- denial of service (DoS)
- (1) The prevention of authorized access to system assets or
services or the delaying of time-critical operations. (2) Any action or
series of actions that prevents any part of a system from functioning
in accordance with its intended purpose. This includes any action that
causes unauthorized destruction, modification, or delay of service. [AJP] (I) The prevention of authorized access to a system resource or the delaying of system operations and functions. [RFC2828]
1) A form of attack that reduces the availability of a resource. 2)
Result of any action or series of actions that prevent any part of an
IS from providing data or other services to authorized users. [CIAO] Action(s) which prevent any part of an AIS from functioning in accordance with its intended purpose. [AFSEC][NSAINT]
Action(s) which prevent any part of an AIS from functioning in
accordance with its intended purpose. Any action or series of actions
that prevent any part of a system from functioning in accordance with
its intended purpose. This includes any action that causes unauthorized
destruction, modification, or delay of service. Synonymous with
interdiction. Intentional degradation or blocking of computer or
network resources. (I) The prevention of authorized access to a system
resource or the delaying of system operations and functions. [OVT] An attack that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources. [800-61]
An attack where an attacker floods the server with bogus requests, or
tampers with legitimate requests. Though the attacker does not benefit,
service is denied to legitimate users. This is one of the most
difficult attacks to thwart. [misc] An attack where service is denied to legitimate users. [IATF]
Any action or series of actions that prevent any part of a system from
functioning in accordance with its intended purpose. This includes any
action that causes unauthorized destruction, modification, or delay of
service. [NCSC/TG004] Any action or series of actions that
prevent any part of a system from functioning in accordance with its
intended purpose. This includes any action that causes unauthorized
destruction, modification, or delay of service. Synonymous with
interdiction. [SRV] The prevention of authorized access to system assets or services, or the delaying of time critical operations. [TNI] Type of incident resulting from any action or series of actions that prevents any part of an IS from functioning. [NSTISSC] (see also Automated Information System security, ICMP flood, SYN flood, availability, computer abuse, demon dialer, information systems security, letterbomb, logic bomb, ping of death, smurf, spam, tamper, attack, incident, user) (includes distributed denial of service)
- denial time
- The average length of time that an affected asset is denied to the organization. [AFSEC] (see also risk)
- dependency
- A relationship between requirements such that the requirement
that is depended upon must normally be satisfied for the other
requirements to be able to meet their objectives. [CC2][CC21][SC27]
Condition in which the correctness of one TCB subset is contingent
(depends for its correctness) on the correctness of another TCB subset.
Note: A TCB subset A depends for its correctness on TCB subset B if and
only if the (engineering) arguments of the correct implementation of A
with respect to its specification assume, wholly or in part, that the
specification of B has been implemented correctly. [AJP][FCv1] (see also trusted computing base)
- depends
- A TCB subset A depends (for its correctness) on TCB subset B
if and only if the (engineering) arguments of the correct
implementation of A with respect to its specification assume, wholly or
in part, that the specification of B has been implemented correctly. [TDI] (see also trusted computing base)
- depot maintenance
- (see also full maintenance)
- derf
- The act of exploiting a terminal which someone else has absent mindedly left logged on. [AFSEC][NSAINT] (see also exploit, terminal hijacking, threat)
- descriptive top-level specification (DTLS)
- A top-level specification that is written in a natural
language (e.g. English), an informal design notation, or a combination
of the two. [AJP][NCSC/TG004][TCSEC][TNI]
Top-level specification written in a natural language (e.g., English),
an informal design notation, or a combination of the two. Descriptive
top-level specification, required for a class B2 and B3 (as defined in
the Orange Book, Department of Defense Trusted Computer System
Evaluation Criteria, DoD 5200.28-STD) information system, completely
and accurately describes a trusted computing base. [NSTISSC] (see also evaluation, trust, top-level specification)
- design controlled spare parts (DCSP)
- Part or subassembly for a COMSEC equipment or (DCSP) (C.F.D.) device with an NSA controlled design. [NSTISSC] (see also communications security)
- design documentation
- Set of documents, required for Trusted Computer System
Evaluation Criteria (TCSEC) classes C1 and above (as defined in the
Orange Book, Department of Defense Trusted Computer System Evaluation
Criteria, DoD 5200.28-STD), whose primary purpose is to define and
describe the properties of a system. As it relates to TCSEC, design
documentation provides an explanation of how the security policy of a
system is translated into a technical solution via the Trusted
Computing Base (TCB) hardware, software, and firmware. [NSTISSC] (see also evaluation, trust)
- designated
- Assessed by the NIAP Oversight Body as technically competent
in the specific field of IT security evaluation and formally authorized
to carry out evaluations within the context of the NIAP Common Criteria
Evaluation and Validation Scheme. [NIAP] (see also computer security, evaluation, security)
- designated accrediting authority (DAA)
-
- designated approving authority (DAA)
- (1) Official with the authority to formally assume
responsibility for operating an IT product, an AIS, or network at an
acceptable level of risk. (2) The official who has the authority to
decide on accepting the security safeguards prescribed for an AIS or
that official who may be responsible for issuing an accreditation
statement that records the decision to accept those safeguards. [AJP] Official with the authority to formally assume (DAA) responsibility for operating a system at an acceptable level of risk. [NSTISSC]
Official with the authority to formally assume responsibility for
operating a system at an acceptable level of risk. This term is
synonymous with designated accrediting authority and delegated
accrediting authority. [800-37] The DAA determines the level of
acceptable risk for a system and authorizes the operation of an
information system by issuing an accreditation statement once an
acceptable level of risk has been obtained. [IATF] The official
who has the authority to decide on accepting the security safeguards
prescribed for an AIS or that official who may be responsible for
issuing an accreditation statement that records the decision to accept
those safeguards. [NCSC/TG004] The official with the authority
to formally assume responsibility for operating an IT product, an AIS,
or network at an acceptable level of risk. [FCv1] (see also networks, accreditation, risk) (includes automated information system)
- designated laboratories list
- The list of designated CCTLs authorized by the NIAP Oversight
Body to conduct IT security evaluations within the NIAP Common Criteria
Evaluation and Validation Scheme. [NIAP] (see also computer security, evaluation, Common Criteria Testing Laboratory, National Information Assurance partnership)
- designating authority
- The body with the power to designate, monitor, suspend, or
withdraw CCTLs as specified under the terms of the NIAP Common Criteria
Evaluation and Validation Scheme. [NIAP] (see also evaluation, Common Criteria Testing Laboratory)
- designation policy
- A part of the essential documentation of the NIAP Common
Criteria Evaluation and Validation Scheme, setting out the procedures
for making an application to be designated as a CCTL and placed on the
NIAP designated laboratories list and for the processing of such
applications and of the training and security requirements which an
applicant must fulfill in order to qualify. [NIAP] (see also evaluation, security, Common Criteria Testing Laboratory, policy)
- destruction
- A condition when the ability of a critical infrastructure to
provide its customers an expected upon level of products and services
is negated. Typically a permanent condition. An infrastructure is
considered destroyed when its level of performance is zero. [CIAO] (see also critical infrastructure, risk)
- detailed design
- A phase of the development process wherein the top-level
definition and design of a Target of Evaluation are refined and
expanded to a level of detail that can be used as a basis for
implementation. [AJP][ITSEC] (see also software development, target of evaluation)
- deterministic
- Independent of a randomizer, not randomized. [SC27]
- developer
- The organization or individual that develops the IT system. [800-37] The person or organization that manufactures a Target of Evaluation. [AJP][ITSEC] (see also target of evaluation)
- developer security
- The physical, procedural, and personnel security controls imposed by a developer on his development environment. [AJP][ITSEC] (see also security)
- development assurance
- (1) Establishes specific requirements to document appropriate
aspects of the development process, the development environment, and
operational support of the product. Development assurance specifies the
manner in which products should be developed and/or details the amount
and kind of evidence to be produced and retained during development.
(2) Sources of IT product assurance ranging from how a product was
designed and implemented to how it is tested, operated, and maintained.
[AJP] Establishes specific requirements to document appropriate
aspects of the development process, the development environment, and
operational support of the product. Development assurance specifies the
manner in which products should be developed and/or details the amount
and kind of evidence to be produced and retained during development. [JTC1/SC27]
Sources of IT product assurance ranging from how a product was designed
and implemented to how it is tested, operated and maintained. [FCv1] (see also evidence, test, assurance, development process) (includes software development methodologies)
- development assurance component
- Fundamental building block, specifying how an IT product is
developed, from which development assurance requirements are assembled.
[AJP][FCv1] (see also assurance, component)
- development assurance package
- Grouping of development assurance components assembled to ease
specification and common understanding of how an IT product is
developed. [AJP][FCv1] (see also assurance)
- development assurance requirements
- Requirements in a protection profile that address how each
conforming IT product is developed, including the production of
appropriate supporting developmental process evidence and how that
product will be maintained. [AJP][FCv1] (see also evidence, assurance, requirements)
- development environment
- The organizational measures, procedures, and standards used while constructing a Target of Evaluation. [AJP][ITSEC] (see also development process, target of evaluation)
- development process
- The set of phases and tasks whereby a Target of Evaluation is
constructed, translating requirements into actual hardware and
software. [AJP][ITSEC] (see also software, software development, target of evaluation) (includes development assurance, development environment, hierarchical decomposition, informal specification, security specifications, top-level specification, validation, verification)
- deviation
- The difference between the particular number and the average of the set of numbers under consideration. [SRV]
- dial back
- A procedure established for positively identifying a terminal
dialing into a computer system by disconnecting the calling terminal
and reestablishing the connection by the computer system's dialing the
telephone number of the calling terminal. Synonymous with call-back. [SRV]
- dial-up
- The service whereby a computer terminal can use the telephone to initiate and effect communication with a computer. [AFSEC][AJP][NCSC/TG004][SRV] (see also communications) (includes dial-up line, dial-up security)
- dial-up line
- A communications circuit established by dialing a destination
over a commercial telephone system, used to communicate with a computer
(or the Internet) over a modem. [AFSEC] (see also communications, internet, dial-up)
- dial-up security
- The service whereby a computer terminal can use the telephone to initiate and effect communication with a computer. [AFSEC][AJP][NCSC/TG004][SRV] (see also dial-up, security)
- dictionary attack
- (I) An attack that uses a brute-force technique of successively trying all the words in some large, exhaustive list. (C)
For example, an attack on an authentication service by trying all
possible passwords; or an attack on encryption by encrypting some known
plaintext phrase with all possible keys so that the key for any given
encrypted message containing that phrase may be obtained by lookup. [RFC2828]
A form of attack in which an attacker uses a large set of likely
combinations to guess a secret. e.g. an attacker may choose one million
commonly used passwords and try them all until the password is
determined. [misc] An attempt to gain access to an IS by
guessing a user’s password, using software that systematically enters
words in a dictionary as passwords until a match is found. [CIAO]
Discovery of authenticators by encrypting likely authenticators, and
comparing the actual encrypted authenticator with the newly encrypted
possible authenticators. [FFIEC] (see also authentication, encryption, key, password cracker, passwords, attack)
- Diffie-Hellman
- (N) A key agreement algorithm published in 1976 by Whitfield Diffie and Martin Hellman [DH76, R2631]. (C)
Diffie-Hellman does key establishment, not encryption. However, the key
that it produces may be used for encryption, for further key management
operations, or for any other cryptography. (C) The difficulty of
breaking Diffie-Hellman is considered to be equal to the difficulty of
computing discrete logarithms modulo a large prime. The algorithm is
described in and. In brief, Alice and Bob together pick large integers
that satisfy certain mathematical conditions, and then use the integers
to each separately compute a public-private key pair. They send each
other their public key. Each person uses their own private key and the
other person's public key to compute a key, k, that, because of the
mathematics of the algorithm, is the same for each of them. Passive
wiretapping cannot learn the shared k, because k is not transmitted,
and neither are the private keys needed to compute k. However, without
additional mechanisms to authenticate each party to the other, a
protocol based on the algorithm may be vulnerable to a
man-in-the-middle attack. [RFC2828] A public key algorithm in
which two parties, who need not have any prior knowledge of each other,
can deduce a secret key that is only known to them and secret from
everyone else. Diffie-Hellman is often used to protect the privacy of a
communication between two anonymous parties. [misc] (see also attack, authentication, encryption, key, privacy, asymmetric algorithm)
- digest
- (see message digest)
- digital certificate
- (I) A certificate document in the form of a digital
data object (a data object used by a computer) to which is appended a
computed digital signature value that depends on the data object. (D)
ISDs SHOULD NOT use this term to refer to a signed CRL or CKL. Although
the recommended definition can be interpreted to include those items,
the security community does not use the term with those meanings. [RFC2828]
A structure for binding a principal's identity to its public key. A
certification authority (CA) issues and digitally signs a digital
certificate. [IATF][misc] The electronic equivalent of an ID card that authenticates the originator of a digital signature. [FFIEC] (see also digital signature, certificate, credentials, key)
- digital certification
- (D) ISDs SHOULD NOT use this term as a synonym for
'certification', unless the context is not sufficient to distinguish
between digital certification and another kind of certification, in
which case it would be better to use 'public-key certification' or
another phrase that indicates what is being certified. [RFC2828] (see also key)
- digital document
- (I) An electronic data object that represents
information originally written in a non-electronic, non-magnetic medium
(usually ink on paper) or is an analogue of a document of that type. [RFC2828] (see also automated information system)
- digital envelope
- (I) A digital envelope for a recipient is a combination
of (a) encrypted content data (of any kind) and (b) the content
encryption key in an encrypted form that has been prepared for the use
of the recipient. (C) In ISDs, this term should be defined at
the point of first use because, although the term is defined in PKCS #7
and used in S/MIME, it is not yet widely established. (C)
Digital enveloping is not simply a synonym for implementing data
confidentiality with encryption; digital enveloping is a hybrid
encryption scheme to 'seal' a message or other data, by encrypting the
data and sending both it and a protected form of the key to the
intended recipient, so that no one other than the intended recipient
can 'open' the message. In PCKS #7, it means first encrypting the data
using a symmetric encryption algorithm and a secret key, and then
encrypting the secret key using an asymmetric encryption algorithm and
the public key of the intended recipient. In S/MIME, additional methods
are defined for conveying the content encryption key. [RFC2828] (see also confidentiality, encryption, key)
- digital id
- (D) ISDs SHOULD NOT use this term as a synonym for
'digital certificate' because (a) it is the service mark of a
commercial firm, (b) it unnecessarily duplicates the meaning of other,
well established terms, and (c) a certificate is not always used as
authentication information. In some contexts, however, it may be useful
to explain that the key conveyed in a public-key certificate can be
used to verify an identity and, therefore, that the certificate can be
thought of as digital identification information. [RFC2828] (see also authentication, certificate, identification, key, public-key infrastructure)
- digital key
- (C) The adjective 'digital' need not be used with 'key'
or 'cryptographic key', unless the context is insufficient to
distinguish the digital key from another kind of key, such as a metal
key for a door lock. [RFC2828] (see also key)
- digital notary
- (I) Analogous to a notary public. Provides a trusted
date-and-time stamp for a document, so that someone can later prove
that the document existed at a point in time. May also verify the
signature(s) on a signed document before applying the stamp. [RFC2828] (see also digital signature, trust)
- digital signature
- (I) A value computed with a cryptographic algorithm and
appended to a data object in such a way that any recipient of the data
can use the signature to verify the data's origin and integrity. (I)
'Data appended to, or a cryptographic transformation of, a data unit
that allows a recipient of the data unit to prove the source and
integrity of the data unit and protect against forgery, e.g. by the
recipient.' (C) Typically, the data object is first input to a
hash function, and then the hash result is cryptographically
transformed using a private key of the signer. The final resulting
value is called the digital signature of the data object. The signature
value is a protected checksum, because the properties of a
cryptographic hash ensure that if the data object is changed, the
digital signature will no longer match it. The digital signature is
unforgeable because one cannot be certain of correctly creating or
changing the signature without knowing the private key of the supposed
signer. (C) Some digital signature schemes use a asymmetric
encryption algorithm to transform the hash result. Thus, when Alice
needs to sign a message to send to Bob, she can use her private key to
encrypt the hash result. Bob receives both the message and the digital
signature. Bob can use Alice's public key to decrypt the signature, and
then compare the plaintext result to the hash result that he computes
by hashing the message himself. If the values are equal, Bob accepts
the message because he is certain that it is from Alice and has arrived
unchanged. If the values are not equal, Bob rejects the message because
either the message or the signature was altered in transit. (C)
Other digital signature schemes transform the hash result with an
algorithm that cannot be directly used to encrypt data. Such a scheme
creates a signature value from the hash and provides a way to verify
the signature value, but does not provide a way to recover the hash
result from the signature value. In some countries, such a scheme may
improve exportability and avoid other legal constraints on usage. [RFC2828]
A cryptographic method, provided by public key cryptography, used by a
message's recipient and any third party to verify the identity of the
message's sender. It can also be used to verify the authenticity of the
message. A sender creates a digital signature or a message by
transforming the message with his or her private key. A recipient,
using the sender's public key, verifies the digital signature by
applying a corresponding transformation to the message and the
signature. [AJP] A cryptographic transformation of a data unit
that allows a recipient of the data unit to prove the origin and
integrity of the data unit and protect the sender and the recipient of
the data unit against forgery by third parties, and the sender against
forgery by the recipient. NOTE - Digital signatures may be used by end
entities for the purposes of authentication, of data integrity, and of
non-repudiation of creation of data. The usage for non repudiation of
creation of data is the most important one for legally binding digital
signatures. [SC27] A data appended to, or a cryptographic
transformation of, a data unit that allows a recipient of the data unit
to prove the origin and integrity of the data unit and protect the
sender and the recipient of the data unit against forgery by third
parties, and the sender against forgery by the recipient. [SC27]
A data appended to, or a cryptographic transformation of, a data unit
that allows a recipient of the data unit to prove the origin and
integrity of the data unit and protect the sender and the recipient of
the data unit against forgery by third parties, and the sender against
forgery by the recipient. [ISO/IEC 11770-3: 1999] Data appended to, or
a cryptographic transformation of, a data unit that allows the
recipient of the data unit to prove the origin and integrity of the
data unit and protect against forgery, e.g. by the recipient. [ISO/IEC
FDIS 15946-3 (02/2001)] A cryptographic transformation of a data unit
that allows a recipient of the data unit to prove the origin and
integrity of the data unit and protect the sender and the recipient of
the data unit against forgery by third parties, and the sender against
forgery by the recipient. NOTE - Digital signatures may be used by end
entities for the purposes of authentication, of data integrity, and of
non-repudiation of creation of data. The usage for non-repudiation of
creation of data is the most important one for legally binding digital
signatures. [SC27] A digital signature is created by a
mathematical computer program. It is not a hand-written signature nor a
computer-produced picture of one. The signature is like a wax seal that
requires a special stamp to produce it, and is attached to an Email
message or file. The origin of the message or file may then be verified
by the digital signature (using special tools). The act of retrieving
files from a server on the network. [RFC2504] A method for
verifying that a message originated from a principal and that it has
not changed en route. Digital signatures are typically generated by
encrypting a digest of the message with the private key of the signing
party. [IATF][misc] A non-forgeable transformation of
data that allows the proof of the source (with non-repudiation) and the
verification of the integrity of that data. [FIPS140] Cryptographic process used to assure message originator authenticity, integrity, and non-repudiation. [NSTISSC]
Cryptographic process used to assure the authenticity and
non-repudiation of a message originator and/or the integrity of a
message. [CIAO] Data appended to, or a cryptographic
transformation of, a data unit that allows the recipient of the data
unit to prove the origin and integrity of the data unit and protect
against forgery, e.g. by the recipient. [SC27] The result of a
cryptographic transformation of data that, when properly implemented,
provides the services of origin authentication, data integrity, and
signer non-repudiation. A nonforgeable transformation of data that
allows the proof of the source (wi [SRV] (see also ABA Guidelines, CA certificate, Cryptographic Message Syntax, Distinguished Encoding Rules, El Gamal algorithm, Elliptic Curve Digital Signature Algorithm, Fortezza, IEEE P1363, Internet Security Association and Key Management Protocol, MIME Object Security Services, PKCS #7, Rivest-Shamir-Adleman, Secure/MIME, The Exponential Encryption System, X.509 attribute certificate, X.509 certificate revocation list, X.509 public-key certificate, archive, asymmetric cryptography, attribute certificate, authentic signature, authenticate, authentication, bind, brand CRL identifier, certificate validation, certification path, cryptographic algorithm, cryptographic system, data origin authentication service, digital certificate, digital notary, digitized signature, dual signature, electronic signature, elliptic curve cryptography, encryption, encryption certificate, end entity, hash, integrity, invalidity date, key pair, merchant certificate, networks, no prior relationship, non-repudiation, personality label, pre-signature, pretty good privacy, private signature key, public-key certificate, revocation date, seal, security mechanism, sign, signature certificate, signature equation, signature function, signature key, signature process, signature system, signer, symmetric cryptography, triple DES, unforgeable, valid signature, validate vs. verify, key, public-key infrastructure, signature) (includes Digital Signature Algorithm, Digital Signature Standard)
- Digital Signature Algorithm (DSA)
- (N) An asymmetric cryptographic algorithm that produces
a digital signature in the form of a pair of large numbers. The
signature is computed using rules and parameters such that the identity
of the signer and the integrity of the signed data can be verified. [RFC2828]
Procedure that appends data to, or performs a cryptographic
transformation of, a data unit. The appended data or cryptographic
transformation allows reception of the data unit and protects against
forgery, e.g., by the recipient. [NSTISSC] This algorithm uses a
private key to sign a message and a public key to verify the signature.
It is a standard proposed by the U.S. Government. [misc] (see also hash, secure hash algorithm, Digital Signature Standard, algorithm, digital signature)
- Digital Signature Standard (DSS)
- (N) The U.S. Government standard that specifies the Digital Signature Algorithm (DSA), which involves asymmetric cryptography. [RFC2828]
A U.S. Federal Information Processing Standard proposed by NIST
(National Institute of Standards and Technology) to support digital
signature. [AJP] (see also Federal Information Processing Standards, National Institute of Standards and Technology, digital signature) (includes Digital Signature Algorithm, Elliptic Curve Digital Signature Algorithm)
- digital subscriber voice terminal (DSVT)
-
- digital telephony
- Telephone systems that use digital communications technology. [AJP] (see also communications)
- digital watermarking
- (I) Computing techniques for inseparably embedding
unobtrusive marks or labels as bits in digital data--text, graphics,
images, video, or audio--and for detecting or extracting the marks
later. (C) The set of embedded bits (the digital watermark) is
sometimes hidden, usually imperceptible, and always intended to be
unobtrusive. Depending on the particular technique that is used,
digital watermarking can assist in proving ownership, controlling
duplication, tracing distribution, ensuring data integrity, and
performing other functions to protect intellectual property rights. [RFC2828]
- digitized signature
- (D) ISDs SHOULD NOT use this term because there is no
current consensus on its definition. Although it appears to be used
mainly to refer to various forms of digitized images of handwritten
signatures, the term should be avoided because it might be confused
with 'digital signature'. [RFC2828] (see also digital signature)
- diplomatic telecommunications service (DTS)
- (see also networks)
- direct access storage device (DASD)
- (see also automated information system)
- direct data feed
- A process used by information aggregators to gather
information directly from a website operator rather than copying it
from a displayed webpage. [FFIEC]
- direct memory access (DMA)
- (see also automated information system)
- direct shipment
- Shipment of COMSEC material directly from NSA to user COMSEC accounts. [NSTISSC] (see also communications security, user)
- directly trusted CA
- A directly trusted CA is a CA whose public key has been
obtained and is being stored by an end entity in a secure, trusted
manner, and whose public key is accepted by that end entity in the
context of one or more applications. [SC27] (see also public-key infrastructure, trust)
- directly trusted CA key
- A directly trusted CA key is a public key of a directly
trusted CA. It has been obtained and is being stored by an end entity
in a secure, trusted manner. It is used to verify certificates without
being itself verified by means of a certificate created by another CA.
NOTE - If for example the CAs of several organizations cross-certify
each other (see Annex A) the directly trusted CA for an entity may be
the CA of the entity's organization. Directly trusted CAs and directly
trusted CA keys may vary from entity to entity. An entity may regard
several CAs as directly trusted CAs. [SC27] A directly trusted
CA key is a public key of a directly trusted CA. It has been obtained
and is being stored by an end entity in a secure, trusted manner. It is
used to verify certificates without being itself verified by means of a
certificate created by another CA. NOTE - If for example the CAs of
several organizations cross-certify each other the directly trusted CA
for an entity may be the CA of the entity's organization. Directly
trusted CAs and directly trusted CA keys may vary from entity to
entity. An entity may regard several CAs as directly trusted CAs. [SC27] (see also key, public-key infrastructure, trust)
- Director Central Intelligence Directive (DCID)
-
- directory
- (see directory vs. Directory)
- Directory Access Protocol
- (N) An OSI protocol for communication between a directory user agent (a client) and a Directory System Agent (a server). [RFC2828] (see also database management system)
- directory information base (DIB)
-
- directory service
- A service to search and retrieve information from a catalogue
of well defined objects, which may contain information about
certificates, telephone numbers, access conditions, addresses etc. An
example is provided by a directory service conforming to the ITU-T
Recommendation X.500. [SC27] (see also public-key infrastructure)
- directory user agent (DUA)
-
- directory vs. Directory
- (I) Not capitalized: The term 'directory' refers
generically to database server or other system that provides
information--such as a digital certificate or CRL--about an entity
whose name is known. (I) Capitalized: 'Directory' refers specifically to the X.500 Directory. [RFC2828] (see also certificate, public-key infrastructure)
- disaster plan
- (D) A synonym for 'contingency plan'. In the interest
of consistency, ISDs SHOULD use 'contingency plan' instead of 'disaster
plan'. disclosure (i.e., unauthorized disclosure) [RFC2828] (see also threat, contingency plan)
- disaster recovery
- The process of restoring an IS to full operation after an
interruption in service, including equipment repair/replacement, file
recovery/restoration, and resumption of service to users. [CIAO] (see also reconstitution, contingency plan, recovery, risk management) (includes cold site, hot site)
- disaster recovery plan
- A plan that describes the process to recover from major processing interruptions. [FFIEC] (see also contingency plan, recovery)
- disclosure of information
- Dissemination of information to anyone who is not authorized to access that information. [OVT]
- discrete event simulation
- Discrete event simulation - An abstract mathematical
representation of the computer system and its workloads that permits
estimation of the performance of the computer system and related useful
parameters using mathematical techniques and models individual
transactions and jobs as a sequence of discrete events. [SRV] (see also model)
- discretionary access control (DAC)
- (1) A means of restricting access to objects based on the
identity of subjects and/or groups to which they belong. The controls
are discretionary in the sense that a subject with a certain access
permission is capable of passing that permission (perhaps indirectly)
on to any other subject (unless restrained by mandatory access
control). (2) Methods of restricting access to objects or other
resources based primarily on the instructions of arbitrary unprivileged
users. Note: DAC is often used to enforce need-to-know. [AJP] (I)
An access control service that enforces a security policy based on the
identity of system entities and their authorizations to access system
resources. (C) This service is termed 'discretionary' because an
entity might have access rights that permit the entity, by its own
volition, to enable another entity to access some resource. (O)
'A means of restricting access to objects based on the identity of
subjects and/or groups to which they belong. The controls are
discretionary in the sense that a subject with a certain access
permission is capable of passing that permission (perhaps indirectly)
on to any other subject.' [RFC2828] A means of restricting
access to objects based on the identity and need-to-know of the user,
process and/or groups to which they belong. The controls are
discretionary in the sense that a subject with a certain access
permission is capable of passing that permission (perhaps indirectly)
on to any other subject. Compare to mandatory access control. [NCSC/TG004][SRV]
A means of restricting access to objects based on the identity of
subjects and/or groups to which they belong. The controls are
discretionary in the sense that a subject with a certain access
permission is capable of passing that permission (perhaps indirectly)
on to any other subject (unless restrained by mandatory access
control). [TCSEC] A means of restricting access to objects based
on the identity of subjects and/or groups to which they belong. The
controls are discretionary in the sense that: (a) A subject with a
certain access permission is capable of passing that permission
(perhaps indirectly) on to any other subject, (b) DAC is often employed
to enforce need-to-know, (c) Access control may be changed by an
authorized individual. Compare to Mandatory Access Control. [TNI] A non-policy-based method of restricting access to a system's files/objects based on the decision of the resource's owner. [IATF]
Means of restricting access to objects based on the (DAC) identity and
need-to-know of users and/or groups to which the object belongs.
Controls are discretionary in the sense that a subject with a certain
access permission is capable of passing that permission (directly or
indirectly) to any other subject. [NSTISSC] Methods of
restricting access to objects or other resources based primarily on the
instructions of arbitrary unprivileged users. [FCv1] (see also non-discretionary access control, access control) (includes surrogate access)
- dispersion
- The extent to which the elements of a sample or the elements
of a population are not all alike in the measured characteristic, are
spread out, or vary from one another. Items that measure dispersion
include: range, deviation, mean absolute deviation, variance, standard
deviation, and coefficient of variation. [SRV]
- disruption
- A circumstance or event that interrupts or prevents the correct operation of system services and functions. [RFC2828] (see also threat consequence)
- Distinguished Encoding Rules
- (N) A subset of the Basic Encoding Rules, which gives exactly one way to represent any ASN.1 value as an octet string. (C)
Since there is more than one way to encode ASN.1 in BER, DER is used in
applications in which a unique encoding is needed, such as when a
digital signature is computed on an ASN.1 value. [RFC2828] (see also certificate, digital signature, Abstract Syntax Notation One, Basic Encoding Rules)
- distinguished name (DN)
- (I) An identifier that uniquely represents an object in the X.500 Directory Information Tree (DIT). (C)
A DN is a set of attribute values that identify the path leading from
the base of the DIT to the object that is named. An X.509 public-key
certificate or CRL contains a DN that identifies its issuer, and an
X.509 attribute certificate contains a DN or other form of name that
identifies its subject. [RFC2828] Globally unique identifier representing an individual's identity. [NSTISSC] (see also certificate, key, public-key infrastructure) (includes subordinate distinguished name)
- distinguishing identifier
- Information which unambiguously distinguishes an entity in the non-repudiation process. [SC27] Information which unambiguously distinguishes an entity. [SC27]
Information which unambiguously distinguishes an entity. [ISO/IEC
9798-1: 1997, ISO/IEC 11770-2: 1996, ISO/IEC 11770-3: 1999, ISO/IEC
FDIS 15946-3 (02/2001)] Information which unambiguously distinguishes
an entity in the non-repudiation process. [SC27] (see also non-repudiation)
- Distributed Authentication Security Service (DASS)
- (I) An experimental Internet protocol that uses
cryptographic mechanisms to provide strong, mutual authentication
services in a distributed environment. [RFC2828] (see also cryptography, authentication, internet, security protocol)
- distributed computing environment (DCE)
- Open Group's integration of a set of technologies for
application development and deployment in a distributed environment.
Security features include a Kerberos-based authentication system,
GSS-API interface, ACL-based authorization environment, delegation, and
audit. [misc] (see also audit, authentication, ACL-based authorization, Generic Security Service Application Program Interface) (includes Kerberos)
- distributed data
- Data stored in more than one location over a network or several interconnected computers. [SRV] (see also networks)
- distributed data processing (DDP)
- Data processing in which some or all of the processing,
storage, input/output, and control functions are dispersed among data
processing stations. [SRV] (see also automated information system)
- distributed database
- A database that is not stored in a central location, but is
dispersed over a network of interconnected computers under the overall
control of a central database management system whose storage devices
are not all attached to the same processor. [SRV] (see also networks)
- distributed denial of service (DDoS)
- A DoS technique that uses numerous hosts to perform the attack. [800-61] (see also denial of service)
- distributed processing
- A type of operation in which processing is spread among
different computers that are linked through a communications network.
Data processing that is performed by connected computer systems at more
than one location. [SRV] (see also communications, networks, automated information system)
- distribution point
- (I) An X.500 Directory entry or other information
source that is named in a v3 X.509 public-key certificate extension as
a location from which to obtain a CRL that might list the certificate. (C)
A v3 X.509 public-key certificate may have a 'cRLDistributionPoints'
extension that names places to get CRLs on which the certificate might
be listed. A CRL obtained from a distribution point may (a) cover
either all reasons for which a certificate might be revoked or only
some of the reasons, (b) be issued by either the authority that signed
the certificate or some other authority, and (c) contain revocation
entries for only a subset of the full set of certificates issued by one
CA or (c') contain revocation entries for multiple CAs. [RFC2828] (see also certificate, key, public-key infrastructure)
- DNS spoofing
- Assuming the DNS name of another system by either corrupting
the name service cache of a victim system, or by compromising a domain
name server for a valid domain. [NSAINT] assuming the DNS name
of another system either by corrupting the name service cache of a
victim system or by compromising a domain name server for a valid
domain. [misc] (see also domain name system, masquerade, spoofing)
- documentation
- A family of security controls in the operations class dealing
with the documentation it is necessary to maintain for the secure
operation of an IT system. Documentation can include contingency plans,
user manuals, hardware, software and application manuals, etc. [800-37]
The written (or otherwise recorded) information about a Target of
Evaluation required for an evaluation. This information may, but need
not, be contained within a single document produced for the specified
purpose. [AJP][ITSEC] (see also target of evaluation)
- DoD Information Technology Security Certification and Accreditation Process (DITSCAP)
- The standard DoD approach for identifying information security
requirements, providing security solutions, and managing information
technology system security. (DoDI 5200.40) [IATF] (see also accreditation, computer security, requirements)
- DoD Trusted Computer System
- Document containing basic requirements and Evaluation Criteria
(TCSEC) evaluation classes for assessing degrees of effectiveness of
hardware and software security controls built into an AIS. This
document, DoD 5200.28 STD, is frequently referred to as the Orange
Book. [NSTISSC] (see also evaluation, system, trust)
- DoD Trusted Computer System Evaluation Criteria (TCSEC)
- (see also evaluation, system, trust)
- domain
- (I) Security usage: An environment or context that is
defined by a security policy, security model, or security architecture
to include a set of system resources and the set of system entities
that have the right to access the resources. (I) Internet usage:
That part of the Internet domain name space tree that is at or below
the name the specifies the domain. A domain is a subdomain of another
domain if it is contained within that domain. For example, D.C.B.A is a
subdomain of C.B.A. (O) MISSI usage: The domain of a MISSI CA is the set of MISSI users whose certificates are signed by the CA. (O) OSI usage: An administrative partition of a complex distributed OSI system. [RFC2828] The set of objects that a subject has the ability to access. [TCSEC][TDI][TNI]
The unique context (e.g. access control parameters) in which a program
is operating. Note: A subject's domain determines which access-control
attributes an object must have for a subject operating in that domain
to have a designated form of access. [FCv1] The unique context
(e.g. access control parameters) in which a program is operating; in
effect, the set of objects that a subject has the ability to access. [NCSC/TG004]
The unique context (e.g. access control parameters) in which a program
is operating; in effect, the set of objects that a subject has the
ability to access. Note: A subject's domain determines which access
control attributes an object must have for a subject operating in that
domain to have a designated form of access. [AJP] Unique context
(e.g., access control parameters) in which a program is operating; in
effect, the set of objects a subject has the privilege to access. [NSTISSC] (see also access control, certificate, internet, model, public-key infrastructure, security domain, Multilevel Information System Security Initiative, object, subject)
- domain modulus
- A domain parameter, which is a positive integer resulting from
the product of two distinct primes which are known only to the trusted
third party. [SC27] (see also trust)
- domain name
- (I) The style of identifier--a sequence of
case-insensitive ASCII labels separated by dots ('bbn.com.')--defined
for subtrees in the Internet Domain Name System and used in other
Internet identifiers, such as host names (e.g. 'rosslyn.bbn.com.'),
mailbox names (e.g. 'rshirey@bbn.com.'), and URLs (e.g.
'http://www.rosslyn.bbn.com/foo'). (C) The domain name space of
the DNS is a tree structure in which each node and leaf holds records
describing a resource. Each node has a label. The domain name of a node
is the list of labels on the path from the node to the root of the
tree. The labels in a domain name are printed or read left to right,
from the most specific (lowest, farthest from the root) to the least
specific (highest, closest to the root). The root's label is the null
string, so a complete domain name properly ends in a dot. The top-level
domains, those immediately below the root, include COM, EDU, GOV, INT,
MIL, NET, ORG, and two-letter country codes (such as US) from ISO-3166.
[RFC2828] (see also domain name system)
- domain name service server
- A computer that determines Internet Protocol (IP) numeric
addresses from domain names presented in a convenient, readable form. [FFIEC] (see also internet)
- domain name system (DNS)
- (I) The main Internet operations database, which is
distributed over a collection of servers and used by client software
for purposes such as translating a domain name-style host name into an
IP address (e.g. 'rosslyn.bbn.com' is '192.1.7.10') and locating host
that accepts mail for some mailbox address. (C) The DNS has three major components:
- Domain
name space and resource records: Specifications for the tree-structured
domain name space, and data associated with the names.
- Name
servers: Programs that hold information about a subset of the tree's
structure and data holdings, and also hold pointers to other name
servers that can provide information from any part of the tree.
- Resolvers:
Programs that extract information from name servers in response to
client requests; typically, system routines directly accessible to user
programs. (C) Extensions to the DNS [R2065, R2137, R2536]
support (a) key distribution for public keys needed for the DNS and for
other protocols, (b) data origin authentication service and data
integrity service for resource records, (c) data origin authentication
service for transactions between resolvers and servers, and (d) access
control of records.
[RFC2828] A General-purpose, distributed data query service, mainly used to look up host IP addresses based on host names. [misc] (see also access control, authentication, key, software, internet, system) (includes DNS spoofing, domain name)
- domain of interpretation (DOI)
- (I) IPsec usage: An ISAKMP/IKE DOI defines payload
formats, exchange types, and conventions for naming security-relevant
information such as security policies or cryptographic algorithms and
modes. (C) The DOI concept is based on work by the TSIG's CIPSO Working Group. [RFC2828] (see also cryptography, security)
- domain parameter
- A data item which is common to and known by or accessible to all entities within the domain. [SC27]
A data item which is common to and known by or accessible to all
entities within the domain. NOTE - The set of domain parameters may
contain data items such as hash function identifier, length of the
hash-token, length of the recoverable part of the message, finite field
parameters, elliptic curve parameters, or other parameters specifying
the security policy in the domain. [SC27] A data item which is
common to and known by or accessible to all entities within the domain.
NOTE. The set of domain parameters may contain data items such as hash
function identifier, elliptic curve parameters, or other parameters
specifying the security policy in the domain. [SC27] A data item
which is common to and known by or accessible to all entities within
the domain. [ISO/IEC 14888-1: 1998] A data item which is common to and
known by or accessible to all entities within the domain. NOTE - The
set of domain parameters may contain data items such as hash function
identifier, length of the hash-token, length of the recoverable part of
the message, finite field parameters, elliptic curve parameters, or
other parameters specifying the security policy in the domain. [ISO/IEC
9796-3: 2000, ISO/IEC WD 15946-4 (10/2001)] A data item which is common
to and known by or accessible to all entities within the domain. NOTE.
The set of domain parameters may contain data items such as hash
function identifier, elliptic curve parameters, or other parameters
specifying the security policy in the domain. [SC27] (see also hash, security, tokens)
- domain verification exponent
- A domain parameter which is a positive integer. [SC27] (see also verification)
- dominated by
- (1) A security level A is dominated by security level B if the
clearance/classification in A is less than or equal to the
clearance/classification in B and the set of access approvals (e.g.
compartment designators) in A is contained in (the set relation) the
set of access approvals in B (i.e. each access approval appearing in A
also appears in B). Depending on the policy enforced (e.g.
nondisclosure or integrity), the definition of 'less than or equal to'
and 'contained in' may vary. e.g. the level of an object of high
integrity (i.e. an object which should be modifiable only by very
trustworthy individuals) may be defined to be 'less than' the level of
an object of low integrity (i.e. an object that is modifiable by
everyone). (2) Security level A is dominated by security level B if (a)
the clearance/classification in A is less than or equal to the
clearance/classification in B, and (b) the set of access approvals
(e.g. compartment designators) in A is contained in the set of access
approvals in B (i.e. each access approval appearing in A also appears
in B). This dominance relation is a special case of a partial order. [AJP]
A security level A is dominated by security level B if the
clearance/classification in A is less than or equal to the
clearance/classification in B and the set of access approvals (e.g.
compartment designators) in A is contained in (the set relation) the
set of access approvals in B (i.e. each access approval appearing in A
also appears in B). Depending upon the policy enforced (e.g.
non-disclosure, integrity) the definition of 'less than or equal to'
and 'contained in' may vary. e.g. the level of an object of high
integrity (i.e. an object which should be modifiable by very
trustworthy individuals) may be defined to be 'less than' the level of
an object of low integrity (i.e. an object that is modifiable by
everyone). [TNI] Security level A is dominated by security level
B if (1) the clearance/classification in A is less than or equal to the
clearance/classification in B, and (2) the set of access approvals
(e.g. compartment designators) in A is contained in the set of access
approvals in B (i.e. each access approval appearing in A also appears
in B). This dominance relation is a special case of a partial order. [TDI] (see also dominates, classification level, security, trust) (includes object)
- dominates
- 'Security level B dominates security level A' is synonymous with 'security level A is dominated by security level B.' [AJP][TDI] (I)
Security level A is said to 'dominate' security level B if the
hierarchical classification level of A is greater (higher) than or
equal to that of B and the non-hierarchical categories of A include all
of those of B. [RFC2828] Security level S1 is said to dominate
security level S2 if the hierarchical classification of S1 is greater
than or equal to that of S2 and the non-hierarchical categories of S1
include all those of S2 as a subset. [AJP][NCSC/TG004][TCSEC]
Term used to compare IS security levels. Security level S1 is said to
dominate security level S2, if the hierarchical classification of S1 is
greater than, or equal to, that of S2 and the non-hierarchical
categories of S1 include all those of S2 as a subset. [NSTISSC] security level B dominates security level A if A is dominated by B. [TNI] (see also dominated by, classification level, computer security, security)
- dongle
- (I) A portable, physical, electronic device that is
required to be attached to a computer to enable a particular software
program to run. (C) A dongle is essentially a physical key used
for copy protection of software, because the program will not run
unless the matching dongle is attached. When the software runs, it
periodically queries the dongle and quits if the dongle does not reply
with the proper authentication information. Dongles were originally
constructed as an EPROM (erasable programmable read-only memory) to be
connected to a serial input-output port of a personal computer. [RFC2828] (see also authentication, key, software)
- downgrade
- (I) Reduce the classification level of information in an authorized manner. [RFC2828]
The change of a classification label to a lower level without changing
the contents of the data. Downgrading occurs only if the content of a
file meets the requirements of the sensitivity level of the network for
which the data is being delivered. [IATF] (see also classification level, networks, requirements, security)
- download
- The process of transferring a copy of a file from a remote computer to a local computer. [SRV]
- draft RFC
- (D) ISDs SHOULD NOT use this term, because the Request
for Comment series is archival in nature and does not have a 'draft'
category. [RFC2828] (see also Request for Comment)
- drop accountability
- Procedure under which a COMSEC account custodian initially
receipts for COMSEC material, and then provides no further accounting
for it to its central office of record. Local accountability of the
COMSEC material may continue to be required. [NSTISSC] (see also communications security)
- dual control
- (I) A procedure that uses two or more entities (usually
persons) operating in concert to protect a system resource, such that
no single entity acting alone can access that resource. [RFC2828]
A process of utilizing two or more separate entities (usually persons)
operating in concert to protect sensitive functions of information. [SRV] (see also security)
- dual driver service (DDS)
-
- dual signature
- (D) ISDs SHOULD NOT use this term except when stated as 'SET(trademark) dual signature' with the following meaning: (O)
SET usage: A single digital signature that protects two separate
messages by including the hash results for both sets in a single
encrypted value. (C) Generated by hashing each message
separately, concatenating the two hash results, and then hashing that
value and encrypting the result with the signer's private key. Done to
reduce the number of encryption operations and to enable verification
of data integrity without complete disclosure of the data. [RFC2828] (see also digital signature, encryption, hash, key, Secure Electronic Transaction)
- dual-homed gateway firewall
- A firewall consisting of a bastion host with two network
interfaces, one of which is connected to the protected network, the
other of which is connected to the Internet. IP traffic forwarding is
usually disabled, restricting all traffic between the two networks to
whatever passes through some kind of application proxy. [SRV] (see also networks, firewall)
- dump
- A mechanism to transfer the contents of computer memory to a printer or disk for debugging purposes. [SRV] (see also failure)
- dumpster diving
- The practice of raiding the dumpsters behind buildings where
producers and/or consumers of high-tech equipment are located with the
expectation of finding discarded but still-valuable equipment or
information. [AFSEC] (see also threat)
- dynamic analysis
- The process of evaluating a system or component based on its
behavior during execution. (NBS) Analysis that is performed by
executing the program code. Contrast with static analysis. [OVT] (see also testing, analysis)
- dynamic binding
- Also known as run-time binding or late binding. Dynamic
binding refers to the association of a message with a method during run
time, as opposed to compile time. It means that a message can be sent
to an object without prior knowledge of the object's class. A binding
in which the name/class association is not made until the object
designated by the name is created at execution time. [SRV]
- e-banking
- The remote delivery of new and traditional banking products and services through electronic delivery channels. [FFIEC] (see also internet)
- e-mail server
- A computer that manages e-mail traffic. [FFIEC] (see also internet)
- ease of use
- An aspect of the assessment of the effectiveness of a Target
of Evaluation, namely, that it cannot be configured or used in a manner
that is insecure but which an administrator or end-user would
reasonably believe to be secure. [ITSEC] An aspect of the
assessment of the effectiveness of a Target of Evaluation, namely, that
it cannot be configured or used in a manner that is insecure but which
an administrator or end-user would reasonably believe to be secure.
Note: this term can be used as a reference for each type of item to be
evaluated or under evaluation. [AJP] (see also target of evaluation)
- eavesdropping
- (I) Passive wiretapping done secretly, i.e., without
the knowledge of the originator or the intended recipients of the
communication. [RFC2828] An attack in which an attacker listens
to a private communication. The best way to thwart this attack is by
making it very difficult for the attacker to make any sense of the
communication by encrypting all messages. [IATF][misc] Listening in to voice or electronic data transmissions without authorization. [AFSEC] The unauthorized interception of information-bearing emanations through the use of methods other than wiretapping. [SRV] (see also emanation, emanations security, shoulder surfing, attack)
- economy of mechanism
- (I) The principle that each security mechanism should
be designed to be as simple as possible, so that the mechanism can be
correctly implemented and so that it can be verified that the operation
of the mechanism enforces the containing system's security policy. [RFC2828] (see also security)
- EE
- (D) ISDs SHOULD NOT use this abbreviation because of
possible confusion among 'end entity', 'end-to-end encryption',
'escrowed encryption standard', and other terms. [RFC2828]
- effective key length
- A measure of strength of a cryptographic algorithm, regardless of actual key length. [IATF] (see also encryption, key)
- effectiveness
- (1) A property of a Target of Evaluation representing how well
it provides security in the context of its actual or proposed
operational use. (2) In security evaluations, an aspect of assurance
assessing how well the applied security functions and mechanisms
working together will actually satisfy the security requirements. (3)
Effectiveness is established by evaluation (vetting) of a protection
profile (or security target, if there is no protection profile)
description of anticipated threats, intended method of use, and
residual risk. Effectiveness includes establishing suitability for use
in the specified environment. [AJP] A property of a Target of
Evaluation representing how well it provides security in the context of
its actual or proposed operational use. [ITSEC] In security
evaluations, an aspect of assurance assessing how well the applied
security functions and mechanisms working together will actually
satisfy the security requirements. [JTC1/SC27] (see also risk, security target, threat, assurance)
- egress filtering
- The process of blocking outgoing packets that use obviously
false Internet Protocol (IP) addresses, such as source addresses from
internal networks. [800-61] (see also internet)
- El Gamal algorithm
- (N) An algorithm for asymmetric cryptography, invented
in 1985 by Taher El Gamal, that is based on the difficulty of
calculating discrete logarithms and can be used for both encryption and
digital signatures. [ElGa, Schn]$ electronic codebook (ECB) (I)
An block cipher mode in which a plaintext block is used directly as
input to the encryption algorithm and the resultant output block is
used directly as ciphertext. [RFC2828] (see also digital signature, encryption)
- elapsed time
- Time as measured by an external observer, i.e., wall-clock time. [SRV]
- electrical power systems
- A critical infrastructure characterized by generation
stations, transmission and distribution networks that create and supply
electricity to end-users so that end-users achieve and maintain nominal
functionality, including the transportation and storage of fuel
essential to that system. [CIAO] (see also critical infrastructure)
- electromagnetic compatibility (EMC)
- The ability of electronic systems to operate in their intended
environments without suffering an unacceptable degradation of the
performance as a result of unintentional electromagnetic radiation or
response. [FIPS140]
- electromagnetic emanations
- Signals transmitted as radiation through the air and through conductors. [SRV] (see also emanation, emanations security)
- electromagnetic interference (EMI)
- electromagnetic phenomena which either directly or indirectly
can contribute to a degradation in the performance of an electronic
system. [FIPS140] (see also risk)
- electronic attack (EA)
- That division of EW involving the use of electromagnetic,
directed energy, or antiradiation weapons to attack personnel,
facilities, or equipment with the intent of degrading, neutralizing, or
destroying enemy combat capability. EA includes: actions taken to
prevent or reduce an enemy's effective use of the electromagnetic
spectrum, such as jamming and electromagnetic deception and employment
of weapons that use either electromagnetic or directed energy as their
primary destructive mechanism (lasers, radio frequency, particle
beams). [NSAINT] (see also communications security, attack)
- electronic benefit transfer (EBT)
- (see also networks)
- electronic codebook (ECB)
-
- electronic commerce
- (I) General usage: Business conducted through paperless
exchanges of information, using electronic data interchange, electronic
funds transfer (EFT), electronic mail, computer bulletin boards,
facsimile, and other paperless technologies. (O) SET usage: 'The
exchange of goods and services for payment between the cardholder and
merchant when some or all of the transaction is performed via
electronic communication.' [RFC2828] Using information technology to conduct business functions such as electronic payments and document interchange. [SRV] (see also communications, electronic data interchange, email, internet, Secure Electronic Transaction)
- electronic counter-countermeasures (ECCM)
- (see also counter measures)
- electronic countermeasures (ECM)
- (see also counter measures)
- electronic data interchange (EDI)
- (I) Computer-to-computer exchange, between trading partners, of business data in standardized document formats. (C)
EDI formats have been standardized primarily by ANSI X12 and by EDIFACT
(EDI for Administration, Commerce, and Transportation), which is an
international, UN-sponsored standard primarily used in Europe and Asia.
X12 and EDIFACT are aligning to create a single, global EDI standard. [RFC2828]
A communications standard for the electronic exchange of documents,
such as purchase orders and invoices, between buyers and sellers. [SRV] (see also communications, electronic commerce, value-added network)
- electronic document management system (EDMS)
- (see also system)
- electronic fill device (EFD)
-
- electronic funds transfer system (EFTS)
- (see also system)
- electronic generation, accounting, and distribution system (EGADS)
- (see also system)
- electronic intelligence (ELINT)
-
- electronic key entry
- The entry of cryptographic keys into a cryptographic module in
electronic form using a key loading device. The user entering the key
may have no knowledge of the value of the key being entered. [FIPS140] (see also key management)
- electronic key management
- Interoperable collection of systems being developed System
(EKMS) by services and agencies of the U.S. Government to automate the
planning, ordering, generating, distributing, storing, filling, using,
and destroying of electronic key and management of other types of
COMSEC material. [NSTISSC] (see also communications security, key)
- electronic key management system (EKMS)
- The EKMS is a National Security Agency (NSA) effort to
electronically provide communications security (COMSEC) material and
provide a logistics support system consisting of interoperable
Department, Agency or Organization (DAO) key management systems. [IATF] (see also communications security, key, system)
- electronic messaging services
- Services providing interpersonal messaging capability; meeting
specific functional, management, and technical requirements; and
yielding a business-quality electronic mail service suitable for the
conduct of official government business. [NSTISSC] (see also internet)
- electronic protection (EP)
- That division of EW involving actions taken to protect
personnel, facilities, and equipment from any effects of friendly or
enemy employment of EW that degrade, neutralize, or destroy friendly
combat capability. [NSAINT] (see also assurance)
- electronic security (ELSEC)
- Protection resulting from measures designed to (ELSEC) deny
unauthorized persons information derived from the interception and
analysis of noncommunications electromagnetic radiations. [NSTISSC] (see also analysis, security)
- electronic signature
- (D) ISDs SHOULD NOT use this term because there is no current consensus on its definition. [RFC2828]
A method of signing an electronic message that (1) identifies and
authenticates a particular person as the source of the electronic
message and (2) indicates such person's approval of the information
contained in the electronic message. [SRV] (see also digital signature, signature)
- electronic warfare (EW)
- Any military action involving the use of electromagnetic and
directed energy to control the electromagnetic spectrum or to attack
the enemy. The three major subdivisions within electronic warfare are
electronic attack, electronic protection, and electronic warfare
support. [NSAINT] (see also warfare)
- electronic warfare support (ES)
- That division of EW involving actions tasked by, or under
direct control of, an operational commander to search for, intercept,
identify, and locate sources of intentional and unintentional radiated
electromagnetic energy for the purpose of immediate threat recognition.
Thus, electronic warfare support provides information required for
immediate decisions involving EW operations and other tactical actions
such as threat avoidance, targeting and homing. ES data can be used to
produce signals intelligence. (JP 1-02) [NSAINT] (see also threat, warfare)
- electronically generated key
- Key generated in a COMSEC device by introducing (either
mechanically or electronically) a seed key into the device and then
using the seed, together with a software algorithm stored in the
device, to produce the desired key. [NSTISSC] (see also communications security, key)
- element
- An indivisible security requirement. [CC2][CC21][SC27]
Removable item of COMSEC equipment, assembly, or subassembly; normally
consisting of a single piece or group of replaceable parts. [NSTISSC] (see also communications security, security)
- elliptic curve cryptography
- (I) A type of asymmetric cryptography based on mathematics of groups that are defined by the points on a curve. (C)
The most efficient implementation of ECC is claimed to be stronger per
bit of key (against cryptanalysis that uses a brute force attack) than
any other known form of asymmetric cryptography. ECC is based on
mathematics different than the kinds originally used to define the
Diffie-Hellman algorithm and the Digital Signature Algorithm. ECC is
based on the mathematics of groups defined by the points on a curve,
where the curve is defined by a quadratic equation in a finite field.
ECC can be used to define both an algorithm for key agreement that is
an analog of Diffie-Hellman and an algorithm for digital signature that
is an analog of DSA. [RFC2828] (see also analysis, attack, digital signature, key)
- elliptic curve cryptosystem (ECC)
- A public key cryptosystem where the public and the private key
are points on an elliptic curve. ECC is purported to provide faster and
stronger encryption than traditional public key cryptosystems (e.g.
RSA). [misc] (see also asymmetric algorithm, system)
- Elliptic Curve Digital Signature Algorithm (ECDSA)
- (N) A standard that is the elliptic curve cryptography analog of the Digital Signature Algorithm. [RFC2828] (see also digital signature, Digital Signature Standard)
- email
- Abbreviation for electronic mail, which consists of messages
sent over an IS by communications applications. Email that is sent from
one computer system to another or over the Internet must pass through
gateways both to leave the originating system and to enter the
receiving system. [CIAO] (see also SET qualifier, Secure Data Network System, X.400, bounce, electronic commerce, message authentication code vs. Message Authentication Code, message handling system, message integrity code, pretty good privacy, simple mail transfer protocol, internet) (includes email packages, email security software, letterbomb, mailbomb, multipurpose internet mail extensions, privacy enhanced mail, secure multipurpose internet mail extensions, spam)
- email packages
- To communicate via electronic mail, an end-user usually makes
use of an Email client that provides the user-interface to create,
send, retrieve and read Email. Various different Email packages provide
the same set of basic functions but have different users-interfaces and
perhaps, special/extra functions. Some Email packages provide
encryption and digital signature capabilities. [RFC2504] (see also email) (includes email security software)
- email security software
- Software which provides security through digital signatures
and encryption (and decryption) to enable the end-user to protect
messages and documents prior to sending them over a possibly insecure
network. PGP is an example of such software. [RFC2504] (see also networks, email, email packages, security software, software) (includes pretty good privacy)
- emanation
- (I) An signal (electromagnetic, acoustic, or other
medium) that is emitted by a system (through radiation or conductance)
as a consequence (i.e., byproduct) of its operation, and that may
contain information. [RFC2828] A signal emitted by a system that is not explicitly allowed by its specification. [SRV]
Unintentional data-related or intelligence-bearing signals that, if
intercepted and analyzed, disclose the information transmission
received, handled, or otherwise processes by any information processing
equipment. [AFSEC] (see also RED signal, Common Criteria for Information Technology Security, Federal Standard 1027, TEMPEST test, eavesdropping, implant, procedural security, security architecture, suppression measure, TEMPEST, emanations security, threat) (includes electromagnetic emanations, emanations analysis)
- emanations analysis
- Gaining direct knowledge of communicated data by monitoring
and resolving a signal that is emitted by a system and that contains
the data but is not intended to communicate the data. [RFC2828] (see also analysis, emanation, threat consequence)
- emanations security (EMSEC)
- (I) Physical constraints to prevent information
compromise through signals emanated by a system, particular the
application of TEMPEST technology to block electromagnetic radiation. [RFC2828]
The protection that results from all measures designed to deny
unauthorized persons information of value that might be derived from
intercept and analysis of compromising emanations. [SRV] (see also emissions security, Common Criteria for Information Technology Security, Federal Standard 1027, TEMPEST test, analysis, eavesdropping, implant, procedural security, security architecture, suppression measure, TEMPEST) (includes compromising emanation performance requirement, compromising emanations, electromagnetic emanations, emanation, undesired signal data emanations)
- embedded computer
- Computer system that is an integral part of a larger system. [NSTISSC]
- embedded cryptographic system
- Cryptosystem performing or controlling a function as an integral element of a larger system or subsystem. [NSTISSC] (see also cryptography)
- embedded cryptography
- Cryptography engineered into an equipment or system whose basic function is not cryptographic. [NSTISSC] (see also cryptography)
- embedded system
- A system that performs or controls a function, either in whole
or in part, as an integral element of a larger system or subsystem. [AJP][NCSC/TG004] (see also system)
- emergency action message (EAM)
-
- emergency plan
- (D) A synonym for 'contingency plan'. In the interest
of consistency, ISDs SHOULD use 'contingency plan' instead of
'emergency plan'. [RFC2828] The steps to be followed during and immediately after an emergency such as a fire, tornado, bomb threat, etc. [FFIEC] (see also threat, contingency plan)
- emergency response
- The immediate action taken upon occurrence of events such as
natural disasters, fire, civil disruption, and bomb threats in order to
protect lives, limit the damage to property, and minimize the impact on
computer operations. A response to emergencies such as fire, flood,
civil commotion, natural disasters, bomb threats, etc. in order to
protect lives, limit the damage to property, and minimize the impact on
computer operations. [SRV] (see also threat)
- emergency response time (EMRT)
-
- emergency services
- A critical infrastructure characterized by medical, police,
fire, and rescue systems and personnel that are called upon when an
individual or community is responding to emergencies. These services
are typically provided at the local level (county or metropolitan
area). In addition, state and Federal response plans define emergency
support functions to assist in response and recovery. [CIAO] (see also recovery, critical infrastructure)
- emissions security (EMSEC)
- Protection resulting from measures taken to deny (EMSEC)
unauthorized persons information derived from intercept and analysis of
compromising emanations from crypto-equipment or an IT system. [NSTISSC]
The protection resulting from all measures taken to deny unauthorized
persons information of value that might be derived from interception
and from an analysis of compromising emanations from systems. [AJP][NCSC/TG004] (see also emanations security, RED signal, analysis, cryptography, telecommunications, Automated Information System security, TEMPEST, communications security, computer security)
- empty position
- A bit position of an array of bits to which no value is assigned. [SC27]
- encapsulating security payload (ESA) (ESP)
- (I) An Internet IPsec protocol designed to provide a
mix of security services--especially data confidentiality service--in
the Internet Protocol. (C) ESP may be used alone, or in
combination with the IPsec AH protocol, or in a nested fashion with
tunneling. Security services can be provided between a pair of
communicating hosts, between a pair of communicating security gateways,
or between a host and a gateway. The ESP header is encapsulated by the
IP header, and the ESP header encapsulates either the upper layer
protocol header (transport mode) or an IP header (tunnel mode). ESP can
provide data confidentiality service, data origin authentication
service, connectionless data integrity service, an anti-replay service,
and limited traffic flow confidentiality. The set of services depends
on the placement of the implementation and on options selected when the
security association is established. [RFC2828] A mechanism to provide confidentiality and integrity protection to IP datagrams. [NSAINT]
This message header is designed of provide a mix of security services
that provides confidentiality, data origin authentication,
connectionless integrity, an anti-replay service, ad limited traffic
flow confidentiality. [IATF] (see also authentication, confidentiality, Internet Protocol security, security protocol)
- encapsulation
- Enveloping a user or resource in a defined set of attributes. [misc]
The packaging of data and procedures into a single programmatic
structure. In object-oriented programming languages, encapsulation
means that an object's data structures are hidden from outside sources
and are accessible only through the object's protocol. [SRV]
- encipher
- (D) ISDs SHOULD NOT use this term as a synonym for 'encrypt'. [RFC2828] Convert plain text to cipher text by means of a cryptographic system. [NSTISSC] To convert plain text into an unintelligible form by means of a cipher system. [SRV] (see also encryption)
- encipherment
- (D) ISDs SHOULD NOT use this term as a synonym for
'encryption', except in special circumstances that are explained in the
usage discussion under 'encryption'. [RFC2828] Alternative term for encryption. [SC27] The (reversible) transformation of data by a cryptographic algorithm to produce ciphertext, i.e. to hide the data. [SC27]
The (reversible) transformation of data by a cryptographic algorithm to
produce ciphertext, i.e. to hide the data. [ISO/IEC CD 10116 (12/2001)]
The (reversible) transformation of data by a cryptographic algorithm to
produce ciphertext, i.e., to hide the information content of the data.
[ISO/IEC 9797-1: 1999, ISO/IEC 9798-1: 1997, ISO/IEC 11770-1: 1996,
ISO/IEC 11770-3: 1999, ISO/IEC FDIS 15946-3 (02/2001)] Alternative term
for encryption. [SC27] The (reversible) transformation of data
by a cryptographic algorithm to produce ciphertext, i.e., to hide the
information content of the data. [SC27] (see also encryption)
- encipherment algorithm
- Alternative term for encryption algorithm. [SC27] (see also cryptography)
- encode
- (I) Use a system of symbols to represent information, which might originally have some other representation. (C) Examples include Morse code, ASCII, and BER. (D) ISDs SHOULD NOT use this term as a synonym for 'encrypt', because encoding is not usually intended to conceal meaning. [RFC2828] Convert plain text to cipher text by means of a code. [NSTISSC] To convert plain text into an unintelligible form by means of a code system. [SRV] (see also encryption)
- encrypt
- Generic term encompassing encipher and encode. [NSTISSC] (see also cryptography)
- encrypt
- (I) Cryptographically transform data to produce ciphertext. [RFC2828]
To convert plain text into ciphertext, an unintelligible form, through
the use of a cryptographic algorithm. The term encrypt includes the
meanings of encipher and encode. [SRV] (see also encryption)
- encrypt for transmission only (EFTO)
- (see also encryption, networks)
- encrypted key
- A cryptographic key that has been encrypted with a key
encrypting key, a PIN, or a password in order to disguise the value of
the underlying plaintext key. [FIPS140][SRV] (see also passwords, key, key recovery)
- encryption
- (I) Cryptographic transformation of data (called
'plaintext') into form (called 'ciphertext') that conceals the data's
original meaning to prevent it from being known or used. If the
transformation is reversible, the corresponding reversal process is
called 'decryption', which is a transformation that restores encrypted
data to its original state. (C) Usage note: For this concept,
ISDs should use the verb 'to encrypt' (and related variations:
encryption, decrypt, and decryption). However, because of cultural
biases, some international usage, particularly ISO and CCITT standards,
avoids 'to encrypt' and instead uses the verb 'to encipher' (and
related variations: encipherment, decipher, decipherment). (O) 'The cryptographic transformation of data to produce ciphertext.' (C)
Usually, the plaintext input to an encryption operation is cleartext.
But in some cases, the plaintext may be ciphertext that was output from
another encryption operation. (C) Encryption and decryption
involve a mathematical algorithm for transforming data. In addition to
the data to be transformed, the algorithm has one or more inputs that
are control parameters: (a) key value that varies the transformation
and, in some cases, (b) an initialization value that establishes the
starting state of the algorithm. [RFC2828] (Reversible)
transformation of data by a cryptographic algorithm to produce
ciphertext, i.e. to hide the information content of the data. [SC27]
1) A data security technique used to protect information from
unauthorized inspection or alteration. Information is encoded so that
it appears as a meaningless string of letters and symbols during
delivery or transmission. Upon receipt, the information is decoded
using an encryption key. 2) The conversion of information into a code
or cipher. [FFIEC] The process of making information
indecipherable to protect it from unauthorized viewing or use,
especially during transmission or storage. Encryption is based on an
algorithm and at least one key. Even if the algorithm is known, the
information cannot be decrypted without the key(s). [AJP] The
transformation of data into a form readable only by using the
appropriate key, held only by authorized parties. The key rearranges
the data into its original form by reversing the encryption. It is a
process of systematically encoding a bit stream before transmission so
that an unauthorized party cannot decipher it. The process of
transforming data to an unintelligible form in such a way that the
original data either cannot be obtained (one-way encryption) or cannot
be obtained without using the inverse decryption process (two-way
encryption). [SRV] (see also cleartext, decryption, Advanced Encryption Standard, CAST, COMSEC control program, Clipper chip, Cryptographic Message Syntax, Data Encryption Algorithm, Diffie-Hellman, El Gamal algorithm, Escrowed Encryption Standard, Federal Standard 1027, Fortezza, IEEE P1363, Internet Protocol security, Internet Security Association and Key Management Protocol, Law Enforcement Access Field, MIME Object Security Services, NULL encryption algorithm, Rivest-Shamir-Adelman algorithm, Rivest-Shamir-Adleman, SET private extension, Secure/MIME, Simple Key-management for Internet Protocols, Terminal Access Controller Access Control System, The Exponential Encryption System, Transport Layer Security Protocol, asymmetric cryptography, authentication code, baggage, block cipher, break, cardholder certificate, cipher, ciphertext, code, code book, cooperative key generation, cryptanalysis, crypto-algorithm, cryptographic algorithm, cryptographic ignition key, cryptographic initialization, cryptographic key, cryptosystem, decrypt, dictionary attack, digital envelope, digital signature, dual signature, encrypt for transmission only, encryption certificate, endorsed data encryption standard products list, hybrid encryption, in the clear, indistinguishability, information systems security, initialization vector, initialize, intelligent threat, key, key agreement, key center, key distribution center, key generator, key pair, key recovery, key translation center, key transport, key-encrypting key, key-escrow system, keyed hash, low-cost encryption/authentication device, merchant certificate, message authentication code vs. Message Authentication Code, message integrity code, mode of operation, off-line cryptosystem, on-line cryptosystem, one-time pad, over-the-air key transfer, over-the-air rekeying, password system, per-call key, personality label, privacy system, protected communications, protected distribution systems, public cryptography, public-key cryptography, public-key forward secrecy, salt, secret-key cryptography, secure shell, secure socket layer, security management infrastructure, security mechanism, semantic security, session key, signature certificate, start-up KEK, stream cipher, symmetric cryptography, symmetric key, system indicator, tactical trunk encryption device, threat consequence, traffic analysis, triple DES, trunk encryption device, tunnel, unencrypted, virtual private network, wrap, Secure Electronic Transaction, privacy enhanced mail) (includes Cryptographic Application Program Interface, Data Encryption Standard, asymmetric cryptographic algorithm, bulk encryption, cryptographic functions, data encryption key, dedicated loop encryption device, effective key length, encipher, encipherment, encode, encrypt, encryption algorithm, encryption software, end-to-end encryption, key-encryption-key, link encryption, one-way encryption, pretty good privacy, secure multipurpose internet mail extensions, superencryption, symmetric algorithm, tamper)
- encryption algorithm
- Cryptographic technique used to protect the confidentiality of
data. An encryption algorithm consists of two processes: encryption (or
encipherment) which transforms plaintext into ciphertext, and
decryption (or decipherment) which transforms ciphertext to plaintext. [SC27]
Set of mathematically expressed rules for rendering data unintelligible
by executing a series of conversions controlled by a key. end-item
accounting Accounting for all the accountable components of a COMSEC
equipment configuration by a single short title. [NSTISSC] (see also communications security, confidentiality, encryption)
- encryption certificate
- (I) A public-key certificate that contains a public key
that is intended to be used for encrypting data, rather than for
verifying digital signatures or performing other cryptographic
functions. C) A v3 X.509 public-key certificate may have a 'keyUsage'
extension that indicates the purpose for which the certified public key
is intended. [RFC2828] (see also digital signature, encryption, key, certificate)
- encryption software
- The software that actually provides the needed functionality for end users to encrypt messages and files. PGP is one example. [RFC2504] (see also encryption, software)
- encryption strength
- The strength of encryption is measured by the amount of effort
needed to break a cryptosystem. Typically this is measured by the
length of the key used for encryption. The strength of encryption is
algorithm-dependent. e.g. the minimum acceptable key length for DES is
56 bits, while the minimum acceptable length for RSA is 512 bits. By
one measure RSA strength of encryption is proportional to 10**(sqrt(N))
... ten raised to the square root of N, where N is the number of bits
in the key. By comparison, ECC strength is approximately 10**(N/5) ...
ten raised to N divided by 5. [misc] (see also quality of protection)
- encryption tools
- (see also security software)
- end entity
- (I) A system entity that is the subject of a public-key
certificate and that is using, or is permitted and able to use, the
matching private key only for a purpose or purposes other than signing
a digital certificate; i.e., an entity that is not a CA. (D) 'A certificate subject which uses its public key for purposes other than signing certificates.' (C)
ISDs SHOULD NOT use the X.509 definition, because it is misleading and
incomplete. First, the X.509 definition should say 'private key' rather
than 'public key' because certificates are not usefully signed with a
public key. Second, the X.509 definition is weak regarding whether an
end entity may or may not use the private key to sign a certificate,
i.e., whether the subject may be a CA. The intent of X.509's authors
was that an end entity certificate is not valid for use in verifying a
signature on an X.509 certificate or X.509 CRL. Thus, it would have
been better for the X.509 definition to have said 'only for purposes
other than signing certificates'. (C) Despite the problems in
the X.509 definition, the term itself is useful in describing
applications of asymmetric cryptography. The way the term is used in
X.509 implies that it was meant to be defined, as we have done here,
relative to roles that an entity (which is associated with an OSI end
system) is playing or is permitted to play in applications of
asymmetric cryptography other than the PKI that supports applications. (C)
Whether a subject can play both CA and non-CA roles, with either the
same or different certificates, is a matter of policy. A v3 X.509
public-key certificate may have a 'basicConstraints' extension
containing a 'cA' value that specifically 'indicates whether or not the
public key may be used to verify certificate signatures'. [RFC2828] (see also certificate, cryptography, digital signature, key, public-key infrastructure)
- end system
- (I) An OSI term for a computer that implements all
seven layers of the OSIRM and may attach to a subnetwork. (In the
context of the Internet Protocol Suite, usually called a 'host'.) [RFC2828] (see also internet, networks, system)
- end-to-end encryption
- (I) Continuous protection of data that flows between
two points in network, provided by encrypting data when it leaves its
source, leaving it encrypted while it passes through any intermediate
computers (such as routers), and decrypting only when the data arrives
at the intended destination. (C) When two points are separated
by multiple communication links that are connected by one or more
intermediate relays, end-to-end encryption enables the source and
destination systems to protect their communications without depending
on the intermediate systems to provide the protection. [RFC2828] Encryption of information at its origin and decryption at its intended destination without intermediate decryption. [NSTISSC]
The protection of information passed in a telecommunications system by
cryptographic means, from point of origin to point of destination. [AJP][NCSC/TG004][SRV] (see also networks, encryption)
- end-to-end security
- Safeguarding information in an IS from point of origin to point of destination. [NSTISSC]
The safeguarding of information in a secure telecommunication system by
cryptographic or protected distribution system means from point of
origin to point of destination. [SRV] (see also cryptography, security)
- end-user
- (I) General usage: A system entity, usually a human
individual, that makes use of system resources, primarily for
application purposes as opposed to system management purposes. (I) PKI usage: A synonym for 'end entity'; but the term 'end entity' is preferred. [RFC2828] A person in contact with a Target of Evaluation who makes use only of its operational capability. [AJP][ITSEC] An (human) individual that makes use of computer systems and networks. [RFC2504] (see also networks, public-key infrastructure, target of evaluation, user)
- end-user computing (EUC)
- (see also user)
- endorsed cryptographic products list (ECPL)
- (see also cryptography)
- endorsed data encryption standard products list (EDESPL)
- (see also encryption)
- endorsed for unclassified
- Unclassified cryptographic equipment that cryptographic item
(EUCI) embodies a U.S. Government classified cryptographic logic and is
endorsed by NSA for the protection of national security information. [NSTISSC] (see also cryptography)
- endorsed for unclassified cryptographic information (EUCI)
- (see also cryptography)
- Endorsed TEMPEST Products List (ETPL)
- (see also TEMPEST)
- endorsed tools list (ETL)
- The list of formal verification tools endorsed by the NCSC for the development of systems with high levels of trust. [NCSC/TG004]
The list of formal verification tools endorsed by the U.S. NCSC
(National Computer Security Center) for the development of systems with
high levels of trust. [AJP] (see also computer security, trust, Information Systems Security products and services catalogue, National Information Assurance partnership, formal verification)
- endorsement
- NSA approval of a commercially developed product for safeguarding national security information. [NSTISSC]
- energy-efficient computer equipment
- Computer equipment that provides equivalent or better
performance and value to users, but uses significantly less energy than
competing models. [SRV] (see also model)
- enforcement vector (EV)
-
- engineering development model (EDM)
-
- enhanced hierarchical development methodology
- An integrated set of tools designed to aid in creating,
analyzing, modifying, managing, and documenting program specifications
and proofs. This methodology includes a specification parser and type
checker, a theorem prover, and a multilevel security checker. Note:
this methodology is not based on the hierarchical development
methodology. [AJP][NCSC/TG004] (see also security, software development methodologies)
- enterprise resource planning (ERP)
-
- entity
- A collection of information items that be grouped together
conceptually and distinguished from their surroundings. An entity is
described by its attributes. Entities can be linked, or can have
relationships to other entities. [SRV] Any participant in an
authentication exchange, such a participant may be human or nonhuman,
and may take the role of a claimant and/or verifier. It can be either a
subject (an active element that operates on information or the system
state) or an object (a passive element that contains or receives
information). [SRV] (see system entity) (see also authentication)
- entity authentication
- The corroboration that an entity is the one claimed. [SC27] (see also authentication)
- entity authentication of A to B
- The assurance of the identity of entity A for entity B. [SC27] (see also authentication)
- entity-wide security
- Planning and management that provides a framework and
continuing cycle of activity for managing risk, developing security
policies, assigning responsibilities, and monitoring the adequacy of
the entity’s physical and cyber security controls. [CIAO] (see also security)
- entrapment
- (I) 'The deliberate planting of apparent flaws in a
system for the purpose of detecting attempted penetrations or confusing
an intruder about which flaws to exploit.' [RFC2828] Deliberate planting of apparent flaws in an IS for the purpose of detecting attempted penetrations. [NSTISSC] The deliberate planting of apparent flaws in a system for the purpose of detecting attempted penetrations. [AFSEC][AJP][NCSC/TG004][SRV] (see also exploit, risk management)
- entry label
- The naming information that identifies a registered PP or package uniquely. [SC27]
- entry-level certification
- The most basic certification level, appropriate for systems
engendering low levels of concern for confidentiality, integrity, and
availability. [800-37] (see also availability, confidentiality, integrity, certification)
- environment
- (1) All entities - users, procedures, conditions, objects,
AISs, and other IT products - that interact with (affect the
development, operation, and maintenance of) an IT product. (2) The
aggregate of external procedures, conditions, and objects that affect
the development, operation, and maintenance of a system. [AJP]
Aggregate of external procedures, conditions, and objects affecting the
development, operation, and maintenance of an IT system. [800-37][NSTISSC]
Aggregate of the external procedures, conditions, and objects affecting
the development, operation, and maintenance of an IT system. [CIAO]
All entities (users, procedures, conditions, objects, AISs, other IT
products) that interact with (affect the development, operation, and
maintenance of) that IT product. [FCv1] The aggregate of
external procedures, conditions, and objects that affect the
development, operation, and maintenance of a system. [NCSC/TG004] (includes object)
- environmental failure protection (EFP)
- The use of features designed to protect against a compromise
of the security of a cryptographic module due to environmental
conditions or fluctuations outside of the module's normal operating
range. [FIPS140] (see also assurance, cryptography, failure, risk management)
- environmental failure testing (EFT)
- The use of testing to provide a reasonable assurance that a
cryptographic module will not be affected by environmental conditions
or fluctuations outside of the module's normal operating range in a
manner that can compromise the security of the module. [FIPS140] (see also cryptography, failure, test)
- ephemeral key
- (I) A public key or a private key that is relatively short-lived. [RFC2828] (see also key)
- equipment radiation TEMPEST zone (ERTZ)
- (see also TEMPEST)
- erasure
- A process by which a signal recorded on magnetic media is
removed. Erasure is accomplished in two ways: (1) by alternating
current erasure, by which the information is destroyed by applying an
alternating high and low magnetic field to the media; or (2) by direct
current erasure, by which the media are saturated by applying a
unidirectional magnetic field. [AJP][NCSC/TG004][SRV] Process intended to render magnetically stored information irretrievable by normal means. [NSTISSC] (includes degauss, overwrite procedure)
- error
- (1) The difference between a computed, observed, or measured
value and the true, specified, or theoretically correct value or
condition. (2) An incorrect step, process, or data definition. Often
called a bug. (3) An incorrect result. (4) A human action that produces
an incorrect result, and (5) The deviation of a system from normal
operation that may have been caused by a fault. [SRV] (1) The
difference between a computed, observed, or measured value or condition
and the true. specified, or theoretically correct value or condition.
(2) An incorrect step, process, or data definition. Also: fault. (3) An
incorrect result. Also: failure. (4) A human action that produces an
incorrect result. Also: mistake. (ISO) A discrepancy between a
computed, observed, or measured value or condition and the true,
specified, or theoretically correct value or condition. An error is a
mistake made by a developer. It might be typographical error, a
misleading of a specifications, a misunderstanding of what a subroutine
does, and so on (IEEE 1990). An error might lead to one or more faults.
Faults are located in the text of the program. More precisely, a fault
is the difference between incorrect program and the correct version
(IEEE 1990). [OVT] (see also bug, fault)
- error analysis
- The use of techniques to detect errors, to estimate/predict
the number of errors, and to analyze error data both singly and
collectively. [SRV] (see also analysis)
- error detection and correction (EDAC)
-
- error detection code (EDC)
- (I) A checksum designed to detect, but not correct, accidental (i.e., unintentional) changes in data. [RFC2828]
A code computed from data and comprised of redundant bits of
information designed to detect, but not correct, unintentional changes
in the data. [FIPS140][SRV] (see also integrity) (includes check character)
- error guessing
- A test case design technique where the experience of the
tester is used to postulate what faults might occur, and to design
tests specifically to expose them. [OVT] (see also test)
- error seeding
- Planting errors in programs. [SRV] The process of
intentionally adding known faults to those already in a computer
program for the purpose of monitoring the rate of detection and
removal, and estimating the number of faults remaining in the program.
Contrast with mutation analysis. [OVT] (see also bebugging, analysis, assurance, mutation analysis)
- Escrowed Encryption Standard (EES)
- (N) A U.S. Government standard that specifies use of a
symmetric encryption algorithm (SKIPJACK) and a Law Enforcement Access
Field (LEAF) creation method to implement part of a key escrow system
that provides for decryption of encrypted telecommunications when
interception is lawfully authorized. (C) Both SKIPJACK and the
LEAF are to be implemented in equipment used to encrypt and decrypt
unclassified, sensitive telecommunications data. [RFC2828] (see also encryption, key)
- Estelle
- (N) A language (ISO 9074-1989) for formal specification of computer network protocols. [RFC2828] (see also networks)
- ethernet meltdown
- An event that causes saturation or near saturation on an
Ethernet. It usually results from illegal or misrouted packets and
typically lasts only a short time. As an example, consider an IP
datagram directed to a nonexistent host and delivered via hardware
broadcast to all machines on the network. Gateways receiving the
broadcast will send out ARP packets in an attempt to find the host and
deliver the datagram. [AFSEC] (see also networks, threat)
- ethernet sniffing
- This is listening with software to the Ethernet interface for
packets that interest the user. When the software sees a packet that
fits certain criteria, it logs it to a file. The most common criteria
for an interesting packet is one that contains words like login or
password. [AFSEC][NSAINT] (see also packet sniffer, passwords, promiscuous mode, software, sniffing)
- Europay, MasterCard, Visa (EMV)
- (I) An abbreviation of 'Europay, MasterCard, Visa'.
Refers to a specification for smart cards that are used as payment
cards, and for related terminals and applications. [RFC2828] (see also tokens)
- European Information Technology Security Evaluation Criteria (ITSEC)
- Commission of the European Communities, European Information
Technology Security Evaluation Criteria (ITSEC), Provisional Harmonized
Criteria: Version 1.2, Office for Official Publications of the European
Communities, Luxembourg, June 1991. [ITSEC] European security evaluation criteria for targets of evaluation (TOE). [AJP] (see also Common Criteria for Information Technology Security Evaluation, computer security, criteria, target of evaluation) (includes assurance, correctness)
- European quality award (EQA)
- (see also quality)
- evaluated products list (EPL)
- (O) General usage: A list of information system
equipment items that have been evaluated against, and found to be
compliant with, particular set of criteria. (O) U.S. Department
of Defense usage: The Evaluated Products List
(http://www.radium.ncsc.mil/tpep/epl/) contains items that have been
evaluated against the TCSEC by the NCSC, or against the Common Criteria
by the NCSC or one of its partner agencies in another county. The List
forms Chapter 4 of NSA's 'Information Systems Security Products and
Services Catalogue'. [RFC2828] A list of equipment, hardware,
software, and firmware that have been evaluated against, and found to
be technically compliant, at a particular level of trust, with the DoD
(US Department of Defense) TCSEC (Trusted Computer System Security
Evaluation Criteria) by the NCSC (National Computer Security Center).
The EPL is included in NSA's 'Information Systems Security Products and
Services Catalogue,' that is available through the Government Printing
Office. [AJP] A list of equipments, hardware, software, and/or
firmware that have been evaluated against, and found to be technically
compliant, at a particular level of trust, with the DoD TCSEC by the
NCSC. The EPL is included in the U.S. National Security Agency
Information Systems Security Products and Services Catalogue, that is
available through the Government Printing Office. [NCSC/TG004]
Equipment, hardware, software, and/or firmware valuated by the National
Computer Security Center (NCSC) in accordance with DoD TCSEC and found
to be technically compliant at a particular level of trust. The EPL is
included in the NSA Information Systems Security Products and Services
Catalogue. [NSTISSC] (see also computer security, evaluation, software, trust, trusted computer system, Information Systems Security products and services catalogue, National Information Assurance partnership, National Security Agency)
- evaluated system
- (I) Refers to a system that has been evaluated against security criteria such as the TCSEC or the Common Criteria. [RFC2828] (see also security, evaluation, system)
- evaluation
- (1) Technical assessment of a component's, product's,
subsystem's, or system's security properties that establishes whether
the component, product, subsystem, or system meets a specific set of
requirements, e.g. defined evaluation criteria. Note: Evaluation is a
term that causes much confusion in the security community, because it
is used in many different ways. It is sometimes used in the general
English sense (judgment or determination of worth or quality). Based on
common usage of the term in the security community, one can distinguish
between two types of evaluation: (a) evaluations that exclude the
environment, and (b) evaluations that include the environment. This
second type of evaluation, an assessment of a system's security
properties with respect to a specific operational mission, is termed
certification. Evaluations that exclude the environment are assessments
of the security properties against a defined criterion. (2) The process
- given a security policy, a consistent description of required
security functions, and a targeted assurance level - of achieving
assurance. Evaluation also includes the checking for security
vulnerabilities (in relation to the security policy). (3) The
assessment of An IT system, product, or component against defined
evaluation criteria. [AJP] Assessment of a PP, an ST or a TOE, against defined criteria. [CC2][CC21][SC27]
Assessment of a PP, an ST or a TOE, against defined criteria. [ISO/IEC
15408-1: 1999] Assessment of a deliverable against defined criteria. [SC27] Assessment of a deliverable against defined criteria. [SC27]
Evaluation is a decision about significance, value, or quality of
something, based on careful study of its good and bad features.
Assessment of a PP [Protection Profile], an ST [Security Target] or a
TOE [Target of Evaluation], against defined criteria. [OVT]
Technical assessment of a component's, product's, subsystem's, or
system's security properties that establishes whether or not the
component, product, subsystem, or system meets a specific set of
requirements. Note: Evaluation is a term that causes much confusion in
the security community, because it is used in many different ways. It
is sometimes used in the general English sense (judgement or
determination of worth or quality). Based on common usage of the term
in the security community, one can distinguish between two types of
evaluation: (1) evaluations that exclude the environment, and (2)
evaluations that include the environment. This second type of
evaluation, an assessment of a system's security properties with
respect to a specific operational mission, is termed certification
within this document. Evaluations that exclude the environment, the
type of evaluations considered herein, are assessments of the security
properties against a defined criteria. [FCv1] The assessment of An IT system, product, or component against defined evaluation criteria. [ITSEC]
The assessment of an IT product against predefined IT security
evaluation criteria and IT security evaluation methods to determine
whether or not the claims made for the security of the product are
justified. [NIAP] The process -given a security policy, a
consistent description of required security functions and a targeted
assurance level -of achieving assurance. Evaluation also includes the
checking for security vulnerabilities (in relation to the security
policy). [JTC1/SC27] (see also analysis, A1, Commercial COMSEC, Common Criteria Testing Laboratory, Common Criteria Testing Program, Common Criteria for Information Technology Security, DoD Trusted Computer System, FIPS approved security method, NIAP Oversight Body, National Computer Security Center, National Voluntary Laboratory Accreditation Program, Red book, Scope of Accreditation, Validation Certificate, Yellow book, accreditation, accreditation range, accredited, approval/accreditation, approved technologies list, approved test methods list, benchmark, beyond A1, candidate TCB subset, certificate, certificate revocation list, computer security, controlled access protection, criteria, cryptosystem survey, descriptive top-level specification, design documentation, designated, designated laboratories list, designating authority, designation policy, evaluated products list, flaw hypothesis methodology, interface control document, network component, observation reports, penetration test, preproduction model, protection philosophy, quality, requirements for content and presentation, requirements for evidence, risk analysis, risk management, risk treatment, security, security policy model, security-compliant channel, source selection, sponsor, subset-domain, technology area, test method, test procedure, testing, threat assessment, trusted network interpretation, certification) (includes Common Criteria for Information Technology Security Evaluation, Common Evaluation Methodology, DoD Trusted Computer System Evaluation Criteria, Evaluation Technical Report, Evaluation Work Plan, IT Security Evaluation Criteria, IT Security Evaluation Methodology, Information Technology Security Evaluation Criteria, Monitoring of Evaluations, NIAP Common Criteria Evaluation and Validation Scheme, Trusted Computer System Evaluation Criteria, Trusted Products Evaluation Program, assurance, certification and accreditation, certification test and evaluation, cryptosystem evaluation, evaluated system, evaluation and validation scheme, evaluation authority, evaluation facility, evaluation pass statement, evaluation scheme, program evaluation and review technique, quality of protection, risk evaluation, security evaluation, software system test and evaluation process, strength of a requirement, system security evaluation, target of evaluation, validation, verification)
- evaluation and validation scheme
- The systematic organization of the functions of evaluation and
validation within a given country under the authority of an oversight
body in order to ensure that high standards of competence and
impartiality are maintained and that consistency is achieved. [NIAP] (see also evaluation)
- evaluation assurance
- (1) Source of IT product assurance based on the kind and
intensity of the evaluation analysis performed on the product. (2)
Specifies the nature and intensity of evaluation activities to be
performed on a TOE (Target of Evaluation), based on the expected threat
and the intended environments. [AJP] Source of IT product assurance based on the kind and intensity of the evaluation analysis performed on the product. [FCv1]
Specifies the nature and intensity of evaluation activities to be
performed on a TOE, based on the expected threat and the intended
environments. [JTC1/SC27] (see also analysis, threat, assurance) (includes evaluation assurance level)
- evaluation assurance component
- Fundamental building block, specifying the type and the rigor
of required evaluation activities, from which evaluation assurance
requirements are assembled. [AJP][FCv1] (see also assurance, component)
- evaluation assurance level (EAL)
- A package consisting of assurance components from Part 3 that represents a point on the CC predefined assurance scale. [CC2][CC21][SC27]
A scale for measuring the criteria for the evaluation of requirements.
Uniformly increasing, the scale balances the level of assurance
obtained with the cost and feasibility of acquiring that level of
assurance. Firewall A system or combination of systems that enforces a
boundary between two or more networks. [IATF] Predefined set of assurance components that represents a point on the CC assurance scale. [CC1] (see also networks, Common Criteria for Information Technology Security Evaluation, evaluation assurance, requirements) (includes evaluation criteria, evaluator, evaluator actions)
- evaluation assurance package
- Grouping of evaluation assurance components assembled to ease
specification and common understanding of the type and the rigor of
required evaluation activities. [AJP][FCv1] (see also assurance)
- evaluation assurance requirements
- Requirements in a protection profile that address both the
type and the rigor of activities that must occur during product
evaluation. [AJP][FCv1] (see also assurance)
- evaluation authority
- A body that implements the CC for a specific community by
means of an evaluation scheme and thereby sets the standards and
monitors the quality of evaluations conducted by bodies within that
community. [CC2][CC21][SC27] (see also quality, evaluation)
- evaluation criteria
- A set of requirements defining the conditions under which an
evaluation is performed. These requirements can also be used in
specification and development of systems and products. [AJP][JTC1/SC27] (see also evaluation assurance level)
- evaluation facility
- An organization which carries out evaluations, independently
of the manufacturers and vendors of the products evaluated and usually
on a commercial basis. [NIAP] (see also evaluation)
- evaluation pass statement
- A statement issued by an organisation that performs
evaluations against ISO/IEC 15408 confirming that a PP has successfully
passed assessment against the evaluation criteria given in clause 4 of
Part 3 of that International Standard. [SC27] (see also evaluation)
- evaluation scheme
- The administrative and regulatory framework under which the CC
is applied by an evaluation authority within a specific community. [CC2][CC21][SC27] (see also evaluation)
- Evaluation Technical Report
- A report giving the details of the findings of an evaluation,
submitted by the CCTL to the NIAP Oversight Body as the principal basis
for the validation report. [NIAP] (see also Common Criteria Testing Laboratory, evaluation)
- Evaluation Work Plan
- A document produced by a CCTL detailing the organization, schedule, and planned activity for an IT security evaluation. [NIAP] (see also computer security, security, Common Criteria Testing Laboratory, evaluation)
- evaluator
- (1) The independent person or organization that performs an
evaluation. (2) Individual or group responsible for the independent
assessment of IT product security (e.g. product evaluators, system
security officers, system certifiers, and system accreditors). [AJP]
Individuals or groups responsible for the independent assessment of IT
product security (e.g. product evaluators, system security officers,
system certifiers, and system accreditors). [FCv1] The independent person or organization that performs an evaluation. [ITSEC] (see also evaluation assurance level)
- evaluator actions
- A component of the evaluation criteria for a particular phase
or aspect of evaluation, identifying what the evaluator must do to
check the information supplied by the sponsor of the evaluator, and the
additional activities he must perform. [AJP][ITSEC] (see also evaluation assurance level)
- event
- An occurrence of some specific data, situation or activity. [SC27] An occurrence, not yet assessed, that may affect the performance of an IT system. [CIAO] Any observable occurrence in a network or system. [800-61] Occurrence, not yet assessed, that may effect the performance of an IT system. [NSTISSC] (see also incident)
- evidence
- Information that either by itself or when used in conjunction
with other information is used to establish proof about an event or
action. NOTE - Evidence does not necessarily prove truth or existence
of something but contributes to establish proof. [SC27] (see also audit trail, correctness, delivery authority, development assurance, development assurance requirements, failure, logging, monitor, non-repudiation, non-repudiation information, non-repudiation of submission, non-repudiation of transport, non-repudiation policy, non-repudiation service, non-repudiation token, notarization, notary, operations security, proof, secure envelope, security audit trail, security target, statistical estimate, time-stamping authority, time-stamping service, trusted time stamping authority, validate vs. verify, validation, validation report, verifier, witness) (includes evidence requester, evidence subject, requirements for evidence)
- evidence requester
- An entity requesting an evidence to be generated either by another entity or by a trusted third party. [SC27] (see also trust, evidence)
- evidence subject
- The entity responsible for the action, or associated with the event, with regard to which evidence is generated. [SC27] (see also evidence)
- exception
- An event that causes suspension of normal program execution.
Types include addressing exception, data exception, operation
exception, overflow exception, protection exception, underflow
exception. [OVT] (see also bug, fault)
- exchange multiplicity parameter
- Positive integer used to determine how many times the exchange
of entity authentication messages shall be performed in one instance of
the authentication mechanism. [SC27] (see also authentication)
- executable code
- Programs in machine language ready to run in a particular computer environment. [SRV]
- execute access
- The ability to execute a software program [CIAO] (see also access)
- executive information systems (EIS)
- (see also system)
- executive state
- (1) One of several states in which a system may operate and
the only one in which certain privileged instructions may be executed.
Such instructions cannot be executed when the system is operating in
other (e.g. user) states. Synonymous with supervisor state. (2) A
privileged state that can be used by supervisory software for
multitasking operations. Reliable multitasking requires protection,
such as segment-level protection. e.g. segment-level protection can
have the following protection checks: (a) type check, (b) limit check,
(c) restriction of addressable domain, (d) restriction of procedure
entry points, and (e) restriction of instruction set. [AJP] One
of several states in which a system may operate and the only one in
which certain privileged instructions may be executed. Such
instructions cannot be executed when the system is operating in other
(e.g. user) states. [NCSC/TG004] One of several states in which
a system may operate, and the only one in which certain privileged
instructions may be executed. Such privileged instructions cannot be
executed when the system is operating in other states. [NSTISSC] (see also software) (includes privileged instructions)
- executive steering committee
- A committee that manages the information portfolio of the organization. [SRV]
The top-management team responsible for developing and sustaining the
process management approach in the organization, including selecting
and evaluating reengineering projects. [SRV]
- exercise key
- Key used exclusively to safeguard communications transmitted
over-the-air during military or organized civil training exercises. [NSTISSC] (see also key)
- exercised
- A program element is exercised by a test case when the input
value causes the execution of that element, such as a statement,
branch, or other structural element. [OVT] (see also test)
- exhaustive testing
- A test case design technique in which the test case suite
comprises all combinations of input values and preconditions for
component variables. (NBS) Executing the program with all possible
combinations of values for program variables. Feasible only for small,
simple programs. [OVT] (see also test)
- expansibility
- The capability of being expanded or customized; synonymous with extensibility. [SRV]
- expert review team
- Security experts to assist government entities with
development of internal infrastructure protection plans; the ERT is
charged with improving government-wide information systems security by
sharing recommended practices, ensuring consistent infrastructure
frameworks, and identifying needed technical resources. [CIAO]
- expire
- (see certificate expiration)
- explain
- Give required information and show that it satisfies all relevant requirements. [AJP][FCv1]
- explicit key authentication from A to B
- The assurance for entity B that A is the only other entity
that is in possession of the correct key. NOTE - Implicit key
authentication from A to B and key confirmation from A to B together
imply explicit key authentication from A to B. [SC27] (see also key, authentication)
- exploit
- (verb) To, in some way, take advantage of a vulnerability in a
system in the pursuit or achievement of some objective. All
vulnerability exploitations are attacks but not all attacks exploit
vulnerabilities. (noun) Colloquially for exploit script: a script,
program, mechanism, or other technique by which a vulnerability is used
in the pursuit or achievement of some information assurance objective.
It is common speech in this field to use the terms exploit and exploit
script to refer to any mechanism, not just scripts, that uses a
vulnerability. [OVT] A defined way to breach the security of an IT system through a vulnerability. [SC27] A technique or code that uses a vulnerability to provide system access to the attacker. [FFIEC] (see also Defensive Information Operations, assurance, attack, covert channel, derf, entrapment, exploitable channel, firewall, flaw hypothesis methodology, information superiority, information warfare, intelligent threat, non-technical countermeasure, operations security, penetration testing, port scan, security threat, smurf, technical vulnerability, threat agent, trojan horse, vulnerability, threat)
- exploitable channel
- (1) Any channel that is usable or detectable by subjects
external to the Trusted Computing Base. (2) A covert channel that is
usable or detectable by subjects external to the AIS's (Automated
Information System's) Trusted Computing Base and can be used to violate
the AIS's technical security policy. (3) Any information channel that
is usable or detectable by subjects external to the Trusted Computing
Base whose purpose is to violate the security policy of the computer
system. [AJP] A covert channel that is usable or detectable by
subjects external to the AIS's Trusted Computing Base and can be used
to violate the AIS's technical security policy. [FCv1] Any channel that is usable or detectable by subjects external to the Trusted Computing Base. [TCSEC][TNI]
Any information channel that is usable or detectable by subjects
external to the Trusted Computing Base whose purpose is to violate the
security policy of the computer system. [NCSC/TG004] Channel
that allows the violation of the security policy governing an IS and is
usable or detectable by subjects external to the trusted computing
base. [NSTISSC] (see also exploit, channel, threat, trusted computing base) (includes covert channel, subject)
- exploitation
- The exploitation of an access control vulnerability is
whatever causes the operating system to perform operations that are in
conflict with the security policy as defined by the access control
matrix. [OVT] (see also access control, security, vulnerability)
- exploitation of vulnerability
- (see exploitation)
- exposure
- A measure of the potential risk to an IT system from both external and internal threats. [800-37] A threat action whereby sensitive data is directly released to an unauthorized entity. [RFC2828] The potential loss to an area due to the occurrence of an adverse event. [FFIEC] (see also inadvertent disclosure, levels of concern, media protection, risk assessment, unauthorized disclosure, threat consequence) (includes common vulnerabilities and exposures, external system exposure, internal system exposure)
- extended industry standard architecture (EISA)
- (see also automated information system)
- extensibility
- The ease with which a system can be modified to increase its
storage or functional capacity. An extensible collection of interfaces,
services, protocols, and supporting data formats. Synonymous with
expansibility. [SRV]
- extensible
- The capability of being expanded or customized. For example,
with extensible programming languages, programmers can add new control
structures, statements, or data types. [SRV]
- Extensible Authentication Protocol (EAP)
- (I) A framework that supports multiple, optional
authentication mechanisms for PPP, including cleartext passwords,
challenge-response, and arbitrary dialog sequences. (C) This
protocol is intended for use primarily by a host or router that
connects to a PPP network server via switched circuits or dial-up
lines. [RFC2828] (see also challenge/response, networks, passwords, authentication, security protocol)
- extension
- (I) A data item defined for optional inclusion in a v3 X.509 public-key certificate or a v2 X.509 CRL. (C)
The formats defined in X.509 can be extended to provide methods for
associating additional attributes with subjects and public keys and for
managing a certification hierarchy:
- 'Certificate extension':
X.509 defines standard extensions that may be included in v3
certificates to provide additional key and security policy information,
subject and issuer attributes, and certification path constraints.
- 'CRL
extension': X.509 defines extensions that may be included in v2 CRLs to
provide additional issuer key and name information, revocation reasons
and constraints, and information about distribution points and delta
CRLs.
- 'Private extension': Additional extensions, each named
by an OID, can be locally defined as needed by applications or
communities.
[RFC2828] The addition to an ST or PP
of functional requirements not contained in Part 2 and/or assurance
requirements not contained in Part 3 of the CC. [CC2][CC21][SC27] (see also assurance, certificate, certification, key, public-key infrastructure) (includes certificate extension)
- external it entity
- Any IT product or system, untrusted or trusted, outside of the TOE [Target of Evaluation] that interacts with the TOE. [OVT] Any IT product or system, untrusted or trusted, outside of the TOE that interacts with the TOE. [CC2][CC21][SC27] (see also trust, target of evaluation)
- external security controls
- Measures that include physical, personnel, procedural, and
administrative security requirements and a separate certification and
accreditation process that govern physical access to an IT product.
Note: These measures constitute assumptions and boundary conditions
that are part of the environment described in a protection profile. [AJP][FCv1] (see also accreditation, certification, protection profile, risk management, security controls)
- external system exposure
- Relates to: (1) the method by which users access the system,
(e.g., dedicated connection, intranet connection, Internet connection,
wireless network), (2) the existence of backend connections to the
system and to what the backend systems are connected, and (3) the
number of users that access the system. [800-37] (see also internet, exposure)
- external throughput rate
- The number of interactive transactions or batch jobs completed per unit of elapsed time. [SRV]
- extraction resistance
- Capability of crypto-equipment or secure telecommunications equipment to resist efforts to extract key. [NSTISSC] (see also communications, cryptography)
- extranet
- (I) A computer network that an organization uses to
carry application data traffic between the organization and its
business partners. (C) An extranet can be implemented securely,
either on the Internet or using Internet technology, by constructing
the extranet as a VPN. [RFC2828] An intranet that is accessible or partially accessible to authorized users outside the organization. [CIAO] (see also networks, virtual private network, internet)
- facilities
- All facilities required to support the core processes,
including the resources to house and support information technology
resources, and the other resource elements defined above. [CIAO]
- facility manager
- Oversees changes and additions to the facility housing the IT
system and ensures changes in facility design or construction do not
adversely affect the security of existing systems. [800-37] (see also security)
- facsimile (FAX)
-
- fail safe
- (I) A mode of system termination that automatically
leaves system processes and components in a secure state when a failure
occurs or is detected in the system. [RFC2828] Automatic protection of programs and/or processing systems when hardware or software failure is detected. [NSTISSC]
Pertaining to the automatic protection of programs and/or processing
systems to maintain safety when a hardware or software failure is
detected in a system. [AJP][NCSC/TG004] The automatic
termination and protection of programs or other processing operations
when a hardware or software failure is detected in a system. [SRV] (see also failure, software, failure control)
- fail soft
- (I) Selective termination of affected non-essential
system functions and processes when a failure occurs or is detected in
the system. [RFC2828] Pertaining to the selective termination of
affected nonessential processing when a hardware or software failure is
detected in a system. [AJP][NCSC/TG004] Selective termination of affected nonessential processing when hardware or software failure is determined to be imminent. [NSTISSC]
The selective termination of affected nonessential processing when a
hardware or software failure is detected in a system. Examples of its
application can be found in distributed data processing systems. [SRV] (see also failure, software, automated information system, failure control)
- failure
- Deviation of the software from its expected delivery or
service. (after Fenton) The inability of a system or component to
perform its required functions within specified performance
requirements. [OVT] Discrepancy between the external results of
a program's operation and the software product requirements. A software
failure is evidence of the existence of a fault in the software. [SRV] (see also fault, IS related risk, abend, abort, accountability, anomaly, availability, backup procedures, bomb, contingency plan, crash, critical mechanism, defect, dump, evidence, fail safe, fail soft, fallback procedures, flooding, mean-time-to-repair, mean-time-to-service-restoral, outage, problem, recovery procedures, software, software reliability, strength of a requirement, uninterruptible power supply, vulnerability, risk) (includes environmental failure protection, environmental failure testing, failure access, failure control, mean-time-between-failure, mean-time-between-outages, mean-time-to-fail)
- failure access
- An unauthorized and usually inadvertent access to data resulting from a hardware or software failure in the system. [AJP][NCSC/TG004][SRV] Type of incident in which unauthorized access to data results from hardware or software failure. [NSTISSC] (see also incident, software, unauthorized access, access control, failure, threat)
- failure control
- (I) A methodology used to provide fail-safe or
fail-soft termination and recovery of functions and processes when
failures are detected or occur in a system. [RFC2828] Methodology used to detect imminent hardware or software failure and provide fail safe or fail soft recovery. [NSTISSC]
The methodology used to detect failures and provide fail-safe or
fail-soft recovery from hardware and software failures in a system. [AJP][NCSC/TG004] (see also recovery, software, failure, risk management) (includes fail safe, fail soft)
- fallback procedures
- In the event of failure of transactions or the system, it is
the ability to fall back to the original or alternate method for
continuation of processing. [SRV] (see also backup, failure)
- false denial of origin
- Action whereby the originator of data denies responsibility for its generation. [RFC2828] (see also threat consequence)
- false denial of receipt
- Action whereby the recipient of data denies receiving and possessing the data. [RFC2828] (see also threat consequence)
- false negative
- Occurs when an actual intrusive action has occurred but the system allows it to pass as non-intrusive behavior. [NSAINT][OVT] (see also risk)
- false positive
- An alert that incorrectly indicates that malicious activity is occurring. [800-61] Occurs when the system classifies an action as anomalous (a possible intrusion) when it is a legitimate action. [NSAINT][OVT] (see also risk)
- falsification
- A threat action whereby false data deceives an authorized entity. [RFC2828] (see also threat consequence)
- family
- A grouping of components that share security objectives but may differ in emphasis or rigour. [CC2][CC21][SC27] (see also security)
- fault
- A condition that causes a device or system component to fail to perform in a required manner. [AFSEC][AJP][NCSC/TG004]
An incorrect step, process, or data definition in a computer program. A
manifestation of an error in software. A fault, if encountered may
cause a failure. (after do178b) An incorrect step, process, or data
definition in a computer program which causes the program to perform in
an unintended or unanticipated manner. [OVT] An incorrect step,
process, or data definition in a computer program. A physical
malfunction or abnormal pattern of behavior that is causing or will
cause, an outage, error, or degradation of communications services on a
communications network. [SRV] (see also failure, Federal Standard 1027, alarm reporting, alarm surveillance, anomaly, bug, correctness, debug, defect, error, exception, maintenance, network management, networks, problem, software reliability, trap, threat) (includes fault analysis, fault management, fault tolerance, security fault analysis)
- fault analysis
- (see also risk analysis, analysis, fault)
- fault injection
- The hypothesized errors that software fault injection uses are
created by either: (1) adding code to the code under analysis, (2)
changing the code that is there, or (3) deleting code from the code
under analysis. Code that is added to the program for the purpose of
either simulating errors or detecting the effects of those errors is
called {\it instrumentation code}. To perform fault injection, some
amount of instrumentation is always necessary, and although this can be
added manually, it is usually performed by a tool. [OVT] (see also analysis)
- fault management
- The prevention, detection, reporting, diagnosis, and
correction of faults and fault conditions. Fault management includes
alarm surveillance, trouble tracking, fault diagnosis, and fault
correction. [SRV] (see also fault)
- fault tolerance
- A method of ensuring continued operation through redundancy and diversity. [AFSEC] The ability of a processor to maintain effectiveness after some subsystems have failed. [SRV] The ability of a system or component to continue normal operation despite the presence of hardware or software faults. [NSAINT][OVT] (see also risk, software, fault)
- Federal Criteria for Information Technology Security
- US draft security criteria for trusted systems. [AJP] (see also trust, Common Criteria for Information Technology Security Evaluation, computer security, criteria) (includes Federal Criteria Vol. I, assurance, correctness)
- Federal Criteria Vol. I (FCv1)
- Nat'l Inst. of Standards and Technology (NIST) and Nat'l
Security Agency (NSA), Federal Criteria for Information Technology
Security: Vol. I, Protection Profile Development; Vol. II, Registry of
Protection Profiles, Version 1.0, Dec. 1992. [FCv1] (see also computer security, Federal Criteria for Information Technology Security, National Institute of Standards and Technology) (includes protection profile)
- Federal Information Processing Standards (FIPS)
- (N) The Federal Information Processing Standards
Publication (FIPS PUB) series issued by the U.S. National Institute of
Standards and Technology as technical guidelines for U.S. Government
procurements of information processing system equipment and services.
[FP031, FP039, FP046, FP081, FP102, FP113, FP140, FP151, FP180, FP185,
FP186, FP188] (C) Issued under the provisions of section 111(d)
of the Federal Property and Administrative Services Act of 1949 as
amended by the Computer Security Act of 1987, Public Law 100-235. [RFC2828] (see also computer security, security, National Institute of Standards and Technology) (includes Data Encryption Standard, Digital Signature Standard, FIPS PUB 140-1, FIPS approved security method, Federal Information Processing Standards Publication 140)
- Federal Information Processing Standards Publication 140 (FIPS140)
- (see also FIPS PUB 140-1, Federal Information Processing Standards)
- Federal Public-key Infrastructure (FPKI)
- (N) A PKI being planned to establish facilities,
specifications, and policies needed by the U.S. Federal Government to
use public-key certificates for INFOSEC, COMSEC, and electronic
commerce involving unclassified but sensitive applications and
interactions between Federal agencies as well as with entities of other
branches of the Federal Government, state, and local governments,
business, and the public. [RFC2828] (see also certificate, communications security, key, public-key infrastructure)
- Federal Reserve Banks
- The Federal Reserve Banks provide a variety of financial
services, including funds transfer, book-entry securities, ACH, and
clearing and settling checks drawn on depository institutions located
in all regions of the United States. [FFIEC]
- federal secure telephone service (FSTS)
-
- Federal Standard 1027
- (N) An U.S. Government document defining emanation,
anti-tamper, security fault analysis, and manual key management
criteria for DES encryption devices, primary for OSI layer 2. Was
renamed 'FIPS PUB 140' when responsibility for protecting unclassified,
sensitive information was transferred from NSA to NIST, and then was
superseded by FIPS PUB 140-1. [RFC2828] (see also FIPS PUB 140-1, National Security Agency, analysis, emanation, emanations security, encryption, fault, key, security, tamper, National Institute of Standards and Technology)
- federal telecommunications system (FTS)
- (see also system)
- fedline
- FedLine is the Federal Reserve Bank's proprietary electronic
platform providing a common electronic delivery channel for financial
institution access to Federal Reserve financial services including
Fedwire funds transfer. [FFIEC]
- fedwire
- The Federal Reserve System's nationwide real-time gross
settlement electronic funds and securities transfer network. Fedwire is
a credit transfer system, and each funds transfer is settled
individually against an institution's reserve or clearing account on
the books of the Federal Reserve as it is processed and is considered a
final and irrevocable payment.Finality Irrevocable and unconditional
transfer of payment during settlement. [FFIEC]
- feedback buffer
- Variable used to store input data for the encipherment process. At the starting point FB has the value of SV. [SC27] (see also cryptography)
- fetch protection
- (1) A system-provided restriction to prevent a program from
accessing data in another user's segment of storage. (2) The aggregate
of all processes and procedures in a system designed to inhibit
unauthorized access, contamination, or elimination of a file. [AJP] A system-provided restriction to prevent a program from accessing data in another user's segment of storage. [NCSC/TG004] IS hardware provided restriction to prevent a program from accessing data in another user's segment of storage. [NSTISSC] (see also assurance, unauthorized access, access control) (includes contamination)
- fiber distributed data interface (FDDI)
- (see also automated information system)
- fiber-optics
- A method of transmitting light beams along optical fibers. A
light beam, such as that produced in a laser, can be modulated to carry
information. A single fiber-optic channel can carry significantly more
information than most other means of information transmission. Optical
fibers are thin strands of glass or other transparent material. [SRV]
- field
- A specific location of data where it is stored on a computer file. [SRV]
- file
- A collection of data records stored on a computer medium. [SRV]
- file infector virus
- A virus that attaches itself to a program file, such as a word processor, spreadsheet application, or game. [800-61] (see also virus)
- file integrity checker
- Software that generates, stores, and compares message digests for files to detect changes to the files. [800-61]
- file protection
- Aggregate of processes and procedures designed to inhibit
unauthorized access, contamination, elimination, modification, or
destruction of a file or any of its contents. [NSTISSC] The
aggregate of all processes and procedures in a system designed to
inhibit unauthorized access, contamination, or elimination of a file. [NCSC/TG004][SRV] (see also assurance, unauthorized access, access control) (includes contamination)
- file security
- Means by which access to computer files is limited to authorized users only. [NSTISSC] The means by which access to computer files is limited to authorized users only. [AJP][NCSC/TG004][SRV] (see also access control)
- file transfer
- The process of transferring files between two computer systems over a network, using a protocol such as FTP or HTTP. [RFC2504] (see also networks)
- file transfer access management (FTAM)
- (see also networks)
- file transfer protocol (FTP)
- (I) A TCP-based, application-layer, Internet Standard protocol for moving data files from one computer to another. [RFC2828] A means to exchange files across a network. [SRV] (see also networks, internet)
- fill device
- COMSEC item used to transfer or store key in electronic form or to insert key into a crypto-equipment. [NSTISSC] (see also communications security, cryptography)
- fill device interface unit (FDIU)
-
- filtering router
- (I) An internetwork router that selectively prevents the passage of data packets according to a security policy. (C)
A filtering router may be used as a firewall or part of a firewall. A
router usually receives a packet from a network and decides where to
forward it on a second network. A filtering router does the same, but
first decides whether the packet should be forwarded at all, according
to some security policy. The policy is implemented by rules (packet
filters) loaded into the router. The rules mostly involve values of
data packet control fields (especially IP source and destination
addresses and TCP port numbers).$ financial institution (N) 'An
establishment responsible for facilitating customer-initiated
transactions or transmission of funds for the extension of credit or
the custody, loan, exchange, or issuance of money.' [RFC2828] (see also screening router, networks, packet filter, security, router)
- finality
- Irrevocable and unconditional transfer of payment during settlement. [FFIEC]
- fingerprint
- (I) A pattern of curves formed by the ridges on a fingertip. (D) ISDs SHOULD NOT use this term as a synonym for 'hash result' because it mixes concepts in a potentially misleading way. (D)
ISDs SHOULD NOT use this term with the following PGP definition,
because the term and definition mix concepts in a potentially
misleading way and duplicate the meaning of 'hash result': (O) PGP usage: A hash result used to authenticate a public key (key fingerprint) or other data. [RFC2828] (see also authentication, hash, key)
- finite population correction factor (FPC)
- A multiplier that makes adjustments for the sampling
efficiency gained when sampling is without replacement and when the
sample size is large (greater than 5 or 10 percent) with respect to the
population size. This multiplier reduces the sampling error for a given
sample size or reduces the required sample size for a specified measure
of precision (in this case, desired sampling error). [SRV]
- finite state machine (FSM)
- A mathematical model of a sequential machine that is comprised
of a finite set of states, a finite set of inputs, a finite set of
outputs, a mapping from the sets of inputs and states into the set of
states (i.e. state transitions), and a mapping from the sets of inputs
and states onto the set of outputs (i.e. an output function). [FIPS140] (see also model)
- FIPS approved security method
- A security method (e.g. cryptographic algorithm, cryptographic
key generation algorithm or key distribution technique, authentication
technique, or evaluation criteria) that is either a) specified in a
FIPS, or b) adopted in a FIPS and specified either in an appendix to
the FIPS or in a document referenced by the FIPS. [FIPS140] (see also authentication, evaluation, Federal Information Processing Standards, National Institute of Standards and Technology, security policy)
- FIPS PUB 140-1
- (N) The U.S. Government standard for security
requirements to be met by a cryptographic module used to protect
unclassified information in computer and communication systems. (C)
The standard specifies four increasing levels (from 'Level 1' to 'Level
4') of requirements to cover a wide range of potential applications and
environments. The requirements address basic design and documentation,
module interfaces, authorized roles and services, physical security,
software security, operating system security, key management,
cryptographic algorithms, electromagnetic interference and
electromagnetic compatibility (EMI/EMC), and self-testing. NIST and the
Canadian Communication Security Establishment jointly certify modules. [RFC2828] (see also Federal Information Processing Standards Publication 140, Federal Standard 1027, communications security, cryptography, key, security, software, test, zeroization, zeroize, Federal Information Processing Standards, National Institute of Standards and Technology) (includes random number generator)
- FIREFLY
- Key management protocol based on public key cryptography. [NSTISSC] (see also key)
- firewall
- (I) An internetwork gateway that restricts data
communication traffic to and from one of the connected networks (the
one said to be 'inside' the firewall) and thus protects that network's
system resources against threats from the other network (the one that
is said to be 'outside' the firewall). (C) A firewall typically
protects a smaller, secure network (such as a corporate LAN, or even
just one host) from a larger network (such as the Internet). The
firewall is installed at the point where the networks connect, and the
firewall applies security policy rules to control traffic that flows in
and out of the protected network. (C) A firewall is not always a
single computer. For example, a firewall may consist of a pair of
filtering routers and one or more proxy servers running on one or more
bastion hosts, all connected to a small, dedicated LAN between the two
routers. The external router blocks attacks that use IP to break
security (IP address spoofing, source routing, packet fragments), while
proxy servers block attacks that would exploit a vulnerability in a
higher layer protocol or service. The internal router blocks traffic
from leaving the protected network except through the proxy servers.
The difficult part is defining criteria by which packets are denied
passage through the firewall, because a firewall not only needs to keep
intruders out, but usually also needs to let authorized users in and
out. [RFC2828] 1) An electronic boundary that prevents
unauthorized users from accessing certain files on a network; or, a
computer used to maintain such a boundary.2) An access control
mechanism that acts as a barrier between two or more segments of a
computer network or overall client-server architecture, used to protect
internal networks or network segments from unauthorized users or
processes. [CIAO] A device or group of devices that enforces an
access control policy between networks. While there are many different
ways to accomplish it, all firewalls do the same thing: control access
between networks. The most common configuration involves a firewall
connecting two segments (one protected and one unprotected), but this
is not the only possible configuration. Many firewalls support
tri-homing, allowing use of a DMZ network. It is possible for a
firewall to accommodate more than three interfaces, each attached to a
different network segment. The criteria by which access are controlled
are not specified here. Typically this has been done using network- or
transport-layer criteria (such as IP subnet or TCP port number), but
there is no reason this must always be so. A growing number of
firewalls are controlling access at the application layer, using user
identification as the criterion. And firewalls for ATM networks may
control access based on data link-layer criteria. [RFC2647] A
hardware or software link in a network that relays only data packets
clearly intended and authorized to reach the other side. [FFIEC]
A mechanism to protect IS computing sites against Internet-borne
threats. It can be thought of as a pair of mechanisms: one that exists
to block traffic, and the other that exists to permit traffic. Some
firewalls place a greater emphasis on blocking traffic, while others
emphasize permitting traffic. [SRV] A system or combination of
systems that enforces a boundary between two or more networks. Gateway
that limits access between networks in accordance with local security
policy. The typical firewall is an inexpensive micro-based Unix box
kept clean of critical data, with many modems and public network ports
on it, but just one carefully watched connection back to the rest of
the cluster. [NSAINT] A system that enforces a boundary between two or more networks. [misc]
Firewall, A system or combination of systems that enforces a boundary
between tow or more networks. Gateway that limits access between
networks in accordance with local security policy. The typical firewall
is an inexpensive micro-based Unix box kept clean of critical data,
with a bunch of modems and public network ports on it but just one
carefully watched connection back to the rest of the cluster. [AFSEC] System designed to defend against unauthorized access to or from a private network. [NSTISSC] (see also access control, application level gateway, circuit level gateway, data source, exploit, networks, policy, screening router, threat, unauthorized access, unit of transfer, front-end security filter, gateway, guard, internet, security filter, security software) (includes application gateway firewall, application proxy, application-level firewall, bastion host, circuit proxy, connection, demilitarized zone, dual-homed gateway firewall, goodput, homed, host-based firewall, illegal traffic, logging, network address translation, network level firewall, packet filter, packet filtering, packet filtering firewall, protected network, proxy, rejected traffic, router-based firewall, rule set, screened host firewall, screened subnet firewall, stateful packet filtering, trusted gateway, unprotected network)
- firewall machine
- Computer on a network used to isolate, filter, and protect
local systems from external connectivity by controlling the amount and
kinds of traffic that will pass between the two. Is a dedicated gateway
machine with special security precautions on it, used to service
outside network connections and dial-in lines. The idea is to protect a
cluster of more loosely administered machines hidden behind it from
crackers. [AFSEC] (see firewall)
- firmware
- (I) Computer programs and data stored in
hardware--typically in read-only memory (ROM) or programmable read-only
memory (PROM)--such that the programs and data cannot be dynamically
written or modified during execution of the programs. [RFC2828] Application recorded in permanent or semi permanent computer memory. [CIAO] Program recorded in permanent or semipermanent computer memory. [800-37][NSTISSC]
The programs and data (i.e. software) permanently stored in hardware
(e.g. in ROM, PROM, or EPROM) such that the programs and data cannot be
dynamically written or modified during execution. Programs and data
stored in EEPROM are considered as software. [FIPS140] (see also software, cryptographic module)
- fishbone diagram
- A graphic technique for identifying cause-and-effect
relationships among factors in a given situation or problem. Also
called Ishikawa Diagramming. [SRV]
- fishbowl
- To contain, isolate and monitor an unauthorized user within a system in order to gain information about the user. [NSAINT]
- fixed COMSEC facility
- COMSEC facility located in an immobile structure or aboard a ship. [NSTISSC] (see also communications security)
- fixed price contract
- A contract that provides for a firm price, or in appropriate cases, an adjusted price. [SRV]
- flaw
- An error of commission, omission, or oversight in a system that allows protection mechanisms to be bypassed. [AJP][TCSEC][TNI] An error of commission, omission, or oversight in an IT product that may allow protection mechanisms to be bypassed. [FCv1] Error of commission, omission, or oversight in an IS that may allow protection mechanisms to be bypassed. [NSTISSC] (see also threat)
- flaw hypothesis methodology
- (I) An evaluation or attack technique in which
specifications and documentation for a system are analyzed to
hypothesize flaws in the system. The list of hypothetical flaws is
prioritized on the basis of the estimated probability that a flaw
exists and, assuming it does, on the ease of exploiting it and the
extent of control or compromise it would provide. The prioritized list
is used to direct a penetration test or attack against the system. [RFC2828]
A system analysis and penetration technique where specifications and
documentation for the system are analyzed and then flaws in the system
are hypothesized. The list of hypothesized flaws is then prioritized on
the basis of the estimated probability that a flaw actually exists and,
assuming a flaw does exist, on the ease of exploiting it and on the
extent of control or compromise it would provide. The prioritized list
is used to direct the actual testing of and/or penetration attack
against the system. [AJP] A system analysis and penetration
technique where specifications and documentation for the system are
analyzed and then flaws in the system are hypothesized. The list of
hypothesized flaws is then prioritized on the basis of the estimated
probability that a flaw actually exists and, assuming a flaw does
exist, on the ease of exploiting it and on the extent of control or
compromise it would provide. The prioritized list is used to direct the
actual testing of the computer system. [TCSEC][TNI] A
systems analysis and penetration technique in which specifications and
documentation for the system are analyzed and then flaws in the system
are hypothesized. The list of hypothesized flaws is then prioritized on
the basis of the estimated probability that a flaw exists and, assuming
a flaw does exist, on the ease of exploiting it, and on the extent of
control or compromise it would provide. The prioritized list is used to
direct a penetration attack against the system. [NCSC/TG004][OVT]
System analysis and penetration technique in which the specification
and documentation for an IS are analyzed to produce a list of
hypothetical flaws. This list is prioritized on the basis of the
estimated probability that a flaw exists on the ease of exploiting it,
and on the extent of control or compromise it would provide. The
prioritized list is used to perform penetration testing of a system. [NSTISSC] (see also analysis, attack, evaluation, exploit, test, risk management)
- flexibility
- Effort required to modify an operational program. [SRV]
- flooding
- (I) An attack that attempts to cause a failure in
(especially, in the security of) a computer system or other data
processing entity by providing more input than the entity can process
properly.$ flow analysis (I) An analysis performed on a
nonprocedural formal system specification that locates potential flows
of information between system variables. By assigning security levels
to the variables, the analysis can find some types of covert channels. [RFC2828] Type of incident involving insertion of a large volume of data resulting in denial of service. [NSTISSC] (see also analysis, failure, attack, incident)
- flow control
- (I) A procedure or technique to ensure that information
transfers within a system are not made from one security level to
another security level, and especially not from a higher level to a
lower level. [RFC2828] (see information flow control)
- for official use only (FOUO)
-
- foreign owned, controlled or influenced (FOCI)
-
- Forensics
- (see computer forensics)
- fork bomb
- Also known as Logic Bomb - Code that can be written in one
line of code on any Unix system; used to recursively spawn copies of
itself, "explodes" eventually eating all the process table entries and
effectively locks up the system. [NSAINT] Code that can be
written in one line of code on any Unix system; used to recursively
spawn copies of itself, 'explodes' eventually eating all the process
table entries and effectively locks up the system. [AFSEC] (see also threat)
- formal
- Expressed in a restricted syntax language with defined semantics based on well established mathematical concepts. [CC2][CC21][OVT][SC27] (see also informal) (includes formal access approval, formal development methodology, formal model of security policy, formal proof, formal security policy model, formal specification, formal top-level specification, formal verification)
- formal access approval
- Documented approval by a data owner allowing access to a particular category of information. [AJP][NCSC/TG004][NSTISSC] (see also formal)
- formal development
- Software development strategy that proves security methodology design specifications. [NSTISSC]
- formal development methodology
- A collection of languages and tools that enforces a rigorous
method of verification. This methodology uses the Ina Jo specification
language for successive stages of system development, including
identification and modeling of requirements, high-level design, and
program design. [AJP][NCSC/TG004] (see also identification, model, formal, software development methodologies)
- formal model of security policy
- An underlying model of security policy expressed in a formal
style, i.e. an abstract statement of the important principles of
security that a TOE will enforce. [AJP][ITSEC] (see also formal security policy model, formal, model, policy, security, target of evaluation)
- formal proof
- A complete and convincing mathematical argument, presenting
the full logical justification for each proof step, for the truth of a
theorem or set of theorems. [NCSC/TG004] A complete and
convincing mathematical argument, presenting the full logical
justification for each proof step, for the truth of a theorem or set of
theorems. The formal verification process uses formal proofs to show
the truth of certain properties of formal specification and for showing
that computer programs satisfy their specifications. [TCSEC] A
complete and convincing mathematical argument, presenting the full
logical justification for each proof step, for the truth of a theorem
or set of theorems. The formal verification process uses formal proofs
to show the truth of certain properties of formal specification and for
showing that computer programs satisfy their specifications. Automated
tools may (but need not) be used to formulate and/or check the proof. [AJP][TNI]
Complete and convincing mathematical argument presenting the full
logical justification for each proof step and for the truth of a
theorem or set of theorems. [NSTISSC] (see also formal, formal verification)
- formal security policy model
- (1) A mathematically precise statement of a security policy.
To be adequately precise, such a model must represent the initial state
of a system, the way in which the system progresses from one state to
another, and a definition of a 'secure' state of the computer system.
To be acceptable as a basis for a TCB, the model must be supported by a
formal proof that if the initial state of the computer system satisfies
the definition of a 'secure' state and if all assumptions required by
the model hold, then all future states of the computer system will be
secure. Some formal modeling techniques include state-transition
models, denotational semantics models, and algebraic specification
models. (2) Mathematically precise statement consisting of (a) a formal
technical security policy (given by constraints on a product's external
interface and/or constraints on the handling of controlled entities
internal to the product), (b) rules of operation that show how the
definition of security is to be enforced, and (c) a formal proof
showing that the rules of operation guarantee satisfaction of the
definition of security. [AJP] A mathematically precise statement
of a security policy. To be adequately precise, such a model must
represent the initial state of a system, the way in which the system
progresses from one state to another, and a definition of a 'secure'
state of the computer system. To be acceptable as a basis for a TCB,
the model must be supported by a formal proof that if the initial state
of the computer system satisfies the definition of a 'secure' state and
if all assumptions required by the model hold, then all future states
of the computer system will be secure. Some formal modeling techniques
include: state transition models, denotational semantics models, and
algebraic specification models. [NCSC/TG004] A mathematically
precise statement of a security policy. To be adequately precise, such
a model must represent the initial state of a system, the way in which
the system progresses from one state to another, and a definition of a
'secure' state of the computer system. To be acceptable as a basis for
a TCB, the model must be supported by a formal proof that if the
initial state of the computer system satisfies the definition of a
'secure' state and if all assumptions required by the model hold, then
all future states of the computer system will be secure. Some formal
modeling techniques include: state transition models, temporal logic
models, denotational semantics models, algebraic specification models. [TCSEC][TNI]
Mathematically precise statement consisting of (a) a formal technical
security policy (given by constraints on a Product's external interface
and/or constraints on the handling of controlled entities internal to
the Product), (b) rules of operation that show how the definition of
security is to be enforced, and (c) a formal proof showing that the
rules of operation guarantee satisfaction of the definition of
security. [FCv1] Mathematically precise statement of a security
policy. Such a model must define a secure state, an initial state, and
how the model represents changes in state. The model must be shown to
be secure by proving the initial state is secure and all possible
subsequent states remain secure. formal top-level specification
Top-level specification written in a formal mathematical language to
allow theorems, showing the correspondence of the computer system
specification to its formal requirements, to be hypothesized and
formally proven. [NSTISSC] (see also formal model of security policy, policy, formal, formal verification, model, security policy, trusted computing base) (includes Bell-LaPadula security model, Biba Integrity model)
- formal specification
- (I) A specification of hardware or software
functionality in a computer-readable language; usually a precise
mathematical description of the behavior of the computer system with
the aim of providing a correctness proof. [RFC2828] (I) A
specification of hardware or software functionality in a
computer-readable language; usually a precise mathematical description
of the behavior of the system with the aim of providing a correctness
proof. [OVT] Statement about a product made using the restricted
syntax and grammar of a formal reasoning system and a set of terms that
have been precisely and uniquely defined or specified. Note: The formal
statement should be augmented by an informal explanation of the
conventions used and the ideas being expressed. A well-formed syntax
and semantics with complete specification of all constructs used must
be referenced. [AJP][FCv1] (see also informal specification, software, formal, formal verification) (includes formal top-level specification)
- formal top-level specification (FTLS)
- A top-level specification that is written in a formal
mathematical language to allow theorems showing the correspondence of
the computer system specification to its formal requirements to be
hypothesized and formally proven. [AJP][TCSEC][TNI]
A top-level specification that is written in a formal mathematical
language to allow theorems showing the correspondence of the computer
system specification to its formal requirements to be hypothesized and
formally proven. formal verification: The process of using formal
proofs to demonstrate the consistency between a formal specification of
a system and a formal security policy model (design verification) or
between the formal specification and its high level program
implementation (implementation verification). [NCSC/TG004] (see also model, security, formal, formal specification, top-level specification)
- formal verification
- Process of using formal proofs to demonstrate the consistency
between formal specification of a system and formal security policy
model (design verification) or between formal specification and its
high-level program implementation (implementation verification). [NSTISSC]
The process of using formal proofs to demonstrate the consistency
(design verification) between a formal specification of a system and a
formal security policy model or (implementation verification) between
the formal specification and its program implementation. [AJP][TCSEC][TNI] (see also model, security, formal, verification) (includes endorsed tools list, formal proof, formal security policy model, formal specification)
- format
- The organization of information according to preset
specifications (usually for computer processing) [syn: formatting, data
format, data formatting] [OVT]
- formulary
- (I) A technique for enabling a decision to grant or
deny access to be made dynamically at the time the access is attempted,
rather than earlier when an access control list or ticket is created. [RFC2828] (see also access control)
- Fortezza
- (N) A registered trademark of NSA, used for a family of
interoperable security products that implement a NIST/NSA-approved
suite of cryptographic algorithms for digital signature, hash,
encryption, and key exchange. The products include a PC card that
contains a CAPSTONE chip, serial port modems, server boards, smart
cards, and software implementations. [RFC2828] (see also CAPSTONE chip, MISSI user, SSO PIN, SSO-PIN ORA, digital signature, encryption, hash, key, no-PIN ORA, personal identification number, personality label, slot, software, tokens, user PIN, user-PIN ORA, National Institute of Standards and Technology, National Security Agency)
- Forum of Incident Response and Security Teams (FIRST)
- (N) An international consortium of CSIRTs that work
together to handle computer security incidents and promote preventive
activities. (C) FIRST was founded in 1990 and, as of September 1999, had nearly 70 members spanning the globe. Its mission includes:
- Provide members with technical information, tools, methods, assistance, and guidance.
- Coordinate proactive liaison activities and analytical support.
- Encourage development of quality products and services.
- Improve national and international information security for government, private industry, academia, and the individual.
- Enhance the image and status of the CSIRT community.
[RFC2828] (see also computer security, quality, computer emergency response team, incident)
- forward engineering
- The traditional process of moving from high-level abstractions
and logical, implementation-independent designs to the physical
implementations of a system. [SRV]
- forward secrecy
- (includes forward secrecy with respect to A, forward secrecy with respect to both A and B individually, mutual forward secrecy, public-key forward secrecy)
- forward secrecy with respect to A
- The property that knowledge of A's long-term private key
subsequent to a key agreement operation does not enable an opponent to
recompute previously derived keys. [SC27] (see also forward secrecy)
- forward secrecy with respect to both A and B individually
- The property that knowledge of A's long-term private key or
knowledge of B's long term private key subsequent to a key agreement
operation does not enable an opponent to recompute previously derived
keys. NOTE - This differs from mutual forward secrecy in which
knowledge of both A's and B's long term private keys does not enable
recomputation of previously derived keys. [SC27] (see also forward secrecy)
- forwarder
- (see also application proxy)
- frame relay
- A type of fast packet technology using variable length packets
called frames. By contrast, a cell relay system, such as asynchronous
transfer mode, transports user data in fixed-sized cells. [SRV] (see also automated information system)
- framing
- A frame is an area of a webpage that scrolls independently of
the rest of the webpage. Framing generally refers to the use of a
standard frame containing information (like company name and navigation
bars) that remains on the screen while the user moves around the text
in another frame. [FFIEC]
- fraud
- (includes computer fraud)
- frequency division multiple access (FDMA)
- A technique for sharing a single transmission channel, such as
a satellite transponder, among two or more users by assigning each to
an exclusive frequency band within the channel. [IATF] (see also user)
- frequency hopping
- Repeated switching of frequencies during radio transmission
according to a specified algorithm, to minimize unauthorized
interception or jamming of telecommunications. [NSTISSC] (see also communications, communications security)
- front-end processor (FEP)
- (see also automated information system)
- front-end security filter
- (1) A process that is invoked to process data according to a
specified security policy prior to releasing the data outside the
processing environment or upon receiving data from an external source.
(2) A process implemented in hardware or software that is logically
separated from the remainder of the computer system to protect the
system's integrity. [AJP] A process that is invoked to process
data according to a specified security policy prior to releasing the
data outside the processing environment or upon receiving data from an
external source. [TCSEC] A security filter, which could be
implemented in hardware or software, that is logically separated from
the remainder of the computer system to protect the system's integrity.
[NCSC/TG004] Security filter logically separated from the remainder of an IS to protect system integrity. [NSTISSC] Security filter logically separated from the remainder of an IS to protect system integrity. Synonymous with firewall. [AFSEC] (see also software, security) (includes firewall)
- full accreditation
- The system security requirements have been satisfied and the
security controls have been implemented correctly and are operating
effectively. The system is approved to operate in the intended
environment as stated in the security plan and few, if any,
restrictions on processing apply. [800-37] (see also security, accreditation)
- full maintenance
- Complete diagnostic repair, modification, and overhaul of
INFOSEC equipment, including repair of defective assemblies by piece
part replacement. Also known as depot maintenance. [NSTISSC] (includes depot maintenance)
- full-duplex
- A communications channel that carries data in both directions. [FFIEC]
- function
- A set of related activities that is part of a process, often
known as a subprocess within a process. Organizations often divide
themselves into functional units, such as purchasing, manufacturing,
finance, product development, order fulfillment, etc. [SRV]
- functional component
- Fundamental building block, specifying what an IT product must
be capable of doing, from which functional protection requirements are
assembled. [AJP][FCv1] Security functional components are
used to express a wide range of security functional requirements within
PPs and STs. Components are ordered sets of functional elements, and
these sets are grouped into families with common objectives (e.g.
Security Audit Trail Protection) and classes with common intent (e.g.
Audit). Components other than those defined may be used at the
discretion of evaluation authorities. A hierarchy may exist between
components. Components are constructed from elements, which are the
lowest level expression of security requirements, against which the
evaluation should be performed. [CC1] (see also audit, Common Criteria for Information Technology Security Evaluation, component, security target) (includes object)
- functional package
- Grouping of functional components assembled to ease
specification and common understanding of what an IT product is capable
of doing. [AJP][FCv1] (includes security target)
- functional proponent
- (see also network sponsor)
- functional protection requirements
- Requirements in a protection profile that address what conforming IT products must be capable of doing. [AJP][FCv1] (see also assurance, protection profile)
- functional security requirements specification (FSRS)
- (see also security)
- functional test case desgin
- (see also test)
- functional test case design
- Test case selection that is based on an analysis of the
specification of the component without reference to its internal
workings. [OVT] (see also analysis, black-box testing)
- functional testing
- Segment of security testing in which advertised security mechanisms of an IS are tested under operational conditions. [NSTISSC]
Testing that ignores the internal mechanism of a system or component
and focuses solely on the outputs generated in response to the selected
inputs and execution conditions. [OVT] The portion of security testing in which the advertised features of a system are tested for correct operation. [TCSEC][TNI]
The portion of security testing in which the advertised features of a
system are tested, under operational conditions, for correct operation.
[AJP] The segment of security testing in which the advertised
security mechanisms of the computer system are tested, under
operational conditions, for correct operation. [NCSC/TG004][SRV] (see also black-box testing, security testing, test)
- functional unit
- A functionally distinct part of a basic component. [AJP][ITSEC] (see also component)
- functionality
- (1) Set of functional protection requirements to be
implemented in IT products. (2) The totality of functional properties
of a TOE that contributes to security. [AJP] The set of functional protection requirements to be implemented in IT products. [FCv1] The totality of functional properties of a TOE that contributes to security. [JTC1/SC27] (see also security, target of evaluation)
- functionality class
- A defined set of security functions in a system or product, designed to meet a security policy. [AJP][JTC1/SC27] A predefined set of complementary security enforcing functions capable of being implemented in a Target of Evaluation. [ITSEC] (see also security, target of evaluation)
- future narrow band digital terminal (FNBDT)
- It is a network-independent/transport-independent message
layer. FNBDT operates in the Narrow Band portion of the STE spectrum
(64 kbps and below). [IATF] (see also networks, security)
- gap analysis
- A comparison that identifies the difference between actual and desired outcomes. [FFIEC] (see also audit, vulnerability analysis, analysis, risk analysis)
- gas and oil production, storage and transportation
- A critical infrastructure characterized by the production and
holding facilities for natural gas, crude and refined petroleum, and
petroleum-derived fuels, the refining and processing facilities for
these fuels and the pipe-lines, ships, trucks, and rail systems that
transport these commodities from their source to systems that are
dependent upon gas and oil in one of their useful forms. [CIAO] (see also critical infrastructure)
- gateway
- (I) A relay mechanism that attaches to two (or more)
computer networks that have similar functions but dissimilar
implementations and that enables host computers on one network to
communicate with hosts on the other; an intermediate system that is the
interface between two computer networks. (C) In theory, gateways
are conceivable at any OSI layer. In practice, they operate at OSI
layer 3 or layer 7. When the two networks differ in the protocol by
which they offer service to hosts, the gateway may translate one
protocol into another or otherwise facilitate interoperation of hosts. [RFC2828] A communications device/program that passes data between networks. [misc]
Interface between networks that facilitates compatibility by adapting
transmission speeds, protocols, codes, or security measures. [CIAO]
Interface providing a compatibility between networks by converting
transmission speeds, protocols, codes, or security measures. [NSTISSC]
The means of communicating between networks. It is designed to reduce
the problems of interfacing different networks or devices. The networks
involved may be any combination of local networks which employ
different level protocols or local and long-haul networks. [SRV] (see also communications, networks, application proxy) (includes firewall, trusted gateway)
- gateway server
- A computer (server) that connects a private network to the private network of a servicer or other business. [FFIEC] (see also internet)
- general accounting office (GAO)
-
- general controls
- Controls, other than application controls, that relate to the
environment within which application systems are developed, maintained,
and operated, and that are therefore applicable to all the applications
at an institution. The objectives of general controls are to ensure the
proper development and implementation of systems, and the integrity of
program and data files and of computer operations. Like application
controls, general controls may be either manual or programmed. Examples
of general controls include the development and implementation of an IT
strategy and an IT security policy, the organization of IT staff to
separate conflicting duties and planning for disaster prevention and
recovery. [FFIEC] (see also recovery)
- general support system
- An interconnected information resource under the same direct
management control that shares common functionality. It normally
includes hardware, software, information, data, applications,
communications, facilities, and people, and provides support for a
variety of users and/or applications. Individual applications support
different mission-related functions. Users may be from the same or
different organizations. [800-37]
- general-purpose system
- A computer system that is designed to aid in solving a wide variety of problems. [AJP][TCSEC] (see also system)
- GeneralizedTime
- (N) The ASN.1 data type 'GeneralizedTime' (specified in
ISO 8601) contains a calendar date (YYYYMMDD) and a time of day, which
is either (a) the local time, (b) the Coordinated Universal Time, or
(c) both the local time and an offset allowing Coordinated Universal
Time to be calculated. [RFC2828] (see also UTCTime, coordinated universal time)
- generally accepted system security principles (GSSP)
- (see also security, system)
- Generic Security Service Application Program Interface (GSS-API)
- (I) An Internet Standard protocol that specifies
calling conventions by which an application (typically another
communication protocol) can obtain authentication, integrity, and
confidentiality security services independently of the underlying
security mechanisms and technologies, thus allowing the application
source code to be ported to different environments. (C) 'A
GSS-API caller accepts tokens provided to it by its local GSS-API
implementation and transfers the tokens to a peer on a remote system;
that peer passes the received tokens to its local GSS-API
implementation for processing. The security services available through
GSS-API in this fashion are implementable (and have been implemented)
over a range of underlying mechanisms based on and [asymmetric
cryptography].' [RFC2828] A programming interface that allows
two applications to establish a security context independent of the
underlying security mechanisms. GSS-API is used to hide the details of
the security mechanism. Typically both applications use the same
mechanism at any given time. The security context is used to mutually
authenticate the parties as well as protect the privacy and integrity
of the communication. Some mechanisms also allow non-repudiation and
delegation. The GSS-API is fully defined in Internet RFC's 1508 and
1509. Various RFCs and proposed RFCs define the implementation of the
GSS-API using a specific mechanism. [misc] (see also authentication, confidentiality, non-repudiation, privacy, tokens, internet, security protocol) (includes distributed computing environment, security support programming interface)
- generic SIO class
- An SIO class in which the data types for one or more of the components are not fully specified. [SC27]
- generic threat
- Class of threats with common characteristics pertaining to
vulnerabilities, agents, event sequences, and resulting misfortunes. [AJP][FCv1] (see also threat)
- Generic Upper Layer Security (GULS)
- (I) Generic Upper Layer Security service element (ISO
11586), a five-part standard for the exchange of security information
and security-transformation functions that protect confidentiality and
integrity of application data. [RFC2828] (see also confidentiality, security)
- geopolitical certificate authority (GCA)
- (O) SET usage: In a SET certification hierarchy, an
optional level that is certified by a BCA and that may certify
cardholder CAs, merchant CAs, and payment gateway CAs. Using GCAs
enables a brand to distribute responsibility for managing certificates
to geographic or political regions, so that brand policies can vary
between regions as needed. [RFC2828] (see also certificate, certification, public-key infrastructure, Secure Electronic Transaction)
- geosynchronous orbit
- The orbit of a satellite in which the speed and path are
precisely timed to position it 22,300 miles over a fixed location on
Earth. [SRV]
- global command and control system (GCCS)
- A comprehensive, worldwide network of systems that provide the
NCA, Joint staff, combatant and functional unified commands, services,
and defense agencies, Joint Task Forces and their service components,
and others with information processing and dissemination capabilities
necessary to conduct C2 of forces. [IATF] (see also networks, command and control, security, system)
- global information grid (GIG)
- It is a globally interconnected, end-to-end set of information
capabilities, associated processes and personnel for collecting,
processing, storing, disseminating, and managing information on demand
to warfighters, policy makers, and support personnel. [IATF] (see also security)
- global network information environment (GNIE)
- A composition of all information system technologies used to
process, transmit, store, or display DoD information. It has been
superceded by Global Information Grid (GIG). [IATF] (see also networks, security)
- global positioning system (GPS)
- (see also system)
- global requirements
- Those which require analysis of the entire system and for
which separate analysis of the individual TCB subsets does not suffice.
[AJP][TDI] (see also local requirements, analysis, requirements, trusted computing base)
- global telecommunications service (GTS)
- (see also networks)
- goodput
- The number of bits per unit of time forwarded to the correct
destination interface of the DUT/SUT, minus any bits lost or
retransmitted. Firewalls are generally insensitive to packet loss in
the network. As such, measurements of gross bit forwarding rates are
not meaningful since (in the case of proxy-based and stateful packet
filtering firewalls) a receiving endpoint directly attached to a
DUT/SUT would not receive any data dropped by the DUT/SUT. The type of
traffic lost or retransmitted is protocol-dependent. TCP and ATM, for
example, request different types of retransmissions. Testers must
observe retransmitted data for the protocol in use, and subtract this
quantity from measurements of gross bit forwarding rate. [RFC2647] (see also bit forwarding rate, networks, test, firewall)
- gopher
- A protocol designed to allow a user to transfer text or binary files among computer hosts across networks. [SRV] (see also networks)
- government emergency telecommunications service (GETS)
- (see also networks)
- government services
- Sufficient capabilities at the Federal, state and local levels
of government are required to meet the needs for essential services to
the public. [CIAO] (see also critical infrastructure)
- granularity
- (1) Relative fineness or coarseness to which an access control
mechanism or other IT product aspect can be adjusted. (2) An expression
of the relative size of a data object. Note: Protection at the file
level is considered course granularity, whereas protection at the field
level is considered to be finer granularity. The phrase 'the
granularity of a single user' means the access control mechanism can be
adjusted to include or exclude any single user. [AJP] An
expression of the relative size of a data object; e.g. protection at
the file level is considered coarse granularity, whereas protection at
field level is considered to be of a finer granularity. [NCSC/TG004]
Relative fineness or coarseness to which an access control mechanism or
other IT product aspect can be adjusted. Note: Protection at the file
level is considered course granularity, whereas protection at the field
level is considered to be finer granularity. [FCv1] Relative fineness to which an access control mechanism can be adjusted. [NSTISSC]
The relative fineness or coarseness by which a mechanism can be
adjusted. The phrase 'the granularity of a single user' means the
access control mechanism can be adjusted to include or exclude any
single user. [TCSEC] (see also access control) (includes object)
- granularity of a requirement
- Determination of whether a requirement applies to all the
attributes of users, subjects, or objects, and all TCB functional
components. [AJP][FCv1] (see also requirements, trusted computing base) (includes object, subject)
- graphical-user interface (GUI)
- A combination of menus, screen design, keyboard commands,
command language, and help screens that together create the way a user
interacts with a computer. Allows users to move in and out of programs
and manipulate their commands by using a pointing device (often a
mouse). Synonymous with user interface. [SRV] A computer program
designed to allow a computer user to interact easily with the computer
typically by using a mouse to make choices from menus or groups of
icons [CIAO] (see also user)
- Green book
- (D) Except as an explanatory appositive, ISDs SHOULD
NOT use this term as a synonym for 'Defense Password Management
Guideline'. Instead, use the full proper name of the document or, in
subsequent references, a conventional abbreviation. (D) Usage
note: To improve international comprehensibility of Internet Standards
and the Internet Standards Process, ISDs SHOULD NOT use 'cute' synonyms
for document titles. No matter how popular and clearly understood a
nickname may be in one community, it is likely to cause confusion in
others. For example, several other information system standards also
are called 'the Green Book'. The following are some examples:
- Each volume of 1992 ITU-T (at that time, CCITT) standards.
- 'PostScript Language Program Design', Adobe Systems, Addison-Wesley, 1988.
- IEEE 1003.1 POSIX Operating Systems Interface.
- 'Smalltalk-80: Bits of History, Words of Advice', Glenn Krasner, Addison-Wesley, 1983.
- 'X/Open Compatibility Guide'.
- A particular CD-ROM format developed by Phillips.
[RFC2828] (see also internet, passwords, rainbow series)
- ground wave emergency network (GWEN)
- (see also networks)
- group
- Named collection of user identifiers. [AJP][FCv1]
- group of users
- Security software often allow permissions to be set for groups (of users) as opposed to individuals. [RFC2504] (see also software, user)
- guard
- (I) A gateway that is interposed between two networks
(or computers, or other information systems) operating at different
security levels (one level is usually higher than the other) and is
trusted to mediate all information transfers between the two levels,
either to ensure that no sensitive information from the first (higher)
level is disclosed to the second (lower) level, or to protect the
integrity of data on the first (higher) level. [RFC2828] A highly assured device that negotiates the transfer of data between enclaves operating at different security levels. [IATF]
A processor that provides a filter between two disparate systems
operating at different security levels or between a user terminal and a
database to filter out data that the user is not authorized to access. [AJP][NCSC/TG004]
A processor that provides a filter between two systems operating at
different security levels or between a user terminal and a database to
filter our data that the user is not authorized to access. [AFSEC] Process limiting the exchange of information between systems. [NSTISSC] (see also networks, trust, security) (includes firewall)
- Guidelines and Recommendations for Security Incident Processing (GRIP)
- (I) A contraction of 'Guidelines and Recommendations
for Security Incident Processing', the name of the IETF working group
that seeks to facilitate consistent handling of security incidents in
the Internet community. (C) Guidelines to be produced by the WG
will address technology vendors, network service providers, and
response teams in their roles assisting organizations in resolving
security incidents. These relationships are functional and can exist
within and across organizational boundaries. [RFC2828] (see also internet, networks, incident, security)
- Gypsy verification environment
- An integrated set of tools for specifying, coding, and
verifying programs written in the Gypsy language, a language similar to
Pascal which has both specification and programming features. This
methodology includes an editor, a specification processor, a
verification condition generator, a user-directed theorem prover, and
an information flow tool. [AJP][NCSC/TG004] Integrated set of software tools for specifying, coding, and verifying programs written in the Gypsy language. [NSTISSC] (see also software development methodologies)
- hacker
- (I) Someone with a strong interest in computers, who enjoys learning about them and experimenting with them. (C)
The recommended definition is the original meaning of the term (circa
1960), which then had a neutral or positive connotation of 'someone who
figures things out and makes something cool happen'. Today, the term is
frequently misused, especially by journalists, to have the pejorative
meaning of cracker. [RFC2828] A person who delights in having an
intimate understanding of the internal workings of a system, computers,
and computer networks in particular. The term is often misused in a
pejorative context, where 'cracker' would be the correct term. [RFC1983]
A person who enjoys exploring the details of computers and how to
stretch their capabilities. A malicious or inquisitive meddler who
tries to discover information by poking around. A person who enjoys
learning the details of programming systems and how to stretch their
capabilities, as opposed to most users who prefer to learn on the
minimum necessary. [NSAINT][OVT] An individual who attempts to break into a computer without authorization. [FFIEC] Any unauthorized user who gains, or attempts to gain, access to an IS, regardless of motivation. [CIAO] Unauthorized user who attempts to or gains access to an AIS. [IATF][NSTISSC] (see also Samurai, authorization, hacking run, networks, user) (includes cracker, hacking)
- hacking
- Unauthorized use, or attempts to circumvent or bypass the security mechanisms of an information system or network. [NSAINT] (see also networks, hacker, threat)
- hacking run
- A hack session extended long outside normal working times, especially one longer than 12 hours. [NSAINT] (see also hacker)
- half-block
- A string of bits of length Lf/2. [SC27] A string of bits of length Lf/2. [SC27]
- handle
- (I) (1.) Verb: Perform processing operations on data,
such as receive and transmit, collect and disseminate, create and
delete, store and retrieve, read and write, and compare. (2.) Noun: An
online pseudonym, particularly one used by a cracker; derived from
citizens band radio culture. [RFC2828]
- handler
- A type of program used in DDoS attacks to control agents
distributed throughout a network. Also refers to an incident handler,
which refers to a person who performs incident response work. [800-61] (see also attack, incident)
- handshaking procedures
- A dialogue between two entities (e.g. a user and a computer, a
computer and another computer, or a program and another program) for
the purpose of identifying and authenticating the entities to one
another. [AJP][NCSC/TG004] Dialogue between two IS's for synchronizing, identifying, and authenticating themselves to one another. [NSTISSC] (see also authentication)
- hard copy key
- Physical keying material, such as printed key lists, punched or printed key tapes, or programmable, read-only memories (PROM). [NSTISSC] (see also key)
- hardened unique storage (HUS)
-
- hardened unique storage Key (HUSK)
- (see also key)
- hardening
- The process of securing a computer's administrative functions
or inactivating those features not needed for the computer's intended
business purpose. [FFIEC] (see also assurance, availability, business process)
- hardware
- (I) The material physical components of a computer system. [RFC2828] The physical components of a computer system. [CIAO] The physical equipment used to process programs and data in a cryptographic module. [FIPS140] (see also cryptographic module)
- hardware and system software maintenance
- A family of security controls in the operations class dealing
with the secure maintenance activities of hardware and system software.
[800-37] (see also security)
- hardware error
- (see also threat consequence)
- hardware or software error
- Error that causes failure of a system component and leads to disruption of system operation. [RFC2828] (see also threat consequence)
- hardware token
- (see tokens)
- hardwired key
- Permanently installed key. [NSTISSC] (see also key)
- hash
- A fixed length cryptographic output of variables, such as a
message, being operated on by a formula, or cryptographic algorithm. [FFIEC] It is a condensed representation of the message called a message digest. [SRV] Value computed on data to detect error or manipulation. [IATF][NSTISSC] (see also Challenge Handshake Authentication Protocol, Challenge-Response Authentication Mechanism, Cryptographic Message Syntax, Data Authentication Algorithm, Digital Signature Algorithm, Fortezza, HMAC, MD2, MD4, MD5, POP3 APOP, Rivest-Shamir-Adleman, S/Key, SET private extension, SET qualifier, certificate revocation tree, checksum, code, cryptographic algorithm, cryptographic component, cryptographic service, cryptographic system, cryptography, cyclic redundancy check, data authentication code vs. Data Authentication Code, data items' representation, data string, digital signature, domain parameter, dual signature, fingerprint, initializing value, integrity, integrity check, matrix, message authentication code vs. Message Authentication Code, message digest, message integrity code, one-time passwords, one-way function, output transformation, public-key forward secrecy, reduction-function, round-function, secure socket layer, thumbprint, witness, word, security) (includes Secure Hash Standard, collision-resistant hash function, cryptographic hash function, hash code, hash function, hash function identifier, hash result, hash token, hash value, keyed hash, secure hash algorithm)
- hash code
- (D) ISDs SHOULD NOT use this term (especially not as a
synonym for 'hash result') because it mixes concepts in a potentially
misleading way. A hash result is not a 'code' in any sense defined by
this glossary. [RFC2828] String of bits that is the output of a hash function. [SC27] The string of bits that is the output of a hash function. [SC27][SRV]
The string of bits that is the output of a hash function. NOTE - The
literature on this subject contains a variety of terms that have the
same or similar meaning as hash-code. Modification Detection Code,
Manipulation Detection Code, digest, hash-result, hash-value and
imprint are some examples. [SC27] The string of bits that is the
output of a hash function. NOTE - The literature on this subject
contains a variety of terms that have the same or similar meaning as
hash-code. Modification Detection Code, Manipulation Detection Code,
digest, hash-result, hash-value and imprint are some examples. [ISO/IEC
10118-1: 2000] The string of bits that is the output of a hash
function. [ISO/IEC 9796-3: 2000, ISO/IEC 14888-1: 1998, ISO/IEC FDIS
15946-2 (04/2001), ISO/IEC WD 15946-4 (10/2001)] String of bits that is
the output of a hash function. [SC27] (see also hash function, hash)
- hash function
- (I) An algorithm that computes a value based on a data
object (such as a message or file; usually variable-length; possibly
very large), thereby mapping the data object to a smaller data object
(the 'hash result') which is usually a fixed-size value. (O) 'A
(mathematical) function which maps values from a large (possibly very
large) domain into a smaller range. A 'good' hash function is such that
the results of applying the function to a (large) set of values in the
domain will be evenly distributed (and apparently at random) over the
range.' (C) The kind of hash function needed for security
applications is called a 'cryptographic hash function', an algorithm
for which it is computationally infeasible (because no attack is
significantly more efficient than brute force) to find either (a) a
data object that maps to a pre-specified hash result (the 'one-way'
property) or (b) two data objects that map to the same hash result (the
'collision-free' property). (C) A cryptographic hash is 'good'
in the sense stated in the 'O' definition for hash function. Any change
to an input data object will, with high probability, result in a
different hash result, so that the result of a cryptographic hash makes
a good checksum for data object. [RFC2828] A function which maps strings of bits to fixed-length strings of bits, satisfying the following two properties.
- For a given output, it is computationally infeasible to find an input which maps to this output.
- For a given input, it is computationally infeasible to find a second input which maps to the same output.
NOTE - Computational feasibility depends on the specific security requirements and environment. [SC27] A function which maps strings of bits to fixed-length strings of bits, satisfying the following two properties. - It is computationally infeasible to find for a given output, an input which maps to this output.
- It is computationally infeasible to find for a given input, a second input which maps to the same output.
NOTE - Computational feasibility depends on the specific security requirements and environment. [SC27]
A function which maps strings of bits to fixed-length strings of bits,
satisfying the following two properties. A function which maps strings
of bits to fixed-length strings of bits, satisfying the following two
properties. Function which maps strings of bits to fixed-length strings
of bits, satisfying the following two properties. Function which maps
strings of bits to fixed-length strings of bits, satisfying the
following two properties. A function which maps strings of bits to
fixed-length strings of bits, satisfying two properties. [SC27] A function which maps strings of bits to fixed-length strings of bits, satisfying two properties. - It is computationally infeasible to find for a given output, an input which maps to this output.
- It is computationally infeasible to find for a given input, a second input which maps to the same output.
- The
literature on this subject contains a variety of terms which have the
same or similar meaning as hash function. Compressed encoding and
condensing function are some examples.
- Computational feasibility depends on the specific security requirements and environment.
[SC27] Function which maps strings of bits to fixed-length strings of bits, satisfying the following two properties. - It is computationally infeasible to find for a given output, an input which maps to this output.
- It is computationally infeasible to find for a given input, a second input which maps to the same output.
[SC27] (see also attack, authentication, cryptographic hash function, cryptography, data authentication code, hash code, hash result, hash value, message authentication code, hash)
- hash function identifier
- A byte identifying a specific hash function. [SC27] (see also hash)
- hash result
- (I) The output of a hash function. (O) 'The
output produced by a hash function upon processing a message' (where
'message' is broadly defined as 'a digital representation of data').
(The recommended definition is compatible with this ABA definition, but
we avoid the unusual definition of 'message'.) [RFC2828] (see also hash function, hash)
- hash token
- A concatenation of a hash-code and an optional control field,
called hash function identifier, which can be used to identify the hash
function and the padding method. [SC27] A concatenation of a
hash-code and an optional control field, which can be used to identify
the hash function and the padding method. NOTE - The control field with
hash function identifier is mandatory unless the hash function is
uniquely determined by the signature mechanism or by the domain
parameters. [SC27] A concatenation of a hash-code and an
optional control field, which can be used to identify the hash function
and the padding method. NOTE - The control field with hash function
identifier is mandatory unless the hash function is uniquely determined
by the signature mechanism or by the domain parameters. [ISO/IEC
9796-3: 2000, ISO/IEC WD 15946-4 (10/2001)] A concatenation of a
hash-code and an optional control field, called hash function
identifier, which can be used to identify the hash function and the
padding method. [SC27] (see also hash, tokens)
- hash totals
- A numerical summation of one or more corresponding fields of a
file that would not ordinarily be summed. Typically used to detect when
changes in electronic information have occurred. [FFIEC] Value computed on data to detect error or manipulation. [IATF][NSTISSC]
- hash value
- (D) ISDs SHOULD NOT use this term (especially not as a
synonym for 'hash result', the output of a hash function) because it
might be confused with 'hashed value' (the input to a hash function). [RFC2828] (see also hash function, hash)
- hashing
- Computation of a hash total. [NSTISSC]
- hashword
- Memory address containing hash total. [NSTISSC]
- help desk
- A support entity that can be called upon to get help with a computer or communication problem. [RFC2504] (see also communications)
- hierarchical decomposition
- The ordered, structured reduction of a system or a component to primitives. [AJP][TNI] (see also development process)
- hierarchical development methodology (HDM)
- A methodology for specifying and verifying the design programs
written in the Special specification language. The tools for this
methodology include the Special specification processor, the
Boyer-Moore theorem prover, and the Feiertag information flow tool. [AJP][NCSC/TG004] (see also software development methodologies)
- hierarchical input process output (HIPO)
-
- hierarchical PKI
- (I) A PKI architecture based on a certification hierarchy. [RFC2828] (see also certification, public-key infrastructure)
- hierarchy management
- (I) The process of generating configuration data and
issuing public-key certificates to build and operate a certification
hierarchy. [RFC2828] (see also certificate, certification, key, public-key infrastructure)
- hierarchy of trust
- (D) ISDs SHOULD NOT use this term with regard to PKI,
especially not as a synonym for 'certification hierarchy', because this
term mixes concepts in a potentially misleading way. [RFC2828] (see also certification, public-key infrastructure, trust)
- hijack attack
- (I) A form of active wiretapping in which the attacker seizes control of a previously established communication association. [RFC2828] (see also IP splicing/hijacking, hijacking, pagejacking, session hijacking, spoofing, terminal hijacking, attack)
- hijacking
- An attack that occurs during an authenticated session with a
database or system. The attacker disables a user's desktop system,
intercepts responses from the application, and responds in ways that
prolong the session. [CIAO] The use of an authenticated user's communication session to communicate with system components. [FFIEC] (see also attack, hijack attack)
- HMAC
- (I) A keyed hash that can be based on any iterated
cryptographic hash (e.g. MD5 or SHA-1), so that the cryptographic
strength of HMAC depends on the properties of the selected
cryptographic hash. (C) Assume that H is a generic cryptographic
hash in which a function is iterated on data blocks of length B bytes.
L is the length of the of hash result of H. K is a secret key of length
L <= K <= B. The values IPAD and OPAD are fixed strings used as
inner and outer padding and defined as follows: IPAD = the byte 0x36
repeated B times, OPAD = the byte 0x5C repeated B times. HMAC is
computed by H(K XOR OPAD, H(K XOR IPAD, inputdata)). (C) The goals of HMAC are as follows:
- To
use available cryptographic hash functions without modification,
particularly functions that perform well in software and for which
software is freely and widely available.
- To preserve the original performance of the selected hash without significant degradation.
- To use and handle keys in a simple way.
- To
have a well-understood cryptographic analysis of the strength of the
mechanism based on reasonable assumptions about the underlying hash
function.
- To enable easy replacement of the hash function in case a faster or stronger hash is found or required.
[RFC2828] (see also analysis, cryptography, hash, key, software)
- homed
- The number of logical interfaces a DUT/SUT contains. Firewalls
typically contain at least two logical interfaces. In network
topologies where a DMZ is used, the firewall usually contains at least
three interfaces and is said to be tri-homed. Additional interfaces
would make a firewall quad-homed, quint- homed, and so on. It is
theoretically possible for a firewall to contain one physical interface
and multiple logical interfaces. This configuration is discouraged for
testing purposes because of the difficulty in verifying that no leakage
occurs between protected and unprotected segments. [RFC2647] (see also networks, test, firewall) (includes tri-homed)
- honeypot
- (I) A system (e.g. a web server) or a system resource
(e.g. a file on a server), that is designed to be attractive to
potential crackers and intruders, like honey is attractive to bears. (D)
It is likely that other cultures have different metaphors for this
concept. To ensure international understanding, ISDs should not use
this term unless they also provide an explanation like this one. [RFC2828] A host that is designed to collect data on suspicious activity and has no authorized users other than its administrators. [800-61] (see also attack)
- host
- (I) General computer network usage: A computer that is
attached to communication subnetwork or internetwork and can use
services provided by the network to exchange data with other attached
systems. (I) Specific Internet Protocol Suite usage: A networked
computer that does not forward Internet Protocol packets that are not
addressed to the computer itself. (C) Derivation: As viewed by
its users, a host 'entertains' guests, providing application layer
services or access to other computers attached to the network. However,
even though some traditional peripheral service devices, such as
printers, can now be independently connected to networks, they are not
usually called hosts. [RFC2828] A computer that is accessed by a user from a remote location. [FFIEC] A single computer or workstation; it can be connected to a network [NSAINT]
Any computer-based system connected to the network and containing the
necessary protocol interpreter software to initiate network access and
carry out information exchange across the communications network. This
definition encompasses typical 'mainframe' hosts, generic terminal
support machines (e.g. ARPANET TAC, DoDIIS NTC), and workstations
connected directly to the communications subnetwork and executing the
intercomputer networking protocols. A terminal is not a host because it
does not contain the protocol software needed to perform information
exchange; a workstation (by definition) is a host because it does have
such capability. [AJP][TNI] (see also communications, internet, networks, software, automated information system)
- host based
- Information, such as audit data from a single host which may be used to detect intrusions [NSAINT] (see also audit, automated information system)
- host to front-end protocol
- A set of conventions governing the format and control of data that are passed from a host to a front-end machine. [AJP][NCSC/TG004] (see also automated information system)
- host-based firewall
- A firewall where the security is implemented in software
running on a general-purpose computer. Security in host-based firewalls
is generally at the application level, rather than at a network level. [SRV] (see also networks, software, automated information system, firewall)
- host-based security
- The technique of securing an individual system from attack; host-based security is operating system and version dependent. [IATF] (see also security)
- hot site
- An alternate site with a duplicate IS already set up and
running, maintained by an organization or its contractor to ensure
continuity of service for critical systems in the event of a disaster. [CIAO] (see also cold site, disaster recovery)
- https
- (I) When used in the first part of a URL (the part that
precedes the colon and specifies an access scheme or protocol), this
term specifies the use of HTTP enhanced by a security mechanism, which
is usually SSL. [RFC2828] (see also internet, security)
- human error
- Action or inaction that unintentionally disables a system component. [RFC2828] Human action or inaction that unintentionally results in an entity gaining unauthorized knowledge of sensitive data. [RFC2828] Human action or inaction that unintentionally results in the alteration of system functions or data. [RFC2828] (see also threat consequence)
- human user
- Any person who interacts with the TOE. [CC2][CC21][SC27] (see also target of evaluation, user)
- hybrid encryption
- (I) An application of cryptography that combines two or
more encryption algorithms, particularly a combination of symmetric and
asymmetric encryption. (C) Asymmetric algorithms require more
computation than equivalently strong symmetric ones. Thus, asymmetric
encryption is not normally used for data confidentiality except in
distributing symmetric keys in applications where the key data is
usually short (in terms of bits) compared to the data it protects. [RFC2828] (see also confidentiality, encryption, key)
- hydrometer
- An instrument used to determine specific gravity that sinks in
a fluid to a depth used as a measure of the fluid's specific gravity.
The instrument is a sealed, graduated tube, weighted at one end. [SRV]
- hydrophone
- An electrical instrument for detecting or monitoring sound under water. [SRV]
- hydroscope
- An optical device used for viewing objects much below the surface of water. [SRV]
- hygrograph
- An automatic hygrometer that records variations in atmospheric humidity. [SRV]
- hygrometer
- Any of several instruments that measure atmospheric humidity. [SRV]
- hygroscope
- An instrument that measures changes in atmospheric moisture. [SRV]
- hyperlink
- (I) In hypertext or hypermedia, an information object
(such as a word, a phrase, or an image; usually highlighted by color or
underscoring) that points (indicates how to connect) to related
information that is located elsewhere and can be retrieved by
activating the link (e.g. by selecting the object with a mouse pointer
and then clicking). [RFC2828] An electronic link providing
direct access from one distinctively marked place in a hypertext or
hypermedia document to another in the same or a different document [CIAO]
An item on a webpage that, when selected, transfers the user directly
to another location in a hypertext document or to another webpage,
perhaps on a different machine. Also simply called a 'link.' [FFIEC] (see also link, world wide web)
- hypermedia
- (I) A generalization of hypertext; any media that contain hyperlinks that point to material in the same or another data object. [RFC2828] (see also internet)
- hypertext
- (I) A computer document, or part of a document, that
contains hyperlinks to other documents; i.e., text that contains active
pointers to other text. Usually written in Hypertext Markup Language
and accessed using a web browser. [RFC2828] (see also internet, standard generalized markup language, world wide web)
- hypertext markup language (HTML)
- (I) A platform-independent system of syntax and
semantics for adding characters to data files (particularly text files)
to represent the data's structure and to point to related data, thus
creating hypertext for use in the World Wide Web and other
applications. [RFC2828] A markup language that is a subset of
SGML and is used to create hypertext and hypermedia documents on the
World Wide Web incorporating text, graphics, sound, video, and
hyperlinks. [CIAO] The mechanism used to create web pages. [SRV] (see also standard generalized markup language, world wide web)
- hypertext transfer protocol (HTTP)
- (I) A TCP-based, application-layer, client-server,
Internet protocol used to carry data requests and responses in the
World Wide Web. [RFC2828] The native protocol of the web, used to transfer hypertext documents. [SRV] (see also networks, secure socket layer, world wide web)
- ICMP flood
- (I) A denial of service attack that sends a host more
ICMP echo request ('ping') packets than the protocol implementation can
handle. [RFC2828] (see also denial of service, attack)
- identification
- (I) An act or process that presents an identifier to a
system so that the system can recognize a system entity and distinguish
it from other entities. [RFC2828] Process an IS uses to recognize an entity. [NSTISSC] Process of uniquely determining the unique identity of an entity. [SC27] Process that enables recognition of an entity by an IT product. [FCv1][IATF]
Process that enables recognition of an entity by an IT product/system
that may be by the use of unique machine-readable user names. [AJP] The process that enables recognition of an entity by a system, generally by the use of unique machine-readable user names. [NCSC/TG004][SRV] The process used by an IS to recognize an entity such as a user or another process. [CIAO] (see also SSO PIN, alarm reporting, anonymity, attribute certificate, candidate TCB subset, class 2, 3, 4, or 5, compromised key list, configuration control, digital id, formal development methodology, information systems security, key tag, network component, primary account number, public key derivation function, redundant identity, registration authority, repair action, risk analysis, token device, uniform resource identifier, user PIN, validate vs. verify, verification, accountability) (includes Identification Protocol, bank identification number, configuration identification, identification and accreditation, identification and authentication, identification data, identification, friend or foe, identification, friend, foe, or neutral, identity, identity based access control, identity-based security policy, personal identification number, privacy, authentication, integrity, identification, non-repudiation, risk identification, terminal identification, trusted identification, trusted identification forwarding)
- identification and accreditation (I&A)
- (see also identification)
- identification and authentication (I&A)
- A family of security controls in the technical class dealing
with ensuring that users are individually authenticated via passwords,
tokens, or other devices, and that access controls to the IT system are
enforcing segregation of duties. [800-37] Identity of an entity with some level of assurance. [IATF] (see also access control, assurance, authentication, identification)
- identification data
- A sequence of data items, including the distinguishing
identifier for an entity, assigned to an entity and used to identify
it. NOTE - The identification data may additionally contain data items
such as identifier of the signature process, identifier of the
signature key, validity period of the signature key, restrictions on
key usage, associated security policy parameters, key serial number, or
domain parameters. [SC27] Sequence of data items, including the
distinguishing identifier for an entity, assigned to an entity and used
to identify it. NOTE - Examples of data items which may be included in
the identification data include: an account number, expiry date, serial
number, etc. [SC27] Sequence of data items, including the
distinguishing identifier for an entity, assigned to an entity and used
to identify it. NOTE - Examples of data items which may be included in
the identification data include: an account number, expiry date, serial
number, etc. [ISO/IEC 9798-5: 1999] A sequence of data items, including
the distinguishing identifier for an entity, assigned to an entity and
used to identify it. NOTE - The identification data may additionally
contain data items such as identifier of the signature process,
identifier of the signature key, validity period of the signature key,
restrictions on key usage, associated security policy parameters, key
serial number, or domain parameters. [SC27] (see also identification)
- Identification Protocol
- (I) An client-server Internet protocol for learning the identity of a user of a particular TCP connection. (C)
Given a TCP port number pair, the server returns a alphanumeric string
that identifies the owner of that connection on the server's system.
The protocol is not intended for authorization or access control. At
best, it provides additional auditing information with respect to TCP. [RFC2828] (see also access control, audit, identification, internet, security protocol)
- identification, friend or foe (IFF)
- (see also identification)
- identification, friend, foe, or neutral (IFFN)
- (see also identification)
- identity
- A representation (e.g. a string) uniquely identifying an
authorized user, which can either be the full or abbreviated name of
that user or a pseudonym. [CC2][CC21][SC27]
Information that is unique within a security domain and that is
recognized as denoting a particular entity within that domain. [SRV] (see also identification, user)
- identity based access control (IBAC)
- (see also access control, identification)
- identity token
- Smart card, metal key, or other physical object used to authenticate identity. [NSTISSC] (see also tokens)
- identity validation
- Tests enabling an IS to authenticate users or resources. [NSTISSC] (see also test, user)
- identity-based security policy
- (I) 'A security policy based on the identities and/or
attributes of users, a group of users, or entities acting on behalf of
the users and the resources/objects being accessed.' [RFC2828] A
security policy based on the identities and/or attributes of the object
(system resource) being accessed and of the subject (user, group of
users, process, or device) requesting access. [SRV] (see also identification, policy)
- IEEE 802.10
- (N) An IEEE committee developing security standards for local area networks. [RFC2828] (see also networks, security)
- IEEE P1363 (P1363)
- (N) An IEEE working group, Standard for Public-Key
Cryptography, developing a comprehensive reference standard for
asymmetric cryptography. Covers discrete logarithm (e.g. DSA), elliptic
curve, and integer factorization (e.g. RSA); and covers key agreement,
digital signature, and encryption. [RFC2828] (see also cryptography, digital signature, encryption, key)
- illegal traffic
- Packets specified for rejection in the rule set of the
DUT/SUT. A buggy or misconfigured firewall might forward packets even
though its rule set specifies that these packets be dropped. Illegal
traffic differs from rejected traffic in that it describes all traffic
specified for rejection by the rule set, while rejected traffic
specifies only those packets actually dropped by the DUT/SUT. [RFC2647] (see also rejected traffic, bit forwarding rate, rule set, firewall)
- imaging system
- A method of translating and recording pictures in microfilm, videotape, or computer format. [SRV] (see also system)
- IMAP4 AUTHENTICATE
- (I) A IMAP4 'command' (better described as a
transaction type, or protocol-within-a-protocol) by which an IMAP4
client optionally proposes a mechanism to an IMAP4 server to
authenticate the client to the server and provide other security
services. (C) If the server accepts the proposal, the command is
followed by performing a challenge-response authentication protocol
and, optionally, negotiating a protection mechanism for subsequent POP3
interactions. The security mechanisms that are used by IMAP4
AUTHENTICATE--including Kerberos, GSSAPI, and S/Key--are described in. [RFC2828] (see also authentication, challenge/response, key)
- imitative communications
- Introduction of deceptive messages or signals into deception an adversary's telecommunications signals. [NSTISSC] (see also communications)
- impact
- The result of an unwanted incident. [SC27] (see also incident)
- impersonating
- Form of spoofing. [NSTISSC]
- impersonation
- An attempt to gain access to a computer system by posing as an authorized user. Synonymous with masquerading, mimicking. [SRV] (see also masquerade, authentication, attack)
- implant
- Electronic device or electronic equipment modification
designed to gain unauthorized interception of information-bearing
emanations. [NSTISSC] (see also emanation, emanations security)
- implementation
- A phase of the development process wherein the detailed
specification of a Target of Evaluation is translated into actual
hardware and software. [AJP][ITSEC] (see also software, target of evaluation)
- implementation under test (IUT)
- The particular portion of equipment which is to be studied for testing. The implementation may include one or more protocols. [OVT] (see also test)
- implementation vulnerability
- A vulnerability resulting from an error made in the software or hardware implementation of a satisfactory design. [OVT] (see also vulnerability)
- implicit key authentication from A to B
- The assurance for entity B that A is the only another entity can possibly be in possession of the correct key. [SC27] (see also key, authentication)
- imprint
- A string of bits, either the hash-code of a data string or the data string itself. [SC27]
- improved emergency message automatic transmission system (IEMATS)
- (see also system)
- in the clear
- (I) Not encrypted. [RFC2828] (see also encryption)
- inadvertent disclosure
- Type of incident involving accidental exposure of information to a person not authorized access. [NSTISSC] (see also exposure, risk, incident)
- inappropriate usage
- A person who violates acceptable computing use policies. [800-61]
- incapacitation
- A threat action that prevents or interrupts system operation by disabling a system component. [RFC2828]
An abnormal condition when the level of products and services a
critical infrastructure provides its customers is reduced. While
typically a temporary condition, an infrastructure is considered
incapacitated when the duration of reduced performance causes a
debilitating impact. [CIAO] (see also critical infrastructure, risk, threat consequence)
- incident
- (IS) Assessed occurrence having actual or potentially adverse
effects on an IT system. (COMSEC) Occurrence that potentially
jeopardizes the security of COMSEC material or the secure electrical
transmission of national security information or information governed
by 10 U.S.C. Section 2315. [NSTISSC] A violation or imminent
threat of violation of computer security policies, acceptable use
policies, or standard computer security practices. [800-61] An occurrence that has been assessed as having an adverse effect on the security or performance of an IT system. [CIAO]
Event that has actual or potentially adverse effects on AIS. Any
intrusion or attempted intrusion into a computer system. Incidents can
include probes of multiple computer systems. [AFSEC] (see also COMSEC insecurity, communications security, computer emergency response team, event, failure access, handler, impact, indication, infrastructure assurance, joint task force-computer network defense, mitigation, precursor, protective technologies, response, security controls, security event, security policy, vulnerability, threat) (includes COMSEC incident, Computer Incident Advisory Capability, Forum of Incident Response and Security Teams, Guidelines and Recommendations for Security Incident Processing, attack, automated security incident measurement, compromise, computer incident assessment capability, computer intrusion, computer security incident, computer security incident response capability, computer security incident response team, contamination, data compromise, denial of service, flooding, inadvertent disclosure, incident handling, incident response capability, multiple component incident, probe, program automated information system security incident support team, security incident, security intrusion, suspicious event)
- incident handling
- The mitigation of violations of security policies and recommended practices. [800-61] (see also incident)
- incident response
- (see incident handling)
- incident response capability
- A family of security controls in the operations class dealing
with responding to an assessed occurrence having actual or potentially
adverse effects on an IT system. [800-37] (see also security, incident)
- incomplete parameter checking
- A system design flaw that results when all parameters have not
been fully anticipated for accuracy and consistency, thus making the
system vulnerable to penetration. [AJP][NCSC/TG004][SRV]
System flaw that exists when the operating system does not check all
parameters fully for accuracy and consistency, thus making the system
vulnerable to penetration. [NSTISSC] (see also threat)
- independence
- Self-governance, freedom from conflict of interest and undue
influence. The IT auditor should be free to make his or her own
decisions, not influenced by the organization being audited, or by its
managers and employees. [FFIEC] (see also audit)
- independent assessment
- In this document, an evaluation of how well an IT system and
its operating environment meet its required security controls,
performed by an organization or individual that does not have a vested
interest in the outcome of the assessment. An independent assessment
can be performed by individuals either internal or external to the
agency undergoing the evaluation, as long as they are free from
personal and external factors that could impair their independence or
their perceived independence, (e.g., they designed the system under
review). [800-37] (see also security)
- independent validation and verification
- Review, analysis, and testing conducted by an independent
party throughout the life cycle of software development to ensure that
the new software meets user or contract requirements. [SRV] (see also analysis, software, test)
- indication
- A sign that an incident may have occurred or may be currently occurring. [800-61] (see also incident)
- indicator
- A recognized action, specific, generalized, or theoretical,
that an adversary might be expected to take in preparation for an
attack. [NSTISSC] (see also attack)
- indirect certificate revocation list (ICRL)
- (I) In X.509, a CRL that may contain certificate
revocation notifications for certificates issued by CAs other than the
issuer of the ICRL. [RFC2828] (see also certificate, public-key infrastructure)
- indistinguishability
- (I) An attribute of an encryption algorithm that is a
formalization of the notion that the encryption of some string is
indistinguishable from the encryption of an equal-length string of
nonsense. (C) Under certain conditions, this notion is equivalent to 'semantic security'. [RFC2828] (see also encryption, security)
- individual accountability
- Ability to associate positively the identity of a user with the time, method, and degree of access to an AIS. [NSTISSC]
Requires individual users to be held accountable for their actions
after being notified of the rules of behavior in the use of the system
and the penalties associated with the violation of those rules. [800-37] The ability to associate positively the identify of a user when accessing a computer system. [SRV] The ability to associate positively the identity of a user with the time, method, and degree of access to a system. [AJP][NCSC/TG004] (see also user)
- industry standard architecture (ISA)
- (see also automated information system)
- infection
- The act or result of affecting injuriously, an infective agent
or material contaminated with an infective agent, usually malicious
logic in the form of a worm, virus, Trojan horse, etc. [AFSEC] (see also worm, threat)
- inference
- A threat action whereby an unauthorized entity indirectly
accesses sensitive data (but not necessarily the data contained in the
communication) by reasoning from characteristics or byproducts of
communications. [RFC2828] (see also threat consequence)
- informal
- Expressed in natural language. [CC2][CC21][SC27] (see also formal) (includes informal specification)
- informal specification
- Statement about (the properties of) a product made using the
grammar, syntax, and common definitions of a natural language (e.g.
English). Note: While no notational restrictions apply, the informal
specification is also required to provide defined meanings for terms
which are used in a context other than that accepted by normal usage. [AJP][FCv1] (see also formal specification, development process, informal)
- information
- (I) Facts and ideas, which can be represented (encoded) as various forms of data. [RFC2828] Information is data that are processed and conveys more meaning to users of information. [SRV] (see also cryptography)
- information and communications
- A critical infrastructure characterized by computing and
telecommunications equipment, software, processes, and people that
support: a) The processing, storage, and transmission of data and
information; b) the processes and people that convert data into
information and information into knowledge; and c) the data and
information themselves. [CIAO] (see also critical infrastructure)
- information architecture
- The technologies, interfaces, and geographical locations of functions involved with an organization's information activities. [SRV] (see also automated information system)
- information assurance (IA)
- Information Operations that protect and defend information and
information systems by ensuring their availability, integrity,
authentication, confidentiality, and non-repudiation. This includes
providing for restoration of information systems by incorporating
protection, detection, and reaction capabilities. (DODD S-3600.1 of 9
Dec 96) [NSAINT] Information operations (IO) that protect and
defend information and information systems by ensuring their
availability, integrity, authentication, confidentiality, and
non-repudiation. This includes providing for restoration of information
systems by incorporating protection, detection, and reaction
capabilities. [IATF][NSTISSC] Information operations that
protect and defend information and information systems by ensuring
their availability, integrity, authentication, confidentiality, and
non-repudiation. This includes providing for restoration of information
systems by incorporating protection, detection, and reaction
capabilities. Information operations actions taken to affect an
adversary’s information and information systems while defending one’s
own information and information systems. [CIAO] (see also authentication, availability, confidentiality, integrity, non-repudiation, assurance)
- information center (IC)
- (see also automated information system)
- information engineering
- An approach to planning, analyzing, designing, and developing
an information system with an enterprise-wide perspective and an
emphasis on data and architectures. [SRV] (see also automated information system)
- information environment
- Aggregate of individuals, organizations, or systems that
collect, process, or disseminate information, also included is the
information itself. [NSTISSC] (see also automated information system)
- information flow
- The sequence, timing, and direction of how information proceeds through an organization or a computer system. [SRV] The sequence, timing, and direction of how information proceeds through an organization. [SRV] (see also automated information system)
- information flow control
- A procedure to ensure that information transfers within a
system are not made from a higher security level object to an object of
a lower security level. [AJP][NCSC/TG004] Procedure to
ensure that information transfers within an IS are not made from a
higher security level object to an object of a lower security level.
information operations (IO) Actions taken to affect adversary
information and ISs while defending one's own information and ISs. [NSTISSC] (see also security) (includes object)
- information operations (IO)
- Actions taken to affect adversary information and information
systems while defending one's own information and information systems.
(DODD S-3600.1 of 9 Dec 96) [NSAINT] (see also automated information system)
- information processing standard
- A set of detailed technical guidelines used to establish
uniformity to support specific functions and/or interoperability in
hardware, software, or telecommunications development, testing, and/or
operation. [AJP] (see also communications, software, test)
- information protection policy
- The set of laws, rules, and practices that regulate how an IT
product will, within specified limits, counter threats expected in the
product's assumed operational environment. [AJP][FCv1] (see also assurance, security policy, threat)
- information rate
- (see bandwidth)
- information ratio (IR)
- (see also automated information system)
- information security (INFOSEC)
- (I) Referring to security measures that implement and
assure security services in computer systems (i.e., COMPUSEC) and
communication systems (i.e., COMSEC). [RFC2828] Actions taken
for the purpose of reducing system risk, specifically, reducing the
probability that a threat will succeed in exploiting critical
infrastructure vulnerabilities using electronic, RF, or computer-based
means. [CIAO] The preservation of confidentiality, integrity and
availability of information. NOTE - Confidentiality is defined as
ensuring that information is accessible only to those authorized to
have access. Integrity is defined as safeguarding the accuracy and
completeness of information and processing methods. Availability is
defined as ensuring that authorized users have access to information
and associated assets when required. [SC27] The result of any
system of policies and/or procedures for identifying, controlling, and
protecting from unauthorized disclosure, information whose protection
is authorized by executive order or statute. [NSAINT] (see also National Institute of Standards and Technology, National Security Agency, availability, communications security, confidentiality, security) (includes information systems security)
- information sharing and analysis center
- Centers designed by the private sector that serve as a
mechanism for gathering, analyzing, appropriately sanitizing and
disseminating private sector information. These centers could also
gather, analyze, and disseminate information from the NIPC for further
distribution to the private sector. ISACs also are expected to share
important information about vulnerabilities, threats, intrusions, and
anomalies, but do not interfere with direct information exchanges
between companies and the Government. [CIAO] (see also threat, analysis)
- information superhighway
- Integration of telephone, data, or video services into an
advanced high-speed, interactive, broadband, and digital communications
system. [SRV] (see also communications)
- information superiority
- The capability to collect, process, and disseminate an
uninterrupted flow of information while exploiting or denying an
adversary's ability to do the same. (DODD S-3600.1 of 9 Dec 96) [NSAINT] (see also exploit)
- information system (IS)
- (IS) The entire infrastructure, organization, personnel, and
components for the collection, processing, storage, transmission,
display, dissemination, and disposition of information. [NSTISSC]
1) The entire infrastructure, organization, personnel, and components
for the collection, processing, storage, transmission, display,
dissemination, and disposition of information. 2) All the electronic
and human components involved in the collection, processing, storage,
transmission, display, dissemination, and disposition of information.
An IS may be automated (e.g., a computerized information system) or
manual (e.g., a library’s card catalog). [CIAO] The organized
collection, processing, maintenance, transmission, and dissemination of
information in accordance with defined procedures, whether automated or
manual. [SRV] (see also system)
- information system security officer (ISSO)
- The person responsible to the DAA (designated approving
authority) for ensuring that security is provided for and implemented
throughout the life cycle of an AIS from the beginning of the concept
development plan through its design, development, operation,
maintenance, and secure disposal. [AJP] The person responsible
to the DAA for ensuring that security is provided for and implemented
throughout the life cycle of an AIS from the beginning of the concept
development plan through its design, development, operation,
maintenance, and secure disposal. [NCSC/TG004] (see also system, computer security, system security officer)
- information systems audit and control association (ISACA)
- (see also audit)
- information systems audit and control foundation (ISACF)
- (see also audit)
- information systems security (INFOSEC) (ISS)
- Effort to achieve and maintain optimal security engineering (ISSE) and survivability of a system throughout its life cycle. [NSTISSC]
Item (chip, module, assembly, or equipment), product technique, or
service that performs or relates to information systems security. [NSTISSC]
Modification of any fielded hardware, firmware, equipment modification
software, or portion thereof, under NSA configuration control. There
are three classes of modifications: mandatory (to include human
safety); optional/special mission modifications; and repair actions.
These classes apply to elements, subassemblies, equipment, systems, and
software packages performing functions such as key generation, key
distribution, message encryption, decryption, authentication, or those
mechanisms necessary to satisfy security policy, labeling,
identification, or accountability. [NSTISSC] Principal advisor on computer security matters. [NSTISSC]
Protection of information systems against (INFOSEC and/or ISS)
unauthorized access to or modification of information, whether in
storage, processing or transit, and against the denial of service to
authorized users, including those measures necessary to detect,
document, and counter such threats. [NSTISSC] Protection of
information systems against unauthorized access to or modification of
information, whether in storage, processing or transit, and against the
denial of service to authorized users, including those measures
necessary to detect, document, and counter such threats. [IATF] (see also computer security, authentication, denial of service, encryption, identification, system, unauthorized access, information security, threat, user) (includes network security, system security, system security engineering, telecommunications security)
- information systems security association (ISSA)
- (see also computer security, system)
- information systems security engineering (ISSE)
- A structured system engineering process, tailored to the
unique needs of a specific customer, focused on the selection of an
effective security protection solution including identifying the
customer's requirements, determining the a-priori/initial
vulnerabilities and threats of the existing or planned communications
system, determining applicable security solutions and/or counter
measures, identifying the residual risk, and implementing a risk
management process to determine if the risk is acceptable to the
customer. [IATF] (see also counter measures, computer security, requirements, system, threat)
- information systems security equipment modification
- (see also computer security) (includes COMSEC modification)
- information systems security manager (ISSM)
- (see also computer security, system)
- information systems security officer (ISSO)
- (see also computer security) (includes network security officer)
- information systems security policy
- (see also computer security) (includes security policy)
- Information Systems Security products and services catalogue
- A catalogue issued quarterly by the U.S. National Security
Agency that incorporates the DPL, EPL, ETL, PPL and other security
product and service lists. This catalogue is available through the U.S.
Government Printing Office, Washington, DC 20402, (202) 783-3238. [NCSC/TG004] (see also computer security, system) (includes degausser products list, endorsed tools list, evaluated products list, preferred products list)
- information systems/technology (IS/IT)
- (see also system)
- information technology (IT)
- The hardware and software that processes information,
regardless of the technology involved, whether computers,
telecommunications, or others. [CIAO] The hardware, firmware,
and software used as part of the information system to perform DoD
information functions. This definition includes computers,
telecommunications, automated information systems, and automatic data
processing equipment as well as any assembly of computer hardware,
software, and/or firmware configured to collect, create, communicate,
compute, disseminate, process, store and/or control data or
information. [IATF] (see also communications, software, automated information system)
- Information Technology Security Evaluation Criteria (ITSEC)
- (N) Standard developed for use in the European Union;
accommodates wider range of security assurance and functionality
combinations than the TCSEC. Superseded by the Common Criteria. [RFC2828] (see also computer security, evaluation)
- information technology system
- An international term for an information system, which
consists of one or more Automated Information Systems (AISs) or
computer systems and communications systems. [AJP] (see also communications, automated information system, system)
- information warfare (IW)
- Actions taken to achieve information superiority by affecting
adversary information, information based processes, and information
systems, while defending our own information, information based
processes, and information systems. Any action to deny, exploit,
corrupt, or destroy the enemy's information and its functions, protect
themselves against those actions; and exploiting their own military
information functions. [AFSEC][NSAINT] IO conducted
during times of crisis or conflict to achieve or promote specific
objectives over a specific adversary or adversaries. [CIAO]
Information Operations conducted during time of crisis or conflict to
achieve or promote specific objectives over a specific adversary or
adversaries. (DODD S-3600.1 of 9 Dec 96) [NSAINT] (see also exploit, threat, warfare)
- infrastructure
- The framework of interdependent networks and systems
comprising identifiable industries, institutions (including people and
procedures), and distribution capabilities that provide a reliable flow
of products and services essential to the defense and economic security
of the United States, the smooth functioning of governments at all
levels, and society as a whole. [CIAO]
- infrastructure assurance
- Preparatory and reactive risk management actions intended to
increase confidence that a critical infrastructure’s performance level
will continue to meet customer expectations despite incurring threat
inflicted damage. For instance, incident mitigation, incident response,
and service restoration. [CIAO] (see also critical infrastructure, incident, risk, threat, assurance)
- infrastructure protection
- Proactive risk management actions intended to prevent a threat
from attempting to or succeeding at destroying or incapacitating
critical infrastructures. For instance, threat deterrence and
vulnerability defense. [CIAO] (see also assurance, risk, threat, vulnerability, critical infrastructure)
- ingress filtering
- The process of blocking incoming packets that use obviously false IP addresses, such as reserved source addresses. [800-61] (see also internet)
- inheritance
- A mechanism that allows objects of a class to acquire part of
their definition from another class (called a superclass). Inheritance
can be regarded as a method for sharing a behavioral description. [SRV] A relationship among classes, wherein one class shares the structure or behavior defined in one or more other classes. [SRV]
- initial transformation
- A function that is applied at the beginning of a MAC algorithm. [SC27] (see also networks)
- initialization value (IV)
- (I) An input parameter that sets the starting state of
a cryptographic algorithm or mode. (Sometimes called 'initialization
vector' or 'message indicator'.) (C) An IV can be used to
introduce cryptographic variance in addition to that provided by a key,
and to synchronize one cryptographic process with another. For an
example of the latter, cipher block chaining mode requires an IV. [RFC2828] (see also initialization vector, key)
- initialization vector
- (D) For consistency, ISDs SHOULD NOT use this term as a synonym for 'initialization value'. [RFC2828]
A vector used in defining the starting point of an encryption process
within a cryptographic algorithm (e.g. the DES Cipher Block Chaining
(CBC) mode of operation). [FIPS140] A vector used in defining the starting point of an encryption process within the cryptographic algorithm. [SRV] (see also initialization value, algorithm, encryption, Data Encryption Standard)
- initialize
- Setting the state of a cryptographic logic prior to key generation, encryption, or other operating mode. [NSTISSC] (see also cryptography, encryption)
- initializing value
- A value used in defining the starting point of a hash function. [SC27]
A value used in defining the starting point of a hash function.
[ISO/IEC 10118-1: 2000] Value used in defining the starting point of a
hash function. [ISO/IEC FDIS 9797-2 (09/2000)] Value used in defining
the starting point of an encipherment process. [SC27] Value used in defining the starting point of a hash function. [SC27] Value used in defining the starting point of an encipherment process. [SC27] (see also hash)
- input
- A variable (whether stored within a component or outside it) that is read by the component. [OVT] The financial and nonfinancial resources that the organization obtained or received to produce its outputs. [SRV]
- input data
- information that is entered into a cryptographic module for the purposes of transformation or computation. [FIPS140] (see also cryptographic module)
- input/output (I/O)
- (see also automated information system)
- insertion
- Introducing false data that serves to deceive an authorized entity. [RFC2828] (see also threat consequence)
- insider attack
- An attack originating from inside a protected network. [IATF] (see also networks, attack)
- inspectable space
- Three dimensional space surrounding equipment that process
classified and/or sensitive information within which TEMPEST
exploitation is not considered practical or where legal authority to
identify and/or remove a potential TEMPEST exploitation exists. [NSTISSC] (see also TEMPEST)
- instance
- An object described by a class. [SRV]
- instantiate
- To create a new instance of a class or type. [SRV]
- Institute of Electrical and Electronics Engineers, Inc (IEEE)
-
- institute of internal auditors (IIA)
-
- instrument
- 1. A tool or device that is used to do a particular task. 2. A
device that is used for making measurements of something. In software
and system testing, to install or insert devices or instructions into
hardware or software to monitor the operation of a system or component.
[OVT] (see also test)
- instrumentation
- Instrumentation is a group or collection of instruments,
usually ones that are part of the same machine. Devices or instructions
installed or inserted into hardware or software to monitor the
operation of a system or component. The insertion of additional code
into the program in order to collect information about program behavior
during program execution. (NBS) The insertion of additional code into a
program in order to collect information about program behavior during
program execution. Useful for dynamic analysis techniques such as
assertion checking, coverage analysis, tuning. [OVT] (see also analysis)
- Integrated CASE tools
- Software tools that provide for planning, analysis, and
design, with fully-integrated code generation. These tools are fully
integrated so one tool component directly employs information from
another. A repository stores the knowledge from multiple tools in an
integrated manner. [SRV] (see also analysis, software)
- integrated logistics support (ILS)
-
- Integrated services digital network (ISDN)
- A worldwide digital communications network evolving from
existing telephone services. The goal of ISDN is to replace the current
analog telephone system with totally digital switching and transmission
facilities capable of carrying data ranging from voice to computer
transmission, music, and video. Computers and other devices are
connected to ISDN lines through simple, standardized interfaces. When
fully implemented, ISDN is expected to provide users with faster, more
extensive communications services in data, video, and voice. [SRV]
An emerging communications system enabling the simultaneous
transmission of data, facsimile, video, and voice over a single
communications link. [AJP] (see also communications, networks)
- integrated test facility (ITF)
- (see also software development, test)
- integration test
- A process to confirm that program units are linked together and interface with the files or databases correctly. [SRV] (see also software development, test)
- integrity
- (1) Correctness and appropriateness of the content and/or
source of a piece of information. (2) The prevention of the
unauthorized modification of information. (3) Sound, unimpaired, or
perfect condition. [AJP] 1) Condition existing when an IS
operates without unauthorized modification, alteration, impairment, or
destruction of any of its components.2) The accuracy, completeness and
reliable transmission and reception of information and its validity in
accordance with business values and expectations; the adequacy and
reliability of processes assuring personnel selection, access and
safety; and the adequacy and reliability of processes assuring only
authorized access to, and safety of, physical facilities. [CIAO]
Assurance that information in an IT system is protected from
unauthorized, unanticipated, or unintentional modification or
destruction. System integrity also addresses the quality of an IT
system reflecting the logical correctness and reliability of the
operating system; the logical completeness of the hardware and software
implementing the protection mechanisms; and the consistency of the data
structures and occurrence of the stored data. [800-37] Assuring information will not be accidentally or maliciously altered or destroyed. [NSAINT] Assuring information will not be accidentally or maliciously altered or destroyed. Sound, unimpaired or perfect condition. [OVT] Correctness and appropriateness of the content and/or source of a piece of information. [FCv1]
Quality of an IS reflecting the logical correctness and reliability of
the operating system; the logical completeness of the hardware and
software implementing the protection mechanisms; and the consistency of
the data structures and occurrence of the stored data. Note that, in a
formal security mode, integrity is interpreted more narrowly to mean
protection against unauthorized modification or destruction of
information. [NSTISSC] Sound, unimpaired, or perfect condition.
The property that an object is changed only in a specified and
authorized manner. The property that sensitive data has not been
modified or deleted in an unauthorized and undetected manner. [SRV] The prevention of the unauthorized modification of information. [ITSEC][NIAP] The property of safeguarding the accuracy and completeness of assets. [SC27] The property that sensitive data has not been modified or deleted in an unauthorized and undetected manner. [FIPS140] The state achieved by maintaining and authenticating the accuracy and accountability of system data, hardware, and software. [SRV]
[of data] A security service that allows verification that an
unauthorized modification of information (including changes,
insertions, deletions, and duplications) has not occurred either
maliciously or accidentally. [IATF] (see also access control, business process, computer emergency response team, digital signature, entry-level certification, hash, information assurance, levels of concern, mid-level certification, post-accreditation phase, security controls, software, top-level certification, quality of protection, security) (includes authenticity, check character, checksum, correctness, correctness integrity, data authentication code, data integrity, data integrity service, error detection code, integrity policy, privacy, authentication, integrity, identification, non-repudiation, privacy, authentication, integrity, non-repudiation, secure hash algorithm, source integrity, system and data integrity, system integrity)
- integrity check
- (D) ISDs SHOULD NOT use this term as a synonym for
'cryptographic hash' or 'protected checksum', because this term
unnecessarily duplicates the meaning of other, well established terms. [RFC2828] (see also cryptography, hash)
- integrity check value
- Checksum capable of detecting modification of an IT system. [NSTISSC]
- integrity policy
- A security policy to prevent unauthorized users from modifying or writing sensitive information. [AJP][TNI] (see also security policy, integrity, policy)
- integrity-checking tools
- (see also security software)
- intelligent threat
- (I) A circumstance in which an adversary has the
technical and operational capability to detect and exploit a
vulnerability and also has the demonstrated, presumed, or inferred
intent to do so.$ International Data Encryption Algorithm (IDEA) (N) A patented, symmetric block cipher that uses a 128-bit key and operates on 64-bit blocks. [RFC2828] (see also cryptography, encryption, exploit, key, threat)
- intent
- Demonstrating a deliberate series of actions with the
objective of debilitating defense or economic security by destroying or
incapacitating a critical infrastructure. [CIAO]
- inter-TSF transfers
- Communicating data between the TOE and the security functions of other trusted IT products. [CC2][CC21][SC27] (see also trust, TOE security functions, target of evaluation)
- interactive mode
- The ability to interact or converse with a computer by giving commands and receiving response in real time. [SRV]
- interarea interswitch rekeying key (IIRK)
- (see also key)
- interception
- A threat action whereby an unauthorized entity directly
accesses sensitive data traveling between authorized sources and
destinations. [RFC2828] (see also threat consequence)
- interconnection security agreements
- An agreement established between the organizations that own
and operate connected IT systems to document the technical requirements
of the interconnection. The ISA also supports a Memorandum of
Understanding or Agreement (MOU/A) between the organizations. [800-37] (see also security)
- interdependence
- Dependence among elements or sites of different infrastructures, and therefore, effects by one infrastructure upon another. [CIAO] (see also risk)
- interdiction
- The act of impeding or denying the use of computer system resources to a user. [SRV] (see denial of service)
- interface
- (1) A shared boundary across which information is passed. (2)
A Hardware or software component that connects two or more other
components for the purpose of passing information from one to the
other. (3) To connect two or more components for the purpose of passing
information from one to the other. (4) To serve as a connecting or
connected component as in (2). (1) (ISO) A shared boundary between two
functional units, defined by functional characteristics, common
physical interconnection characteristics, signal characteristics, and
other characteristics, as appropriate. The concept involves the
specification of the connection of two devices having different
functions. (2) A point of communication between two or more processes,
persons, or other physical entities. (3) A peripheral device which
permits two or more devices to communicate. [OVT] A common
boundary or connector between two applications or devices, such as the
graphical user interface (GUI) that allows a human user to interact
with an application written in code. [CIAO] A logical section of
a cryptographic module that defines a set of entry or exit points that
provide access to the module, including information flow or physical
access. [FIPS140] Common boundary between independent systems or modules where interactions take place. [NSTISSC]
Computer programs that translate information from one system or
application into a format required for use by another system or
application. [FFIEC] The common boundary between independent systems or modules where communication takes place. [SRV] (see also communications, cryptography)
- interface control document
- Technical document describing interface controls and
identifying the authorities and responsibilities for ensuring the
operation of such controls. This document is baselined during the
preliminary design review and is maintained throughout the IS
lifecycle. interim approval Temporary authorization granted by a DAA
for an IS to process information based on preliminary results of a
security evaluation of the computer system. [NSTISSC] (see also baseline, evaluation)
- interface control unit (ICU)
- (see also automated information system)
- interface testing
- Testing conducted to evaluate whether systems or components
pass data and control correctly to each other. Integration testing
where the interfaces between system components are tested. [OVT] (see also test)
- interference
- Disruption of system operations by blocking communications or user data or control information. [RFC2828] (see also threat consequence)
- interim accreditation
- Temporary authorization granted by a DAA for an IT system to
process, store and/or transmit information based on preliminary results
of security certification of the system. [800-37] (see also security, accreditation)
- interim accreditation action plan
- A document created for the IT system which has received an
interim accreditation to operate, and which is issued to the program
manager or system owner by the DAA along with the interim accreditation
letter. The action plan includes: (1) the critical mission that
mandates the system be operational, (2) the list of specific corrective
actions necessary to demonstrate the needed security controls are
implemented correctly and are effective, (3) the agreed upon timeline
for taking designated corrective actions, (4) the resources necessary
to properly complete the corrective actions, and (5) operational
restrictions that are imposed to lessen the risk during the interim
accreditation. [800-37] (see also risk, security, accreditation)
- interleaving attack
- A masquerade which involves use of information derived from one or more ongoing or previous authentication exchanges. [SC27] (see also authentication, attack)
- internal communication channel
- A communication channel between separated parts of TOE. [CC2][CC21][SC27] (see also channel, communication channel, communications, target of evaluation)
- internal control questionnaire (ICQ)
-
- internal rate of return (IRR)
-
- internal security controls
- (1) Hardware, firmware, and software features within a system
that restricts access to resources (hardware, software, and data) to
authorized subjects only (persons, programs, or devices). (2)
Mechanisms implemented in the hardware, firmware, and software of an IT
product which provide protection for the IT product. [AJP]
Hardware, firmware, and software features within a system that
restricts access to resources (hardware, software, and data) to
authorized subjects only (persons, programs, or devices). [NCSC/TG004][SRV] Hardware, firmware, or software features within an IS that restrict access to resources only to authorized subjects. [NSTISSC] Mechanisms implemented in the hardware, firmware, and software of an IT product which provide protection for the IT product. [FCv1] (see also software, risk management, security controls) (includes subject)
- internal subject
- A subject that is not acting as a direct surrogate for a user.
A process that is not associated with any user but performs system-wide
functions such as packet switching, line printer spooling, and so on.
(also known as a daemon or a service machine). [AJP][TNI] (see also subject)
- internal system exposure
- Relates to the types of individuals that have authorization to
access the system and the information the system stores, processes, and
transmits. It includes such items as individual security background
assurances and/or clearance levels, access approvals, and need-to-know.
[800-37] (see also security, exposure)
- internal throughput time
- The number of interactive transactions or batch jobs completed per unit of CPU time. [SRV]
- internal TOE transfer
- Communicating data between separated parts of the TOE. [CC2][CC21][SC27] (see also target of evaluation)
- International Data Encryption Algorithm (IDEA)
- A private key encryption-decryption algorithm that uses a key that is twice the length of a DES key. [NSAINT]
This is a symmetric encryption algorithm that is popular outside of the
United States and Canada. However, DES is still the most popular
symmetric algorithm anywhere. [misc] (see also algorithm, symmetric algorithm)
- International organization for standardization (ISO)
- (I) International Organization for Standardization, a
voluntary, non-treaty, non-government organization, established in
1947, with voting members that are designated standards bodies of
participating nations and non-voting observer organizations. (C)
Legally, ISO is a Swiss, non-profit, private organization. ISO and the
IEC (the International Electrotechnical Commission) form the
specialized system for worldwide standardization. National bodies that
are members of ISO or IEC participate in developing international
standards through ISO and IEC technical committees that deal with
particular fields of activity. Other international governmental and
non-governmental organizations, in liaison with ISO and IEC, also take
part. (ANSI is the U.S. voting member of ISO. ISO is a class D member
of ITU-T.) (C) The ISO standards development process has four
levels of increasing maturity: Working Draft (WD), Committee Draft
(CD), Draft International Standard (DIS), and International Standard
(IS). In information technology, ISO and IEC have a joint technical
committee, ISO/IEC JTC 1. DISs adopted by JTC 1 are circulated to
national bodies for voting, and publication as an IS requires approval
by at least 75% of the national bodies casting a vote. [RFC2828]
International organization for standardization - An organization
established to develop and define data processing standards to be used
throughout participating countries. [SRV] (see also ITU-T, automated information system) (includes Open Systems Interconnection Reference model)
- international standards organization (ISO)
-
- international telecommunication union (ITU)
- (see also networks)
- International Traffic in Arms Regulations (ITAR)
- (N) Rules issued by the U.S. State Department, by
authority of the Arms Export Control Act (22 U.S.C. 2778), to control
export and import of defense articles and defense services, including
information security systems, such as cryptographic systems, and
TEMPEST suppression technology. [RFC2828] (see also TEMPEST, cryptography, security)
- internet
- A collection of interconnected networks that use a common set
of protocols called the TCP/IP stack to enable communication between
the connected computer systems. [RFC2504] A cooperative message-forwarding system linking computer networks all over the world. [FFIEC]
A decentralized, global network of computers (Internet hosts), linked
by the use of common communications protocols (Transmission Control
Protocol/Internet protocol, or TCP/IP). The Internet allows users
worldwide to exchange messages, data, and images. [CIAO] (see also Green book, Guidelines and Recommendations for Security Incident Processing, Layer 2 Forwarding Protocol, Layer 2 Tunneling Protocol, Message Security Protocol, On-line Certificate Status Protocol, Open Systems Interconnection Reference model, Secure Electronic Transaction, attack, bill payment, bill presentment, certification hierarchy, computer emergency response team, computer emergency response team/ coordination center, computer network, concept of operations, confidentiality, cookies, counter measures, dial-up line, domain, egress filtering, electronic commerce, electronic messaging services, end system, external system exposure, host, https, hypermedia, hypertext, ingress filtering, interoperability standards/protocols, lurking, network connection, network worm, networks, object identifier, one-time passwords, open systems security, packet assembly and disassembly, password sniffing, peer-to-peer communication, personal communications network, policy certification authority, pop-up box, port scanning, protocol, public-key forward secrecy, repudiation, rules of behavior, trojan horse, validate vs. verify, vendor) (includes ARPANET, Distributed Authentication Security Service, Generic Security Service Application Program Interface, IP address, IPsec Key Exchange, Identification Protocol, Internet Corporation for Assigned Names and Numbers, Internet Draft, Internet Message Access Protocol, version 4, Internet Protocol Security Option, Internet Protocol security, Internet Security Association and Key Management Protocol, Internet Society, Internet Standard, MIME Object Security Services, PKIX, POP3 AUTH, Post Office Protocol, version 3, Rexd, SOCKS, Secure/MIME, Simple Authentication and Security Layer, Simple Key-management for Internet Protocols, Terminal Access Controller Access Control System, USENET, anonymous login, cyberspace, domain name service server, domain name system, e-banking, e-mail server, email, extranet, file transfer protocol, firewall, gateway server, internet control message protocol, internet protocol, internet service provider, internet vs. Internet, internetwork, internetwork private line, intranet, listserv, mailing list, management information base, markup language, point-to-point protocol, port, pretty good privacy, proxy server, router, secure hypertext transfer protocol, secure shell, simple mail transfer protocol, simple network management protocol, sniffer, telnet, traceroute, transmission control protocol, transmission control protocol/internet protocol, transport layer security, tunnel, uniform resource identifier, uniform resource locator, uniform resource name, user data protocol, user datagram protocol, virtual private network, virus, wide area information service, world wide web, worm)
- Internet Architecture Board (IAB)
- (I) A technical advisory group of the ISOC, chartered
by the ISOC Trustees to provide oversight of Internet architecture and
protocols and, in the context of Internet Standards, a body to which
decisions of the IESG may be appealed. Responsible for approving
appointments to the IESG from among nominees submitted by the IETF
nominating committee. [RFC2828] (see also trust, Internet Society)
- Internet Assigned Numbers Authority (IANA)
- (I) From the early days of the Internet, the IANA was
chartered by the ISOC and the U.S. Government's Federal Network Council
to be the central coordination, allocation, and registration body for
parameters for Internet protocols. Superseded by ICANN. [RFC2828] (see also networks, Internet Society)
- internet control message protocol (ICMP)
- (I) An Internet Standard protocol that is used to
report error conditions during IP datagram processing and to exchange
other information concerning the state of the IP network. [RFC2828]
A message control and error-reporting protocol between a host server
and a gateway to the Internet. ICMP is used by a device, often a
router, to report and acquire a wide range of communications-related
information. [IATF] (see also communications, networks, internet, security)
- Internet Corporation for Assigned Names and Numbers (ICANN)
- (I) The non-profit, private corporation that has
assumed responsibility for the IP address space allocation, protocol
parameter assignment, domain name system management, and root server
system management functions formerly performed under U.S. Government
contract by IANA and other entities. (C) The Internet Protocol
Suite, as defined by the IETF and the IESG, contains numerous
parameters, such as internet addresses, domain names, autonomous system
numbers, protocol numbers, port numbers, management information base
object identifiers, including private enterprise numbers, and many
others. The Internet community requires that the values used in these
parameter fields be assigned uniquely. ICANN makes those assignments as
requested and maintains a registry of the current values. (C)
ICANN was formed in October 1998, by a coalition of the Internet's
business, technical, and academic communities. The U.S. Government
designated ICANN to serve as the global consensus entity with
responsibility for coordinating four key functions for the Internet:
the allocation of IP address space, the assignment of protocol
parameters, the management of the DNS, and the management of the DNS
root server system. [RFC2828] (see also key, internet)
- Internet Draft
- (I) A working document of the IETF, its areas, and its
working groups. (Other groups may also distribute working documents as
Internet Drafts.) An Internet Draft is not an archival document like an
RFC is. Instead, an Internet Draft is a preliminary or working document
that is valid for a maximum of six months and may be updated, replaced,
or made obsolete by other documents at any time. It is inappropriate to
use an Internet Draft as reference material or to cite it other than as
'work in progress.' [RFC2828] (see also internet)
- Internet Engineering Steering Group (IESG)
- (I) The part of the ISOC responsible for technical
management of IETF activities and administration of the Internet
Standards Process according to procedures approved by the ISOC
Trustees. Directly responsible for actions along the 'standards track',
including final approval of specifications as Internet Standards.
Composed of IETF Area Directors and the IETF chairperson, who also
chairs the IESG. [RFC2828] (see also trust, Internet Society)
- Internet Engineering Task Force (IETF)
- (I) A self-organized group of people who make
contributions to the development of Internet technology. The principal
body engaged in developing Internet Standards, although not itself a
part of the ISOC. Composed of Working Groups, which are arranged into
Areas (such as the Security Area), each coordinated by one or more Area
Directors. Nominations to the IAB and the IESG are made by a committee
selected at random from regular IETF meeting attendees who have
volunteered. [R2026, R2323] Internet Message Access Protocol, version 4
(IMAP4) (I) An Internet protocol by which a client workstation
can dynamically access a mailbox on a server host to manipulate and
retrieve mail messages that the server has received and is holding for
the client. (C) IMAP4 has mechanisms for optionally authenticating a client to server and providing other security services. [RFC2828] (see also authentication, security, Internet Society)
- Internet Message Access Protocol, version 4 (IMAP4)
- (see also internet)
- Internet Policy Registration Authority (IPRA)
- (I) An X.509-compliant CA that is the top CA of the Internet certification hierarchy operated under the auspices of the ISOC. [RFC2828] (see also certification, public-key infrastructure, Internet Society)
- internet protocol (IP)
- (I) A Internet Standard protocol (version 4 and version
6) that moves datagrams (discrete sets of bits) from one computer to
another across an internetwork but does not provide reliable delivery,
flow control, sequencing, or other end-to-end services that TCP
provides. (C) In the OSIRM, IP would be located at the top of layer 3. [RFC2828]
A communications protocol that routes packets of data. The address of
the destination system is used by intermediate routers to select a path
through the network. [CIAO] Standard protocol for transmission
of data from source to destinations in packet-switched communications
networks and interconnected systems of such networks. [NSTISSC] (see also communications, networks, internet)
- Internet Protocol security (IPsec)
- (I) (1.) The name of the IETF working group that is
specifying a security architecture and protocols to provide security
services for Internet Protocol traffic. (2.) A collective name for that
architecture and set of protocols. (Implementation of IPsec protocols
is optional for IP version 4, but mandatory for IP version 6.) (C) Note that the letters 'sec' are lower-case. (C)
The IPsec architecture specifies (a) security protocols (AH and ESP),
(b) security associations (what they are, how they work, how they are
managed, and associated processing), (c) key management (IKE), and (d)
algorithms for authentication and encryption. The set of security
services include access control service, connectionless data integrity
service, data origin authentication service, protection against replays
(detection of the arrival of duplicate datagrams, within a constrained
window), data confidentiality service, and limited traffic flow
confidentiality. [RFC2828] intended to secure LAN-to-LAN connections over the Internet with a public-key system. [misc] (see also access control, authentication, confidentiality, encryption, key, communications security, internet, security protocol) (includes Authentication Header, encapsulating security payload, transport mode vs. tunnel mode, tunnel mode)
- Internet Protocol Security Option (IPSO)
- (I) Refers to one of three types of IP security
options, which are fields that may be added to an IP datagram for the
purpose of carrying security information about the datagram. (D) ISDs SHOULD NOT use this term without a modifier to indicate which of the three types is meant.
- 'DoD
Basic Security Option' (IP option type 130): Defined for use on U.S.
Department of Defense common user data networks. Identifies the Defense
classification level at which the datagram is to be protected and the
protection authorities whose rules apply to the datagram.
- 'protection
authority' is a National Access Program (e.g. GENSER, SIOP-ESI, SCI,
NSA, Department of Energy) or special access program that specifies
protection rules for transmission and processing of the information
contained in the datagram.
- 'DoD Extended Security Option' (IP
option type 133): Permits additional security labeling information,
beyond that present in the Basic Security Option, to be supplied in the
datagram to meet the needs of registered authorities.
- 'Common
IP Security Option' (CIPSO) (IP option type 134): Designed by TSIG to
carry hierarchic and non-hierarchic security labels. (Formerly called
'Commercial IP Security Option'.) Was published as Internet-Draft; not
advanced to RFC.
[RFC2828] (see also National Security Agency, classification level, networks, internet, security protocol)
- Internet Security Association and Key Management Protocol (ISAKMP)
- (I) An Internet IPsec protocol to negotiate, establish,
modify, and delete security associations, and to exchange key
generation and authentication data, independent of the details of any
specific key generation technique, key establishment protocol,
encryption algorithm, or authentication mechanism. (C) ISAKMP
supports negotiation of security associations for protocols at all
TCP/IP layers. By centralizing management of security associations,
ISAKMP reduces duplicated functionality within each protocol. ISAKMP
can also reduce connection setup time, by negotiating a whole stack of
services at once. Strong authentication is required on ISAKMP
exchanges, and a digital signature algorithm based on asymmetric
cryptography is used within ISAKMP's authentication component. [RFC2828] (see also authentication, cryptography, digital signature, encryption, key, internet, security protocol)
- internet service provider (ISP)
- A company that provides its customers with access to the Internet. [FFIEC] (see also internet)
- Internet Society (ISOC)
- (I) A professional society concerned with Internet
development (including technical Internet Standards); with how the
Internet is and can be used; and with social, political, and technical
issues that result. The ISOC Board of Trustees approves appointments to
the IAB from among nominees submitted by the IETF nominating committee.
[RFC2828] (see also trust, internet) (includes Internet Architecture Board, Internet Assigned Numbers Authority, Internet Engineering Steering Group, Internet Engineering Task Force, Internet Policy Registration Authority, Internet Society Copyright, Request for Comment)
- Internet Society Copyright
- Copyright (C) The Internet Society (2000). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it or
assist in its implementation may be prepared, copied, published and
distributed, in whole or in part, without restriction of any kind,
provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing the
copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of developing
Internet standards in which case the procedures for copyrights defined
in the Internet Standards process must be followed, or as required to
translate it into languages other than English. [RFC2504][RFC2828] (see also Internet Society)
- Internet Standard
- (I) A specification, approved by the IESG and published
as an RFC, that is stable and well-understood, is technically
competent, has multiple, independent, and interoperable implementations
with substantial operational experience, enjoys significant public
support, and is recognizably useful in some or all parts of the
Internet. (C) The Internet Standards Process is an activity of
the ISOC and is organized and managed by the IAB and the IESG. The
process is concerned with all protocols, procedures, and conventions
used in or by the Internet, whether or not they are part of the
Internet Protocol Suite. The 'Internet Standards Track' has three
levels of increasing maturity: Proposed Standard, Draft Standard, and
Standard. [RFC2828] (see also Request for Comment, internet)
- Internet Standards document (ISD)
- (C) In this Glossary, this term refers to an RFC,
Internet-Draft, or other item that is produced as part of the Internet
Standards Process. However, neither the term nor the abbreviation is
widely accepted and, therefore, SHOULD NOT be used in an ISD unless it
is accompanied by an explanation like this. [RFC2828] (see also Request for Comment)
- internet vs. Internet
- (I) Not capitalized: A popular abbreviation for 'internetwork'. (I)
Capitalized: 'The Internet' is the single, interconnected, worldwide
system of commercial, government, educational, and other computer
networks that share the set of protocols specified by the IAB and the
name and address spaces managed by the ICANN. (C) The protocol
set is named the 'Internet Protocol Suite'. It also is popularly known
as 'TCP/IP', because TCP and IP are two of its fundamental components.
These protocols enable a user of any one of the networks in the
Internet to communicate with, or use services located on, any of the
other networks. (C) Although the Internet does have
architectural principles, no Internet Standard formally defines a
layered reference model for the IPS that is similar to the OSIRM.
However, Internet community documents do refer (inconsistently) to
layers: application, socket, transport, internetwork, network, data
link, and physical. In this Glossary, Internet layers are referred to
by name to avoid confusing them with OSIRM layers, which are referred
to by number. [RFC2828] (see also model, networks, internet)
- Internet worm
- A worm program that was unleashed on the Internet in 1988. It
was written by Robert T. Morris as an experiment that got out of hand. [NSAINT]
Independent program that replicates from machine to machine across
network connections often clogging networks and computer systems as it
spreads. [AFSEC] (see also networks, worm)
- internetwork
- (I) A system of interconnected networks; a network of networks. Usually shortened to 'internet'. (C)
An internet is usually built using OSI layer 3 gateways to connect a
set of subnetworks. When the subnetworks differ in the OSI layer 3
protocol service they provide, the gateways sometimes implement a
uniform internetwork protocol (e.g. IP) that operates at the top of
layer 3 and hides the underlying heterogeneity from hosts that use
communication services provided by the internet. [RFC2828] (see also communications, internet, networks)
- internetwork private line
- Network cryptographic unit that provides secure interface
connections, singularly or in simultaneous multiple connections,
between a host and a predetermined set of corresponding hosts. [NSTISSC] (see also cryptography, internet, networks)
- interoperability
- The ability of computers to act upon information received from one another. [AJP]
The ability of two or more systems or components to exchange
information and to use the information that has been exchanged. It is
the capability of systems to communicate with one another and to
exchange and use information including content, format, and semantics. [SRV]
The ability of two or more systems or components to exchange
information and to use the information that has been exchanged. It is
the capability of systems, subsystems, or components to communicate
with one another, exchange services, and use information, including
content, format, and semantics. [SRV] (see also interoperable)
- interoperability standards/protocols
- Commonly agreed on standards that enable different computers
or programs to share information. Example: HTTP (Hypertext Transfer
Protocol) is a standard method of publishing information as hypertext
in HTML format on the Internet. [FFIEC] (see also internet)
- interoperable
- software, or hardware, that is able to run on multiple
machines from multiple vendors in a meaningful way without causing
problems. [misc] (see also interoperability, software)
- interoperate
- To provide services to or accept services from other systems,
subsystems, or components and to use the exchanged services
effectively. [SRV]
- interpersonal messaging (IPM)
-
- interpretation
- Expert technical judgment, when required, regarding the
meaning or method of application of any technical aspect of the
criteria and/or methodology. [NIAP]
- interswitch rekeying key (IRK)
- (see also key)
- interval estimate
- The general term for an estimate of a population parameter
that is a range of numerical values. The estimation of a parameter in
terms of an interval, for which one can assert with a given probability
(or degree of confidence) that it contains the actual value of the
parameter. [SRV]
- interval variable
- A quantitative variable, the attributes of which are ordered
and for which the numerical differences between adjacent attributes are
interpreted as equal. [SRV]
- intranet
- (I) A computer network, especially one based on
Internet technology, that an organization uses for its own internal,
and usually private, purposes and that is closed to outsiders. [RFC2828]
A private network for communications and sharing of information that,
like the Internet, is based on TCP/IP but is accessible only to
authorized users within an organization. An organization’s intranet is
usually protected from external access by a firewall. [CIAO] (see also networks, internet)
- intruder
- (I) An entity that gains or attempts to gain access to a system or system resource without having authorization to do so. [RFC2828] (see also authorization, threat)
- intrusion
- A deliberate or accidental set of events that potentially
causes unauthorized access to, activity against, and/or activity in, an
information technology (IT) system. [SC27] A threat action
whereby an unauthorized entity gains access to sensitive data by
circumventing a system's security protections. [RFC2828] An unauthorized access or penetration of a computer system. [AFSEC] Any set of actions that attempt to compromise the integrity, confidentiality or availability of a resource. [NSAINT] Attacks or attempted attacks from outside the security perimeter of an IT system. [CIAO] Unauthorized act of bypassing the security mechanisms of a system. [NSTISSC] (see also authorization, availability, confidentiality, intrusion detection, security intrusion, unauthorized access, threat, threat consequence) (includes computer intrusion, computer security intrusion, penetration)
- intrusion detection
- (I) A security service that monitors and analyzes
system events for the purpose of finding, and providing real-time or
near real-time warning of, attempts to access system resources in an
unauthorized manner. [RFC2828] Detection of break-ins or
break-in attempts either manually or via software expert systems that
operate on logs or other information available on the network. [IATF]
Pertaining to techniques which attempt to detect intrusion into a
computer or network by observation of actions, security logs, or audit
data. Detection of break-ins or attempts either manually or via
software expert systems that operate on logs or other information
available on the network. [NSAINT] Pertaining to techniques
which attempt to detect intrusion into a computer or network by
observation of security logs or audit data. Detection of break-ins or
attempts either manually or via software expert systems that operate on
logs or other information available on the network. [AFSEC] The process of identifying that an intrusion has been attempted, is occurring, or has occurred. [SC27] detection of network break-ins or attempted break-ins via software. [misc] (see also audit, authorization, intrusion, networks, software, risk management) (includes Intrusion Detection In Our Time, intrusion detection system, intrusion detection tools)
- Intrusion Detection In Our Time (IDIOT)
- A system that detects intrusions using pattern-matching. [NSAINT] (see also intrusion detection, security software)
- intrusion detection system (IDS)
- A system that detects and identifies unauthorized or unusual
activity on the hosts and networks; this is accomplished by the
creation of audit records and checking the audit log against the
intrusion thresholds. [IATF] A technical system that is used to identify and respond to intrusions in IT systems. [SC27]
Detection of break-ins or break-in attempts either manually or via
software expert systems that operate on logs or other information
available on the network. Pertaining to techniques that attempt to
detect intrusion into a computer or network by observation of security
logs or audit data. [CIAO] Software that looks for suspicious activity and alerts administrators. [800-61]
Software/hardware that detects and logs inappropriate, incorrect, or
anomalous activity. IDS are typically characterized based on the source
of the data they monitor: host or network. A host-based IDS uses system
log files and other electronic audit data to identify suspicious
activity. A network-based IDS uses a sensor to monitor packets on the
network to which it is attached. [FFIEC] (see also audit, networks, intrusion detection, security software, system)
- intrusion detection tools
- Tools to identify attempts to penetrate a computer system and gain unauthorized access. [SRV] (see also unauthorized access, intrusion detection, security software)
- invalidity date
- (N) An X.509 CRL entry extension that 'indicates the
date at which it is known or suspected that the [revoked certificate's
private key] was compromised or that the certificate should otherwise
be considered invalid'. (C) This date may be earlier than the
revocation date in the CRL entry, and may even be earlier than the date
of issue of earlier CRLs. However, the invalidity date is not, by
itself, sufficient for purposes of non-repudiation service. For
example, to fraudulently repudiate a validly-generated signature, a
private key holder may falsely claim that the key was compromised at
some time in the past. [RFC2828] (see also certificate, digital signature, key, non-repudiation, public-key infrastructure)
- IP address
- (I) A computer's internetwork address that is assigned for use by the Internet Protocol and other protocols. (C)
An IP version 4 address is written as a series of four 8-bit numbers
separated by periods. For example, the address of the host named
'rosslyn.bbn.com' is 192.1.7.10. (C) An IP version 6 address is
written as x:x:x:x:x:x:x:x, where each 'x' is the hexadecimal value of
one of the eight 16-bit parts of the address. For example,
1080:0:0:0:8:800:200C:417A and FEDC:BA98:7654:3210:FEDC:BA98:7654:3210.
[RFC2828] (see also networks, internet)
- IP splicing/hijacking
- An action whereby an active, established, session is
intercepted and co-opted by the unauthorized user. IP splicing attacks
may occur after an authentication has been made, permitting the
attacker to assume the role of an already authorized user. Primary
protections against IP splicing rely on encryption at the session or
network layer. [NSAINT] (see also authentication, hijack attack, networks, session hijacking, attack)
- ip spoofing
- An attack resulting from a system impersonating another system by using its IP network address. [misc] An attack whereby a system attempts to illicitly impersonate another system by using IP network address. [AFSEC][NSAINT] (see also networks, address spoofing, masquerade, spoofing)
- IPsec Key Exchange (IKE)
- (I) An Internet, IPsec, key-establishment protocol
(partly based on OAKLEY) that is intended for putting in place
authenticated keying material for use with ISAKMP and for other
security associations, such as in AH and ESP. [RFC2828] (see also authentication, key, security, internet)
- IS related risk
- The probability that a particular threat agent will exploit,
or trigger, a particular information system vulnerability and the
resulting mission/business impact if this should occur. IS-related
risks arise from legal liability or mission/business loss due to (1)
unauthorized (malicious, nonmalicious, or accidental) disclosure,
modification, or destruction of information, (2) nonmalicious errors
and omissions, (3) IS disruption due to natural or man-made disasters,
and (4) failure to exercise due care and diligence in the
implementation and operation of the IS. [SRV] (see also failure, threat, vulnerability, risk)
- IS security architecture
- A description of security principles and an overall approach
for complying with the principles that drive the system design; i.e.,
guidelines on the placement and implementation of specific security
services within various distributed computing environments. [SRV] (see also computer security)
- isolation
- The containment of subjects and objects in a system in such a
way that they are separated from one another, as well as from the
protection controls of the operating system. [AJP][NCSC/TG004][SRV] (includes object, subject)
- issue
- (I) Generate and sign a digital certificate (or CRL)
and, usually, distribute it and make it available to potential
certificate users (or CRL users). (C) The ABA Guidelines
explicitly limit this term to certificate creation, and exclude the act
of publishing. In general usage, however, 'issuing' a digital
certificate (or CRL) includes not only certificate creation but also
making it available to potential users, such as by storing it in a
repository or other directory or otherwise publishing it. [RFC2828] (see also certificate, public-key infrastructure)
- issuer
- (I) 'Issuer' of a certificate or CRL: The CA that signs the digital certificate or CRL. (C) An X.509 certificate always includes the issuer's name. The name may include a common name value. (N)
'Issuer' of a payment card: SET usage: 'The financial institution or
its agent that issues the unique primary account number to the
cardholder for the payment card brand.' (C) The institution that
establishes the account for a cardholder and issues the payment card
also guarantees payment for authorized transactions that use the card
in accordance with card brand regulations and local legislation. [RFC2828] (see also certificate, public-key infrastructure, Secure Electronic Transaction)
- IT security
- All aspects related to defining, achieving, and maintaining
confidentiality, integrity, availability, non-repudiation,
accountability, authenticity, and reliability. [SC27]
Information operations protect and defend information and IT systems by
ensuring their availability, integrity, authentication,
confidentiality, and non-repudiation. This includes providing for
restoration of IT systems by incorporating protection, detection and
reaction capabilities. [800-37] The state of security in an IT system. [AJP][JTC1/SC27] (see also computer security, authentication, availability, confidentiality, non-repudiation, Automated Information System security)
- IT security certification
- The issue, by an independent body, of a formal statement or
certificate confirming the results of an evaluation of a TOE, and the
fact that the evaluation criteria used were correctly applied. Note:
this term could also be called 'TOE certification' to make its
application clearer. [AJP][JTC1/SC27] (see also Automated Information System security, certification, computer security, target of evaluation)
- IT Security Evaluation Criteria
- A compilation of the information which needs to be provided
and actions which need to be taken in order to provide grounds for
confidence that security evaluations will be carried out effectively
and to a consistent standard throughout the NIAP Common Criteria
Evaluation and Validation Scheme. [NIAP] (see also Automated Information System security, computer security, evaluation)
- IT Security Evaluation Methodology
- A methodology which needs to be used by evaluation facilities
in applying in order to give grounds for confidence that evaluations
will be carried out effectively and to a consistent standard throughout
the NIAP Common Criteria Evaluation and Validation Scheme. [NIAP] (see also Automated Information System security, computer security, evaluation)
- IT security policy
- Rules, directives and practices that govern how assets,
including sensitive information, are managed, protected and distributed
within an organization and its IT systems. [SC27] (see also computer security, policy)
- IT security product
- A package of IT software, firmware and/or hardware, providing
functionality designed for use or incorporation within a multiplicity
of systems. [CC2][CC21][SC27] (see also software, computer security)
- IT system
- A specific IT installation, with a particular purpose and operational environment. [AJP][CC2][CC21][ITSEC][JTC1/SC27][NIAP][SC27]
The set of agency information resources organized for the collection,
storage, processing, maintenance, use, sharing, dissemination,
disposition, display, or transmission of information. Categories of IT
systems are major applications and general support systems. [800-37] (see automated information system)
- iteration
- The use of a component more than once with varying operations. [CC2][CC21][SC27]
- ITU-T
- (N) International Telecommunications Union,
Telecommunication Standardization Sector (formerly 'CCITT'), a United
Nations treaty organization that is composed mainly of postal,
telephone, and telegraph authorities of the member countries and that
publishes standards called 'Recommendations'. (C) The Department
of State represents the United States. ITU-T works on many kinds of
communication systems. ITU-T cooperates with ISO on communication
protocol standards, and many Recommendations in that area are also
published as an ISO standard with an ISO name and number. [RFC2828] (see also International organization for standardization) (includes CCITT, Open Systems Interconnection Reference model)
- Java
- A new programming language invented by Sun Microsystems. It
can be used as a general purpose application programming language with
built-in networking libraries. It can also be used to write small
applications called applets. [SRV] (see also networks, software)
- joint task force-computer network defense
- The focal point for defense of DOD computer networks and
systems, monitoring incidents and potential threats, and coordinating
across DOD to formulate and direct actions to stop or contain damage
and restore network functionality. [CIAO] (see also incident, threat)
- JTC1 Registration Authority
- An organisation appointed by the ISO and IEC councils to register objects in accordance with a JTC 1 procedural Standard. [SC27]
- judgment sample
- A sample in whose selection personal judgment plays a
significant part, unlike a probability sample. Though judgment samples
are sometimes required by practical considerations and may lead to
satisfactory results, they do not lend themselves to analysis by
standard statistical methods. [SRV] (see also analysis)
- Kerberos
- (N) A system developed at the Massachusetts Institute
of Technology that depends on passwords and symmetric cryptography
(DES) to implement ticket-based, peer entity authentication service and
access control service distributed in a client-server network
environment. [R1510, Stei] (C) Kerberos was developed by Project Athena and is named for the three-headed dog guarding Hades. [RFC2828]
A third-party trusted host authentication system devised at MIT within
Project Athena. The Kerberos authentication server is a central system
that knows about every principal and its passwords. It issues tickets
to principals who successfully authenticate themselves. These tickets
can be used to authenticate one principal (e.g. a user) to another
(e.g. a server application). Moreover, Kerberos sets up a session key
for the principals that can be used to protect the privacy and the
integrity of the communication. For this reason, the Kerberos system is
also called a Key Distribution Center (KDC). [misc] (see also access control, networks, passwords, privacy, trust, Simple Authentication and Security Layer, distributed computing environment, security software) (includes key distribution center, session key, third party trusted host model)
- kernelized secure operating system (KSOS)
- (see also system)
- key
- A long string of seemingly random bits used with cryptographic
algorithms to create or verify digital signatures and encrypt or
decrypt messages and conversations. The keys must be known or guessed
to forge a digital signature or decrypt an encrypted message. [AJP] A sequence of symbols that controls the operation of a cryptographic transformation (e.g. encipherment, decipherment). [SC27]
A sequence of symbols that controls the operation of a cryptographic
transformation (e.g. encipherment, decipherment, cryptographic check
function computation, signature generation, or signature verification).
[SC27] A sequence of symbols that controls the operation of a
cryptographic transformation (e.g. encipherment, decipherment,
cryptographic check function computation, signature generation, or
signature verification). [ISO/IEC 9797-1: 1999, ISO/IEC 9798-1: 1997,
ISO/IEC 11770-1: 1996] A sequence of symbols that controls the
operation of a cryptographic transformation (e.g. encipherment,
decipherment, cryptographic check function computation, signature
generation, or signature verification). [ISO/IEC 11770-3: 1999] A
sequence of symbols that controls the operation of a cryptographic
transformation (e.g. encipherment, decipherment). [ISO/IEC CD 10116
(12/2001)] A sequence of symbols that controls the operation of a
cryptographic transformation (e.g. encipherment, decipherment,
cryptographic check function computation, signature generation,
signature verification, or key agreement). [ISO/IEC FDIS 15946-3
(02/2001)] Sequence of symbols that controls the operation of a
cryptographic transformation (e.g. encipherment, decipherment). [SC27]
A sequence of symbols that controls the operation of a cryptographic
transformation (e.g. encipherment, decipherment, cryptographic check
function computation, signature generation, signature verification, or
key agreement). [SC27] A symbol or sequence of symbols (or
electrical or mechanical correlates of symbols) applied to text in
order to encrypt or decrypt [NSAINT] An input that controls the
transformation of data by an encryption algorithm. It is a sequence of
symbols that controls the operations of encryption and decryption. A
long stream of seemingly random bits used with cryptographic
algorithms. The keys must be known or guessed to forge a digital
signature or decrypt an encrypted message. [SRV] Sequence of symbols that controls the operation of a cryptographic transformation (e.g. encipherment, decipherment). [SC27]
Usually a sequence of random or pseudo-random bits used initially to
set up and periodically change the operations performed in
crypto-equipment for the purpose of encrypting or decrypting electronic
signals, or for producing other keys. [IATF] Usually a sequence
of random or pseudorandom bits used initially to set up and
periodically change the operations performed in crypto-equipment for
the purpose of encrypting or decrypting electronic signals, or for
determining electronic counter-countermeasures patterns, or for
producing other key. key-auto-key (KAK) Cryptographic logic using
previous key to produce key. [NSTISSC] (see also Blowfish, CA certificate, CAPSTONE chip, COMSEC aid, COMSEC boundary, COMSEC control program, COMSEC material, COMSEC system data, CRYPTO, Challenge Handshake Authentication Protocol, Challenge-Response Authentication Mechanism, Clipper chip, Cryptographic Message Syntax, Data Authentication Algorithm, Data Encryption Algorithm, Diffie-Hellman, Escrowed Encryption Standard, FIPS PUB 140-1, FIREFLY, Federal Public-key Infrastructure, Federal Standard 1027, Fortezza, HMAC, IEEE P1363, IMAP4 AUTHENTICATE, IPsec Key Exchange, Internet Corporation for Assigned Names and Numbers, Internet Protocol security, Internet Security Association and Key Management Protocol, Key Exchange Algorithm, Key Management Protocol, MIME Object Security Services, MISSI user, OAKLEY, PKCS #10, PKCS #11, PKIX, POP3 APOP, Photuris, Rivest Cipher 2, Rivest Cipher 4, Rivest, Shamir, and Adleman, Rivest-Shamir-Adelman algorithm, Rivest-Shamir-Adleman, SET private extension, Secure Data Network System, Simple Authentication and Security Layer, Simple Key-management for Internet Protocols, Skipjack, Standards for Interoperable LAN/MAN Security, The Exponential Encryption System, U.S.-controlled space, Wassenaar Arrangement, X.500 Directory, X.509, X.509 attribute certificate, X.509 certificate, X.509 certificate revocation list, X.509 public-key certificate, access control center, archive, asymmetric cryptography, attribute certificate, authority revocation list, bind, binding, block cipher, break, brute force, certificate, certificate management, certificate policy, certificate policy qualifier, certificate rekey, certificate renewal, certificate revocation list, certificate update, certificate user, certificate validation, certification, certification authority, certification hierarchy, certification path, certification request, certify, chosen-ciphertext attack, chosen-plaintext attack, ciphertext-only attack, class 2, 3, 4, or 5, common name, communications security, compromise, counter measures, critical security parameters, cross-certification, cryptanalysis, cryptographic algorithm, cryptographic system, cryptographic token, cryptonet, cryptoperiod, data authentication code, data authentication code vs. Data Authentication Code, data origin authentication service, decipher, dictionary attack, digital certification, digital envelope, digital id, distinguished name, distribution point, domain name system, dongle, dual signature, elliptic curve cryptography, encryption, encryption certificate, end entity, explicit key authentication from A to B, extension, fingerprint, hierarchy management, hybrid encryption, implicit key authentication from A to B, initialization value, intelligent threat, invalidity date, key agreement, key authentication, key center, key confirmation, key confirmation from A to B, key control, key derivation function, key distribution, key distribution centre, key distribution service, key establishment, key generating function, key generation, key generation exponent, key generator, key length, key lifetime, key material identifier, key space, key token, key translation center, key translation centre, key transport, key update, key validation, keyed hash, known-plaintext attack, link encryption, man-in-the-middle, merchant certificate, mesh PKI, message authentication code vs. Message Authentication Code, message integrity code, modulus, object, ohnosecond, one-time pad, one-time passwords, one-way encryption, organizational certificate, out of band, path discovery, personality label, policy approving authority, policy creation authority, privacy enhanced mail, private component, public component, public-key forward secrecy, random, registration, registration authority, rekey, repository, revocation date, root, root certificate, secret, secure hypertext transfer protocol, secure socket layer, security association identifier, security event, self-signed certificate, shared secret, signature certificate, signer, slot, smartcards, split knowledge, start-up KEK, stream cipher, strong authentication, subject, subordinate certification authority, symmetric cryptography, token copy, token management, triple DES, trust, trust-file PKI, trusted certificate, unforgeable, v1 certificate, v2 certificate, v3 certificate, validate vs. verify, validity period, web of trust, zeroize, Multilevel Information System Security Initiative, Secure Electronic Transaction, security) (includes Data Encryption Standard, MAC algorithm key, Programmable key storage device, S/Key, SAVILLE Advanced Remote Keying, Simple Public Key Infrastructure/Simple Distributed Security Infrastructure, area interswitch rekeying key, asymmetric cryptographic algorithm, automated key distribution, automated key management center, automated key management system, automatic key distribution center, automatic key distribution/rekeying control unit, automatic remote rekeying, block cipher key, cipher text auto-key, common interswitch rekeying key, compartment key, compromised key list, contingency key, cooperative key generation, crypto-ignition key, cryptographic functions, cryptographic ignition key, cryptographic key, cryptonet key, data encryption key, data key, digital certificate, digital key, digital signature, directly trusted CA key, effective key length, electronic key management, electronic key management system, electronically generated key, encrypted key, ephemeral key, exercise key, hard copy key, hardened unique storage Key, hardwired key, interarea interswitch rekeying key, interswitch rekeying key, key card, key distribution center, key list, key management, key management application service element, key management center, key management identification number, key management infrastructure, key management ordering and distribution center, key management protocol data unit, key management system, key management system Agent, key management user agent, key pair, key processor, key production key, key recovery, key storage device, key stream, key tag, key tape, key updating, key variable generator, key-auto-key, key-encrypting key, key-encryption-key, key-escrow, key-escrow system, keying material, keys used to encrypt and decrypt files, local management device/key processor, lock-and-key protection system, loop key generator, maintenance key, manual remote rekeying, master crypto-ignition key, operational key, over-the-air key distribution, over-the-air key transfer, over-the-air rekeying, per-call key, plaintext key, point-to-point key establishment, post-nuclear event key, pretty good privacy, private decipherment key, private key, private signature key, public encipherment key, public key, public-key algorithm, public-key certificate, public-key cryptography, public-key cryptography standards, public-key infrastructure, remote rekeying, reserve keying material, root key, secret key, secret-key cryptography, secure multipurpose internet mail extensions, security management infrastructure, seed key, session key, signature key, single point keying, split key, symmetric algorithm, symmetric key, test key, token storage key, tokens, traffic encryption key, training key, transmission security key, trusted key, unique interswitch rekeying key, verification key, virtual private network)
- key agreement
- (I) A key establishment method (especially one
involving asymmetric cryptography) by which two or more entities,
without prior arrangement except a public exchange of data (such as
public keys), each computes the same key value. I.e., each can
independently generate the same key value, but that key cannot be
computed by other entities. (O) 'A method for negotiating a key
value on line without transferring the key, even in an encrypted form,
e.g. the Diffie-Hellman technique.' (O) 'The procedure whereby
two different parties generate shared symmetric keys such that any of
the shared symmetric keys is a function of the information contributed
by all legitimate participants, so that no party can predetermine the
value of the key.' (C) For example, a message originator and the
intended recipient can each use their own private key and the other's
public key with the Diffie-Hellman algorithm to first compute a shared
secret value and, from that value, derive a session key to encrypt the
message. [RFC2828] The process of establishing a shared secret
key between entities in such a way that neither of them can
predetermine the value of that key. [SC27] (see also encryption, key, shared secret)
- key authentication
- (N) 'The assurance of the legitimate participants in a
key agreement that no non-legitimate party possesses the shared
symmetric key.' [RFC2828] (see also key, authentication)
- key card
- Paper card, containing a pattern of punched holes, (C.F.D.) that establishes key for a specific cryptonet at a specific time. [NSTISSC] (see also key)
- key center
- (I) A centralized key distribution process (used in
symmetric cryptography), usually a separate computer system, that uses
key-encrypting keys (master keys) to encrypt and distribute session
keys needed in a community of users. (C) An ANSI standard defines two types of key center: key distribution center and key translation center. [RFC2828] (see also encryption, key)
- key confirmation
- (N) 'The assurance of the legitimate participants in a
key establishment protocol that the intended parties sharing the
symmetric key actually possess the shared symmetric key.' [RFC2828] The assurance for one entity that another identified entity is in possession of the correct key. [SC27] (see also key)
- key confirmation from A to B
- The assurance for entity B that entity A is in possession of the correct key. [SC27] (see also key)
- key control
- The ability to choose the key, or the parameters used in the key computation. [SC27] (see also key)
- key derivation function
- A key derivation function outputs one or more shared secrets,
used as keys, given shared secrets and other mutually known parameters
as input. [SC27] (see also key)
- key distribution
- (I) A process that delivers a cryptographic key from
the location where it is generated to the locations where it is used in
a cryptographic algorithm. [RFC2828] (see also key)
- key distribution center (KDC)
- (I) A type of key center (used in symmetric
cryptography) that implements a key distribution protocol to provide
keys (usually, session keys) to two (or more) entities that wish to
communicate securely. (C) A KDC distributes keys to Alice and
Bob, who (a) wish to communicate with each other but do not currently
share keys, (b) each share a KEK with the KDC, and (c) may not be able
to generate or acquire keys by themselves. Alice requests the keys from
the KDC. The KDC generates or acquires the keys and makes two identical
sets. The KDC encrypts one set in the KEK it shares with Alice, and
sends that encrypted set to Alice. The KDC encrypts the second set in
the KEK it shares with Bob, and either sends that encrypted set to
Alice for her to forward to Bob, or sends it directly to Bob (although
the latter option is not supported in the ANSI standard). [RFC2828] COMSEC facility generating and distributing key in electrical form. [NSTISSC] (see also communications security, encryption, Kerberos, key, key management)
- key distribution centre
- An entity trusted to generate or acquire, and distribute keys to entities that each share a key with the KDC. [SC27] (see also key, trust)
- key distribution service
- The service of distributing keys securely to authorized
entities performed by a Key Distribution Center and described in
ISO/IEC 11770-1. [SC27] (see also key)
- key establishment
- (I) A process that combines the key generation and key
distribution steps needed to set up or install a secure communication
association. (O) 'The procedure to share a symmetric key among different parties by either key agreement or key transport.' (C) Key establishment involves either key agreement or key transport:
- Key
transport: One entity generates a secret key and securely sends it to
the other entity. (Or each entity generates a secret value and securely
sends it to the other entity, where the two values are combined to form
a secret key.)
- Key agreement: No secret is sent from one
entity to another. Instead, both entities, without prior arrangement
except a public exchange of data, compute the same secret value. I.e.,
each can independently generate the same value, but that value cannot
be computed by other entities.
[RFC2828] The process
of making available a shared secret key to one or more entities. Key
establishment includes key agreement and key transport. [SC27] (see also key)
- Key Exchange Algorithm (KEA)
- (N) A key agreement algorithm that is similar to the
Diffie-Hellman algorithm, uses 1024-bit asymmetric keys, and was
developed and formerly classified at the 'Secret' level by NSA. (C) On 23 June 1998, the NSA announced that KEA had been declassified. [RFC2828] (see also National Security Agency, key)
- key generating function
- A function which takes as input a number of parameters, at
least one of which shall be secret, and which gives as output keys
appropriate for the intended algorithm and application. The function
shall have the property that it shall be computationally infeasible to
deduce the output without prior knowledge of the secret input. [SC27] (see also key)
- key generation
- (I) A process that creates the sequence of symbols that comprise a cryptographic key. [RFC2828] (see also key)
- key generation exponent
- A positive integer known only to the trusted third party. [SC27] (see also key, trust)
- key generator (KG)
- (I) An algorithm that uses mathematical rules to deterministically produce a pseudo-random sequence of cryptographic key values. (I)
An encryption device that incorporates a key generation mechanism and
applies the key to plaintext (e.g. by exclusive OR-ing the key bit
string with the plaintext bit string) to produce ciphertext. [RFC2828] (see also encryption, key)
- key length
- (I) The number of symbols (usually bits) needed to be able to represent any of the possible values of a cryptographic key. [RFC2828] (see also key)
- key lifetime
- (N) MISSI usage: An attribute of a MISSI key pair that
specifies a time span that bounds the validity period of any MISSI
X.509 public-key certificate that contains the public component of the
pair. [RFC2828] (see also certificate, key, public-key infrastructure, Multilevel Information System Security Initiative)
- key list
- Printed series of key settings for a specific cryptonet. Key lists may be produced in list, pad, or printed tape format. [NSTISSC] (see also key)
- key loader
- A self-contained unit that is capable of storing at least one
plaintext or encrypted cryptographic key or key component which can be
transferred, upon request, into a cryptographic module. [FIPS140] (see also key management)
- key management
- (I) The process of handling and controlling
cryptographic keys and related material (such as initialization values)
during their life cycle in a cryptographic system, including ordering,
generating, distributing, storing, loading, escrowing, archiving,
auditing, and destroying the material. (O) 'The generation, storage, distribution, deletion, archiving and application of keys in accordance with a security policy.' (O)
'The activities involving the handling of cryptographic keys and other
related security parameters (e.g. IVs, counters) during the entire life
cycle of the keys, including their generation, storage, distribution,
entry and use, deletion or destruction, and archiving.' [RFC2828]
Supervision and control of the process whereby key is generated,
stored, protected, transferred, loaded, used, and destroyed. [IATF][NSTISSC]
The activities involving the handling of cryptographic keys and other
related security parameters (e.g. IVs, counters) during the entire life
cycle of the keys, including their generation, storage, distribution,
entry and use, deletion or destruction, and archiving. [FIPS140]
The activities involving the handling of cryptographic keys and other
related security parameters during the entire life cycle of the keys,
including the generation, storage, distribution, entry and use,
deletion, destruction, and archiving. [SRV] The administration
and use of the generation, registration, certification, deregistration,
distribution, installation, storage, archiving, revocation, derivation
and destruction of keying material in accordance with a security
policy. [SC27] (see also audit, public-key infrastructure, key, security) (includes Key Management Protocol, automated key distribution, electronic key entry, key distribution center, key loader, key management/exchange, key recovery, key-escrow, manual key distribution, manual key entry)
- key management application service element (KMASE)
- (see also key)
- key management center (KMC)
- (see also key)
- key management identification number (KMID)
- (see also key)
- key management infrastructure (KMI)
- Framework established to issue, maintain, and revoke keys
accommodating a variety of security technologies, including the use of
software. Labeling Process of assigning a representation of the
sensitivity of a subject or object [IATF] (see also software, key)
- key management ordering and distribution center (KMODC)
- (see also key)
- Key Management Protocol (KMP)
- (N) A protocol to establish a shared symmetric key
between a pair (or a group) of users. (One version of KMP was developed
by SDNS, and another by SILS.) [RFC2828] (see also key, key management, security protocol)
- key management protocol data unit (KMPDU)
- (see also key)
- key management system (KMS)
- (see also key, system)
- key management system Agent (KMSA)
- (see also key, system)
- key management user agent (KMUA)
- (see also key)
- key management/exchange
- A method of electronically transmitting, in a secure fashion,
a secret key for use with a secret key cryptographic system. Key
management can be used to support communications privacy. This method
can be accomplished most securely with public key cryptographic
systems, which do not require the sharing of secret keys with third
parties. Instead, a secret key is encrypted with a recipient's public
key, and the recipient decrypts the result with his or her private key
to receive the secret key. A variation of key management that is based
on key exchange does not require encrypting the secret key. [AJP] (see also privacy, key management)
- key material identifier (KMID)
- (N) MISSI usage: A 64-bit identifier that is assigned
to a key pair when the public key is bound in a MISSI X.509 public-key
certificate. [RFC2828] (see also certificate, key, public-key infrastructure, Multilevel Information System Security Initiative)
- key pair
- (I) A set of mathematically related keys--a public key
and a private key--that are used for asymmetric cryptography and are
generated in a way that makes it computationally infeasible to derive
the private key from knowledge of the public key. (C) A key
pair's owner discloses the public key to other system entities so they
can use the key to encrypt data, verify a digital signature, compute a
protected checksum, or generate a key in a key agreement algorithm. The
matching private key is kept secret by the owner, who uses it to
decrypt data, generate a digital signature, verify a protected
checksum, or generate a key in a key agreement algorithm. [RFC2828] Public key and its corresponding private key as used in public key cryptography. [NSTISSC] (see also digital signature, encryption, key)
- key processor (KP)
- (see also key)
- key production key (KPK)
- Key used to initialize a keystream generator for the production of other electronically generated key. [NSTISSC] (see also key)
- key recovery
- (I) A process for learning the value of a cryptographic key that was previously used to perform some cryptographic operation. (I)
Techniques that provide an intentional, alternate (i.e., secondary)
means to access the key used for data confidentiality service in an
encrypted association. (C) We assume that the encryption
mechanism has a primary means of obtaining the key through a key
establishment algorithm or protocol. For the secondary means, there are
two classes of key recovery techniques--key escrow and key
encapsulation:
- 'Key escrow': A key recovery technique for storing knowledge of
- cryptographic
key or parts thereof in the custody of one or more third parties called
'escrow agents', so that the key can be recovered and used in specified
circumstances. Key escrow is typically implemented with split knowledge
techniques. For example, the Escrowed Encryption Standard entrusts two
components of a device-unique split key to separate escrow agents. The
agents provide the components only to someone legally authorized to
conduct electronic surveillance of telecommunications encrypted by that
specific device. The components are used to reconstruct the
device-unique key, and it is used to obtain the session key needed to
decrypt communications.
- 'Key encapsulation': A key recovery
technique for storing knowledge of a cryptographic key by encrypting it
with another key and ensuring that that only certain third parties
called 'recovery agents' can perform the decryption operation to
retrieve the stored key.
Key encapsulation typically allows direct retrieval of the secret key used to provide data confidentiality.
[RFC2828]
A broad term that applies to many different techniques including
key-escrow, commercial key recovery, cryptographic backup and recovery,
and trusted third party. Implementations can include split knowledge
using two or more trusted third parties and key encrypting keys. [KeyAll] Mechanisms and processes that allow authorized parties to retrieve the cryptographic key used for data confidentiality. [NSTISSC] (see also confidentiality, encryption, key-escrow, trust, key, key management, recovery) (includes data key, encrypted key, key-encrypting key, key-escrow system, plaintext key, session key, split knowledge)
- key space
- (I) The range of possible values of a cryptographic
key; or the number of distinct transformations supported by a
particular cryptographic algorithm. [RFC2828] (see also key)
- key storage device (KSD)
- (see also key)
- key stream
- Sequence of symbols (or their electrical or mechanical
equivalents) produced in a machine or auto-manual cryptosystem to
combine with plain text to produce cipher text, control transmission
security processes, or produce key. [NSTISSC] (see also key)
- key tag
- Identification information associated with certain types of electronic key. [NSTISSC] (see also identification, key)
- key tape
- Punched or magnetic tape containing key. Printed key in tape form is referred to as a key list. [NSTISSC] (see also key)
- key token
- Key management message sent from one entity to another entity during the execution of a key management mechanism. [SC27] (see also key, tokens)
- key translation center
- (I) A type of key center (used in a symmetric
cryptography) that implements a key distribution protocol to convey
keys between two (or more) parties who wish to communicate securely. (C)
A key translation center translates keys for future communication
between Bob and Alice, who (a) wish to communicate with each other but
do not currently share keys, (b) each share a KEK with the center, and
(c) have the ability to generate or acquire keys by themselves. Alice
generates or acquires a set of keys for communication with Bob. Alice
encrypts the set in the KEK she shares with the center and sends the
encrypted set to the center. The center decrypts the set, reencrypts
the set in the KEK it shares with Bob, and either sends that encrypted
set to Alice for her to forward to Bob, or sends it directly to Bob
(although direct distribution is not supported in the ANSI standard). [RFC2828] (see also encryption, key)
- key translation centre (KTC)
- An entity trusted to translate keys between entities that each share a key with the KTC. [SC27] (see also key, trust)
- key transport
- (I) A key establishment method by which a secret key is
generated by one entity in a communication association and securely
sent to another entity in the association. (O) 'The procedure to
send a symmetric key from one party to other parties. As a result, all
legitimate participants share a common symmetric key in such a way that
the symmetric key is determined entirely by one party.' (C) For
example, a message originator can generate a random session key and
then use the Rivest-Shamir-Adleman algorithm to encrypt that key with
the public key of the intended recipient. [RFC2828] The process of transferring a key from one entity to another entity, suitably protected. [SC27] (see also encryption, key)
- key update
- (I) Derive a new key from an existing key. [RFC2828] (see also key)
- key updating
- Irreversible cryptographic process for modifying key. [NSTISSC] (see also key)
- key validation
- (N) 'The procedure for the receiver of a public key to
check that the key conforms to the arithmetic requirements for such a
key in order to thwart certain types of attacks.' [RFC2828] (see also attack, key)
- key variable generator (KVG)
- (see also key)
- key-auto-key (KAK)
- (see also key)
- key-encrypting key (KEK)
- (I) A cryptographic key that is used to encrypt other
keys, either DEKs or other KEKs, but usually is not used to encrypt
application data. [RFC2828] A cryptographic key that is used for the encryption or decryption of other keys. [FIPS140] (see also encryption, key, key recovery)
- key-encryption-key (KEK)
- Key that encrypts or decrypts other key for transmission or storage. [NSTISSC] (see also encryption, key)
- key-escrow
- Keys are used to encrypt and decrypt files. key-escrow is used
to store keys for use by third parties to access the data in encrypted
files. [RFC2504] The processes of managing (e.g. generating,
storing, transferring, auditing) the two components of a cryptographic
key by two component holders. A key component is the two values from
which a key can be derived. [SRV] The system of giving a piece
of a key to each of a certain number of trustees such that the key can
be recovered with the collaboration of all the trustees. [NSAINT] (see also audit, key recovery, trust, key, key management, key-escrow system)
- key-escrow system
- A mechanism for the secure escrow and controlled release of
secret or private encryption keys to law enforcement officials. A U.S.
Federal standard specifying technology that provides a mechanism for
the secure escrow of encryption keys, which can be used to intercept
messages only by government officials acting under proper legal
authorization. The standard relies on a key escrow chip, known as
Clipper, programmed with the classified Skipjack algorithm. [SRV]
An electronic means of reconstructing a secret key (for secret key
encryption) or a private key (for public key encryption). The
reconstructed key can then be used in a process to decrypt a
communication. [AJP] (see also algorithm, encryption, key, key recovery, system) (includes key-escrow)
- keyed hash
- (I) A cryptographic hash (e.g.,) in which the mapping
to a hash result is varied by a second input parameter that is a
cryptographic key. (C) If the input data object is changed, a
new hash result cannot be correctly computed without knowledge of the
secret key. Thus, the secret key protects the hash result so it can be
used as a checksum even when there is a threat of an active attack on
the data. There are least two forms of keyed hash:
- A function based on a keyed encryption algorithm.
-
A function based on a keyless hash that is enhanced by combining (e.g.
by concatenating) the input data object parameter with a key parameter
before mapping to the hash result.
[RFC2828] (see also authentication, encryption, key, threat, hash)
- keying material
- (I) Data (such as keys, key pairs, and initialization
values) needed to establish and maintain a cryptographic security
association. [RFC2828] Key, code, or authentication information in physical or magnetic form. [NSTISSC] The data (e.g. keys, initialisation values) necessary to establish and maintain cryptographic keying relationships. [SC27] (see also authentication, key)
- keys used to encrypt and decrypt files
- To make use of encryption, an end-user has to provide some secret, in the form of some data, usually called a key. [RFC2504] (see also key)
- keystroke monitoring
- A specialized form of audit trail software, or a specially
designed device, that records every key struck by a user and every
character of the response that the AIS returns to the user. [NSAINT] (see also audit, software, attack)
- killer packets
- A method of disabling a system by sending Ethernet or IP
packets which exploit bugs in the networking code to crash the system. [SRV] (see also networks)
- kiosk
- A publicly accessible computer terminal that permits customers
to directly communicate with the financial institution via a network. [FFIEC]
- known-plaintext attack
- (I) A cryptanalysis technique in which the analyst
tries to determine the key from knowledge of some plaintext-ciphertext
pairs (although the analyst may also have other clues, such as the
knowing the cryptographic algorithm). [RFC2828] (see also analysis, cryptography, key, attack)
- label
- (see also security label)
- labeled security protections
- Elementary-level mandatory access control protection features
and intermediate-level discretionary access control features in a TCB
that uses sensitivity labels to make access control decisions. [NSTISSC] (see also access control, trust, security)
- laboratory attack
- Use of sophisticated signal recovery equipment in a laboratory environment to recover information from data storage media. [NSTISSC] (see also recovery, attack)
- language
- Any means of conveying or communicating ideas; specifically,
human speech; the expression of ideas by the voice; sounds, expressive
of thought, articulated by the organs of the throat and mouth. [OVT] (see also automated information system)
- language of temporal ordering specification (LOTOS)
- (N) A language (ISO 8807-1990) for formal specification
of computer network protocols; describes the order in which events
occur. [RFC2828] (see also networks)
- laptop computer
- A portable computer usually powered by a rechargeable battery. The smaller versions are also called notebook computers. [CIAO] (see also automated information system)
- large scale integration (LSI)
- (see also automated information system)
- lattice
- A partially ordered set for which every pair of elements has a greatest lower bound and a least upper bound. [AJP][TCSEC][TDI][TNI] (see also test, Bell-LaPadula security model)
- lattice model
- (I) A security model for flow control in a system,
based on the lattice that is formed by the finite security levels in a
system and their partial ordering. (C) The model describes the
semantic structure formed by a finite set of security levels, such as
those used in military organizations. (C) A lattice is a finite
set together with a partial ordering on its elements such that for
every pair of elements there is a least upper bound and a greatest
lower bound. For example, a lattice is formed by a finite set S of
security levels -- i.e., a set S of all ordered pairs (x, c), where x
is one of a finite set X of hierarchically ordered classification
levels (X1, ..., Xm), and c is a (possibly empty) subset of a finite
set C of non-hierarchical categories (C1, ..., Cn) -- together with the
'dominate' relation. [RFC2828] (see also classification level, test, Bell-LaPadula security model, model)
- Law Enforcement Access Field (LEAF)
- (N) A data item that is automatically embedded in data encrypted by devices that implement the Escrowed Encryption Standard. [RFC2828] (see also encryption, Clipper chip)
- Layer 2 Forwarding Protocol (L2F)
- (N) An Internet protocol (originally developed by Cisco
Corporation) that uses tunneling of PPP over IP to create a virtual
extension of a dial-up link across a network, initiated by the dial-up
server and transparent to the dial-up user. [RFC2828] (see also internet, networks, security protocol)
- Layer 2 Tunneling Protocol (L2TP)
- (N) An Internet client-server protocol that combines
aspects of PPTP and L2F and supports tunneling of PPP over an IP
network or over frame relay or other switched network. (C) PPP
can in turn encapsulate any OSI layer 3 protocol. Thus, L2TP does not
specify security services; it depends on protocols layered above and
below it to provide any needed security. [RFC2828] (see also internet, networks, security protocol)
- layer management entry (LME)
-
- layer management interface (LMI)
-
- layered solution
- The judicious placement of security protections and attack
counter measures that can provide an effective set of safeguards that
are tailored to the unique needs of a customer's situation. [IATF] (see also counter measures, security)
- leakage
- Unauthorized, covert removal or the obtaining of copies of data from a computer system. [AFSEC] (see also threat)
- leapfrog attack
- Use of userid and password information obtained illicitly from
one host to compromise another host. The act of TELNETing through one
or more hosts in order to confuse a trace (a standard cracker
procedure). [AFSEC][NSAINT] (see also passwords, attack)
- least privilege
- (I) The principle that a security architecture should
be designed so that each system entity is granted the minimum system
resources and authorizations that the entity needs to do its work. (C) This principle tends to limit damage that can be caused by an accident, error, or unauthorized act. [RFC2828]
A principle that requires that each subject be granted the most
restrictive set of privileges needed for the performance of authorized
tasks. For certain applications, the most restrictive set of privileges
could pertain to the lowest clearance. The application of this
principle limits the damage that can result from accident, error, or
unauthorized use of a system, such as an AIS. [AJP] Feature of a
system in which operations are granted the fewest permissions possible
in order to perform their tasks. The principle that requires that each
subject be granted the most restrictive set of privileges needed for
the performance of authorized tasks. The application of this principle
limits the damage that can result from accident, error, or unauthorized
use. [OVT] Principle requiring that each subject be granted the
most restrictive set of privileges needed for the performance of
authorized tasks. Application of this principle limits the damage that
can result from accident, error, or unauthorized use of an IT system. [NSTISSC]
Principle that requires that each subject be granted the most
restrictive set of privileges needed for the performance of authorized
tasks. Note: Application of this principle limits the damage that can
result from accident, error, or unauthorized use of a system, such as
an AIS. [FCv1] The principle that requires that each subject be
granted the most restrictive set of privileges needed for the
performance of authorized tasks. The application of this principle
limits the damage that can result from accident, error, or unauthorized
use. [NCSC/TG004][SRV] This principle requires that each
subject in a system be granted the most restrictive set of privileges
(or lowest clearance) needed for the performance of authorized tasks.
The application of this principle limits the damage that can result
from accident, error, or unauthorized use. [TCSEC][TNI] (see also authorization, security, privilege) (includes need-to-know, subject)
- legacy data
- Legacy data is data and/or information that has not been standardized. [SRV] (see also automated information system)
- legacy systems
- A legacy system is characterized by the following: (1) It was
originally designed to meet the historical needs of the organization,
(2) it was (or has become) critical to some aspects of business
operations, and cannot be readily eliminated, (3) it has typically been
modified so many times that few, if any, systems analysts or
programmers understand the system as a whole, and (4) it does not have
current documentation. Most legacy systems are also stovepipe systems. [SRV]
A system that was originally designed to meet the historical needs of
the organization, cannot be readily eliminated, and does not have
current documentation. Most legacy systems are stovepipe systems. [SRV]
A term commonly used to refer to existing computers systems and
applications with which new systems or applications must exchange
information. [FFIEC] (see also business process, system)
- letterbomb
- A piece of email containing live data intended to do malicious
things to the recipient's machine or terminal. Under UNIX, a letterbomb
can also try to get part of its contents interpreted as a shell command
to the mailer. The results of this could range from silly to denial of
service. [NSAINT] A piece of email containing live data intended
to do malicious things to the recipient's machine or terminal. Under
UNIX, a letterbomb can also try to get part of its contents interpreted
as a shell command to the mailer. The results of this could range from
silly to tragic. [AFSEC] (see also denial of service, email, threat)
- level of protection
- Extent to which protective measures, techniques, and
procedures must be applied to ISs and networks based on risk, threat,
vulnerability, system interconnectivity considerations, and information
assurance needs. Levels of protection are: 1. Basic: IS and networks
requiring implementation of standard minimum security countermeasures.
2. Medium: IS and networks requiring layering of additional safeguards
above the standard minimum security countermeasures. 3. High: IS and
networks requiring the most stringent protection and rigorous security
countermeasures. [NSTISSC] (see also assurance, counter measures, networks, threat, vulnerability)
- levels of concern
- An expression of the criticality/sensitivity of an IT system
in the areas of confidentiality, integrity, availability, and exposure,
expressed qualitatively as high, moderate or low. The level of concern
indicates the extent to which security controls must be applied to an
IT system based on risk, threat, vulnerability, system
interconnectivity considerations, and information assurance needs. [800-37] (see also availability, confidentiality, exposure, integrity, risk, security, threat)
- liability
- Liability for something such as debt or crime is the legal responsibility for it; a technical term in law. [OVT]
- license
- An agreement by a contractor to permit the use of copyrighted software under certain terms and conditions. [SRV] (see also software)
- life cycle management
- The process of administering an automated information system
throughout its expected life, with emphasis on strengthening early
decisions that affect system costs and utility throughout the system's
life. [SRV] (see also automated information system)
- life cycle stage
- An instance within the deliverable life cycle that relates to the state of the deliverable. [SC27]
- Lightweight Directory Access Protocol (LDAP)
- (N) A client-server protocol that supports basic use of
the X.500 Directory (or other directory servers) without incurring the
resource requirements of the full Directory Access Protocol (DAP). (C)
Designed for simple management and browser applications that provide
simple read/write interactive directory service. Supports both simple
authentication and strong authentication of the client to the directory
server. [RFC2828] (see also authentication, security protocol)
- limited access
- (see access control)
- limited maintenance
- COMSEC maintenance restricted to fault isolation, removal, and
replacement of plug-in assemblies. Soldering or unsoldering usually is
prohibited in limited maintenance. [NSTISSC] (see also communications security)
- limited rate initial preproduction (LRIP)
-
- line conditioning
- Elimination of unintentional signals or noise induced or
conducted on a telecommunications or IS signal, power, control,
indicator, or other external interface line. [NSTISSC] (see also communications)
- line conduction
- Unintentional signals or noise induced or conducted on a
telecommunications or IS signal, power, control, indicator, or other
external interface line. [NSTISSC] (see also communications)
- linear predictive coding (LPC)
-
- link
- (I) World Wide Web usage: See: hyperlink. (I)
Subnetwork usage: A point-to-point communication channel connecting two
subnetwork relays (especially one between two packet switches) that is
implemented at OSI layer 2. (C) The relay computers assume that
links are logically passive. If a computer at one end of a link sends a
sequence of bits, the sequence simply arrives at the other end after a
finite time, although some bits may have been changed either
accidentally (errors) or by active wiretapping. [RFC2828] (see also communications, hyperlink, networks, world wide web)
- link encryption
- (I) Stepwise protection of data that flows between two
points in a network, provided by encrypting data separately on each
network link, i.e., by encrypting data when it leaves a host or
subnetwork relay and decrypting when it arrives at the next host or
relay. Each link may use a different key or even a different algorithm.
[RFC2828] Encryption of information between nodes of a communications system. [NSTISSC]
The application of on-line crypto-operations to a link of a
communications system so that all information passing over the link is
encrypted in its entirety. It provides end-to-end encryption within
each link in a communications network. [SRV] (see also key, networks, encryption)
- list-oriented
- A computer protection system in which each protected object has a list of all subjects authorized to access it. [AJP][NCSC/TG004] IS protection in which each protected object has a list of all subjects authorized to access it. [NSTISSC] (see also ticket-oriented, authorization) (includes object, subject)
- listserv
- The most common kind of maillist, Listservs originated on BITNET but they are now common on the Internet. [AFSEC] (see also internet)
- local authority
- Organization responsible for generating and signing user certificates. [NSTISSC] (see also user)
- local loop
- A communications circuit connecting the telephone company central office with a subscriber's instrument. [SRV] (see also communications)
- local management device (LMD)
-
- local management device/key processor (LMD/KP)
- An EKMS platform providing automated (LMD/KP) management of COMSEC material and generating key for designated users. [NSTISSC] (see also communications security, user, key)
- local requirements
- Those for which separate analysis of the individual TCB subsets suffices to determine compliance for the composite TCB. [AJP][TDI] (see also global requirements, analysis, requirements, trusted computing base)
- local-area netwokr (LAN)
- A communication system designed for intra-building data
communications. A group of computers and other devices dispersed over a
relatively limited area and connected by a communications link that
enables a device to interact with any other on the network. A
user-owned, user-operated, high volume data transmission facility
connecting a number of communicating devices (e.g. computers,
terminals, word processors, printers, mass storage units) within a
single building or several buildings within a physical area. [SRV] (see also communications, networks)
- local-area network (LAN)
- A computer communications system limited to no more than a few
miles and using high-speed connections (2 to 100 megabits per second).
A short-haul communications system that connects ADP devices in a
building or group of buildings within a few square kilometers,
including workstations, front-end processors, controllers, switches,
and gateways. [NSAINT] A limited distance, high-speed data
communication system that links computers into a shared system (two to
thousands) and is entirely owned by the user. Cabling typically
connects these networks. [IATF] (see also user)
- lock-and-key protection system
- A protection system that involves matching a key or password with a specific access requirement. [AJP][NCSC/TG004] Protection system that involves matching a key or password with a specific access requirement. [NSTISSC] (see also assurance, passwords, key, system)
- lockout
- The action of temporarily revoking network or application
access privileges, normally due to repeated unsuccessful logon
attempts. [FFIEC]
- logged in
- If an end-user has successfully proven to have legitimate access to a system, he is considered to be logged in. [RFC2504] (see also automated information system)
- logging
- The recording of user requests made to the firewall. Firewalls
typically log all requests they handle, both allowed and rejected. For
many firewall designs, logging requires a significant amount of
processing overhead, especially when complex rule sets are in use. The
type and amount of data logged varies by implementation. Testers may
find it desirable to log equivalent data when comparing different
DUT/SUTs. Some systems allow logging to take place on systems other
than the DUT/SUT. [RFC2647] (see also audit trail, evidence, test, firewall)
- logic bomb
- (I) Malicious logic that activates when specified
conditions are met. Usually intended to cause denial of service or
otherwise damage system resources. [RFC2828] A resident computer
program that triggers the perpetration of an unauthorized act when
particular states of the computer system are realized. [AJP][NCSC/TG004]
A resident computer program which, when executed, checks for particular
conditions or particular states of the computer system which, when
satisfied, triggers the perpetration of an unauthorized act. [AFSEC]
A small, malicious program that is activated by a trigger (such as a
date or the number of times a file is accessed), usually to destroy
data or source code. [CIAO] Also known as a Fork Bomb - A
resident computer program which, when executed, checks for a particular
condition or particular state of the computer system which, when
satisfied, triggers the perpetration of an unauthorized act [NSAINT] Resident computer program triggering an unauthorized act when particular states of an IS are realized. [NSTISSC] (see also denial of service, time bomb, threat)
- logical access
- A family of security controls in the technical class dealing
with ensuring that logical access controls on the IT system restrict
users to authorized transactions and functions. [800-37] (see also access control, security)
- logical co-processing kernel (LOCK)
-
- logical completeness measure
- Means for assessing the effectiveness and degree to which a
set of security and access control mechanisms meets security
specifications. [NSTISSC] (see also access control)
- logical system definition
- The planning of an automated information system prior to its
detailed design. This would include the synthesis of a network of
logical elements that perform specific functions. [SRV] (see also networks, automated information system, system)
- login
- (I) The act of a system entity gaining access to a
session in which the entity can use system resources; usually
accomplished by providing a user name and password to an access control
system that authenticates the user. (C) Derives from 'log'
file', a security audit trail that records security events, such as the
beginning of sessions, and who initiates them. [RFC2828] (see also access control, audit, passwords)
- login prompt
- The characters that are displayed when logging into a system to ask for user name and password. [RFC2504] (see also passwords)
- long title
- Descriptive title of a COMSEC item. [NSTISSC] (see also communications security)
- loop
- Usually this is the description of a process of computer
programming steps or instructions which are designed to repeat until a
condition is met. If the condition is nonexistent, processing the steps
will be done ad-infinitum, this is then called an infinite loop. [AFSEC] (see also risk)
- loop key generator (LKG)
- (see also key)
- loophole
- An error of omission or oversight in software or hardware that permits circumventing the system security policy. [AJP][NCSC/TG004] (see also software, threat)
- low probability of detection (LPD)
- Result of measures used to hide or disguise intentional electromagnetic transmissions. [NSTISSC] (see also risk)
- low probability of intercept (LPI)
- Result of measures to prevent the intercept of intentional electromagnetic transmissions. [NSTISSC] (see also risk)
- low-cost encryption/authentication device (LEAD)
- (see also encryption, authentication)
- lurking
- Observing but not participating in; often used when referring to a Internet Service Provider's group. [AFSEC] (see also internet, threat)
- MAC algorithm key
- A key that controls the operation of a MAC algorithm. [SC27] (see also key)
- macro virus
- A virus that attaches itself to documents and uses the macro
programming capabilities of the document's application to execute and
propagate. [800-61] (see also virus)
- magnetic remanence
- A measure of the magnetic flux density remaining after removal
of the applied magnetic force. Refers to any data remaining on magnetic
storage media after removal of the power. [AJP][NCSC/TG004] Magnetic representation of residual information remaining on a magnetic medium after the medium has been cleared. [NSTISSC] (see also remanence, overwrite procedure)
- mailbomb
- The mail sent to urge others to send massive amounts of email
to a single system or person with the intent to crash the recipient's
system. Mailbombing is widely regarded as a serious offense. [AFSEC][NSAINT] (see also email, threat)
- mailbombing
- Flooding a site with enough mail to overwhelm its e-mail
system. Used to hide or prevent receipt of e-mail during an attack, or
as a retaliation against a site. [SRV] (see also attack)
- mailing list
- A service that sends mail to everyone on a list whenever mail
is sent to the service, allowing a group of people to exchange mail on
a particular topic. [AFSEC] (see also internet)
- maintainability
- The effort required to locate and fix an error in an
operational program or the effort required to modify an operational
program (flexibility). [SRV] (see also availability)
- maintenance
- The process of modifying a software system or component after
delivery to correct faults, improve performance or other attributes, or
adapt to a changed environment. [IEEE610] (see also fault, software)
- maintenance hook
- Special instructions (trapdoors) in software allowing easy
maintenance and additional feature development. Since maintenance hooks
frequently allow entry into the code without the usual checks, they are
a serious security risk if they are not removed prior to live
implementation. [NSTISSC] Special instructions in software to
allow easy maintenance and additional feature development. These are
not clearly defined during access for design specification. Hooks
frequently allow entry into the code at unusual points or without the
usual checks, so they are a serious security risk if they are not
removed prior to live implementation. Maintenance hooks are special
types of trap-doors. [AJP][NCSC/TG004] (see also software, risk)
- maintenance key
- Key intended only for in-shop use. [NSTISSC] (see also key)
- major application
- An application system that requires special attention due to
high risk and large magnitude of the harm resulting from the loss,
misuse, or unauthorized access to or modification of information in the
application. [SRV] An application that requires special
attention to security due to the risk and magnitude of the harm
resulting from the loss, misuse, or unauthorized access to or
modification of the information in the application. A breach in a major
application might comprise many individual application programs and
hardware, software and telecommunications components. Major
applications can be either a major software application or a
combination of hardware/software where the only purpose of the system
is to support a specific mission-related function. [800-37] (see also risk, unauthorized access)
- malicious applets
- Small application programs automatically downloaded and executed that perform an unauthorized function on an IT system. [NSTISSC] (see also threat)
- malicious code
- (I) Hardware, software, or firmware that is intentionally
included or inserted in a system for a harmful purpose. Hardware,
software, or firmware that is intentionally included in a system for an
unauthorized purpose; e.g., a Trojan horse. [OVT] A virus, worm, Trojan horse, or other code-based entity that infects a host. [800-61] Hardware, software, or firmware that is intentionally included in a system for an unauthorized purpose; e.g. a Trojan horse. [AFSEC][AJP][NCSC/TG004][NSAINT] Software or firmware capable of performing an unauthorized process on an IT system. [NSTISSC] (see also malicious logic, malware, software, virus, threat) (includes worm)
- malicious logic
- (I) Hardware, software, or firmware that is intentionally included or inserted in a system for a harmful purpose. [RFC2828] Hardware, software, or firmware capable of performing an unauthorized function on an IT system. [NSTISSC] Hardware, software, or firmware that is intentionally included in a system for an unauthorized purpose; e.g. a Trojan horse. [AFSEC][AJP][NCSC/TG004][NSAINT]
Hardware, software, or firmware that is intentionally included in a
system for an unauthorized purpose; e.g. a Trojan horse. It is
intentionally included in an IS for an unauthorized purpose. [AFSEC]
In context of corruption, any hardware, firmware, or software (e.g. a
computer virus) intentionally introduced into a system to modify system
functions or data. [RFC2828] In context of incapacitation, any
hardware, firmware, or software (e.g. logic bomb) intentionally
introduced into a system to destroy system functions or resources. [RFC2828]
In context of masquerade, any hardware, firmware, or software (e.g.
Trojan horse) that appears to perform a useful or desirable function,
but actually gains unauthorized access to system resources or tricks a
user into executing other malicious logic. [RFC2828] In context
of misuse, any hardware, software, or firmware intentionally introduced
into a system to perform or control execution of an unauthorized
function or service. [RFC2828] (see also malicious code, software, unauthorized access, threat, threat consequence)
- malicious program
- Source code incorporated into an application that directs an IS to perform an unauthorized, often destructive, action. [CIAO] (see also threat)
- malware
- (I) A contraction of 'malicious software'. (D) ISDs SHOULD NOT use this term because it is not listed in most dictionaries and could confuse international readers. [RFC2828] (see also malicious code, software, threat)
- man-in-the-middle
- (I) A form of active wiretapping attack in which the
attacker intercepts and selectively modifies communicated data in order
to masquerade as one or more of the entities involved in a
communication association. (C) For example, suppose Alice and
Bob try to establish a session key by using the Diffie-Hellman
algorithm without data origin authentication service. A 'man in the
middle' could (a) block direct communication between Alice and Bob and
then (b) masquerade as Alice sending data to Bob, (c) masquerade as Bob
sending data to Alice, (d) establish separate session keys with each of
them, and (e) function as a clandestine proxy server between them in
order to capture or modify sensitive information that Alice and Bob
think they are sending only to each other. [RFC2828] An attack
in which an attacker insert itself between two parties and pretends to
be one of the parties. The best way to thwart this attack is for both
parties to prove to each other that they know a secret that is only
known to them. This is usually done by a digitally signing a message
and sending it to the other party as well as asking the other party to
send a digitally signed message. [misc] (see also authentication, key, attack)
- management controls
- Controls that address management of the security aspects of
the IT system and the management of risk for the system. Management
controls include risk management, review of security controls, system
life cycle controls, processing authorization controls, and system
security plan controls. [800-37] (see also risk, security, security controls)
- management engineering plan (MEP)
-
- management information base (MIB)
- (see also internet)
- manager information systems
- Person responsible to the designated approving security
officer (ISSO) authority for ensuring the security of an information
system throughout its life cycle, from design through disposal. [NSTISSC] (see also system)
- mandatory access control (MAC)
- (I) An access control service that enforces a security
policy based on comparing (a) security labels (which indicate how
sensitive or critical system resources are) with (b) security
clearances (which indicate system entities are eligible to access
certain resources). (C) This kind of access control is called
'mandatory' because an entity that has clearance to access a resource
may not, just by its own volition, enable another entity to access that
resource. (O) 'A means of restricting access to objects based on
the sensitivity (as represented by a label) of the information
contained in the objects and the formal authorization (i.e., clearance)
of subjects to access information of such sensitivity.' [RFC2828]
A means of restricting access to objects based on the sensitivity (as
represented by a label) of the information contained in the objects and
the formal authorization (i.e. clearance) of subjects to access
information of such sensitivity. [AJP][FCv1][NCSC/TG004][TCSEC][TNI]
Access controls that cannot be made more permissive by users or
subjects. They are based on information sensitivity represented by
security labels for clearance and classification is often based on
information flow rules. [SRV] Means of restricting access to
objects (MAC) based on the sensitivity of the information contained in
the objects and the formal authorization (i.e., clearance, formal
access approvals, and need-to-know) of subjects to access information
of such sensitivity. [NSTISSC] Policy-based control methods of
restricting access to a system's file/objects in which the
administrators, not the resource owners, make access decisions that
bear on or derive from access control policy. [IATF] (see also non-discretionary access control, access control)
- mandatory modification (MAN)
- Change to a COMSEC end-item that NSA requires to be completed and reported by a specified date. [NSTISSC] (see also communications security)
- manipulation detection code (MDC)
- (D) ISDs SHOULD NOT use this term as a synonym for
'checksum' because the word 'manipulation' implies protection against
active attacks, which an ordinary checksum might not provide. Instead,
if such protection is intended, use 'protected checksum' or some
particular type thereof, depending on which is meant. If such
protection is not intended, use 'error detection code' or some specific
type of checksum that is not protected. [RFC2828] (see also attack)
- manipulative communications
- Alteration or simulation of friendly deception telecommunications for the purpose of deception. [NSTISSC]
- manual cryptosystem
- Cryptosystem in which the cryptographic processes are performed without the use of crypto-equipment or auto-manual devices. [NSTISSC] (see also cryptography)
- manual key distribution
- The distribution of cryptographic keys, often in a plaintext
form requiring physical protection, but using a non-electronic means,
such as a bonded courier. [FIPS140] (see also key management)
- manual key entry
- The entry of cryptographic keys into a cryptographic module
from a printed form, using devices such as buttons, thumb wheels or a
keyboard. [FIPS140] (see also key management)
- manual remote rekeying
- Procedure by which a distant crypto-equipment is rekeyed
electrically, with specific actions required by the receiving terminal
operator. [NSTISSC] (see also key)
- markup language
- A system (as HTML or SGML) for marking or tagging a document
that indicates its logical structure (as paragraphs) and gives
instructions for its layout on the page for electronic transmission and
display [CIAO] (see also internet, standard generalized markup language)
- mask generation function
- Function which maps strings of bits to strings of bits of arbitrary specified length, satisfying the following property
- it is computationally infeasible to predict, give one part of the output but not the input, another part of the output.
[SC27]
- masquerade
- A threat action whereby an unauthorized entity gains access to
a system or performs a malicious act by posing as an authorized entity.
[RFC2828] The pretense by an entity to be a different entity. [SC27] (see also impersonation, alias, threat, threat consequence) (includes DNS spoofing, address spoofing, ip spoofing, masquerade attack, masquerading, mimicking, spoofing, spoofing attack)
- masquerade attack
- (I) A type of attack in which one system entity illegitimately poses as (assumes the identity of) another entity. [RFC2828] (see also attack, masquerade)
- masquerading
- An attack in which an attacker pretends to be some one else.
The best way to thwart this attack is to authenticate a principal by
challenging it to prove its identity. [misc] Form of spoofing. [NSTISSC]
Posing as an authorized user, usually in an attempt to gain access to a
system. Synonymous with spoofing, mimicking, and impersonation. [AFSEC] Synonymous with impersonation. [SRV] (see also authentication, attack, masquerade)
- mass-market software
- Software that is (1) generally available to the public by
sale, without restriction, from stock at retail selling points through
over-the-counter, telephone, and mail transactions and (2) designed for
user installation without substantial supplier support. [AJP] (see also COTS software, software, software product)
- master crypto-ignition key
- A key device with electronic logic and circuits providing the
capability for adding more operational CIKs to a keyset (maximum of
seven) any time after fill procedure is completed. The master CIK can
only be made during the fill procedure as the first CIK. [NSTISSC] (see also key)
- master file
- A permanent or semipermanent record of information maintained over an extended period that can be used with transaction files. [SRV] (see also automated information system)
- material symbol (MATSYM)
- Communications circuit identifier used for key (MATSYM) (C.F.D.) card resupply purposes. [NSTISSC]
- matrix
- An 8 by 8 matrix in which each entry is a string of 8 bits in dedicated hash function 7. [SC27] (see also hash)
- MD2
- (N) A cryptographic hash that produces a 128-bit hash
result, was designed by Ron Rivest, and is similar to MD4 and MD5 but
slower. [RFC2828] (see also cryptography, hash)
- MD4
- (N) A cryptographic hash that produces a 128-bit hash result and was designed by Ron Rivest. [RFC2828] (see also cryptography, hash)
- MD5
- (N) A cryptographic hash that produces a 128-bit hash result and was designed by Ron Rivest to be an improved version of MD4. [RFC2828] (see also cryptography, hash)
- meaconing, intrusion, jamming, and interference (MIJI)
- (see also communications security)
- mean
- A measure of central tendency that is used primarily with
interval-ratio variables following symmetrical distributions; the sum
of all the values in a set of observations divided by the number of
observations. Also known as the average or arithmetic mean, it
indicates the typical value for a set of observations. If five students
make the grades 15, 75, 80, 95, and 100, the mean is 73. [SRV]
- mean absolute deviation (MAD)
- A measure of the difference between the individual items in a
population and the mean value. MAD is the average of the total unsigned
differences. [SRV]
- mean-time-between-failure (MTBF)
- (see also failure)
- mean-time-between-outages (MTBO)
- (see also failure)
- mean-time-to-fail (MTTF)
- (see also failure)
- mean-time-to-repair (MTTR)
- (see also failure)
- mean-time-to-service-restoral (MTSR)
- (see also failure)
- measure
- The numerical value obtained by either direct or indirect measurement; may also be the input, output, or value of a metric. [SRV]
- mechanism
- Operating system entry point or separate operating system
support program that performs a specific action or related group of
actions. [AJP][FCv1]
- media
- Physical objects that store data, such as paper, hard disk drives, tapes, and compact disks (CDs). [FFIEC] Short for storage media: physical objects on which data can be stored, such as hard disks, CD-ROMs, floppy disks, and tape. [CIAO]
- media protection
- A family of security controls in the operations class dealing
with the protection of system inputs and outputs from unauthorized
exposure. [800-37] (see also exposure, security)
- median
- A measure of central tendency that is used primarily with
ordinal variables and asymmetrically distributed interval-ratio
variables; the middle measurement when the items are arranged in order
of size or, if there is no middle one, then the average of the two
middle ones. If five students make the grades 15, 75, 80, 95, and 100,
the median is 80. [SRV]
- MEI resource elements
- As previously discussed, these are the broad categories of
resources, all or portions of which constitute the minimal essential
infrastructure necessary for a department, agency or organization to
conduct its core mission(s). These resource elements are very similar
to, but modified somewhat from, the COBIT framework used by ISACF. The
definitions have been expanded to incorporate physical infrastructure
vulnerability areas. [CIAO] (see also vulnerability, minimum essential infrastructure)
- memorandum of agreement
- (see memorandum of understanding)
- memorandum of understanding
- A document established between two or more parties to define
their respective responsibilities in accomplishing a particular goal or
mission. An MOU/MOA defines the responsibilities of two or more
organizations in establishing, operating and securing a system
interconnection. [800-37]
- memory
- A computer’s internal capacity to store data, determined by the microchips installed. [CIAO]
- memory scavenging
- The collection of residual information from data storage. [NSTISSC] (see also automated information system)
- memory space-time
- The integral over time of real memory space used during the execution of a job or transaction. [SRV]
- merchant
- (O) SET usage: 'A seller of goods, services, and/or
other information who accepts payment for these items electronically.'
A merchant may also provide electronic selling services and/or
electronic delivery of items for sale. With SET, the merchant can offer
its cardholders secure electronic interactions, but a merchant that
accepts payment cards is required to have a relationship with an
acquirer. [RFC2828] (see also Secure Electronic Transaction)
- merchant certificate
- (O) SET usage: A public-key certificate issued to a
merchant. Sometimes used to refer to a pair of such certificates where
one is for digital signature use and the other is for encryption. [RFC2828] (see also digital signature, encryption, key, Secure Electronic Transaction, certificate)
- merchant certification authority (MCA)
- (O) SET usage: A CA that issues digital certificates to
merchants and is operated on behalf of a payment card brand, an
acquirer, or another party according to brand rules. Acquirers verify
and approve requests for merchant certificates prior to issuance by the
MCA. An MCA does not issue a CRL, but does distribute CRLs issued by
root CAs, brand CAs, geopolitical CAs, and payment gateway CAs. [RFC2828] (see also certificate, certification, Secure Electronic Transaction, public-key infrastructure)
- merge access
- The ability to combine data from two separate sources [CIAO] (see also access)
- mesh PKI
- (I) A non-hierarchical PKI architecture in which there
are several trusted CAs rather than a single root. Each certificate
user bases path validations on the public key of one of the trusted
CAs, usually the one that issued that user's own public-key
certificate. Rather than having superior-to-subordinate relationships
between CAs, the relationships are peer-to-peer, and CAs issue
cross-certificates to each other. [RFC2828] (see also certificate, key, trust, public-key infrastructure)
- message
- A string of bits of any length. [SC27] String of bits of any length. [SC27]
String of bits of any length. [ISO/IEC FDIS 9796-2 (12/2001)] A string
of bits of any length. [ISO/IEC 9796-3: 2000, ISO/IEC 14888-1: 1998, [SC27] The data to be signed. [SRV]
- message authentication code (MAC)
- Data associated with an authenticated message allowing a receiver to verify the integrity of the message. [NSTISSC] The string of bits that is the output of a MAC algorithm. NOTE - A MAC is sometimes called a cryptographic check value. [SC27] (see also data authentication code, cryptography, hash function, authentication)
- message authentication code algorithm
- An algorithm for computing a function which maps strings of
bits and a secret key to fixed-length strings of bits, satisfying the
following two properties:
- for any key and any input string the function can be computed efficiently;
- for
any fixed key, and given no prior knowledge of the key, it is
computationally infeasible to compute the function value on any new
input string, even given knowledge of the set of input strings and
corresponding function values, where the value of the ith input string
may have been chosen after observing the value of the first i-1 function values.
NOTE 1 - A MAC algorithm is sometimes called a cryptographic check
function. NOTE 2 - Computational feasibility depends on the specific
security requirements and environment. [SC27] (see also cryptography, authentication)
- message authentication code vs. Message Authentication Code
- (N) Capitalized: '(The) Message Authentication Code'
refers to an ANSI standard for a checksum that is computed with a keyed
hash that is based on DES. (Also known as the U.S. Government standard
Data Authentication Code.) (C) The ANSI standard MAC algorithm is equivalent to cipher block chaining with IV = 0. (D)
Not capitalized: ISDs SHOULD NOT use the uncapitalized form 'message
authentication code', because this term mixes concepts in potentially
misleading way. Instead, use 'checksum', 'error detection code',
'hash', 'keyed hash', 'Message Authentication Code', or 'protected
checksum', depending on what is meant. (C) In the uncapitalized
form, the word 'message' is misleading because it implies that the
mechanism is particularly suitable for or limited to electronic mail,
the word 'authentication' is misleading because the mechanism primarily
serves a data integrity function rather than an authentication
function, and the word 'code' is misleading because it implies that
either encoding or encryption is involved or that the term refers to
computer software. [RFC2828] (see also cryptography, email, encryption, hash, key, software, authentication)
- message digest
- (D) ISDs SHOULD NOT use this term as a synonym for
'hash result' because it unnecessarily duplicates the meaning of the
other, more general term and mixes concepts in a potentially misleading
way. [RFC2828] A cryptographic checksum, typically generated for
a file that can be used to detect changes to the file; Secure Hash
Algorithm-1 (SHA-1) is an example of a message digest algorithm. [800-61] The fixed size result of hashing a message. [SRV]
The result of applying a one-way function to a message. Depending on
the cryptographic strength of the message digest algorithm, each
message will have a reasonably unique digest. Furthermore, the
slightest change to original message will result in a different digest.
Message digest functions are called 'one-way' because knowing the
message digest, one cannot reproduce the original message. Encrypted
message digests give rise to integrity-protected messages. [misc] (see also hash, test) (includes message digest algorithm 5)
- message digest algorithm 5
- A message digest algorithm that digests a message of arbitrary size to 128 bits. MD5 is a cryptographic checksum algorithm. [misc] (see also algorithm, message digest)
- message externals
- Information outside of the message text, such as the header, trailer, etc. [NSTISSC]
- message handling system (MHS)
- (I) A ITU-T/ISO system concept, which encompasses the
notion of electronic mail but defines more comprehensive OSI systems
and services that enable users to exchange messages on a
store-and-forward basis. (The ISO equivalent is 'Message Oriented Text
Interchange System'.) [RFC2828] (see also email, system)
- message identifier
- A field that may be used to identify a message. Typically, this field is a sequence number. [SRV]
- message indicator (MI)
- (D) ISDs SHOULD NOT use this term as a synonym for
'initialization value' because it mixes concepts in a potentially
misleading way. [RFC2828] Sequence of bits transmitted over a
communications system for synchronizing crypto-equipment. Some off-line
cryptosystems, such as the KL-51 and one-time pad systems, employ
message indicators to establish decryption starting points. [NSTISSC] (see also communications, cryptography)
- message integrity check
- (see message integrity code)
- message integrity code
- (D) ISDs SHOULD NOT use these terms because they mix
concepts in a potentially misleading way. (The word 'message' is
misleading because it suggests that the mechanism is particularly
suitable for or limited to electronic mail. The word 'code' is
misleading because it suggests that either encoding or encryption is
involved, or that the term refers to computer software.) Instead, use
'checksum', 'error detection code', 'hash', 'keyed hash', 'Message
Authentication Code', or 'protected checksum', depending on what is
meant. [RFC2828] (see also authentication, email, encryption, hash, key, software)
- message passing
- The means by which objects communicate. Individual messages
may consist of the name of the message, the name of the target object
to which it is being sent, and arguments, if any. When an object
receives a message, a method is invoked and performs an operation that
exhibits some part of the object's behavior. [SRV]
- message representative
- Bit string derived as a function of the message and which is combined with the private signature key to yield the signature. [SC27]
- Message Security Protocol (MSP)
- (N) A secure message handling protocol for use with
X.400 and Internet mail protocols. Developed by NSA's SDNS program and
used in the U.S. defense message system. [RFC2828] (see also National Security Agency, internet, security protocol)
- metadata
- (1) Data referring to other data; data (such as data
structures, indices, and pointers) that are used to instantiate an
abstraction (such as 'process,' 'task,' 'segment,' 'file,' or 'pipe').
(2) A special database, also referred to as a data dictionary,
containing descriptions of the elements (e.g. relations, domains,
entities, or relationships) of a database. [AJP][TDI] (see also database management system)
- metric
- A random variable x representing a quantitative measure accumulated over a period. [NSAINT] An agreed upon quantitative measure of performance. [CIAO]
Quantitative means of measuring software development. The definition,
algorithm, or mathematical function used to make a quantitative
assessment of a product or process. [SRV] (see also algorithm, software)
- metropolitan area networks (MAN)
- (see also networks)
- microcode
- The elementary computer instructions that correspond to an executable program instruction. [FIPS140] (see also cryptographic module)
- mid-level certification
- More stringent than an entry-level certification, this
certification level is appropriate for systems engendering moderate
levels of concern for confidentiality, integrity, and/or availability. [800-37] (see also availability, confidentiality, integrity, certification)
- million instruction per second (MIPS)
- (see also automated information system)
- MIME Object Security Services (MOSS)
- (I) An Internet protocol that applies end-to-end
encryption and digital signature to MIME message content, using
symmetric cryptography for encryption and asymmetric cryptography for
key distribution and signature. MOSS is based on features and
specifications of PEM. [RFC2828] (see also cryptography, digital signature, encryption, key, internet, security protocol)
- mimicking
- Form of spoofing. [NSTISSC] Synonymous with Impersonation, Masquerading or Spoofing. [NSAINT] (see also spoofing, attack, masquerade)
- miniature receiver terminal (MRT)
-
- miniature terminal (MINTERM)
-
- minimum essential emergency communications network (MEECN)
- (see also minimum essential infrastructure, networks)
- minimum essential infrastructure (MEI)
- (see also access control, accountability, areas of potential compromise, availability, continuity of services and operations, segregation of duties) (includes MEI resource elements, minimum essential emergency communications network)
- minimum essential requirements (MER)
-
- Minimum Interoperability Specification for PKI Components (MISPC)
- (N) A technical description to provide a basis for
interoperation between PKI components from different vendors; consists
primarily of a profile of certificate and CRL extensions and a set of
transactions for PKI operation. [RFC2828] (see also certificate, public-key infrastructure)
- minimum level of protection
- The reduction in the Total Risk that results from the impact of in-place safeguards. [CIAO] (see also assurance, risk)
- mirroring
- A process that duplicates data to another location over a computer network in real time or close to real time. [FFIEC] (see also availability, backup)
- misappropriation
- A threat action whereby an entity assumes unauthorized logical or physical control of a system resource. [RFC2828] (see also threat consequence)
- MISSI user
- (O) MISSI usage: A system entity that is the subject of
one or more MISSI X.509 public-key certificates issued under a MISSI
certification hierarchy. (C) MISSI users include both end users
and the authorities that issue certificates. A MISSI user is usually a
person but may be a machine or other automated process. Some machines
are required to operate non-stop. To avoid downtime needed to exchange
the FORTEZZA cards of machine operators at shift changes, the machines
may be issued their own cards, as if they were persons. [RFC2828] (see also Fortezza, certificate, certification, key, public-key infrastructure, Multilevel Information System Security Initiative, user)
- mission critical
- Systems handling information which is determined to be vital
to the operational readiness or mission effectiveness of deployed and
contingency forces in terms of both content and timeliness and must be
absolutely accurate and available on demand (may include classified
information in a traditional context, as well as sensitive and
unclassified information). [CIAO] (see also vulnerability)
- mission critical system
- A system supporting a core business activity or process. [SRV] (see also business process, system)
- mission needs statement (MNS)
- Describes the mission need or deficiency; identifies threat and projected threat environment [IATF] (see also threat)
- misuse
- A threat action that causes a system component to perform a function or service that is detrimental to system security. [RFC2828] (see also threat consequence)
- misuse detection model
- The system detects intrusions by looking for activity that
corresponds to a known intrusion techniques or system vulnerabilities.
Also known as Rules Based detection. [NSAINT] (see also rules based detection, model, security policy model)
- mitigation
- Pre-planned and coordinated operator reactions to
infrastructure warning and/or incidents designed to reduce or minimize
impacts; support and complement emergency, investigatory, and crisis
management response; and facilitate reconstitution. [CIAO] (see also incident, risk management)
- mnemonic
- A symbol or expression that can help someone remember
something. For example, the phrase 'Hello! My name is Bill. I'm 9 years
old.' might help an individual remember a secure 10- character password
of 'H!MniBI9yo.' [FFIEC]
- mobile code
- Software that is transmitted from a remote system to a local
system, then executed on the local system without the user's explicit
instruction; examples of mobile code software are Java, JavaScript,
VBScript, and ActiveX. [800-61]
- mobile subscriber equipment (MSE)
-
- mockingbird
- A computer program or process which mimics the legitimate
behavior of a normal system feature (or other apparently useful
function) but performs malicious activities once invoked by the user. [AFSEC][NSAINT] (see also threat)
- mode
- A measure of central tendency that is used primarily with
nominal variables; the most frequent value of a set of numbers. If more
students (of a given group) make 75 than any other one grade, then 75
is the mode. [SRV] (see mode of operation)
- mode of operation
- (I) Encryption usage: A technique for enhancing the
effect of a cryptographic algorithm or adapting the algorithm for an
application, such as applying a block cipher to a sequence of data
blocks or a data stream. (I) System operation usage: A type of
security policy that states the range of classification levels of
information that a system is permitted to handle and the range of
clearances and authorizations of users who are permitted to access the
system. [RFC2828] Description of the conditions under which an
IS operates based on the sensitivity of information processed and the
clearance levels, formal access approvals, and need-to-know of its
users. Four modes of operation are authorized for processing or
transmitting information: dedicated mode, system-high mode,
compartmented/partitioned mode, and multilevel mode. [NSTISSC] (see also classification level, encryption, security, user)
- model
- A representation of a set of components of a process, system,
or subject area. A model is generally developed for understanding,
analysis, improvement, and/or replacement of the process. [SRV] (see also *-property, CASE tools, OSI architecture, Standards for Interoperable LAN/MAN Security, analysis, client server, credentials, discrete event simulation, domain, energy-efficient computer equipment, finite state machine, formal development methodology, formal top-level specification, formal verification, internet vs. Internet, object, prototyping, secure hypertext transfer protocol, security, security policy, simple security condition, simple security property, ticket, top-level specification, tranquility, trusted subject, verification, world class organizations) (includes Bell-LaPadula security model, Biba Integrity model, Biba model, Clark Wilson integrity model, Open Systems Interconnection Reference model, TOE security policy model, anomaly detection model, as is process model, formal model of security policy, formal security policy model, lattice model, misuse detection model, modeling or flowcharting, open system interconnection model, security model, security policy model, simulation modeling, third party trusted host model, to be process model)
- model experimental development model/exploratory development model (XDM/X)
-
- modeling or flowcharting
- A graphic representation of the activities and subprocesses within a process and their interrelationships. [SRV] (see also model)
- modem
- Acronym for modulator-demodulator. A device or application
that permit a computer to transmit data over telephone lines by
converting digital data to an analog signal. [CIAO]
- modes of operation
- A description of the conditions under which an AIS functions,
based on the sensitivity of data processed and the clearance levels and
authorizations of the users. Four modes of operation are authorized:
(1a) An AIS is operating in the dedicated mode when the system is
specifically and exclusively dedicated to and controlled for the
processing of one particular type or classification of information,
either for full-time operation or for a specific period of time. (1b)
An AIS is operating in the dedicated mode when each user with direct or
indirect individual access to the AIS, its peripherals, its remote
terminals, or its remote hosts has all of the following: (a) a valid
personnel clearance for all information on the system, (b) formal
access approval for, and signed nondisclosure agreements for, all the
information stored and/or processed (including all compartments,
subcompartments, and/or special access programs), and (c) a valid
need-to-know for all information contained within the system. (2a) An
AIS is operating in the system-high mode when each user with direct or
indirect access to the AIS, its peripherals, remote terminals, or
remote hosts has all of the following: (a) a valid personnel clearance
for all information on the AIS, (b) formal access approval for, and
signed nondisclosure agreements for, all the information stored and/or
processed (including all compartments, subcompartments, and/or special
access programs), and (c) a valid need-to-know for some of the
information contained within the AIS. (2b) An AIS is operating in the
system-high mode when the system hardware and software are trusted only
to provide discretionary protection between users. In this mode, the
entire system, to include all components electrically and/or physically
connected, must operate with security measures commensurate with the
highest classification and sensitivity of the information being
processed and/or stored. All system users in this environment must
possess clearances and authorization for all information contained in
the system. All system output must be clearly marked with the highest
classification and all system caveats until the information has been
reviewed manually by an authorized individual to ensure appropriate
classifications and that caveats have been affixed. (3) An AIS is
operating in the compartmented mode when each user with direct or
indirect access to the AIS, its peripherals, remote terminals, or
remote hosts has all of the following: (a) a valid personnel clearance
for the most restricted information processed in the AIS, (b) formal
access approval for, and signed nondisclosure agreements for, that
information to which he or she is to have access, and (c) a valid
need-to-know for that information to which he or she is to have access.
(4) An AIS is operating in the multilevel mode when all the following
statements are satisfied concerning users with direct or indirect
access to the AIS, its peripherals, remote terminals, or remote hosts:
(a) some do not have a valid personnel clearance for all the
information processed in the AIS, (b) all have the proper clearance and
have the appropriate formal access approval for that information to
which they are to have access, and (c) all have a valid need-to-know
for that information to which they are to have access. [AJP] (see also classification level, security, software, trust) (includes automated information system, compartmented security mode, dedicated security mode, multilevel device, multilevel secure, multilevel security mode, multiuser mode of operation, partitioned security mode, protection ring, single-level device, stand-alone, shared system, stand-alone, single-user system, system high, system low, system-high security mode)
- modification/configuration control board (MCCB)
-
- modular software
- Software in the form of self-contained logical sections, or modules, that carry out well-defined processing actions. [SRV] (see also software)
- modularity
- Those attributes of the software that provide a structure of highly independent modules. [SRV] (see also software)
- modulus
- (I) The defining constant in modular arithmetic, and
usually a part of the public key in asymmetric cryptography that is
based on modular arithmetic. [RFC2828] A parameter which is a positive integer and a product of two distinct prime numbers. [SC27]
A parameter which is a positive integer and a product of two distinct
prime numbers. [ISO/IEC 10118-4: 1998] Integer used as a divisor of an
integer dividend in order to obtain an integer remainder. [SC27] Integer used as a divisor of an integer dividend in order to obtain an integer remainder. [SC27] (see also key)
- monitor
- A trusted third party monitoring the actions and events and is trusted to provide evidence about what was monitored. [SC27] (see also monitoring authority, evidence, trust)
- monitoring authority
- (see also monitor)
- Monitoring of Evaluations
- The procedure by which representatives of the NIAP Oversight
Body observe security evaluations in progress in order to gain
confidence that a CCTL is carrying out its functions in a proper and
professional manner. [NIAP] (see also security, Common Criteria Testing Laboratory, evaluation)
- monolithic TCB
- A TCB that consists of a single TCB subset. [AJP][TDI] (see also trusted computing base)
- morris worm
- (I) A worm program written by Robert T. Morris, Jr.
that flooded the ARPANET in November, 1988, causing problems for
thousands of hosts. [RFC2828] (see also worm)
- motivation
- The specific technical goal that a potential adversary wants
to achieve by an attack, e.g. gain unauthorized access, modify, destroy
or prevent authorized access. [IATF] (see also unauthorized access, security)
- multicast
- A variant of broadcast, where information can be sent to
selected recipients instead of all subscribers of a particular
communications system. [SRV] (see also communications)
- multihost based auditing
- Audit data from multiple hosts may be used to detect intrusions. [NSAINT] (see also audit, automated information system)
- multilevel device
- A device that is used in a manner that permits it to
simultaneously process data of two or more security levels without risk
of compromise. To accomplish this, sensitivity labels are normally
stored on the same physical medium and in the same form (i.e.
machine-readable or human-readable) as the data being processed. [AJP][NCSC/TG004][TCSEC][TNI] Equipment trusted to properly maintain and separate data of different security categories. [NSTISSC] (see also risk, security, trust, modes of operation)
- Multilevel Information System Security Initiative (MISSI)
- (N) Multilevel Information System Security Initiative,
an NSA program to encourage development of interoperable, modular
products for constructing secure network information systems in support
of a wide variety of Government missions. [RFC2828] (see also networks, National Security Agency, computer security, system) (includes MISSI user, SSO PIN, SSO-PIN ORA, certificate, certificate rekey, certification, certification hierarchy, compromised key list, domain, key, key lifetime, key material identifier, no-PIN ORA, organizational certificate, organizational registration authority, personality label, policy approving authority, policy creation authority, root, root registry, slot, subordinate certification authority, user PIN, user-PIN ORA)
- multilevel information systems security initiative (MISSI)
- (see also computer security, system)
- multilevel mode
- INFOSEC mode of operation wherein all the following statements
are satisfied concerning the users who have direct or indirect access
to the system, its peripherals, remote terminals, or remote hosts: a.
some users do not have a valid security clearance for all the
information processed in the IS; b. all users have the proper security
clearance and appropriate formal access approval for that information
to which they have access; and c. all users have a valid need-to-know
only for information to which they have access. [NSTISSC] (see also user)
- multilevel secure
- (I) A class of system that has system resources
(particularly stored information) at more than one security level
(i.e., has different types of sensitive resources) and that permits
concurrent access by users who differ in security clearance and
need-to-know, but is able to prevent each user from accessing resources
for which the user lacks authorization. [RFC2828] A class of
system containing information with different sensitivities that
simultaneously permits access by users with different security
clearances and needs-to-know, but prevents users from obtaining access
to information for which they lack authorization. [AJP][NCSC/TG004][TCSEC][TNI] (see also security, modes of operation)
- multilevel security (MLS)
- A system that can simultaneously process data communications
at different levels of classification while enforcing secure access and
authorization. [IATF] Concept of processing information with
different classifications and categories that simultaneously permits
access by users with different security clearances and denies access to
users who lack authorization. [NSTISSC] (see also classification level, authorization, security) (includes controlled security mode)
- multilevel security mode
- (I) A mode of operation of an information system, that
allows two or more classification levels of information to be processed
concurrently within the same system when not all users have a clearance
or formal access authorization for all data handled by the system. (C)
This mode is defined formally in U.S. Department of Defense policy
regarding system accreditation, but the term is also used outside the
Defense Department and outside the Government. [RFC2828] The
mode of operation that allows two or more classification levels of
information to be processed simultaneously within the same system when
some users are not cleared for all levels of information present.
Compare Dedicated Security Mode, System-High Security Mode. [TNI] (see also accreditation, classification level, modes of operation, security) (includes system-high security mode)
- multimedia
- A popular term for the integration of information in a single
format, for example, an electronic document that may contain text,
embedded voice, video, or images. [SRV]
- multiple access rights terminal
- A terminal that may be used by more than one class of users; e.g. users with different access rights to data. [AJP][NCSC/TG004]
- multiple component incident
- A single incident that encompasses two or more incidents. [800-61] (see also incident)
- multipurpose internet mail extensions (MIME)
- (I) An Internet protocol that enhances the basic format
of Internet electronic mail messages to be able to use character sets
other than US-ASCII for textual headers and text content, and to carry
non-textual and multi-part content. [RFC2828] A specification
for formatting non-ASCII messages so that they can be sent over the
Internet. MIME enables graphics, audio, and video files to be sent and
received via the Internet mail system. In addition to email
applications, Web browsers also support various MIME types. This
enables the browser to display or output files that are not in HTML
format. The Internet Engineering Task Force (IETF) defined MIME in
1992. [IATF] (see also email, security protocol) (includes secure multipurpose internet mail extensions)
- multiuser mode of operation
- A mode of operation designed for systems that process
sensitive unclassified information in which users may not have a
need-to-know for all information processed in the system. This mode is
also for microcomputers processing sensitive unclassified information
that cannot meet the requirements of the stand-alone mode of operation.
[AJP][NCSC/TG004] (see also modes of operation, user)
- mutation analysis
- (NBS) A method to determine test set thoroughness by measuring
the extent to which a test set can discriminate the program from slight
variants [mutants] of the program. Contrast with error seeding. A
method to determine test case suite thoroughness by measuring the
extent to which a test case suite can discriminate the program from
slight variants (mutants) of the program. [OVT] (see also error seeding, test, analysis)
- mutation testing
- A testing methodology in which two or more program mutations
are executed using the same test cases to evaluate the ability of the
test cases to detect differences in the mutations. [OVT] (see also test)
- mutual authentication
- Entity authentication which provides both entities with assurance of each other's identity. [SC27] (see also mutual entity authentication, unilateral authentication, authentication)
- mutual entity authentication
- Entity authentication which provides both entities with assurance of each other's identity. [SC27] (see also mutual authentication, authentication)
- mutual forward secrecy
- The property that knowledge of both A's and B's long-term
private keys subsequent to a key agreement operation does not enable
the opponent to recompute previously derived keys. [SC27] (see also forward secrecy)
- mutual recognition of certificates
- Acknowledgment by one Party of the validity of the
certificates issued by another Party and acceptance that they hold good
in the first Party's country in exactly the same way as certificates
issued by the first Party. [NIAP]
- mutual suspicion
- (I) The state that exists between two interacting
system entities in which neither entity can trust the other to function
correctly with regard to some security requirement. [RFC2828]
Condition in which two IS's need to rely upon each other to perform a
service, yet neither trusts the other to properly protect shared data. [NSTISSC] (see also trust, security)
- mutually suspicious
- The state that exists between interacting processes
(subsystems or programs) in which neither process can expect the other
process to function securely with respect to some property. [AJP][NCSC/TG004][OVT] (see also security)
- n-bit block cipher
- A block cipher with the property that plaintext blocks and ciphertext blocks are n bits in length. [SC27]
- nak attack
- A penetration technique that capitalizes on a potential
weakness in an operating system that does not handle asynchronous
interrupts properly and thus, leaves the system in an unprotected state
during such interrupts. [AFSEC][NSAINT][SRV]
Negative Acknowledgment - A penetration technique that capitalizes on a
potential weakness in an operating system that does not handle
asynchronous interrupts properly and thus, leaves the system in an
unprotected state during such interrupts. [NSAINT] (see also attack)
- narrowband network
- A flexible, all purpose, two-way medium that supports transmission rates under 1.5 Mbps. [SRV] (see also networks)
- National Communications System (NCS)
- (see also system)
- national computer security assessment program
- A program designed to evaluate the interrelationship of
empirical data of computer security infractions and critical systems
profiles, while comprehensively incorporating information from the
CSTVRP (Computer Security Technical Vulnerability Reporting Program).
The assessment will build threat and vulnerability scenarios that are
based on a collection of facts from relevant reported cases. Such
scenarios are a powerful, dramatic, and concise form of representing
the value of loss experience analysis. [AJP] A program designed
to evaluate the interrelationship of empirical data of computer
security infractions and critical systems profiles, while
comprehensively incorporating information from the CSTVRP. The
assessment will build threat and vulnerability scenarios that are based
on a collection of facts from relevant reported cases. Such scenarios
are a powerful, dramatic, and concise form of representing the value of
loss experience analysis. [NCSC/TG004] (see also analysis, threat, computer security)
- National Computer Security Center (NCSC)
- (N) A U.S. Department of Defense organization, housed
in NSA, that has responsibility for encouraging widespread availability
of trusted computer systems throughout the Federal Government. It has
established criteria for, and performs evaluations of, computer and
network systems that have a trusted computing base. [RFC2828]
Originally named the DoD Computer Security Center, the NCSC is
responsible for encouraging the widespread availability of Trusted
Computer Systems throughout the Federal Government. [AJP][NCSC/TG004]
Originally named the DoD Computer Security Center, the NCSC is
responsible for encouraging the widespread availability of trusted
computer systems throughout the Federal Government. (AF9K_JBC.TXT)
(NCSC) With the signing of NSDD-145; the NCSC is responsible for
encouraging the widespread availability of trusted computer systems
throughout the Federal Government. (NCSC-WA-001-85) [NSAINT] (see also National Security Agency, availability, evaluation, networks, trust, computer security) (includes trusted computer system)
- National Computer Security Center glossary (NCSC/TG004)
- Nat'l Computer Security Center, Trusted Network, Glossary of Computer Security Terms, NCSC-TG-004, Oct. 1988. [NCSC/TG004] (see also networks, trust, computer security)
- National COMSEC Advisory Memorandum (NACAM)
- (see also communications security)
- National COMSEC Information Memorandum (NACSIM)
- (see also communications security)
- National COMSEC Instruction (NACSI)
- (see also communications security)
- National Cryptologic School (NCS)
- (see also cryptography)
- National Industrial Security Advisory Committee (NISAC)
- (see also security)
- National Information Assurance partnership (NIAP)
- (N) An organization created by NIST and NSA to enhance
the quality of commercial products for information security and
increase consumer confidence in those products through objective
evaluation and testing methods. (C) NIAP is registered, through
the U.S. Department of Defense, as National Performance Review
Reinvention Laboratory. NIAP functions include the following:
- Developing
tests, test methods, and other tools that developers and testing
laboratories may use to improve and evaluate security products.
- Collaborating with industry and others on research and testing programs.
- Using the Common Criteria to develop protection profiles and associated test sets for security products and systems.
- Cooperating
with the NIST National Voluntary Laboratory Accreditation Program to
develop a program to accredit private-sector laboratories for the
testing of information security products using the Common Criteria.
- Working to establish a formal, international mutual recognition scheme for a Common Criteria-based evaluation.
[RFC2828] A U.S. Government initiative designed to meet the security testing needs of both information technology producers and users [NIAP]
A joint industry/government initiative, lead by NIST and NSA, to
establish commercial testing laboratories where industry product
providers can have security products tested to verify their performance
against vendor claims. [IATF] (see also National Security Agency, accreditation, quality, test, Common Criteria for Information Technology Security, National Institute of Standards and Technology, assurance) (includes Common Criteria Testing Laboratory, Common Criteria Testing Program, Common Evaluation Methodology, NIAP Common Criteria Evaluation and Validation Scheme, NIAP Oversight Body, National Voluntary Laboratory Accreditation Program, accreditation body, approved technologies list, approved test methods list, degausser products list, deliverables list, designated laboratories list, endorsed tools list, evaluated products list, preferred products list, validated products list)
- National Information Infrastructure (NII)
- The nation-wide interconnection of communications networks,
computers, databases, and consumer electronics that make vast amounts
of information available to users. The NII encompasses a wide range of
equipment, including cameras, scanners, keyboards, facsimile machines,
computers, switches, compact disks, video and audio tape, cable, wire,
satellites, fiber-optic transmission lines, networks of all types,
monitors, printers and much more. The friendly and adversary personnel
who make decisions and handle the transmitted information constitute a
critical component of the NII. (Pending approval in JP 1-02) [NSAINT] (see also networks)
- National Institute of Standards and Technology (NIST)
- (N) A U.S. Department of Commerce agency that promotes
U.S. economic growth by working with industry to develop and apply
technology, measurements, and standards. Has primary Government
responsibility for INFOSEC standards for unclassified but sensitive
information. [RFC2828] (see also information security) (includes Advanced Encryption Standard, Clipper chip, Common Criteria for Information Technology Security, Computer Security Objects Register, Data Encryption Standard, Digital Signature Standard, FIPS PUB 140-1, FIPS approved security method, Federal Criteria Vol. I, Federal Information Processing Standards, Federal Standard 1027, Fortezza, NIAP Common Criteria Evaluation and Validation Scheme, National Information Assurance partnership, data authentication code, object identifier, party, validate vs. verify)
- national quality award (NQA)
- (see also quality)
- National Security Agency (NSA)
- (N) A U.S. Department of Defense intelligence agency
that has primary Government responsibility for INFOSEC for classified
information and for unclassified but sensitive information handled by
national security systems. [RFC2828] (see also Common Criteria for Information Technology Security, Federal Standard 1027, Internet Protocol Security Option, Key Exchange Algorithm, Message Security Protocol, NIAP Common Criteria Evaluation and Validation Scheme, National Computer Security Center, National Information Assurance partnership, Secure Data Network System, Type I cryptography, Type II cryptography, information security, party, security) (includes CAPSTONE chip, Clipper chip, Fortezza, Multilevel Information System Security Initiative, Skipjack, degausser, degausser products list, evaluated products list, preferred products list, rainbow series)
- National Security Decision Directive 145 (NSDD 145)
- Signed by President Reagan on l7 September l984, this
directive is entitled 'National Policy on Telecommunications and
Automated Information System Security.' It provides initial objectives,
policies, and an organizational structure to guide the conduct of
national activities toward safeguarding systems that process, store, or
communicate sensitive information; establishes a mechanism for policy
development; and assigns implementation responsibilities. [NCSC/TG004]
Signed by U.S. President Reagan on 17 September l984, this directive is
entitled 'National Policy on Telecommunications and Automated
Information System Security.' It provides initial objectives, policies,
and an organizational structure to guide the conduct of national
activities toward safeguarding systems that process, store, or
communicate sensitive information; establishes a mechanism for policy
development; and assigns implementation responsibilities. In 1990,
National Security Directive 42 replaced NSDD 145, except for ongoing
telecommunications protection activities mandated by NSDD 145 and
Presidential Directive 24. [AJP] (see also computer security, security) (includes object, subcommittee on Automated Information System security, subcommittee on telecommunications security)
- National Security Decision Directive (NSDD)
- (see also security)
- National Security Directive (NSD)
- (see also security)
- National Security Emergency Preparedness (NSEP)
- (see also security)
- national security information (NSI)
- Information that has been determined pursuant to Executive
Order 12958 or any predecessor order, or by the Atomic Energy Act of
1954, as amended, to require protection against unauthorized disclosure
and is marked to indicate its classified status. National security
information includes Sensitive Compartmented Information (SCI)
concerning or derived from intelligence sources, methods, or analytical
processes, which is required to be handled within formal access control
systems established by the Director of Central Intelligence. [800-37]
Information that has been determined, pursuant to (NSI) Executive Order
12958 or any predecessor order, to require protection against
unauthorized disclosure. [NSTISSC] (see also access control, security)
- national security system
- Any telecommunications or information system operated by the
United States Government, the function, operation, or use of which: 1.
involves intelligence activities; 2. involves cryptologic activities
related to national security; 3. involves command and control of
military forces; 4. involves equipment that is an integral part of a
weapon or weapon system; or 5. is critical to the direct fulfillment of
military or intelligence missions and does not include a system that is
to be used for routine administrative and business applications
(including payroll, finance, logistics, and personnel management
applications). (Title 40 U.S.C. Section1452, Information Technology
Management Reform Act of 1996.) need-to-know The necessity for access
to, knowledge of, or possession of specific information required to
carry out official duties. [NSTISSC] IT system operated by the
U.S. Government, its contractors, or agents that contains classified
information or, as set forth in 10 U.S.C. Section 2315, that involve:
intelligence activities or cryptologic activities related to national
security, command and control of military forces, equipment that is an
integral part of a weapon or weapon system, or equipment that is
critical to the direct fulfillment of military or intelligence
missions. [800-37] (see also cryptography, security, system)
- National Security Telecommunications Advisory Committee (NSTAC)
- (see also security)
- National Security Telecommunications and Information Systems Security Advisory/Information Memorandum (NSTISSAM)
- (see also computer security, system)
- National Security Telecommunications and Information Systems Security Committee (NSTISSC)
- The NSTISSC is composed of members from 21 U.S. Government
executive branch departments and agencies, as well as observers
representing 9 additional agencies. The NSTISSC provides a forum for
discussion of policy issues, sets national policy, and promulgates
direction, operational procedures, and guidance for the security of
national security systems through the NSTISSC issuance system. More
information can be found at http://www.nstissc.gov/. [CIAO] (see also computer security, system)
- National Security Telecommunications and Information Systems Security Directive (NSTISSD)
- (see also computer security, system)
- National Security Telecommunications and Information Systems Security Instruction (NSTISSI)
- (see also computer security, system)
- National Security Telecommunications and Information Systems Security Policy (NSTISSP)
- (see also computer security, system)
- National Telecommunications and Information Administration (NTIA)
- (see also networks)
- national telecommunications and information system security directives (NTISSD)
- NTISS Directives establish national-level decisions relating
to NTISS policies, plans, programs, systems, or organizational
delegations of authority. NTISSDs are promulgated by the Executive
Agent of the Government for Telecommunications and Information Systems
Security, or by the Chairman of the NTISSC when so delegated by the
Executive Agent. NTISSDs are binding upon all federal departments and
agencies. [NCSC/TG004] Under NSDD 145, NTISS Directives
established national-level decisions relating to NTISS policies, plans,
programs, systems, or organizational delegations of authority. NTISSDs
were promulgated by the Executive Agent of the U.S. Government for
Telecommunications and Information Systems Security, or by the chairman
of the NTISSC when so delegated by the executive agent. NTISSDs were
binding upon all federal departments and agencies. [AJP] (see also computer security, system)
- National Telecommunications and Information Systems Security Advisory Memoranda/Instructions (NTISSAM)
- NTISS Advisory Memoranda and Instructions provide advice,
assistance, or information of general interest on telecommunications
and systems security to all applicable federal departments and
agencies. NTISSAMs/NTISSIs are promulgated by the U.S. National Manager
for Telecommunications and Automated Information System Security and
are recommendatory. [NCSC/TG004] Under NSDD (National Security
Decision Directive) 145, NTISS Advisory Memoranda and Instructions
provided advice, assistance, or information of general interest on
telecommunications and systems security to all applicable U.S. federal
departments and agencies. NTISSAMs/NTISSIs were promulgated by the U.S.
National Manager for Telecommunications and Automated Information
System Security. [AJP] (see also computer security, system)
- National Telecommunications and Information Systems Security Directive (NTISSD)
- (see also computer security, system)
- National Telecommunications and Information Systems Security Instruction (NTISSI)
- (see also computer security, system)
- National Telecommunications and Information Systems Security Policy (NTISSP)
- (see also computer security, system)
- National Voluntary Laboratory Accreditation Program (NVLAP)
- The U.S. accreditation authority for commercial IT security
evaluation facilities operating within the NIAP Common Criteria
Evaluation and Validation Scheme. [NIAP] (see also computer security, evaluation, National Information Assurance partnership, accreditation)
- natural benchmark
- A benchmark consisting of programs and data taken from an existing user workload. [SRV]
- natural disaster
- A physical capability with the ability to destroy or
incapacitate critical infrastructures. Natural disasters differ from
threats due to the absence of intent. [CIAO] Any 'act of God' (e.g. fire, flood, earthquake, lightning, or wind) that disables a system component. [RFC2828] Any 'act of God' (e.g. power surge caused by lightning) that alters system functions or data. [RFC2828] (see also critical infrastructure, threat, threat consequence)
- need-to-know
- (1) Access to, knowledge of, or possession of specific
information required to carry out official duties. (2) The necessity
for access to, knowledge of, or possession of specific information
required to carry out official duties. [AJP] (I) The necessity for access to, knowledge of, or possession of specific information required to carry out official duties. (C)
This criterion is used in security procedures that require a custodian
of sensitive information, prior to disclosing the information to
someone else, to establish that the intended recipient has proper
authorization to access the information. [RFC2828] Access to, knowledge of, or possession of specific information required to carry out official duties. [FCv1] The necessity for access to, knowledge of, or possession of specific information required to carry out official duties. [800-37][NCSC/TG004] (see also access control, least privilege)
- negative acknowledgment (NAK) (Nak)
-
- negative tests
- Tests aimed at showing that software does not work (also called dirty testing); e.g., most effective tests. [OVT] (see also test)
- negotiated acquisition
- The method of contracting in which vendors submit proposals in
response to a solicitation. The proposals are evaluated and terms
negotiated prior to award. [SRV]
- net control station (NCS)
-
- net present value (NPV)
-
- network address translation (NAT)
- A method of mapping one or more private, reserved IP addresses
to one or more public IP addresses. In the interest of conserving the
IPv4 address space, RFC 1918 proposed the use of certain private
(reserved) blocks of IP addresses. Connections to public networks are
made by use of a device that translates one or more RFC 1918 addresses
to one or more public addresses--a network address translator (NAT).
The use of private addressing also introduces a security benefit in
that RFC 1918 addresses are not visible to hosts on the public
Internet. Some NAT implementations are computationally intensive, and
may affect bit forwarding rate. [RFC2647] (see also firewall, networks)
- network administrator
- The individual responsible for the installation, management, and control of a network. [FFIEC]
- network architecture
- The philosophy and organizational concept for enabling
communications among data processing equipment at multiple locations.
The network architecture specifies the processors and terminals, and
defines the protocols and software that must be used to accomplish
accurate data communications. [SRV] The set of layers and
protocols (including formats and standards that different hardware and
software must comply with to achieve stated objectives) which define a
network. [AJP][TNI] (see also communications, software, networks, security architecture) (includes network component, object)
- network based
- Network traffic data along with audit data from the hosts used to detect intrusions. [NSAINT] (see also audit, networks)
- network component
- (1) A physical unit that does not provide a complete set of
end-user services. A network component may support all or part of MDIA
(mandatory access control, identification and authentication, and
audit). This definition is used with the Trusted Network Interpretation
of the Trusted Computer System Evaluation Criteria Environments
Guideline (TNIEG). (2) A network subsystem that is evaluatable for
compliance with the trusted network interpretations, relative to that
policy induced on the component by the overall network policy. Note:
this definition is used with the Trusted Network Interpretation of the
Trusted Computer System Evaluation Criteria (TNI). [AJP] A
network subsystem that is evaluatable for compliance with the trusted
network interpretations, relative to that policy induced on the
component by the overall network policy. [TNI] (see also access control, audit, authentication, evaluation, identification, trust, trusted computer system, component, network architecture, networks) (includes network front-end, network reference monitor)
- network configuration
- A specific set of network resources that form a communications
network at any given point in time, the operating characteristics of
these network resources, and the physical and logical connections that
have been defined between them. [SRV] (see also communications, networks)
- network connection
- A network connection is any logical or physical path from one
host to another that makes possible the transmission of information
from one host to the other. An example is a TCP (Transmission Control
Protocol) connection. But also, when a host transmits an IP (Internet
Protocol) datagram using only the services of its 'connectionless'
Internet Protocol interpreter, there is considered to be a connection
between the source and the destination hosts for this transaction. [AJP]
A network connection is any logical or physical path from one host to
another that makes possible the transmission of information from one
host to the other. An example is a TCP connection. But also, when a
host transmits an IP datagram employing only the services of its
'connectionless' Internet Protocol interpreter, there is considered to
be a connection between the source and the destination hosts for this
transaction. [TNI] (see also internet, networks)
- network device
- A device that is part of and can send or receive electronic
transmissions across a communications network. Network devices include:
end-system devices such as computers, terminals, or printers;
intermediary devices such as bridges and routers that connect different
parts of the communications network; and link devices or transmission
media. [SRV] (see also communications, networks)
- Network File System
- NFS is an application and protocol suite that provides a way
of sharing files between clients and servers. There are other protocols
which provide file access over networks. These provide similar
functionality, but do not interoperate with each other. [RFC2504] (see also networks, system)
- network front-end
- A device that implements the necessary network protocols,
including security-related protocols, to allow a computer system to be
attached to a network. [AJP][NCSC/TG004] Device implementing protocols that allow attachment of a computer system to a network. [NSTISSC] (see also security, network component, networks)
- network interface card (NIC)
- (see also networks)
- Network Layer Security Protocol (NLSP)
- An OSI protocol (IS0 11577) for end-to-end encryption services
at the top of OSI layer 3. NLSP is derived from an SDNS protocol, SP3,
but is much more complex. [RFC2828] (see also networks, security protocol)
- network level firewall
- A firewall in which traffic is examined at the network protocol (IP) packet level. [NSAINT] (see also firewall, networks)
- network management
- The discipline that describes how to monitor and control the
managed network to ensure its operation and integrity and to ensure
that communications services are provided in an efficient manner.
Network management consists of fault management, configuration
management, performance management, security management, and accounting
management. [SRV] (see also fault, security, networks)
- network management architecture
- The distribution of responsibility for management of different
parts of the communications network among different manager software
products. It describes the organization of the management of a network.
The three types of network management architectures are the
centralized, distributed, and distributed hierarchical network
management architectures. [SRV] (see also communications, software, networks)
- network management protocol
- A protocol whose purpose is to convey information pertaining
to the management of the communications network, including management
operations from managers as well as responses to polling operations,
notifications, and alarms from agents. [SRV] (see also communications, networks)
- network management software
- Software to provide the capabilities for network and security
monitoring and managing the network infrastructure, allowing systems
personnel to administer the network effectively from a central
location. [SRV] (see also security, networks, software)
- network monitoring tools
- (see also networks, security software)
- network protocol stack
- Software package that provides general purpose networking
services to application software, independent of the particular type of
data link being used. [OVT] (see also automated information system)
- network reference monitor
- An access-control concept that refers to an abstract machine
that mediates all access to objects within the network by subjects
within the network. [AJP][TNI] (see also access control, network component, networks, reference monitor) (includes object, subject)
- network security
- Protection of networks and their services from unauthorized
modification, destruction, or disclosure, and provision of assurance
that the network performs its critical functions correctly and there
are no harmful side-effects. Network security includes providing for
data integrity. [NSAINT] Security procedures and controls that
protect a network from: (a) unauthorized access, modification, and
information disclosure; and (b) physical impairment or destruction. [CIAO]
The protection of networks and their services from all natural and
human-made hazards. Includes protection against unauthorized access,
modification, or destruction of data; denial of service; or theft. [SRV]
The protection of networks and their services from unauthorized
modification, destruction, or disclosure. Providing an assurance that
the network performs its critical functions correctly and there are no
harmful side-effects. Includes providing for information accuracy. [AJP][TNI] (see also assurance, unauthorized access, communications security, information systems security, networks)
- network security architecture
- A subset of network architecture specifically addressing security-relevant issues. [AJP][TNI] Subset of network architecture specifically addressing security-relevant issues. [NSTISSC] (see also communications security, networks)
- network security architecture and design (NSAD)
- (see also communications security)
- network security officer (NSO)
- Individual formally appointed by a designated approving
authority to ensure that the provisions of all applicable directives
are implemented throughout the life cycle of an automated information
system network. [NSAINT] (see also communications security, information systems security officer, networks)
- network services
- Services which are not provided on the local computer system
the end-user is working on but on a server located in the network. [RFC2504] (see also networks)
- network size
- The total number of network devices that must be managed within the network and all its subcomponents. [SRV] (see also networks)
- network sponsor
- Individual or organization responsible for stating the
security policy enforced by the network, designing the network security
architecture to properly enforce that policy, and ensuring the network
is implemented in such a way that the policy is enforced. [NSTISSC]
The individual or organization that is responsible for stating the
security policy enforced by the network, for designing the network
security architecture to properly enforce that policy, and for ensuring
that the network is implemented in such a way that the policy is
enforced. For commercial, off-the-shelf systems, the network sponsor
will normally be the vendor. For a fielded network system, the sponsor
will normally be the project manager or system administrator. [AJP][TNI] (see also communications security, security, networks) (includes functional proponent)
- network system
- A system that is implemented with a collection of
interconnected network components. A network system is based on a
coherent security architecture and design. [AJP][TNI]
System implemented with a collection of interconnected components. A
network system is based on a coherent security architecture and design.
[NSTISSC] (see also security, networks, system)
- network topology
- The architectural layout of a network. Common topologies
include bus (nodes connected to a single backbone cable), ring (nodes
connected serially in a closed loop), and star (nodes connected to a
central hub). [CIAO] The term has two meanings: (1) the
structure, interconnectivity, and geographic layout of a group of
networks forming a larger network, and (2) the structure and layout of
an individual network within a confined location or across a geographic
area. [SRV] (see also networks)
- network trusted computing base (NTCB)
- The totality of protection mechanisms within a network system
- including hardware, firmware, and software - the combination of that
is responsible for enforcing a security policy. [AJP][TNI]
Totality of mechanisms within a single network (NTCB) partition
component for enforcing the network policy, as allocated to that
component; the part of the NTCB within a single network component. [NSTISSC]
Totality of protection mechanisms within a (NTCB) network, including
hardware, firmware, and software, the combination of which is
responsible for enforcing a security policy. [NSTISSC] (see also software, networks, trusted computing base) (includes NTCB partition)
- network weaving
- Another name for "Leapfrogging" [NSAINT] Penetration
technique in which different communication networks are linked to
access an IS to avoid detection and trace-back. [NSTISSC] (see also communications, networks)
- network worm
- A worm that copies itself to another system by using common
network facilities and causes execution of the copy program on that
system. [SRV] (see also internet, networks)
- networking features of software
- Some software has features which make use of the network to
retrieve or share data. It may not be obvious that software has
networking features. [RFC2504] (see also networks, software)
- networks
- A composition of a communications media and components
attached to that medium whose responsibility is the transfer of
information. Such components may include automated information systems,
packet switches, telecommunications controllers, distribution centers,
technical management, and control devices. It is a set of devices such
as computers, terminals, and printers that are physically connected by
a transmission medium so that they can communicate with each other. [SRV] IS implemented with a collection of interconnected nodes. [NSTISSC] IT system implemented with a collection of interconnected network nodes. [800-37] Information system implemented with a collection of interconnected nodes. [CIAO] Two or more machines interconnected for communications. [NSAINT] (see also Chernobyl packet, Common Criteria for Information Technology Security, Defense Information Infrastructure, Estelle, Extensible Authentication Protocol, Guidelines and Recommendations for Security Incident Processing, IEEE 802.10, IP address, IP splicing/hijacking, Internet Assigned Numbers Authority, Internet Protocol Security Option, Internet worm, Java, Kerberos, Layer 2 Forwarding Protocol, Layer 2 Tunneling Protocol, Multilevel Information System Security Initiative, NTCB partition, National Computer Security Center, National Computer Security Center glossary, National Information Infrastructure, National Telecommunications and Information Administration, OSI architecture, Open Systems Interconnection Reference model, Red book, Remote Authentication Dial-In User Service, SATAN, SOCKS, Secure Data Exchange, Secure Electronic Transaction, Simple Public Key Infrastructure/Simple Distributed Security Infrastructure, Terminal Access Controller Access Control System, acceptable level of risk, acceptable use policy, access control, accreditation, accreditation range, address spoofing, alarm reporting, alarm surveillance, alert, application program interface, asynchronous transfer mode, auditing tool, authenticate, authentication service, automated key distribution, automated security incident measurement, bandwidth, bastion host, brand, break, brouters, cascading, cellular transmission, checksum, circuit switching, class hierarchy, communication channel, component, computer emergency response team, computer oracle and password system, computing security methods, confidentiality, connection, data source, datagram, designated approving authority, digital signature, diplomatic telecommunications service, distributed data, distributed database, distributed processing, downgrade, dual-homed gateway firewall, electronic benefit transfer, email security software, encrypt for transmission only, end system, end-to-end encryption, end-user, ethernet meltdown, evaluation assurance level, extranet, fault, file transfer, file transfer access management, file transfer protocol, filtering router, firewall, future narrow band digital terminal, gateway, global command and control system, global telecommunications service, goodput, gopher, government emergency telecommunications service, guard, hacker, hacking, homed, host, host-based firewall, hypertext transfer protocol, initial transformation, insider attack, international telecommunication union, internet, internet control message protocol, internet protocol, internet vs. Internet, intranet, intrusion detection, intrusion detection system, ip spoofing, killer packets, language of temporal ordering specification, level of protection, link, link encryption, local-area netwokr, logical system definition, non-technical countermeasure, object, octet, on-line transaction processing, open system environment, open system interconnection model, open systems interconnection, open systems security, overt channel, packet, packet filtering, packet sniffer, packet switching, packet transfer mode, passive, password sniffing, passwords, perimeter-based security, phreaking, point-to-point tunneling protocol, pretty good privacy, private branch exchange, private decipherment transformation, proprietary protocol, protocol, protocol suite, proxy, purge, queuing theory, remote access software, remote login, residual risk, rootkit, router, router-based firewall, routing control, rule set, sanitization, screened subnet firewall, screening router, secure profile inspector, secure shell, secure socket layer, security architecture, security gateway, security incident, security kernel, security management, security net control station, security range, security situation, security-compliant channel, server, signaling, signaling system 7, single sign-on, smurf, smurfing, sniffer, start-up KEK, state transition diagram, stealth probe, superuser, synchronous flood, synchronous transmission, tcpwrapper, technical countermeasure, technology area, telecommunications, telnet, threat, tinkerbell program, topology, trace packet, traffic load, transaction file, transfer device, transfer time, transmission, transmission control protocol, transmission medium, transmission security, trusted identification, trusted identification forwarding, trusted process, tunnel, tunneled VPN, tunneling, tunneling router, user, user data protocol, vulnerability, web browser cache, web of trust, web vs. Web, wiretapping, worm, automated information system) (includes ARPANET, Advanced Research Projects Agency Network, Defense Information System Network, Integrated services digital network, Network File System, Network Layer Security Protocol, Secure Data Network System, Trusted Network Interpretation Environment Guideline, advanced intelligence network, advanced intelligent network, automatic digital network, broadband network, centrally-administered network, communications, computer network, computer network attack, computer network defense, defense switched network, global network information environment, ground wave emergency network, internetwork, internetwork private line, metropolitan area networks, minimum essential emergency communications network, narrowband network, network address translation, network architecture, network based, network component, network configuration, network connection, network device, network front-end, network interface card, network level firewall, network management, network management architecture, network management protocol, network management software, network monitoring tools, network reference monitor, network security, network security architecture, network security officer, network services, network size, network sponsor, network system, network topology, network trusted computing base, network weaving, network worm, networking features of software, personal communications network, protected network, secure network server, simple network management protocol, subnetwork, trusted network interpretation, unprotected network, value-added network, virtual network perimeter, virtual private network, wide-area network)
- NIAP Common Criteria Evaluation and Validation Scheme
- The scheme developed by NIST and NSA as part of the U.S.
National Information Assurance Partnership (NIAP) establishing an
organizational and technical framework to evaluate the trustworthiness
of IT products. [NIAP] (see also National Security Agency, trust, National Information Assurance partnership, National Institute of Standards and Technology, evaluation)
- NIAP Oversight Body
- A governmental organization responsible for carrying out
validation and for overseeing the day-to-day operation of the NIAP
Common Criteria Evaluation and Validation Scheme. [NIAP] (see also evaluation, National Information Assurance partnership)
- nibble
- Block of four consecutive bits (half an octet). [SC27] (see also automated information system)
- no prior relationship
- No prior business relationship exists between originater of a digital signature transaction/document and the receiver [misc] (see also digital signature)
- no-lone zone (NLZ)
- (I) A room or other space to which no person may have
unaccompanied access and that, when occupied, is required to be
occupied by two or more appropriately authorized persons. [RFC2828]
Area, room, or space that, when staffed, must be occupied by two or
more appropriately cleared individuals who remain within sight of each
other. [NSTISSC] (see also authorized, security)
- no-PIN ORA (NORA)
- (O) MISSI usage: An organizational RA that operates in
a mode in which the ORA performs no card management functions and,
therefore, does not require knowledge of either the SSO PIN or user PIN
for an end user's FORTEZZA PC card. [RFC2828] (see also Fortezza, Multilevel Information System Security Initiative)
- nominal variable
- A quantitative variable, the attributes of which have no inherent order. [SRV]
- non-discretionary access control
- A means of restricting access to objects based largely on administrative actions. [AJP][FCv1] (see also mandatory access control, discretionary access control, non-discretionary security, access control)
- non-discretionary security
- The aspect of DOD security policy which restricts access on
the basis of security levels. A security level is composed of a read
level and a category set restriction. For read-access to an item of
information, a user must have a clearance level greater then or equal
to the classification of the information and also have a category
clearance which includes all of the access categories specified for the
information. [NSAINT] (see also classification level, non-discretionary access control, security)
- non-recoverable part
- Part of the message stored and transmitted along with the signature; empty when message recovery is total. [SC27] (see also recovery)
- non-repudiation
- A cryptographic service that legally prevents the originator of a message from denying authorship at a later date. [CIAO]
A security service by which evidence is maintained so that the sender
of data and recipient of data cannot deny having participated in the
communication. [IATF] An authentication that with high assurance
can be asserted to be genuine and that cannot subsequently be refuted.
It is the security service by which the entities involved in
communication cannot deny having participated. This service provides
proof of the integrity and origin of data that can be verified by a
third party. non-repudiation of origin is protection against a sender
of a message later denying transmission. [SRV] Assurance the
sender of data is provided with proof of delivery and the recipient is
provided with proof of the sender's identity, so neither can later deny
having processed the data. [800-37][NSTISSC] Ensuring
that a transferred message has been sent and received by the parties
claiming to have sent and received the message. Non-repudiation is a
way to guarantee that the sender of a message cannot later deny having
sent the message and that the recipient cannot deny having received the
message. [FFIEC] Method by which the sender of data is provided
with proof of delivery and the recipient is assured of the sender's
identity, so that neither can later deny having processed the data. [NSAINT] The ability to prove an action or event has taken place, so that this event or action cannot be repudiated later. [SC27]
The reasonable assurance that a principal cannot deny being the
originator of a message after sending it. Non-repudiation is achieved
by encrypting the message digest using a principal's private key. The
public key of the principal must be certified by a trusted
certification authority. [misc] (see also repudiation, Generic Security Service Application Program Interface, IT security, NRD token, NRO token, NRS token, NRT token, accountability, assurance, authentication, cryptography, defense-wide information assurance program, digital signature, distinguishing identifier, evidence, information assurance, invalidity date, notarization token, originator, proof, recipient, sandboxed environment, secure single sign-on, certification authority, quality of protection) (includes non-repudiation exchange, non-repudiation information, non-repudiation of creation, non-repudiation of delivery, non-repudiation of knowledge, non-repudiation of origin, non-repudiation of receipt, non-repudiation of sending, non-repudiation of submission, non-repudiation of transport, non-repudiation policy, non-repudiation service, non-repudiation token, privacy, authentication, integrity, identification, non-repudiation, privacy, authentication, integrity, non-repudiation)
- non-repudiation exchange
- A sequence of one or more transfers of non-repudiation information (NRI) for the purpose of non-repudiation. [SC27] (see also non-repudiation)
- non-repudiation information
- A set of information that may consist of the information about
an event or action for which evidence is to be generated and validated,
the evidence itself, and the non-repudiation policy in effect. [SC27] (see also evidence, non-repudiation)
- non-repudiation of creation
- Protection against an entity's false denial of having created
the content of a message (i.e., being responsible for the content of a
message). [SC27] This service is intended to protect against an
entity's false denial of having created the content of a message (i.e.
being responsible for the content of a message). [SC27] This
service is intended to protect against an entity's false denial of
having created the content of a message (i.e. being responsible for the
content of a message). [ISO/IEC WD 13888-1 (11/2001)] Protection
against an entity's false denial of having created the content of a
message (i.e., being responsible for the content of a message). [SC27] (see also non-repudiation)
- non-repudiation of delivery
- This service is intended to protect against a recipient's
false denial of having received the message and recognised the content
of a message. [SC27] (see also non-repudiation) (includes NRD token)
- non-repudiation of knowledge
- This service is intended to protect against a recipient's
false denial of having taken notice of the content of a received
message. [SC27] (see also non-repudiation)
- non-repudiation of origin
- This service is intended to protect against the originator's
false denial of having approved the content of a message and of having
sent a message. [SC27] (see also non-repudiation) (includes NRO token)
- non-repudiation of receipt
- This service is intended to protect against a recipient's false denial of having received a message. [SC27] (see also non-repudiation)
- non-repudiation of sending
- This service is intended to protect against the sender's false denial of having sent a message. [SC27] (see also non-repudiation)
- non-repudiation of submission
- This service is intended to provide evidence that a delivery authority has accepted the message for transmission. [SC27] (see also evidence, non-repudiation) (includes NRS token)
- non-repudiation of transport
- This service is intended to provide evidence for the message
originator that a delivery authority has delivered the message to the
intended recipient. [SC27] (see also evidence, non-repudiation) (includes NRT token)
- non-repudiation policy
- A set of criteria for the provision of non-repudiation
services. More specifically, a set of rules to be applied for the
generation and verification of evidence and for adjudication. [SC27] (see also evidence, verification, non-repudiation)
- non-repudiation service
- (I) A security service that provide protection against false denial of involvement in a communication. (C)
Non-repudiation service does not and cannot prevent an entity from
repudiating a communication. Instead, the service provides evidence
that can be stored and later presented to a third party to resolve
disputes that arise if and when a communication is repudiated by one of
the entities involved. There are two basic kinds of non-repudiation
service:
- 'Non-repudiation with proof of origin' provides the
recipient of data with evidence that proves the origin of the data, and
thus protects the recipient against an attempt by the originator to
falsely deny sending the data. This service can be viewed as a stronger
version of an data origin authentication service, in that it proves
authenticity to a third party.
- 'Non-repudiation with proof of
receipt' provides the originator of data with evidence that proves the
data was received as addressed, and thus protects the originator
against an attempt by the recipient to falsely deny receiving the data.
(C) Phases of a Non-Repudiation Service: Ford uses
the term 'critical action' to refer to the act of communication that is
the subject of the service:
-------- -------- -------- -------- -------- . --------
Phase 1: Phase 2: Phase 3: Phase 4: Phase 5: . Phase 6:
Request Generate Transfer Verify Retain . Resolve
Service Evidence Evidence Evidence Evidence . Dispute
-------- -------- -------- -------- -------- . --------
Service Critical Evidence Evidence Archive . Evidence
Request => Action => Stored => Is => Evidence . Is
Is Made Occurs For Later Tested In Case . Verified
and Use | ^ Critical . ^
Evidence v | Action Is . |
Is +-------------------+ Repudiated . |
Generated |Verifiable Evidence|------> ... . ----+
+-------------------+
Phase / Explanation
-------------------
- Before
the critical action, the service requester asks, either implicitly or
explicitly, to have evidence of the action be generated.
- When
the critical action occurs, evidence is generated by a process
involving the potential repudiator and possibly also a trusted third
party.
- The evidence is transferred to the requester, or stored by a third party, for later use if needed.
- The entity that holds the evidence tests to be sure that it will suffice if a dispute arises.
- The evidence is retained for possible future retrieval and use.
- In
this phase, which occurs only if the critical action is repudiated, the
evidence is retrieved from storage, presented, and verified to resolve
the dispute.
[RFC2828] (see also authentication, evidence, security, test, trust, non-repudiation)
- non-repudiation token
- A special type of security token as defined in ISO/IEC 10181-1
consisting of a set of evidence, and, optionally, of additional data. [SC27] (see also evidence, non-repudiation, tokens) (includes NRD token, NRO token, NRS token, NRT token)
- non-technical countermeasure
- A security measure, that is not directly part of the network
information security processing system, taken to help prevent system
vulnerabilities. Non-technical counter measures encompass a broad range
of personnel measures, procedures, and physical facilities that can
deter an adversary from exploiting a system. [IATF] (see also exploit, networks, counter measures, security)
- nonce
- (I) A random or non-repeating value that is included in
data exchanged by a protocol, usually for the purpose of guaranteeing
liveness and thus detecting and protecting against replay attacks. [RFC2828] (see also attack)
- noncomputing security methods
- Noncomputing methods are security safeguards that do not use
the hardware, software, and firmware of the IS. Traditional methods
include physical security (controlling physical access to computing
resources), personnel security, and procedural security. [SRV] (see also software, security)
- nonkernel security related (NKSR)
- (see also security)
- normal operation
- Process of using a system. [AJP][FCv1]
- notarization
- (I) Registration of data under the authority or in the
care of a trusted third party, thus making it possible to provide
subsequent assurance of the accuracy of characteristics claimed for the
data, such as content, origin, time, and delivery. [RFC2828] The
provision of evidence by a notary about the properties of the entities
involved in an action or event, and of the data stored or communicated.
[SC27] (see also evidence, trust)
- notarization token
- A non-repudiation token generated by a notary. [SC27] (see also non-repudiation, tokens)
- notary
- A trusted third party trusted to provide evidence about the
properties of the entities involved and of the data stored or
communicated, or to extend the lifetime of an existing token beyond its
expiry or beyond subsequent revocation. [SC27] (see also evidence, tokens, trust)
- NRD token
- Non-repudiation of delivery token. A data item which allows
the originator to establish non-repudiation of delivery for a message. [SC27] (see also non-repudiation, non-repudiation of delivery, non-repudiation token, tokens)
- NRO token
- Non-repudiation of origin token. A data item which allows recipients to establish non-repudiation of origin for a message. [SC27] (see also non-repudiation, non-repudiation of origin, non-repudiation token, tokens)
- NRS token
- Non-repudiation of submission token. A data item which allows
either the originator (sender) or the delivery authority to establish
non-repudiation of submission for a message having been submitted for
transmission. [SC27] (see also non-repudiation, non-repudiation of submission, non-repudiation token, tokens)
- NRT token
- Non-repudiation of transport token. A data item which allows
either the originator or the delivery authority to establish
non-repudiation of transport for a message. [SC27] (see also non-repudiation, non-repudiation of transport, non-repudiation token, tokens)
- NTCB partition
- The totality of mechanisms within a single network component
for enforcing the network policy, as allocated to that component; the
part of the NTCB within a single network component. [AJP][TNI] (see also networks, network trusted computing base, trusted computing base)
- nuclear command and control document (NCCD)
- (see also command and control)
- null
- Dummy letter, letter symbol, or code group inserted into an
encrypted message to delay or prevent its decryption or to complete
encrypted groups for transmission or transmission security purposes. [NSTISSC]
- NULL encryption algorithm
- (I) An algorithm that does nothing to transform
plaintext data; i.e., a no-op. It originated because of IPsec ESP,
which always specifies the use of an encryption algorithm to provide
confidentiality. The NULL encryption algorithm is a convenient way to
represent the option of not applying encryption in ESP (or in any other
context where this is needed). [RFC2828] (see also confidentiality, encryption)
- OAKLEY
- (I) A key establishment protocol (proposed for IPsec
but superseded by IKE) based on the Diffie-Hellman algorithm and
designed to be a compatible component of ISAKMP. (C) OAKLEY
establishes a shared key with an assigned identifier and associated
authenticated identities for parties. I.e., OAKLEY provides
authentication service to ensure the entities of each other's identity,
even if the Diffie-Hellman exchange is threatened by active
wiretapping. Also, provides public-key forward secrecy for the shared
key and supports key updates, incorporation of keys distributed by
out-of-band mechanisms, and user-defined abstract group structures for
use with Diffie-Hellman. [RFC2828] (see also authentication, key, threat)
- object
- (1) A passive entity that contains or receives information.
Access to an object potentially implies access to the information it
contains. Examples of objects are records, blocks, pages, segments,
files, directories, directory trees, and programs, as well as bits,
bytes, words, fields, processors, video displays, keyboards, clocks,
printers, network nodes, etc. (2) A controlled entity that precisely
gives or receives information in response to access attempts by another
(active) entity. [AJP] (I) Trusted computer system modeling usage: A system element that contains or receives information. [RFC2828] A passive entity that contains or receives information. [ITSEC]
A passive entity that contains or receives information. Access to an
object potentially implies access to the information it contains.
Examples of objects are: records, blocks, pages, segments, files,
directories, directory trees, and programs, as well as bits, bytes,
words, fields, processors, video displays, keyboards, clocks, printers,
network nodes, etc. [NCSC/TG004][TCSEC][TDI][TNI]
A state, behavior, and identity; the terms instance and object are
interchangeable. A passive entity that contains or receives
information. Access to an object potentially implies access to the
information it contains. It is the basic unit of computation. It has a
set of operations and a state that remembers the effect of the
operations. Classes define object types. Typically, objects are defined
to represent the behavioral and structural aspects of real world
entities. Examples of objects are: records, blocks, pages, segments,
files, directories, directory trees, and programs, as well as bits,
bytes, words, fields, processors, video displays, keyboards, clocks,
printers, and network nodes. [SRV] An entity within the TSC that contains or receives information and upon which subjects perform operations. [CC2][CC21][SC27]
Controlled entity that precisely gives or receives information in
response to access attempts by another (active) entity. Note: Access to
an object implies access to the information contained in that object.
Examples of objects include: subjects, records, blocks, pages,
segments, files, directories, directory trees and programs, as well as
bits, bytes, words, fields, processors, I/O devices, video displays,
keyboards, clocks, printers, network nodes, etc. [FCv1] Passive entity containing or receiving information. Access to an object implies access to the information it contains. [NSTISSC] (see subject) (see also key, model, networks, Bell-LaPadula security model, National Security Decision Directive 145, TCB subset, TOE security policy, acceptance procedure, access, accountability, availability, candidate TCB subset, capability, category, component reference monitor, computer architecture, configuration control, default classification, dominated by, environment, functional component, granularity, granularity of a requirement, information flow control, isolation, list-oriented, network architecture, network reference monitor, object reuse, owner, package, passive, permissions, product rationale, protection philosophy, protection-critical portions of the TCB, read, read access, reference monitor, reference monitor concept, reference validation mechanism, resource, scavenging, scope of a requirement, secure state, secure subsystem, security attribute, security enforcing, security function, security function policy, security label, security policy, sensitivity label, shall, should, simple security condition, simple security property, software requirement, storage object, subject security level, technical policy, technical security policy, ticket-oriented, tranquility, trusted subject, verification, write, write access) (includes TOE security functions, domain)
- object code
- Instructions in machine-readable language, produced by a compiler or assembler from source code. [SRV] (see also automated information system)
- object identifier (OID)
- (I) An official, globally unique name for a thing,
written as a sequence of integers (which are formed and assigned as
defined in the ASN.1 standard) and used to reference the thing in
abstract specifications and during negotiation of security services in
a protocol. (O) 'A value (distinguishable from all other such values) which is associated with an object.' (C)
Objects named by OIDs are leaves of the object identifier tree (which
is similar to but different from the X.500 Directory Information Tree).
Each arc (i.e., each branch of the tree) is labeled with a non-negative
integer. An OID is the sequence of integers on the path leading from
the root of the tree to a named object. (C) The OID tree has
three arcs immediately below the root: {0} for use by ITU-T, {1} for
use by ISO, and {2} for use by both jointly. Below ITU-T are four arcs,
where {0 0} is for ITU-T recommendations. Below {0 0} are 26 arcs, one
for each series of recommendations starting with the letters A to Z,
and below these are arcs for each recommendation. Thus, the OID for
ITU-T Recommendation X.509 is {0 0 24 509}. Below ISO are four arcs,
where {1 0 }is for ISO standards, and below these are arcs for each ISO
standard. Thus, the OID for ISO/IEC 9594-8 (the ISO number for X.509)
is {1 0 9594 8}. (C) The following are additional examples: ANSI
registers organization names below the branch {joint-iso-ccitt(2)
country(16) US(840) organization(1)}. The NIST CSOR records PKI objects
below the branch {joint-iso-ccitt(2) country(16) us(840) gov(101)
csor(3) pki(4)}. The U.S. Department of Defense registers INFOSEC
objects below the branch {joint-iso-ccitt(2) country(16) us(840)
organization(1) gov(101) dod(2) infosec(1)}. The OID for the PKIX
private extension is defined in an arc below the arc for the PKIX name
space, as {iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) 1 1}. [RFC2828] (see also internet, public-key infrastructure, security, Abstract Syntax Notation One, National Institute of Standards and Technology)
- object reuse
- (N) 'The reassignment and reuse of a storage medium
(e.g. page frame, disk sector, magnetic tape) that once contained one
or more objects. To be securely reused and assigned to a new subject,
storage media must contain no residual data (magnetic remanence) from
the object(s) previously contained in the media.' [RFC2828]
Reassignment and re-use of a storage medium containing one or more
objects after ensuring no residual data remains on the storage medium. [NSTISSC]
The reassignment and reuse of a storage medium (e.g. page frame, disk
sector, magnetic tape) that once contained one or more objects. To be
securely reused and assigned to a new subject, storage media must
contain no residual data (magnetic remanence) from the object(s)
previously contained in the media. [AJP][NCSC/TG004][SRV]
The reassignment of a medium (e.g. page frame, disk sector, magnetic
tape) that contained one or more objects to some subject. To be
securely reassigned, such media must contain no residual data from the
previously contained object(s). [TNI] The reassignment to some
subject of a medium (e.g. page frame, disk sector, magnetic tape) that
contained one or more objects. To be securely reassigned, such media
must contain no residual data from the previously contained object(s). [TCSEC] (includes object, subject)
- object-oriented programming (OOP)
- (see also automated information system)
- observation reports
- A report issued by a CCTL to the NIAP Oversight Body
identifying specific problems or issues related to the conduct of an IT
security evaluation. [NIAP] (see also computer security, evaluation, security, Common Criteria Testing Laboratory)
- obstruction
- A threat action that interrupts delivery of system services by hindering system operations. [RFC2828] (see also threat consequence)
- octet
- (I) A data unit of eight bits. (c) This term is used in
networking (especially in OSI standards) in preference to 'byte',
because some systems use 'byte' for data storage units of a size other
than eight. [RFC2828] String of eight bits. [SC27] (see also networks)
- off-line cryptosystem
- Cryptosystem in which encryption and decryption are performed independently of the transmission and reception functions. [NSTISSC] (see also encryption)
- Office of Foreign Assets Control (OFAC)
- The Office of Foreign Assets Control, within the U.S.
Department of the Treasury, administers and enforces economic and trade
sanctions against targeted foreign countries, terrorism-sponsoring
organizations, and international narcotics traffickers based on U.S.
foreign policy and national security goals. [FFIEC]
- ohnosecond
- (C) That minuscule fraction of time in which you realize that your private key has been compromised. [RFC2828] (see also key)
- on ramp
- A popular term for a digital broadband connection linking a subscriber with the information superhighway. [SRV]
- On-line Certificate Status Protocol (OCSP)
- (I) An Internet protocol used by a client to obtain
from a server the validity status and other information concerning a
digital certificate. (C) In some applications, such as those
involving high-value commercial transactions, it may be necessary to
obtain certificate revocation status that is more timely than is
possible with CRLs or to obtain other kinds of status information. OCSP
may be used to determine the current revocation status of a digital
certificate, in lieu of or as a supplement to checking against a
periodic CRL. An OCSP client issues a status request to an OCSP server
and suspends acceptance of the certificate in question until the server
provides a response. [RFC2828] (see also certificate, internet, security protocol)
- on-line cryptosystem
- Cryptosystem in which encryption and decryption are performed in association with the transmitting and receiving functions. [NSTISSC] (see also encryption)
- on-line system
- A system with a direct interface between application programs stored in the computer and terminals for data entry and output. [SRV] (see also system)
- on-line transaction processing
- Recording of on-line transactions as they are processing. [SRV] (see also networks)
- one-part code
- Code in which plain text elements and their accompanying code
groups are arranged in alphabetical, numerical, or other systematic
order, so one listing serves for both encoding and decoding. One-part
codes are normally small codes used to pass small volumes of
low-sensitivity information. [NSTISSC]
- one-time cryptosystem
- Cryptosystem employing key used only once. one-time pad Manual one-time cryptosystem produced in pad form. [NSTISSC] (see also system)
- one-time pad (OTP)
- (I) An encryption algorithm in which the key is a
random sequence of symbols and each symbol is used for encryption only
one time--to encrypt only one plaintext symbol to produce only one
ciphertext symbol--and a copy of the key is used similarly for
decryption. (C) To ensure one-time use, the copy of the key used
for encryption is destroyed after use, as is the copy used for
decryption. This is the only encryption algorithm that is truly
unbreakable, even given unlimited resources for cryptanalysis, but key
management costs and synchronization problems make it impractical
except in special situations. [RFC2828] (see also analysis, cryptography, encryption, key)
- one-time passwords (OTP)
- Instead of using the same password over and over again, a different password is used on each subsequent login. [RFC2504]
Not capitalized: A 'one-time password' is a simple authentication
technique in which each password is used only once as authentication
information that verifies an identity. This technique counters the
threat of a replay attack that uses passwords captured by wiretapping.
Capitalized: 'One-Time Password' is an Internet protocol that is based
on S/KEY and uses a cryptographic hash function to generate one-time
passwords for use as authentication information in system login and in
other processes that need protection against replay attacks. [RFC2828] (see also authentication, cryptography, hash, internet, key, threat, passwords)
- one-time tape (OTT)
- Punched paper tape used to provide key streams on a one-time basis in certain machine cryptosystems. [NSTISSC] (see also cryptography)
- one-way encryption
- (I) Irreversible transformation of plaintext to
ciphertext, such that the plaintext cannot be recovered from the
ciphertext by other than exhaustive procedures even if the
cryptographic key is known. [RFC2828] (see also key, encryption)
- one-way function
- (I) 'A (mathematical) function, f, which is easy to
compute, but which for a general value y in the range, it is
computationally difficult to find a value x in the domain such that
f(x) = y. There may be a few values of y for which finding x is not
computationally difficult.' (D) ISDs SHOULD NOT use this term as a synonym for 'cryptographic hash'. [RFC2828]
A function with the property that it is easy to compute the output for
a given input but it is computationally infeasible to find for a given
output, an input which maps to this output. [SC27] (see also cryptography, hash)
- open security
- Environment that does not provide environment sufficient
assurance that applications and equipment are protected against the
introduction of malicious logic prior to or during the operation of a
system. [NSAINT] (see also security)
- open security environment
- (O) U.S. Department of Defense usage: A system
environment that meets at least one of the following conditions: (a)
Application developers (including maintainers) do not have sufficient
clearance or authorization to provide an acceptable presumption that
they have not introduced malicious logic. (b) Configuration control
does not provide sufficient assurance that applications and the
equipment are protected against the introduction of malicious logic
prior to and during the operation of system applications. [RFC2828]
An environment that includes those systems in which at least one of the
following conditions holds true: (1) Application developers (including
maintainers) do not have sufficient clearance or authorization to
provide an acceptable presumption that they have not introduced
malicious logic and (2) configuration control does not provide
sufficient assurance that applications are protected against the
introduction of malicious logic prior to and during the operation of
system applications. [AJP][NCSC/TG004] (see also assurance, security)
- open storage
- Storage of classified information within an accredited
facility, but not in General Services Administration approved secure
containers, while the facility is unoccupied by authorized personnel. [NSTISSC]
- open system environment (OSE)
- A set of standard relationships between different platforms
and vendors that enable networked users, workgroups, departments, and
enterprises to work together. When fully implemented, these systems can
offer major benefits, such as portability, scalability, and
interoperability. [SRV] (see also networks, system)
- open system interconnection (OSI)
- (see also system)
- open system interconnection model
- A reference model of how messages should be transmitted
between any two endpoints of a telecommunication network. The process
of communication is divided into seven layers, with each layer adding
its own set of special, related functions. The seven layers are the
application layer, presentation, session, transport, network, data, and
physical layer. Most telecommunication products tend to describe
themselves in relation to the OSI model. The OSI model is a single
reference view of communication that provides a common ground for
education and discussion. [IATF] (see also communications, networks, Open Systems Interconnection Reference model, model, security, system)
- open systems
- Open systems allow interoperability among products from different vendors. [SRV]
Open systems are vendor-independent systems that are designed to
connect readily with other vendors' products. An open system should
conform to a set of standards determined from a consensus of interested
participants, rather than just one or two vendors. [SRV] (see also system)
- open systems interconnection (OSI)
- A set of internationally accepted and openly developed
standards that meet the needs of network resource administration and
integrated network utility. [NSAINT] A seven-layer network
architecture used for the definition of network protocol standards to
enable any OSI-compliant system or device to communicate with any other
OSI-compliant system or device for a meaningful exchange of
information. [SRV] (see also networks, Open Systems Interconnection Reference model, system)
- Open Systems Interconnection Reference model (OSIRM)
- (N) A joint ISO/ITU-T standard [I7498 Part 1] for a
seven-layer, architectural communication framework for interconnection
of computers in networks. (C) OSI-based standards include
communication protocols that are mostly incompatible with the Internet
Protocol Suite, but also include security models, such as X.509, that
are used in the Internet. (C) The OSIRM layers, from highest to lowest, are (7) Application, (6)
Presentation, (5) Session, (4) Transport, (3) Network, (2) Data Link,
and (1) Physical. In this Glossary, these layers are referred to by
number to avoid confusing them with Internet Protocol Suite layers,
which are referred to by name. (C) Some unknown person described how the OSI layers correspond to the seven deadly sins:
- Wrath: Application is always angry at the mess it sees below itself. (Hey! Who is it to be pointing fingers?)
- Sloth: Presentation is too lazy to do anything productive by itself.
- Lust: Session is always craving and demanding what truly belongs to Application's functionality.
- Avarice: Transport wants all of the end-to-end functionality. (Of course, it deserves it, but life isn't fair.)
- Gluttony: (Connection-Oriented) Network is overweight and overbearing after trying too often to eat Transport's lunch.
- Envy:
Poor Data Link is always starved for attention. (With Asynchronous
Transfer Mode, maybe now it is feeling less neglected.)
- Pride: Physical has managed to avoid much of the controversy, and nearly all of the embarrassment, suffered by the others.
(C) John G. Fletcher described how the OSI layers also correspond to Snow White's dwarf friends: - Doc: Application acts as if it is in charge, but sometimes muddles its syntax.
- Sleepy: Presentation is indolent, being guilty of the sin of Sloth.
- Dopey: Session is confused because its charter is not very clear.
- Grumpy: Transport is irritated because Network has encroached on Transport's turf.
- Happy: Network smiles for the same reason that Transport is irritated.
- Sneezy: Data Link makes loud noises in the hope of attracting attention.
- Bashful: Physical quietly does its work, unnoticed by the others.
[RFC2828] (see also internet, networks, public-key infrastructure, security, system, ITU-T, International organization for standardization, model) (includes OSI architecture, open system interconnection model, open systems interconnection)
- open systems security
- Provision of tools for the secure internetworking of open systems. [NSAINT] (see also internet, networks, security, system)
- operating procedure
- A set of rules defining correct use of a Target of Evaluation. [AJP][ITSEC] (see also target of evaluation)
- operating system
- A master control program or set of programs that manages the basic operations of a computer system. [SRV]
Software required by every computer that: a) enables it to perform
basic tasks such as controlling disks, drives, and peripheral devices;
and b) provides a platform on which applications can run. [CIAO]
Software that controls the execution of computer programs and provides
services such as scheduling and input/output control. The central
control program that governs a computer's operations. [SRV] (see also software, system)
- operation
- The process of using a Target of Evaluation. [AJP][ITSEC] (see also target of evaluation)
- operational controls
- Controls that address security mechanisms primarily implemented and executed by people (as opposed to systems) [800-37] (see also security, security controls)
- operational data security
- Protection of data from either accidental or (C.F.D)
unauthorized intentional modification, destruction, or disclosure
during input, processing, storage, transmission, or output operations. [NSTISSC]
The protection of data from either accidental or unauthorized,
intentional modification, destruction, or disclosure during input,
processing, or output operations. [NSAINT] (see also security)
- operational documentation
- The information produced by the developer of a Target of Evaluation to specify and explain how customers should use it. [AJP][ITSEC] (see also target of evaluation)
- operational environment
- The organizational measures, procedures, and standards to be used while operating a Target of Evaluation. [AJP][ITSEC] (see also target of evaluation)
- operational integrity
- (I) A synonym for 'system integrity'; emphasizes the
actual performance of system functions rather than just the ability to
perform them. [RFC2828] (see also security)
- operational key
- Key intended for use over-the-air for protection of
operational information or for the production or secure electrical
transmission of key streams. [NSTISSC] (see also key)
- operational testing
- Testing conducted to evaluate a system or component in its operational environment. [OVT] (see also test)
- operational waiver
- Authority for continued use of unmodified OMSEC end-items pending the completion of a mandatory modification. [NSTISSC]
- operations code (OPCODE)
- Code composed largely of words and phrases suitable for general communications use. [NSTISSC] (see also communications)
- operations manager
- Oversees the security operations and administration of the IT
system to include performing backups, holding training classes,
managing cryptographic keys, keeping up with user administration and
access privileges, and updating security software. [800-37] (see also cryptography, security)
- operations security (OPSEC)
- (I) A process to identify, control, and protect
evidence of the planning and execution of sensitive activities and
operations, and thereby prevent potential adversaries from gaining
knowledge of capabilities and intentions. [RFC2828] A process of
identifying critical information and subsequently analyzing friendly
actions attendant to military operations and other activities to: a.
Identify those actions that can be observed by adversary intelligence
systems. b. Determine indicators hostile intelligence systems might
obtain that could be interpreted or pieced together to derive critical
information in time to be useful to adversaries. c. Select and execute
measures that eliminate or reduce to an acceptable level the
vulnerabilities of friendly actions to adversary exploitation. (JP
1-02) [NSAINT] An analytical process by which the U.S.
Government and its supporting contractors can deny to potential
adversaries information about capabilities and intentions by
identifying, controlling, and protecting evidence of the planning and
execution of sensitive activities and operations. [AJP][NCSC/TG004]
Definition 1) The process of denying adversaries information about
friendly capabilities and intentions by identifying, controlling, and
protecting indicators associated with planning and conducting military
operations and other activities. Definition 2) An analytical process by
with the U.S. Government and its supporting contractors can deny to
potential adversaries information about capabilities and intentions by
identifying, controlling, and protecting evidence of the planning and
execution of sensitive activities and operations. [NSAINT]
Process denying information to potential adversaries about capabilities
and/or intentions by identifying, controlling, and protecting
unclassified generic activities. [NSTISSC] (see also evidence, exploit, security)
- operator
- an individual accessing a cryptographic module, either
directly or indirectly via a process operating on his or her behalf,
regardless of the specific role the individual assumes. [FIPS140] (see also cryptographic module)
- optical character recognition (OCR)
-
- optical fiber
- A light-guide for electromagnetic waves traveling in the
infrared and visible light spectrum. An optical fiber consists of two
different types of glass, core and cladding, surrounded by a protective
coating. The core is the light-guided region of the fiber, while the
cladding ensures that the light pulses remain within the core. [SRV]
- optical scanner
- A peripheral device that can read printed text or
illustrations and translate them into a digitized image (bit map) that
can be stored, displayed, and manipulated on a computer. [CIAO]
- optional modification
- NSA-approved modification not required for universal
implementation by all holders of a COMSEC end-item. This class of
modification requires all of the engineering/doctrinal control of
mandatory modification but is usually not related to security, safety,
TEMPEST, or reliability. [NSTISSC] (see also TEMPEST, communications security)
- oracle
- A mechanism to produce the predicted outcomes to compare with
the actual outcomes of the software under test. (after Adrion) Any
(often automated) means that provides information about the (correct)
expected behavior of a component (HOWD86). Without qualification, this
term is often used synonymously with input/outcome oracle. [OVT] (see also test)
- Orange book
- (D) ISDs SHOULD NOT use this term as a synonym for
'Trusted Computer System Evaluation Criteria' [CSC001, DOD1]. Instead,
use the full, proper name of the document or, in subsequent references,
the abbreviation 'TCSEC'. [RFC2828] Alternate name for DoD (US Department of Defense) Trusted Computer Security Evaluation Criteria. [AJP] Alternate name for DoD Trusted Computer Security Evaluation Criteria. [NCSC/TG004] The DoD Trusted Computer System Evaluation (C.F.D) Criteria (DoD 5200.28-STD). [NSTISSC] (see also computer security, security, rainbow series) (includes A1, C2-protect)
- order of an element in a finite commutative group
- If a0 = e, and an+1 = a*an (for n ³ 0), is defined recursively, the order of a Î J is the least positive integer n such that an = e. [SC27] If a0 = e, and an+1 = a*an (for n ³ 0), is defined recursively, the order of a Î J is the least positive integer n such that an = e. [SC27]
- ordinal variable
- A quantitative variable, the attributes of which are ordered
but for which the numerical differences between adjacent attributes are
not necessarily interpreted as equal. [SRV]
- organisational security policies
- One or more security rules, procedures, practices, or guidelines imposed by an organisation upon its operations. [CC2][CC21][SC27] (see organisational security policy)
- organisational security policy
- The set of laws, rules, and practices that regulate how an
organization manages, protects, and distributes sensitive information. [AJP][FCv1][NCSC/TG004][NSAINT][TCSEC][TDI][TNI] (see also policy, security policy)
- organizational certificate
- (O) MISSI usage: A type of MISSI X.509 public-key
certificate that is issued to support organizational message handling
for the U.S. Government's defense message system. [RFC2828] (see also key, Multilevel Information System Security Initiative, certificate)
- organizational maintenance
- Limited maintenance performed by a user organization. [NSTISSC] (see also user)
- organizational registration
- Entity within the PKI that authenticates the authority (ORA) identity and the organizational affiliation of the users. [NSTISSC] (see also user)
- organizational registration authority (ORA)
- (I) General usage: An RA for an organization. (O)
MISSI usage: The MISSI implementation of RA. A MISSI end entity that
(a) assists a PCA, CA, or SCA to register other end entities, by
gathering, verifying, and entering data and forwarding it to the
signing authority and (b) may also assist with card management
functions. An ORA is a local administrative authority, and the term
refers both to the office or role, and to the person who fills that
office. An ORA does not sign certificates, CRLs, or CKLs. [RFC2828] (see also certificate, Multilevel Information System Security Initiative)
- origin authenticity
- (D) ISDs SHOULD NOT use these terms because they look
like careless use of an internationally standardized term. Instead, use
'data origin authentication' or 'peer entity authentication', depending
which is meant. [RFC2828] (see also authentication)
- originating agency's determination required (OADR)
-
- originator
- The entity that sends a message to the recipient or makes
available a message for which non-repudiation services are to be
provided. [SC27] (see also non-repudiation)
- OSI architecture
- The International Organization for Standardization (ISO)
provides a framework for defining the communications process between
systems. This framework includes a network architecture, consisting of
seven layers. The architecture is referred to as the Open Systems
Interconnection (OSI) Model or Reference Model. Services and the
protocols to implement it for the different layers of the model are
defined by international standards. From a systems viewpoint, the
bottom three layers support the components of the network necessary to
transmit a message, the next three layers generally pertain to the
characteristics of the communicating end systems, and the top layer
supports the end-users. The seven layers are: (1) Physical Layer, (2)
Link Layer, (3) Network Layer, (4) Transport Layer, (5) Session Layer,
(6) Presentation Layer, and (7) Application Layer. [AJP] The
International Organization for Standardization (ISO) provides a
framework for defining the communications process between systems. This
framework includes a network architecture, consisting of seven layers.
The architecture is referred to as the Open Systems Interconnection
(OSI) model or Reference Model. Services and the protocols to implement
them for the different layers of the model are defined by international
standards. From a systems viewpoint, the bottom three layers support
the components of the network necessary to transmit a message, the next
three layers generally pertain to the characteristics of the
communicating end systems, and the top layer supports the end-users.
The seven layers are: 1. Physical Layer: Includes the functions to
activate, maintain, and deactivate the physical connection. It defines
the functional and procedural characteristics of the interface to the
physical circuit: the electrical and mechanical specifications are
considered to be part of the medium itself. 2. Data Link Layer: Formats
the messages. Covers synchronization and error control for the
information transmitted over the physical link, regardless of the
content. 'Point-to point error checking' is one way to describe this
layer. 3. Network Layer: Selects the appropriate facilities. Includes
routing communications through network resources to the system where
the communicating application is: segmentation and reassembly of data
units (packets) ; and some error correction. 4. Transport Layer:
Includes such functions as multiplexing several independent message
streams over a single connection, and segmenting data into
appropriately sized packets for processing by the Network Layer.
Provides end-to-end control of data reliability. 5. Session Layer:
Selects the type of service. Manages and synchronizes conversations
between two application processes. Two main types of dialogue are
provided: two-way simultaneous (fullduplex), or two-way alternating
(half-duplex). Provides control functions similar to the control
language in computer system. 6. Presentation Layer: Ensures that
information is delivered in a form that the receiving system can
understand and use. Communicating parties determine the format and
language (syntax) of messages: translates if required, preserving the
meaning (semantics). 7. Application Layer: Supports distributed
applications by manipulating information. Provides resource management
for file transfer, virtual file and virtual terminal emulation,
distributed processes and other applications. [TNI] (see also communications, model, networks, Open Systems Interconnection Reference model)
- out of band
- (I) Transfer of information using a channel that is outside (i.e., separate from) the channel that is normally used. (C)
Out-of-band mechanisms are often used to distribute shared secrets
(e.g. a symmetric key) or other sensitive information items (e.g. a
root key) that are needed to initialize or otherwise enable the
operation of cryptography or other security mechanisms.$ output
feedback (OFB) (N) A block cipher mode that modifies electronic
codebook mode to operate on plaintext segments of variable length less
than or equal to the block length. (C) This mode operates by
directly using the algorithm's previously generated output block as the
algorithm's next input block (i.e., by 'feeding back' the output block)
and combining (exclusive OR-ing) the output block with the next
plaintext segment (of block length or less) to form the next ciphertext
segment. [RFC2828] (see also cryptography, key, security, shared secret)
- outage
- The period of time for which a communication service or an operation is unavailable. [SRV] (see also communications, failure)
- outcome
- The ultimate, long-term, resulting effects-both expected and
unexpected-of the customer's use or application of the organization's
outputs. [SRV]
- outlier
- An extremely large or small observation that applies to ordinal, interval, and ratio variables. [SRV]
- output
- Data/information produced by computer processing of
transactions. The type of output could be a hard copy, a display on a
terminal, or a computer file. [SRV] Information that has been exported by a TCB. [AJP][TCSEC] (see also trusted computing base)
- output data
- information that is to be output from a cryptographic module
that has resulted from a transformation or computation in the module. [FIPS140] (see also cryptographic module)
- output feedback (OFB)
-
- output transformation
- A function that is applied at the end of the MAC algorithm, before the truncation operation. [SC27]
A function that is applied at the end of the MAC algorithm, before the
truncation operation. [ISO/IEC 9797-1: 1999] A transformation or
mapping of the output of the iteration stage to obtain the hash-code. [SC27] A transformation or mapping of the output of the iteration stage to obtain the hash-code. [SC27] (see also hash)
- outside attack
- (see also attack)
- outsider attack
- (see also attack)
- outsourcing
- The practice of contracting with another entity to perform services that might otherwise be conducted in-house. [FFIEC]
- over-the-air key distribution (OTAD)
- Providing electronic key via over-the-air rekeying, over-the-air key transfer, or cooperative key generation. [NSTISSC] (see also key)
- over-the-air key transfer (OTAT)
- Electronically distributing key without changing traffic
encryption key used on the secured communications path over which the
transfer is accomplished. [NSTISSC] (see also encryption, key)
- over-the-air rekeying (OTAR)
- Changing traffic encryption key or transmission security key
in remote crypto-equipment by sending new key directly to the remote
crypto-equipment over the communications path it secures. [NSTISSC] (see also encryption, key)
- overload
- Hindrance of system operation by placing excess burden on the performance capabilities of a system component. [RFC2828] (see also threat consequence)
- overt channel
- A path within a system or network that is designed for the authorized transfer of data. Compare covert channel. [NCSC/TG004] An overt channel is a path within a network that is designed for the authorized transfer of data. [TNI] Communications path within a system or network that is designed for the authorized transfer of data. [AJP][FCv1][NSTISSC] (see also covert channel, networks, channel)
- overwrite procedure
- A stimulation to change the state of a bit followed by a known pattern. [AJP][NCSC/TG004] Process of writing patterns of data on top of the data stored on a magnetic medium. [NSTISSC] (see also security, erasure) (includes magnetic remanence, remanence)
- overwriting
- The obliteration of recorded data by recording different data on the same storage surface. [SRV]
- owner
- User-granted privileges with respect to security attributes and privileges affecting specific subjects and objects. [AJP][FCv1] (see also user) (includes object, subject)
- package
- A reusable set of either functional or assurance components
(e.g. an EAL), combined together to satisfy a set of identified
security objectives. [CC2][CC21][SC27] A reusable
set of either functional or assurance components combined together to
satisfy a set of identified security objectives. [SC27] A
reusable set of either functional or assurance components combined
together to satisfy a set of identified security objectives. [ISO/IEC
15292: 2001] A reusable set of either functional or assurance
components (e.g. an EAL), combined together to satisfy a set of
identified security objectives. [SC27] (see also assurance, security) (includes object)
- packet
- A block of data sent over the network transmitting the
identities of the sending and receiving stations, error-control
information, and message. [NSAINT] (see also networks)
- packet assembly and disassembly (PAD)
- (see also internet)
- packet filter
- A type of firewall in which each IP packet is examined and
either allowed to pass through or rejected. Normally packet filtering
is a first line of defense and is typically combined with application
proxies for more security. [misc] A type of firewall that
examines each packet and accepts or rejects it based on the security
policy programmed into it in the form of rules. [CIAO] Inspects
each packet for user defined content, such as an IP address but does
not track the state of sessions. This is one of the least secure types
of firewall. [NSAINT] (see also filtering router, packet filtering, security, firewall)
- packet filtering
- A feature incorporated into routers and bridges to limit the
flow of information based on pre-determined communications such as
source, destination, or type of service being provided by the network.
Packet filters let the administrator limit protocol specific traffic to
one network segment, isolate email domains, and perform many other
traffic control functions. [NSAINT] The process of controlling
access by examining packets based on the content of packet headers.
Packet-filtering devices forward or deny packets based on information
in each packet's header, such as IP address or TCP port number. A
packet-filtering firewall uses a rule set to determine which traffic
should be forwarded and which should be blocked. [RFC2647] (see also networks, packet filter, proxy, firewall) (includes stateful packet filtering)
- packet filtering firewall
- A router to block or filter protocols and addresses. [SRV] (see also firewall)
- packet sniffer
- A device or program that monitors the data traveling between computers on a network [NSAINT] Software that observes and records network traffic. [800-61] (see also ethernet sniffing, networks, promiscuous mode, sniffer)
- packet switching
- A message-delivery technique in which small units of
information (packets) are relayed through stations in a computer
network along the best route currently available between the source and
the destination. A packet-switching network handles information in
small units, breaking long messages into multiple packets before
routing. Although each packet may travel along a different path, and
the packets composing a message may arrive at different times or out of
sequence, the receiving computer reassembles the original message.
Packet-switching networks are considered to be fast and efficient. To
manage the tasks of routing traffic and assembling or disassembling
packets, such networks require some intelligence from the computers and
software that control delivery. [SRV] (see also networks, software)
- packet transfer mode (PTM)
- (see also networks)
- padding
- Appending extra bits to a data string. [SC27]
- pagejacking
- (I) A contraction of 'Web page hijacking'. A masquerade
attack in which the attacker copies (steals) a home page or other
material from the target server, rehosts the page on a server the
attacker controls, and causes the rehosted page to be indexed by the
major Web search services, thereby diverting browsers from the target
server to the attacker's server. (D) ISDs SHOULD NOT use this
term without including a definition, because the term is not listed in
most dictionaries and could confuse international readers. [RFC2828] (see also hijack attack, world wide web, attack)
- parameter
- A number that describes a population; a measure such as mean,
median, standard deviation, or proportion that is calculated or defined
by using every item in the population. A value that is given to a
variable. [SRV]
- pareto diagram
- Pareto diagram focuses on vital few areas instead of trivial many. [SRV]
- parity
- Bit(s) used to determine whether a block of data has been altered. [IATF][NSTISSC] (see also security)
- partial order
- A relation that is symmetric (a is related to a), transitive
(if a is related to b and b is related to c, then a is related to c),
and antisymmetric (if a is related to b and b is related to a, then a
and b are identical). [AJP][TDI]
- partition rule base access control (PRBAC)
- (see also access control)
- partitioned security mode
- (N) A mode of operation of an information system,
wherein all users have the clearance, but not necessarily formal access
authorization and need-to-know, for all information handled by the
system. This mode is defined in U.S. Department of Defense policy
regarding system accreditation. [RFC2828] A mode of operation
wherein all personnel have the clearance but not necessarily formal
access approval and need-to-know for all information contained in the
system. Not to be confused with compartmented security mode. [AJP][NCSC/TG004]
IS security mode of operation wherein all personnel have the clearance,
but not necessarily formal access approval and need-to-know, for all
information handled by an IT system. [NSTISSC] (see also accreditation, computer security, modes of operation, security)
- partnership
- A relationship between two or more entities wherein each
accepts responsibility to contribute a specified, but not necessarily
equal, level of effort to the achievement of a common goal. The public
and private sector contributing their relative strengths to protect and
assure the continued operation of critical infrastructures. [CIAO] (see also critical infrastructure)
- party
- NIST or NSA in its capacity as a member of the NIAP Oversight
Body and as a signatory to the agreement on the mutual recognition of
certificates in the field of IT security. [NIAP] (see also National Security Agency, computer security, security, National Institute of Standards and Technology)
- passive
- (1) A property of an object or network object that it lacks
logical or computational capability and is unable to change the
information it contains. (2) Those threats to the confidentiality of
data which, if realized, would not result in any unauthorized change in
the state of the intercommunicating systems (e.g. monitoring and/or
recording of data). [AJP][TNI] (see also confidentiality, networks, threat) (includes object)
- passive attack
- Attack which does not result in an unauthorized state change, such as an attack that only monitors and/or records data. [AFSEC][NSAINT] (see also attack)
- passive threat
- The threat of unauthorized disclosure of information without
changing the state of the computer system. A type of threat that
involves the interception, not the alteration, of information. [AFSEC][NSAINT] (see also threat)
- passive wiretapping
- The monitoring and/or recording of data while the data is being transmitted over a communications link. [SRV] (see also wiretapping)
- passphrase
- A passphrase is a long password. It is often composed of several words and symbols to make it harder to guess. [RFC2504]
A sequence of characters, longer than the acceptable length of a
password, that is transformed by a password system into a virtual
password of acceptable length. [SRV] (see also passwords)
- Password Authentication Protocol (PAP)
- (I) A simple authentication mechanism in PPP. In PAP, a user identifier and password are transmitted in cleartext. [RFC2828] (see also passwords, authentication, security protocol)
- password cracker
- An application that tests for passwords that can be easily
guessed, such as words in the dictionary or simple strings of
characters (e.g., 'abcdefgh' or 'qwertyuiop'). [CIAO] (see also dictionary attack, test, threat)
- password sniffing
- (I) Passive wiretapping, usually on a local area network, to gain knowledge of passwords. [RFC2828]
Sniffers are programs that monitor all traffic on a network, collecting
a certain number of bytes from the beginning of each session, usually
the part where the password is typed unencrypted on certain common
Internet services such as FTP and Telnet. [AFSEC] (see also internet, networks, passwords, sniffing)
- password system
- A system that uses a password or passphrase to authenticate a
person's identity or to authorize a person's access to data and that
consists of a means for performing one or more of the following
password operations: generation, distribution, entry, storage,
authentication, replacement, encryption and/or decryption of passwords.
[SRV] (see also authentication, encryption, system)
- password-locked screensaver
- A screen saver obscures the normal display of a monitor. A
password-locked screensaver can only be deactivated if the end-user's
password is supplied. This prevents a logged-in system from being
abused and hides the work currently being done from passers-by. [RFC2504] (see also passwords)
- passwords
- (I) A secret data value, usually a alphanumeric string, that is used as authentication information. (C)
A password is usually matched with a user identifier that is explicitly
presented in the authentication process, but in some cases the identity
may be implicit. (C) Using a password as authentication
information assumes that the password is known only by the system
entity whose identity is being authenticated. Therefore, in a network
environment where wiretapping is possible, simple authentication that
relies on transmission of static (i.e., repetitively used) passwords as
cleartext is inadequate. [RFC2828] A protected or private alphanumeric string used to authenticate an entity. [SRV] A protected/private alphanumeric string that is used to authenticate an entity. [TCSEC] A protected/private alphanumeric string used to authenticate an entity or to authorize access to data. [AJP][FCv1] A protected/private alphanumeric string used to authenticate an entity. [NCSC/TG004] A secret sequence of characters that is used as a means of authentication. [FFIEC]
A string of characters containing letters, numbers, and other keyboard
symbols that is used to authenticate a user’s identity or authorize
access to data. A password is generally known only to the authorized
user who originated it. [CIAO] A string of characters used to authenticate an entity or to verify access authorization. [FIPS140] Protected/private alphanumeric string used to authenticate an entity or to authorize access to data. [IATF][NSTISSC] (see also 3-factor authentication, Extensible Authentication Protocol, Green book, Kerberos, Password Authentication Protocol, Terminal Access Controller Access Control System, anonymous login, auditing tool, authentication, check_password, community string, computer oracle and password system, crack, critical security parameters, default account, dictionary attack, encrypted key, ethernet sniffing, leapfrog attack, lock-and-key protection system, login, login prompt, networks, password sniffing, password-locked screensaver, personal identification number, print suppression, public-key forward secrecy, rootkit, salt, secret, security-relevant event, shared secret, simple authentication, simple network management protocol, smartcards, sniffer, third party trusted host model, ticket, tokens, user identifier) (includes one-time passwords, passphrase, secure single sign-on, time-dependent password, virtual password)
- patch
- 1) A quick modification of a program, which is sometimes a
temporary fix until the problem can be solved more thoroughly. 2) A
modification to software that fixes an error in an application already
installed on an IS, generally supplied by the vendor of the software. [CIAO] See 'Fixes, Patches and installing them' [RFC2504] Software code that replaces or updates other code. Frequently patches are used to correct security flaws. [FFIEC]
- patch management
- The process of acquiring, testing, and distributing patches to
the appropriate administrators and users throughout the organization. [800-61]
- path coverage
- Metric applied to all path-testing strategies: in a hierarchy
by path length, where length is measured by the number of graph links
traversed by the path or path segment; e.g. coverage with respect to
path segments two links long, three links long, etc. Unqualified, this
term usually means coverage with respect to the set of entry/exit
paths. Often used erroneously as synonym for statement coverage. [OVT] (see also test)
- path discovery
- (I) For a digital certificate, the process of finding a
set of public-key certificates that comprise a certification path from
a trusted key to that specific certificate. [RFC2828] (see also certificate, certification, key, trust, public-key infrastructure)
- path validation
- (I) The process of validating (a) all of the digital
certificates in a certification path and (b) the required relationships
between those certificates, thus validating the contents of the last
certificate on the path. [RFC2828] (see also certificate, certification, public-key infrastructure)
- payment
- A transfer of value. [FFIEC]
- payment card
- (N) SET usage: Collectively refers 'to credit cards,
debit cards, charge cards, and bank cards issued by a financial
institution and which reflects a relationship between the cardholder
and the financial institution.' [RFC2828] (see also Secure Electronic Transaction)
- payment gateway
- (O) SET usage: A system operated by an acquirer, or a
third party designated by an acquirer, for the purpose of providing
electronic commerce services to the merchants in support of the
acquirer, and which interfaces to the acquirer to support the
authorization, capture, and processing of merchant payment messages,
including payment instructions from cardholders. [RFC2828] (see also Secure Electronic Transaction)
- payment gateway certification authority
- (O) SET usage: A CA that issues digital certificates to
payment gateways and is operated on behalf of a payment card brand, an
acquirer, or another party according to brand rules. A SET PCA issues a
CRL for compromised payment gateway certificates. [RFC2828] (see also certificate, certification, Secure Electronic Transaction, public-key infrastructure)
- PC card
- (N) A type of credit card-sized, plug-in peripheral
device that was originally developed to provide memory expansion for
portable computers, but is also used for other kinds of functional
expansion. (C) The international PC Card Standard defines a
non-proprietary form factor in three standard sizes--Types I, II and
III--each of which have a 68-pin interface between the card and the
socket into which it plugs. All three types have the same length and
width, roughly the size of a credit card, but differ in their thickness
from 3.3 to 10.5 mm. Examples include storage modules, modems, device
interface adapters, and cryptographic modules. [RFC2828] (see also cryptography)
- PCA
- (D) ISDs SHOULD NOT use this acronym without a qualifying adjective because that would be ambiguous. [RFC2828]
- PCMCIA
- (N) personal computer memory card international
association, a group of manufacturers, developers, and vendors, founded
in 1989 to standardize plug-in peripheral memory cards for personal
computers and now extended to deal with any technology that works in
the PC card form factor. [RFC2828] (see also automated information system)
- peer access approval (PAAP)
-
- peer access enforcement (PAE)
-
- peer entity authentication
- (I) 'The corroboration that a peer entity in an association is the one claimed.' [RFC2828] (see also authentication)
- peer entity authentication service
- (I) A security service that verifies an identity claimed by or for system entity in an association. (C)
This service is used at the establishment of, or at times during, an
association to confirm the identity of one entity to another, thus
protecting against a masquerade by the first entity. However, unlike
data origin authentication service, this service requires an
association to exist between the two entities, and the corroboration
provided by the service is valid only at the current time that the
service is provided. [RFC2828] (see also authentication)
- peer-to-peer communication (P2P)
- the communications that travel from one user's computer to
another user's computer without being stored for later access on a
server. E-mail is not a P2P communication since it travels from the
sender to a server, and is retrieved by the recipient from the server.
On-line chat, however, is a P2P communication since messages travel
directly from one user to another. [FFIEC] (see also internet)
- penetration
- (I) Successful, repeatable, unauthorized access to a protected system resource. [RFC2828]
(I) Successful, repeatable, unauthorized access to a protected system
resource. The successful unauthorized access to an automated system.
The successful act of bypassing the security mechanisms of a system. [OVT] Gaining unauthorized logical access to sensitive data by circumventing a system's protections. [RFC2828] The successful act of bypassing the security mechanisms of a system. [AJP][NCSC/TG004][SRV] The successful act of bypassing the security mechanisms; the unauthorized access to an automated system. [AFSEC] The successful unauthorized access to an automated system. [NSAINT] The successful violation of a protected system. [TNI] (see also unauthorized access, violation, attack, intrusion, threat consequence) (includes penetration signature, penetration study, penetration test, penetration testing)
- penetration signature
- The characteristics or identifying marks that may be produced by a penetration. [NCSC/TG004][SRV]
The description of a situation or set of conditions in which a
penetration could occur or of system events which in conjunction can
indicate the occurrence of a penetration in progress. [AFSEC][NSAINT] (see also penetration)
- penetration study
- A study to determine the feasibility and methods for defeating controls of a system. [AJP][NCSC/TG004][SRV] (see also penetration, risk management)
- penetration test
- (I) A system test, often part of system certification,
in which evaluators attempt to circumvent the security features of the
computer system. (C) Penetration testing may be performed under
various constraints and conditions. However, for a TCSEC evaluation,
testers are assumed to have all system design and implementation
documentation, including source code, manuals, and circuit diagrams,
and to work under no greater constraints than those applied to ordinary
users. [RFC2828] The process of using approved, qualified
personnel to conduct real-world attacks against a system so as to
identify and correct security weaknesses before they are discovered and
exploited by others. [FFIEC] (see also certification, evaluation, penetration, test)
- penetration testing
- (1) Security testing in which evaluators attempt to circumvent
the security features of a system based on their understanding of the
computer system design and implementation. (2) Tests performed by an
evaluator on the Target of Evaluation to confirm whether known
vulnerabilities are actually exploitable in practice. (3) The portion
of security testing in which the evaluators or penetrators attempt to
circumvent the security features of a system. The evaluators or
penetrators may be assumed to use all system design and implementation
documentation, that may include listings of system source code,
manuals, and circuit diagrams. The evaluators or penetrators work under
no constraints other than those that would be applied to ordinary users
or implementers of untrusted portions of the component. [AJP] A
type of security testing in which testers attempt to circumvent the
security features of a system in an effort to identify system
weaknesses. [AFSEC] Security testing in which evaluators attempt
to circumvent the security features of a system based on their
understanding of the computer system design and implementation. [FCv1][NSTISSC]
Tests performed by an evaluator on the Target of Evaluation to confirm
whether or not known vulnerabilities are actually exploitable in
practice. [ITSEC] The portion of security testing in which the
evaluators attempt to circumvent the security features of a computer
system. The evaluators may be assumed to use all system design and
implementation documentation, which may include listings of system
source code, manuals, and circuit diagrams. The evaluators work under
the same constraints applied to ordinary users. [SRV] The
portion of security testing in which the evaluators attempt to
circumvent the security features of a system. The evaluators may be
assumed to use all system design and implementation documentation, that
may include listings of system source code, manuals, and circuit
diagrams. The evaluators work under the same constraints applied to
ordinary users. [NCSC/TG004][NSAINT] The portion of
security testing in which the evaluators attempt to circumvent the
security features of a system. The evaluators may be assumed to use all
system design and implementation documentation, that may include
listings of system source code, manuals, and circuit diagrams. The
evaluators work under the same constraints applied to ordinary users.
(C) Penetration testing may be performed under various constraints and
conditions. However, for a TCSEC evaluation, testers are assumed to
have all system design and implementation documentation, including
source code, manuals, and circuit diagrams, and to work under no
greater constraints than those applied to ordinary users. [OVT]
The portion of security testing in which the penetrators attempt to
circumvent the security features of a system. The penetrators may be
assumed to use all system design and implementation documentation, that
may include listings of system source code, manuals, and circuit
diagrams. The penetrators work under no constraints other than those
that would be applied to ordinary users or implementors of untrusted
portions of the component. [TNI] The portion of security testing
in which the penetrators attempt to circumvent the security features of
a system. The penetrators may be assumed to use all system design and
implementation documentation, that may include listings of system
source code, manuals, and circuit diagrams. The penetrators work under
no constraints other than those that would be applied to ordinary
users. [TCSEC] (see also exploit, trust, user, penetration, security testing, target of evaluation, test)
- people
- Staff, management, and executives necessary to plan, organize,
acquire, deliver, support, and monitor mission related services,
information systems, and facilities. This includes groups and
individuals external to the organization involved in the fulfillment of
the organization’s mission. Security management personnel should also
be included. [CIAO]
- per-call key
- Unique traffic encryption key generated automatically by
certain secure telecommunications systems to secure single voice or
data transmissions. [NSTISSC] (see also encryption, key)
- perfect forward secrecy
- (see forward secrecy)
- performance gap
- The gap between what customers and stakeholders expect and
what each process and related subprocesses produce in terms of quality,
quantity, time, and cost of services and products. [SRV] (see also quality)
- performance measurement
- The process of developing measurable indicators that can be
systematically tracked to assess progress made in achieving
predetermined goals and using such indicators to assess progress in
achieving these goals. [SRV]
- perimeter
- (see security perimeter)
- perimeter-based security
- The technique of securing a network by controlling access to
all entry and exit points of the network. Usually associated with
firewalls and/or filters. [NSAINT] The technique of securing a network by controlling accesses to all entry and exit points of the network. [IATF] (see also networks, security perimeter)
- periods processing
- (I) A mode of system operation in which information of
different sensitivities is processed at distinctly different times by
the same system, with the system being properly purged or sanitized
between periods. [RFC2828] Processing of various levels of
classified and unclassified information at distinctly different times.
Under the concept of periods processing, the system must be purged of
all information from one processing period before transitioning to the
next. [NSTISSC] The processing of various levels of sensitive
information at distinctly different times. Under periods processing,
the system must be purged of all information from one processing period
before transitioning to the next, when there are different users with
differing authorizations. [AJP][NCSC/TG004]
- peripheral equipment
- Any external device attached to a computer, including monitors, keyboards, mice, printers, optical scanners, and the like. [CIAO]
- permissions
- (I) A synonym for 'authorization', but 'authorization' is preferred in the PKI context. [RFC2828]
A description of the type of authorized interactions a subject can have
with an object. Examples include read, write, execute, add, modify, and
delete. [AJP][NCSC/TG004] Another word for the access controls that are used to control the access to files and other resources. [RFC2504] (see also access control, public-key infrastructure, authorization) (includes object, subject)
- permissive action link (PAL)
-
- permuter
- Device used in crypto-equipment to change the order in which
the contents of a shift register are used in various nonlinear
combining circuits. [NSTISSC] (see also cryptography)
- perpetrator
- The entity from the external environment that is taken to be
the cause of a risk. An entity in the external environment that
performs an attack, i.e. hacker. [NSAINT] The entity from the
external environment that is taken to be the cause of a risk. An entity
in the external environment that performs an attack. [AFSEC] (see also attack)
- personal communications network
- Advanced cellular communications and the internetworking of
both wire and wireless networks that are expected to offer new
communications services via very small portable handsets. The network
will rely on micro-cellular technology- many low power, small coverage,
cells- and a common channel signaling technology, to provide a wide
variety of features in addition to the basic two-way telephone
services. [SRV] Advanced cellular telephone communications and
the interworking of both wired and wireless networks that will offer
new communications services via very small, portable handsets. The
network will rely on microcellular technology - many low-power,
small-coverage cells - and a common channel-signaling technology, such
as that used in the telephone system, to provide a wide variety of
features in addition to the basic two-way calling service. [AJP] (see also internet, networks)
- personal computer (PC)
- (see also automated information system)
- personal computer memory card international association (PCMCIA)
- (see also automated information system)
- personal digital assistant (PDA)
- A pocket-sized, special-purpose personal computer that lacks a conventional keyboard. [FFIEC] (see also automated information system)
- personal identification number (PIN)
- (I) A alphanumeric string used as a password to gain access to a system resource. (C)
Despite the words 'identification' and 'number', a PIN seldom serves as
a user identifier, and a PIN's characters are not necessarily all
numeric. A better name for this concept would have been 'personal
authentication system string (PASS)'. (C) Retail banking applications commonly use 4-digit PINs. FORTEZZA PC card's use up to 12 characters for user or SSO PINs. [RFC2828] A 4 to 12 character alphanumeric code or password used to authenticate an entity, commonly used in banking applications. [FIPS140][SRV] (see also 3-factor authentication, Fortezza, authentication, passwords, shared secret, identification)
- personal security environment (PSE)
- Secure local storage for an entity's private key, the directly
trusted CA key and possibly other data. Depending on the security
policy of the entity or the system requirements this may be e. g. a
cryptographically protected file or a tamper resistant hardware token. [SC27] (see also cryptography, personalization service, public-key infrastructure, tamper, tokens, trust, security)
- personality
- (see personality label)
- personality label
- (O) MISSI usage: A set of MISSI X.509 public-key
certificates that have the same subject DN, together with their
associated private keys and usage specifications, that is stored on a
FORTEZZA PC card to support a role played by the card's user. (C)
When a card's user selects a personality to use in a FORTEZZA-aware
application, the data determines behavior traits (the personality) of
the application. A card's user may have multiple personalities on the
card. Each has a 'personality label', a user-friendly alphanumeric
string that applications can display to the user for selecting or
changing the personality to be used. For example, a military user's
card might contain three personalities: GENERAL HALFTRACK, COMMANDER
FORT SWAMPY, and NEW YEAR'S EVE PARTY CHAIRMAN. Each personality
includes one or more certificates of different types (such as DSA
versus RSA), for different purposes (such as digital signature versus
encryption), or with different authorizations. [RFC2828] (see also Fortezza, certificate, digital signature, encryption, key, Multilevel Information System Security Initiative, public-key infrastructure)
- personalization service
- The service of storing cryptographic information (especially
private keys) to a PSE. NOTE - The organizational and physical security
measures for a service like this are not in the scope of this document.
For organizational measures refer to ITU-T Rec. X.842 | ISO/IEC TR
14516 Guidelines for the use and management of Trusted Third Parties. [SC27] (see also cryptography, personal security environment, security, trust)
- personnel security
- (I) Procedures to ensure that persons who access a
system have proper clearance, authorization, and need-to-know as
required by the system's security policy. [RFC2828] A family of
security controls in the operations class dealing with background
screenings, appropriate access privileges, etc. [800-37] The
procedures established to ensure that all personnel who have access to
any classified information have the required authorizations as well as
the appropriate clearances. [NSAINT] The procedures established
to ensure that all personnel who have access to sensitive information
have the required authority as well as appropriate clearances. [AJP][NCSC/TG004][SRV] (see also security)
- phage
- A program that modifies other programs or databases in
unauthorized ways; especially one that propagates a virus or Trojan
horse. [NSAINT] (see also threat)
- PHF
- Phone book file demonstration program that hackers use to gain
access to a computer system and potentially read and capture password
files. [NSAINT] (see also threat)
- PHF hack
- A well-known and vulnerable CGI script which does not filter out special characters (such as a new line) input by a user. [NSAINT] (see also threat)
- Photuris
- (I) A UDP-based, key establishment protocol for session
keys, designed for use with the IPsec protocols AH and ESP. Superseded
by IKE. [RFC2828] (see also key)
- phracker
- An individual who combines phone phreaking with computer hacking. [NSAINT] Individual who combines phone phreaking with computer hacking. [AFSEC] (see also threat)
- phreaker
- An individual fascinated by the telephone system. Commonly, an
individual who uses his knowledge of the telephone system to make calls
at the expense of another. [NSAINT] (see also threat)
- phreaking
- (I) A contraction of 'telephone breaking'. An attack on
or penetration of a telephone system or, by extension, any other
communication or information system. (D) ISDs SHOULD NOT use this term because it is not listed in most dictionaries and could confuse international readers. [RFC2828] The act of employing technology to attack the public telephone system. The art and science of cracking the phone network. [AFSEC] The art and science of cracking the phone network. [NSAINT] (see also networks, attack)
- physical and environmental protection
- A family of security controls in the operations class dealing
with the protection of an IT system and its environment from threats
related to the facility in which it is housed. Physical and
environmental protection procedures include securing the facility
perimeter from unauthorized access, to protection from faulty plumbing
lines, to protecting against environmental threats such as hurricane or
fire. [800-37] (see also security, threat, unauthorized access)
- physical destruction
- Deliberate destruction of a system component to interrupt or prevent system operation. [RFC2828] (see also threat consequence)
- physical protection
- The safeguarding of a cryptographic module or of cryptographic
keys or other critical security parameters using physical means. [FIPS140] (see also assurance, security, cryptographic boundary)
- physical security
- (I) Tangible means of preventing unauthorized physical
access to a system. e.g. fences, walls, and other barriers; locks,
safes, and vaults; dogs and armed guards; sensors and alarm bells. [RFC2828]
Actions taken for the purpose of restricting and limiting unauthorized
access, specifically, reducing the probability that a threat will
succeed in exploiting critical infrastructure vulnerabilities including
protection against direct physical attacks, e.g., through use of
conventional or unconventional weapons. [CIAO] The application
of physical barriers and control procedures as preventive measures or
counter measures against threats to resources and sensitive
information. [AJP][NCSC/TG004][SRV] The measures used to provide physical protection of resources against deliberate and accidental threats. [NSAINT] (see also counter measures, threat, unauthorized access, Automated Information System security)
- piggyback
- Gaining unauthorized access to a system via another user's legitimate connection. [AJP][NCSC/TG004] The gaining of unauthorized access to a system via another user's legitimate connection. [NSAINT] (see also unauthorized access, between-the-lines-entry)
- piggyback attack
- (I) A form of active wiretapping in which the attacker
gains access to a system via intervals of inactivity in another user's
legitimate communication connection. Sometimes called a
'between-the-lines' attack. [RFC2828] (see also attack)
- piggyback entry
- Unauthorized access that is gained to a computer facility or system via another user's legitimate connection. [SRV] Unauthorized access that is gained to a computer system via another user's legitimate connection. [SRV] (see also unauthorized access, threat)
- pilot testing
- Using a limited version of software under restricted conditions to discover if the programs operate as intended. [SRV] (see also software, test)
- ping of death
- (I) An attack that sends an improperly large ICMP echo
request packet (a 'ping') with the intent of overflowing the input
buffers of the destination machine and causing it to crash. [RFC2828] The use of Ping with a packet size higher than 65,507. This will cause a denial of service. [NSAINT]
The use of Ping with an address number higher than 65,507. This will
cause a SYN flood, and cause a denial of service. RFC-791 says IP
packets can be up to 65,535, with the IP header of 20 bytes, and ICMP
header of 8 octets (65535-20-8 =65507). Sending a bigger packet greater
than 65507 octets causes the originating system to fragment the packet.
[AFSEC] (see also denial of service, attack)
- ping sweep
- (I) An attack that sends ICMP echo requests ('pings')
to a range of IP addresses, with the goal of finding hosts that can be
probed for vulnerabilities. [RFC2828] (see also attack)
- PKCS #10
- (N) A standard from the PKCS series; defines a syntax for requests for public-key certificates. (C)
A PKCS #10 request contains a DN and a public key, and may contain
other attributes, and is signed by the entity making the request. The
request is sent to a CA, who converts it to an X.509 public-key
certificate (or some other form) and returns it, possibly in PKCS #7
format. [RFC2828] (see also certificate, key, public-key cryptography standards, public-key infrastructure)
- PKCS #11
- (N) A standard from the PKCS series; defines a software
CAPI called Cryptoki (pronounced 'crypto-key'; short for 'cryptographic
token interface') for devices that hold cryptographic information and
perform cryptographic functions. [RFC2828] (see also key, software, tokens, public-key cryptography standards)
- PKCS #7
- (N) A standard [PKC07, R2315] from the PKCS series;
defines a syntax for data that may have cryptography applied to it,
such as for digital signatures and digital envelopes. [RFC2828] (see also digital signature, public-key cryptography standards)
- PKIX
- (I) (1.) A contraction of 'Public-Key Infrastructure
(X.509)', the name of the IETF working group that is specifying an
architecture and set of protocols needed to support an X.509-based PKI
for the Internet. (2.) A collective name for that architecture and set
of protocols. (C) The goal of PKIX is to facilitate the use of
X.509 public-key certificates in multiple Internet applications and to
promote interoperability between different implementations that use
those certificates. The resulting PKI is intended to provide a
framework that supports a range of trust and hierarchy environments and
a range of usage environments. PKIX specifies (a) profiles of the v3
X.509 public-key certificate standards and the v2 X.509 CRL standards
for the Internet; (b) operational protocols used by relying parties to
obtain information such as certificates or certificate status; (c)
management protocols used by system entities to exchange information
needed for proper management of the PKI; and (d) information about
certificate policies and CPSs, covering the areas of PKI security not
directly addressed in the rest of PKIX. [RFC2828] (see also certificate, key, trust, internet, public-key infrastructure)
- PKIX private extension
- (I) PKIX defines a private extension to identify an on-line verification service supporting the issuing CA. [RFC2828] (see also public-key infrastructure)
- plain text
- (I) Data that is input to and transformed by an encryption process, or that is output by a decryption process. (C)
Usually, the plaintext input to an encryption operation is cleartext.
But in some cases, the input is ciphertext that was output from another
encryption operation. [RFC2828] Plain, unencrypted text or data. [SRV] Unenciphered information. [SC27] Unencrypted (unciphered) data [SRV] Unencrypted data. [NSAINT] Unencrypted information. [NSTISSC] (see cleartext) (see also cryptography)
- plaintext key
- An unencrypted cryptographic key that is used in its current form. [FIPS140] (see also key, key recovery)
- plan, do, check, act (PDCA)
-
- platform
- A combination of hardware and the most prevalent operating system for that hardware. [SRV] The hardware and systems software on which applications software is developed and operated. [SRV]
The hardware, software, and communications required to provide the
processing environments to support one or more application software
systems. [SRV] (see also software)
- plug-in
- A set of dynamically linked libraries which are used to
augment the functionality of a host system, such as a WWW browser. They
are usually used to allow a WWW browser to display and manipulate data
in proprietary formats, or to add new features to the display or
manipulation of a standard format. [SRV]
- plug-in modules
- Software components that integrate into other software (such as web browsers) to provide additional features. [RFC2504] (see also software, world wide web)
- point estimate
- An estimate of a population parameter that is a single numerical value. [SRV]
- point of control and observation (PCO)
- A place (point) within a testing environment where the
occurrence of test events is to be controlled and observed as defined
by the particular abstract test method used. [OVT] (see also test)
- point-of-sale (POS)
-
- point-to-point key establishment
- The direct establishment of keys between entities, without involving a third party. [SC27] (see also key)
- point-to-point protocol (PPP)
- (I) An Internet Standard protocol for encapsulation and
full-duplex transportation of network layer (mainly OSI layer 3)
protocol data packets over a link between two peers, and for
multiplexing different network layer protocols over the same link.
Includes optional negotiation to select and use a peer entity
authentication protocol to authenticate the peers to each other before
they exchange network layer data. [RFC2828] The point-to-point
protocol, defined in RFC 1661, provides a method for transmitting
packets over serial point-to-point links. There are many other RFCs
which define extensions to the basic protocol. [RFC1983] (see also authentication, internet) (includes point-to-point tunneling protocol)
- point-to-point tunneling protocol (PPTP)
- (I) An Internet client-server protocol (originally
developed by Ascend and Microsoft) that enables a dial-up user to
create a virtual extension of the dial-up link across a network by
tunneling PPP over IP. (C) PPP can encapsulate any Internet
Protocol Suite network layer protocol (or OSI layer 3 protocol).
Therefore, PPTP does not specify security services; it depends on
protocols above and below it to provide any needed security. PPTP makes
it possible to divorce the location of the initial dial-up server
(i.e., the PPTP Access Concentrator, the client, which runs on a
special-purpose host) from the location at which the dial-up protocol
(PPP) connection is terminated and access to the network is provided
(i.e., the PPTP Network Server, which runs on a general-purpose host). [RFC2828]
PPTP is combination of data and control packets. Data packets are PPP
packets encapsulated using the Internet Generic Routing Encapsulation
Protocol Version 2. Control packets perform PPTP service and
maintenance functions. [MSC] (see also networks, point-to-point protocol, security protocol, virtual private network) (includes private communication technology)
- policy
- (D) ISDs SHOULD NOT use this word as an abbreviation
for either 'security policy' or 'certificate policy'. Instead, to avoid
misunderstanding, use the fully qualified term, at least at the point
of first usage. [RFC2828] A document defining acceptable access
to protected, DMZ, and unprotected networks. Security policies
generally do not spell out specific configurations for firewalls;
rather, they set general guidelines for what is and is not acceptable
network access. The actual mechanism for controlling access is usually
the rule set implemented in the DUT/SUT. [RFC2647] mapping of user credentials with authority to act. [misc] (see also TOE security policy model, certificate, firewall, formal security policy model, rule set, secure configuration management, security, security association, security audit, security domain, security policy information file, security policy model, security requirements, source selection, verification) (includes IT security policy, TOE security policy, acceptable use policy, corporate security policy, cryptographic module security policy, designation policy, formal model of security policy, identity-based security policy, integrity policy, organisational security policy, policy management authority, public-key infrastructure, rule-based security policy, secrecy policy, security function policy, security policy, system security policy, technical policy, technical security policy, term rule-based security policy, usage security policy)
- policy approving authority (PAA)
- (O) MISSI usage: The top-level signing authority of a
MISSI certification hierarchy. The term refers both to that
authoritative office or role and to the person who plays that role. (C)
A PAA registers MISSI PCAs and signs their X.509 public-key
certificates. A PAA issues CRLs but does not issue a CKL. A PAA may
issue cross-certificates to other PAAs. [RFC2828] First level of
the PKI Certification Management Authority that approves the security
policy of each PCA. policy certification authority (PCA) Second level
of the PKI Certification Management Authority that formulates the
security policy under which it and its subordinate CAs will issue
public key certificates. [NSTISSC] (see also certificate, certification, key, Multilevel Information System Security Initiative, public-key infrastructure)
- policy certification authority (PCA)
- (I) An X.509-compliant CA at the second level of the
Internet certification hierarchy, under the Internet Policy
Registration Authority (IPRA). Each PCA operates in accordance with its
published security policy and within constraints established by the
IPRA for all PCAs.. [RFC2828] (see also certification, internet, public-key infrastructure)
- policy creation authority
- (O) MISSI usage: The second level of a MISSI
certification hierarchy; the administrative root of a security policy
domain of MISSI users and other, subsidiary authorities. The term
refers both to that authoritative office or role and to the person who
fills that office. (C) A MISSI PCA's certificate is issued by a
policy approving authority. The PCA registers the CAs in its domain,
defines their configurations, and issues their X.509 public-key
certificates. (The PCA may also issue certificates for SCAs, ORAs, and
other end entities, but a PCA does not usually do this.) The PCA
periodically issues CRLs and CKLs for its domain. [RFC2828] (see also certificate, certification, key, Multilevel Information System Security Initiative, public-key infrastructure)
- policy management authority
- (N) Canadian usage: An organization responsible for PKI oversight and policy management in the Government of Canada. [RFC2828] (see also policy, public-key infrastructure)
- policy mapping
- (I) 'Recognizing that, when a CA in one domain
certifies a CA in another domain, a particular certificate policy in
the second domain may be considered by the authority of the first
domain to be equivalent (but not necessarily identical in all respects)
to a particular certificate policy in the first domain.' [RFC2828] (see also certificate, public-key infrastructure)
- polling
- The process of sending messages to individual managed devices to determine their operational status. [SRV]
- polymorphism
- A concept in type theory, according to which a name may denote
objects of many different classes that are related by some common
superclass. [SRV] Polymorphism refers to being able to apply a
generic operation to data of different types. For each type, a
different piece of code is defined to execute the operation. In the
context of object systems, polymorphism means that an object's response
to a message is determined by the class to which it belongs. [SRV]
- pop-up box
- A dialog box that automatically appears when a person accesses a webpage. [FFIEC] (see also internet, world wide web)
- POP3 APOP
- (I) A POP3 'command' (better described as a transaction
type, or a protocol-within-a-protocol) by which a POP3 client
optionally uses keyed hash (based on MD5) to authenticate itself to a
POP3 server and, depending on the server implementation, to protect
against replay attacks. (C) The server includes a unique
timestamp in its greeting to the client. The subsequent APOP command
sent by the client to the server contains the client's name and the
hash result of applying MD5 to a string formed from both the timestamp
and a shared secret that is known only to the client and the server.
APOP was designed to provide as an alternative to using POP3's USER and
PASS (i.e., password) command pair, in which the client sends a
cleartext password to the server. [RFC2828] (see also attack, authentication, hash, key, shared secret)
- POP3 AUTH (AUTH)
- (I) A 'command' (better described as a transaction
type, or a protocol-within-a-protocol) in POP3, by which a POP3 client
optionally proposes a mechanism to a POP3 server to authenticate the
client to the server and provide other security services. (C) If
the server accepts the proposal, the command is followed by performing
a challenge-response authentication protocol and, optionally,
negotiating a protection mechanism for subsequent POP3 interactions.
The security mechanisms used by POP3 AUTH are those used by IMAP4. [RFC2828] (see also authentication, challenge/response, internet)
- population
- A set of persons, things, or events about which there are
questions; all the numbers of a group to be studied as defined by the
auditor; the total collection of individuals or items from which a
sample is selected. Population is also called a universe. [SRV] (see also audit)
- port
- A functional unit of a cryptographic module through which data
or signals can enter or exit the module. Physically separate ports do
not share the same physical pin or wire. [FIPS140] Either an endpoint to a logical connection, or a physical connection to a computer. [FFIEC] (see also cryptography, internet)
- port protection device (PPD)
- (see also assurance)
- port scan
- (I) An attack that sends client requests to a range of
server port addresses on a host, with the goal of finding an active
port and exploiting a known vulnerability of that service. [RFC2828] (see also exploit, attack)
- port scanning
- Using a program to remotely determine which ports on a system
are open (e.g., whether systems allow connections through those ports).
[800-61] (see also internet)
- portability
- The ability of application software source code and data to be
transported without significant modification to more than one type of
computer platform or more than one type of operating system. An
indirect effect of portability combined with interoperability provides
a basis for user portability, i.e., that users are able to move among
applications and transfer skills learned in one operating environment
to another. [SRV] The ability of application software source
code and data to be transported, without significant modification, to
more than one type of computer platform or more than one type of
operating system. It is the degree to which a computer program can be
transferred from one hardware configuration and/or software environment
to another. [SRV] The extent to which a module originally
developed on one computer or operating system can be used on another
computer or operating system. It is the degree to which a computer
program can be transferred from one hardware configuration and/or
software environment to another. [SRV] (see also software)
- portfolio management
- The management of IT projects as investments similar to other
investments in the organization, such as building a new plant,
acquiring a new company, or developing a new product. [SRV]
- positive control material
- Generic term referring to a sealed authenticator system,
permissive action link, coded switch system, positive enable system, or
nuclear command and control documents, material, or devices. [NSTISSC]
- positive enable system (PES)
- (see also system)
- POSIX
- (N) Portable Operating System Interface for Computer
Environments, standard [FP151, IS9945-1] (originally IEEE Standard
P1003.1) that defines an operating system interface and environment to
support application portability at the source code level. It is
intended to be used by both application developers and system
implementers. (C) P1003.1 supports security functionality like
those on most UNIX systems, including discretionary access control and
privilege. IEEE Draft Standard P1003.6.1 specifies additional
functionality not provided in the base standard, including (a)
discretionary access control, (b) audit trail mechanisms, (c) privilege
mechanisms, (d) mandatory access control, and (e) information label
mechanisms. [RFC2828] (see also access control, security)
- Post Office Protocol, version 3 (POP3)
- (I) An Internet Standard protocol by which a client
workstation can dynamically access a mailbox on a server host to
retrieve mail messages that the server has received and is holding for
the client. (C) POP3 has mechanisms for optionally authenticating a client to server and providing other security services. [RFC2828] (see also authentication, security, internet)
- post-accreditation phase
- The post-accreditation phase is the last and ongoing phase of
the certification and accreditation process. Its purpose is to monitor
the status of the IT system to determine if there are any significant
changes to the system configuration, (i.e., modifications to the system
hardware, software, or firmware), or to the operational/threat
environment that might effect the confidentiality, integrity, and/or
availability of the information processed, stored, or transmitted by
the system. The monitoring activity is necessary to ensure an
acceptable level of residual risk is preserved for the system. When
changes to the system or to the system's operational/threat environment
are deemed significant to the security of the IT system,
reaccreditation activities are initiated. [800-37] (see also availability, confidentiality, integrity, risk, security, threat, accreditation)
- post-nuclear event key (PNEK)
- (see also key)
- practices dangerous to security (PDS)
- (see also security)
- pre-authorization
- (I) A capability of a CAW that enables certification
requests to be automatically validated against data provided in advance
to the CA by an authorizing entity. [RFC2828] (see also certification, public-key infrastructure)
- pre-certification phase
- The pre-certification phase is the first phase of the
certification and accreditation process. Its purpose is to prepare for
the verification activities that will take place during the
certification phase. The pre-certification phase consists of six tasks:
system identification; initiation and scope determination; security
plan validation; initial risk assessment; security control validation
and identification; and negotiation. [800-37] (see also accreditation, risk, security, verification, certification)
- pre-signature
- A value computed in the signature process which is a function of the randomizer but is independent of the message. [SC27]
A value computed in the signature process which is a function of the
randomizer but is independent of the message. [ISO/IEC 9796-3: 2000] A
value computed in the signature process which is a function of the
randomizer but which is independent of the message. [SC27] A value computed in the signature process which is a function of the randomizer but which is independent of the message. [SC27] (see also digital signature)
- precision
- Each estimate generated from a probability sample has a
measurable precision, or sampling error, that may be expressed as a
plus or minus figure. A sampling error indicates how closely we can
reproduce from a sample the results that we would obtain if we were to
take a complete count of the population using the same measurement
methods. [SRV] (see also sampling error)
- precondition
- Environmental and state conditions which must be fulfilled before the component can be executed with a particular input value. [OVT]
- precursor
- A sign that an attacker may be preparing to cause an incident. [800-61] (see also attack, incident)
- preferred products list (PPL)
- A list of commercially produced equipment that meets TEMPEST
and other requirements prescribed by the U.S. National Security Agency.
This list is included in the NSA Information Systems Security Products
and Services Catalogue, issued quarterly and available through the
Government Printing Office. [AJP][NCSC/TG004] (see also computer security, Information Systems Security products and services catalogue, National Information Assurance partnership, National Security Agency) (includes TEMPEST)
- prefix free representation
- A representation of a data element for which concatenation with any other data does not produce a valid representation. [SC27]
- preliminary design review (PDR)
-
- preproduction model
- Version of INFOSEC equipment employing standard parts and
suitable for complete evaluation of form, design, and performance.
Preproduction models are often referred to as beta models. [NSTISSC] (see also evaluation)
- pretty good privacy (PGP)
- (O) Trademarks of Network Associates, Inc., referring
to a computer program (and related protocols) that uses cryptography to
provide data security for electronic mail and other applications on the
Internet. (C) PGP encrypts messages with IDEA in CFB mode,
distributes the IDEA keys by encrypting them with RSA, and creates
digital signatures on messages with MD5 and RSA. To establish ownership
of public keys, PGP depends on the web of trust. [RFC2828] A
cryptographic software application for the protection of computer files
and electronic mail. It combines the convenience of the
Rivest-Shamir-Adelman (RSA) public key algorithm with the speed of the
secret-key IDEA algorithm, digital signature, and key management. [SRV] A freeware program primarily for secure electronic mail. [NSAINT]
A program, developed by Phil Zimmerman, which cryptographically
protects files and electronic mail from being read by others. It may
also be used to digitally sign a document or message, thus
authenticating the creator. [RFC1983] A standard program for
securing e-mail and file encryption on the Internet. Its public-key
cryptography system allows for the secure transmission of messages and
guarantees authenticity by adding digital signatures to messages. [IATF] (see also authentication, digital signature, email, networks, software, email security software, encryption, internet, key, privacy, security protocol, web of trust) (includes certificate)
- primary account number (PAN)
- (O) SET usage: 'The assigned number that identifies the
card issuer and cardholder. This account number is composed of an
issuer identification number, an individual account number
identification, and an accompanying check digit as defined by ISO
7812-1985.' [SET2, IS7812] (C) The PAN is embossed, encoded, or
both on a magnetic-strip-based credit card. The PAN identifies the
issuer to which a transaction is to be routed and the account to which
it is to be applied unless specific instructions indicate otherwise.
The authority that assigns the bank identification number part of the
PAN is the American Bankers Association. [RFC2828] (see also cryptography, identification, Secure Electronic Transaction)
- primitive
- An ordering relation between TCB subsets based on dependency a
chain of TCB subsets from A to B exists such that each element of the
chain directly depends on its successor in the chain. [TDI]
Orderly relation between TCB subsets based on dependency. Note: A TCB
subset B is more primitive than a second TCB subset A (and A is less
primitive than B) if A directly depends on B or a chain of TCB subsets
from A to B exists such that each element of the chain directly depends
on its successor in the chain. [AJP][FCv1] (see also trusted computing base)
- principal
- An entity whose identity can be authenticated. [SC27]
- print suppression
- Eliminating the display of characters in order to preserve their secrecy. [NSTISSC]
Eliminating the display of characters to preserve their secrecy; e.g.
not displaying the characters of a password as it is keyed at the input
terminal. [AJP][NCSC/TG004] (see also passwords, security)
- privacy
- (1) The ability of an individual or organization to control
the collection, storage, sharing, and dissemination of personal and
organizational information. (2) The right to insist on adequate
security of, and to define authorized users of, information or systems.
Note: The concept of privacy cannot be very precise, and its use should
be avoided in specifications except as a means to require security,
because privacy relates to 'rights' that depend on legislation. [AJP]
(1) The right of an individual to self-determination as to the degree
to which the individual is willing to share with others information
about himself that may be compromised by unauthorized exchange of such
information among other individuals or organizations. (2) The right of
individuals and organizations to control the collection, storage, and
dissemination of their information or information about themselves. [SRV]
(1) The right of individuals to self-determination as to the degree to
which they are willing to share with others information about
themselves that may be compromised by unauthorized exchange of such
information among other individuals or organizations. (2) The right of
individuals and organizations to control the collection, storage, and
dissemination of their information or information about themselves. [SRV]
(1) the ability of an individual or organization to control the
collection, storage, sharing, and dissemination of personal and
organizational information. (2) The right to insist on adequate
security of, and to define authorized users of, information or systems.
Note: The concept of privacy cannot be very precise and its use should
be avoided in specifications except as a means to require security,
because privacy relates to 'rights' that depend on legislation. [TNI] (I)
The right of an entity (normally a person), acting in its own behalf,
to determine the degree to which it will interact with its environment,
including the degree to which the entity is willing to share
information about itself with others. (O) 'The right of
individuals to control or influence what information related to them
may be collected and stored and by whom and to whom that information
may be disclosed.' (D) ISDs SHOULD NOT use this term as a
synonym for 'data confidentiality' or 'data confidentiality service',
which are different concepts. Privacy is a reason for security rather
than a kind of security. For example, a system that stores personal
data needs to protect the data to prevent harm, embarrassment,
inconvenience, or unfairness to any person about whom data is
maintained, and to protect the person's privacy. For that reason, the
system may need to provide data confidentiality service. [RFC2828] (see also Diffie-Hellman, Generic Security Service Application Program Interface, Kerberos, Samurai, anonymous, cookies, cryptography, key management/exchange, private communication technology, private key, public law 100-235, sandboxed environment, secure hypertext transfer protocol, secure single sign-on, secure socket layer, security, sensitive information, simple key management for IP, quality of protection) (includes confidentiality, data privacy, pretty good privacy, privacy enhanced mail, privacy programs, privacy protection, privacy system, privacy, authentication, integrity, identification, non-repudiation, privacy, authentication, integrity, non-repudiation, speech privacy, virtual private network)
- privacy enhanced mail (PEM)
- (I) An Internet protocol to provide data
confidentiality, data integrity, and data origin authentication for
electronic mail. [R1421, R1422]. (C) PEM encrypts messages with
DES in CBC mode, provides key distribution of DES keys by encrypting
them with RSA, and signs messages with RSA over either MD2 or MD5. To
establish ownership of public keys, PEM uses a certification hierarchy,
with X.509 public-key certificates and X.509 CRLs that are signed with
RSA and MD2. (C) PEM is designed to be compatible with a wide
range of key management methods, but is limited to specifying security
services only for text messages and, like MOSS, has not been widely
implemented in the Internet. [RFC2828] An IETF standard for secure electronic mail exchange. [NSAINT] Internet email which provides confidentiality, authentication, and message integrity using various encryption methods. [RFC1983] (see also authentication, certification, confidentiality, key, public-key infrastructure, email, privacy, security protocol) (includes certificate, encryption)
- privacy programs
- Another term for encryption software that highlights the use
of this software to protect the confidentiality and therefore privacy
of the end-users that make use of it. [RFC2504] (see also confidentiality, software, privacy)
- privacy protection
- The establishment of appropriate administrative, technical,
and physical safeguards to ensure the security and confidentiality of
data records to protect both security and confidentiality against any
anticipated threats or hazards that could result in substantial harm,
embarrassment, inconvenience, or unfairness to any individual about
whom such information is maintained. [SRV] (see also assurance, confidentiality, security, threat, privacy)
- privacy system
- Commercial encryption system that affords telecommunications
limited protection to deter a casual listener, but cannot withstand a
technically competent cryptanalytic attack. [NSTISSC] (see also attack, communications, encryption, privacy)
- privacy, authentication, integrity, identification, non-repudiation (PAIIN)
- (see also authentication, identification, integrity, non-repudiation, privacy)
- privacy, authentication, integrity, non-repudiation (PAIN)
- (see also authentication, availability, integrity, non-repudiation, privacy)
- private accreditation exponent
- Value known only to the accreditation authority, and which is
used in the production of claimants' private accreditation information.
This value shall be kept secret. This value is related to the public
accreditation verification exponent. [SC27] (see also accreditation)
- private accreditation information
- Private information provided to a claimant by an accreditation
authority, and of which a claimant proves knowledge, thereby
establishing the claimant's identity. [SC27] (see also accreditation)
- private branch exchange (PBX)
- A private automatic exchange either unattended or
attendant-operated, serving extensions in an organization and providing
transmission of calls to and from the public telephone network. [SRV]
A private telephone exchange connected to the public telephone network.
It transmits calls to and from the public telephone network. [SRV] (see also networks)
- private communication technology (PCT)
- A standard by Microsoft Corporation for establishing a secure communication link using a public key system. [MSC] (see also privacy, communications, point-to-point tunneling protocol)
- private component
- (I) A synonym for 'private key'. (D) In most
cases, ISDs SHOULD NOT use this term; to avoid confusing readers, use
'private key' instead. However, the term MAY be used when specifically
discussing a key pair; e.g. 'A key pair has a public component and a
private component.' [RFC2828] (see also key)
- private decipherment key
- Private key which defines the private decipherment transformation. [SC27] (see also key)
- private decipherment transformation
- Decipherment transformation determined by an asymmetric encipherment system and the private key of an asymmetric key pair. [SC27] (see also networks)
- private extension
- (see extension)
- private key
- (I) The secret component of a pair of cryptographic keys used for asymmetric cryptography. (O) '(In a public key cryptosystem) that key of a user's key pair which is known only by that user.' [RFC2828] A cryptographic key used with a public key cryptographic algorithm, uniquely associated with an entity, and not made public. [FIPS140]
A cryptographic key used with a public key cryptographic algorithm,
uniquely associated with an entity, and not made public. In an
asymmetric (public) key cryptosystem, the key of an entity's key pair
that is known only by that entity. A private key may be used to: (1)
compute the corresponding public key, (2) make a digital signature that
may be verified by the corresponding public signature, (3) decrypt data
encrypted by the corresponding public key, or (4) compute a piece of
common shared secret information together with other information. The
private key is used to generate a digital signature. This key is
mathematically linked with a corresponding public key. [SRV]
That key of an entity's asymmetric key pair which can only be used by
that entity. NOTE - In the case of an asymmetric signature system the
private key defines the signature transformation. In the case of an
asymmetric encipherment system the private key defines the decipherment
transformation. [SC27] That key of an entity's asymmetric key pair which should only be used by that entity. [SC27]
That key of an entity's asymmetric key pair which should only be used
by that entity. NOTE - A private key shall not normally be disclosed. [SC27]
That key of an entity's asymmetric key pair which should only be used
by that entity. NOTE - A private key shall not normally be disclosed.
[ISO/IEC 11770-1: 1996, ISO/IEC WD 18033-1 (12/2001)] That key of an
entity's asymmetric key pair which should only be used by that entity.
NOTE - In the case of an asymmetric signature system the private key
defines the signature transformation. In the case of an asymmetric
encipherment system the private key defines the decipherment
transformation. [ISO/IEC 9798-1: 1997, ISO/IEC FDIS 15946-3 (02/2001)]
That key of an entity's asymmetric key pair which can only be used by
that entity. NOTE - In the case of an asymmetric signature system the
private key defines the signature transformation. In the case of an
asymmetric encipherment system the private key defines the decipherment
transformation. [ISO/IEC 11770-3: 1999, ISO/IEC WD 13888-1 (11/2001)]
That key of an entity's asymmetric key pair which should only be used
by that entity. [SC27] That key of an entity's asymmetric key
pair which should only be used by that entity. NOTE - In the case of an
asymmetric signature system the private key defines the signature
transformation. In the case of an asymmetric encipherment system the
private key defines the decipherment transformation. [SC27] The
undisclosed key in a matched key pair - private key and public key -
that each party safeguards for public key cryptography. [AJP] The undisclosed key in a matched key pair- private key and public key- used in public key cryptographic systems. [SRV] (see also privacy, secret, asymmetric algorithm, key, public-key infrastructure)
- private signature key
- Private key which defines the private signature transformation. [SC27]
Private key which defines the private signature transformation. NOTE -
This is sometimes referred to as a secret signature key. [SC27]
Private key which defines the private signature transformation. NOTE -
This is sometimes referred to as a secret signature key. [ISO/IEC
9798-1: 1997] Private key which defines the private signature
transformation. [SC27] (see also digital signature, key)
- private-key cryptography
- An encryption methodology in which the encryptor and decryptor
use the same key, which must be kept secret. This methodology is
usually only used by a small group. [NSAINT] (see secret-key cryptography)
- privilege
- (I) An authorization or set of authorizations to
perform security-relevant functions, especially in the context of a
computer operating system. [RFC2828] Special authorization that is granted to particular users to perform security-relevant operations. [AJP][FCv1] (see also authorization) (includes least privilege)
- privilege management infrastructure
- (N) 'The complete set of processes required to provide
an authorization service', i.e., processes concerned with attribute
certificates. (D) ISDs SHOULD NOT use this term and its
definition because the definition is vague, and there is no consensus
on an alternate definition. [RFC2828] (see also certificate)
- privileged access
- Explicitly authorized access of a specific user, process, or computer to a computer resource(s). [NSTISSC] (see also user)
- privileged instructions
- A set of instructions (e.g. interrupt handling or special
computer instructions) to control features (such as storage protection
features) that are generally executable only when the automated system
is operating in the executive state. [AJP][NCSC/TG004] (see also executive state)
- privileged process
- (I) An computer process that is authorized (and,
therefore, trusted) to perform some security-relevant functions that
ordinary processes are not. [RFC2828] (see also security, trust)
- probability-proportional-to-size (PPS)
-
- probe
- A device programmed to gather information about an IS or its users. [CIAO]
Any effort to gather information about a machine or its users for the
apparent purpose of gaining unauthorized access to the system at a
later date. [AFSEC][NSAINT] Type of incident involving an
attempt to gather information about an IS for the apparent purpose of
circumventing its security controls. [NSTISSC] (see also unauthorized access, incident)
- problem
- Often used interchangeably with anomaly, although problem has
a more negative connotation and implies that an error, fault, failure,
or defect does exist. [SRV] (see also failure, fault)
- procedural security
- (D) ISDs SHOULD NOT use this term as a synonym for
'administrative security'. Any type of security may involve procedures;
therefore, the term may be misleading. Instead, use 'administrative
security', 'communication security', 'computer security', 'emanations
security', 'personnel security', 'physical security', or whatever
specific type is meant. [RFC2828] (see also communications security, computer security, emanation, emanations security, security)
- procedure
- A written description of a course of action to be taken to perform a given task. [IEEE610]
- process
- A program in execution. It is completely characterized by a
single current execution point (represented by the machine state) and
address space. [AJP][TCSEC][TNI] A sequence of steps performed for a given purpose; e.g. the software development process. [IEEE610] A set of activities that produce products and services for customers. [SRV] An organised set of activities which uses resources to transform inputs to outputs. [SC27]
Any specific combination of machines, tools, methods, materials, and/or
people employed to attain specific qualities in a product or service. [SRV] (see also software, subject)
- process assurance
- Assurance derived from an assessment of activities of a process. [SC27] (see also assurance)
- process management approach
- Approaches, such as continuous process improvement, business
process redesign, and reengineering, which can be used together or
separately to improve processes and subprocesses. [SRV] (see also business process, quality)
- process owner
- An individual held accountable and responsible for the
workings and improvement of one of the organization's defined processes
and its related subprocesses. [SRV]
- producers
- Providers of IT product security (e.g. product vendors, product developers, security analysts, and value-added resellers). [AJP][FCv1] (see also security)
- product
- (1) A Package of IT software and/or hardware, providing
functionality designed for use or incorporation within a multiplicity
of systems. (2) A Package of IT software and/or hardware designed to
perform a specific function either stand alone or once incorporated
into an IT system. [AJP] A package of IT hardware, software,
and/or firmware providing functionality designed for use or
incorporation within a multiplicity of systems. [NIAP] A package
of IT software and/or hardware designed to perform a specific function
either stand alone or once incorporated into an IT system. [FCv1]
A package of IT software and/or hardware, providing functionality
designed for use or incorporation within a multiplicity of systems. [ITSEC][JTC1/SC27]
A package of IT software, firmware and/or hardware, providing
functionality designed for use or incorporation within a multiplicity
of systems. [CC2][CC21][SC27] (see also software) (includes software product)
- product rationale
- (1) A description of the security capabilities of a product,
giving the necessary information for a prospective purchaser to decide
whether it will help to satisfy his system security objectives. (2)
Overall justification - including anticipated threats, objectives for
product functionality and assurance, technical security policy, and
assumptions about the environments and uses of conforming products -
for the protection profile and its resulting IT product. [AJP] A
description of the security capabilities of a product, giving the
necessary information for a prospective purchaser to decide whether it
will help to satisfy his system security objectives. [ITSEC]
Overall justification; including anticipated threats, objectives for
product functionality and assurance, technical security policy, and
assumptions about the environments and uses of conforming products; for
the protection profile and its resulting IT product. [FCv1] (see also assurance, threat, protection profile) (includes object)
- production
- The process whereby copies of the Target of Evaluation are generated for distribution to customers. [AJP][ITSEC] (see also target of evaluation)
- production model
- INFOSEC equipment in its final mechanical and electrical form. [NSTISSC]
- profile
- Detailed security description of the physical structure,
equipment component, location, relationships, and general operating
environment of an IT product or AIS. [AJP][FCv1] Patterns of a user's activity which can detect changes in normal routines. [NSAINT] (see also security) (includes protection profile, protection profile family)
- profile assurance
- Measure of confidence in the technical soundness of a protection profile. [AJP][FCv1] (see also assurance)
- profiling
- Measuring the characteristics of expected activity so that changes to it can be more easily identified. [800-61]
- program
- A set of instructions in code that, when executed, causes a computer to perform a task. [CIAO]
- program automated information system security incident support team (ASSIST)
- (see also computer security, incident, system)
- program evaluation and review technique (PERT)
- (see also evaluation)
- program manager
- The individual responsible for the IT system during initial
development and acquisition. The program manager is concerned with
cost, schedule, and performance issues for the system as well as
security issues. [800-37] (see also security)
- Programmable key storage device (PKSD)
- (see also key)
- programmable read only memory (PROM)
-
- programming languages and compilers
- The tools used within the development environment in the
construction of the software and/or firmware of a Target of Evaluation.
[AJP][ITSEC] (see also software, target of evaluation)
- promiscuous mode
- Normally an Ethernet interface reads all address information
and accepts follow-on packets only destined for itself, but when the
interface is in promiscuous mode, it reads all information (sniffer),
regardless of its destination. [NSAINT] (see also ethernet sniffing, packet sniffer, threat)
- proof
- The corroboration that evidence is valid in accordance with
the non-repudiation policy in force. NOTE - Proof is evidence that
serves to prove truth or existence of something. [SC27] (see also evidence, non-repudiation)
- proprietary
- (I) Refers to information (or other property) that is
owned by an individual or organization and for which the use is
restricted by that entity. [RFC2828] (I) Refers to information
(or other property) that is owned by an individual or organization and
for which the use is restricted by that entity. [OVT]
- proprietary information (PROPIN)
- Information that is owned by a private enterprise and whose
use and/or distribution is restricted by that enterprise. Note:
Proprietary information may be related to the company's products,
business, or activities, including but not limited to financial
information, data, or statements; trade secrets; product research and
development information; existing and future product designs and
performance specifications; marketing plans or techniques; schematics;
client lists; computer programs; processes; and trade secrets or other
company confidential information. [AJP][FCv1] Material
and information relating to or associated with a company's products,
business, or activities, including but not limited to financial
information; data or statements; trade secrets; product research and
development; existing and future product designs and performance
specifications; marketing plans or techniques; schematics; client
lists; computer programs; processes; and know-how that have been
clearly identified and properly marked by the company as proprietary
information, trade secrets, or company confidential information. The
information must have been developed by the company and not be
available to the Government or to the public without restriction from
another source. [NSTISSC]
- proprietary protocol
- A protocol, network management protocol, or suite of protocols
developed by a private company to manage network resources manufactured
by that company. [SRV] (see also networks)
- protected checksum
- (I) A checksum that is computed for a data object by
means that protect against active attacks that would attempt to change
the checksum to make it match changes made to the data object.
checksum. [RFC2828] (see also attack)
- protected communications
- Telecommunications deriving their protection (C.F.D.) through use of type 2 products or data encryption standard equipment. [NSTISSC] (see also encryption, communications)
- protected communications zone (PCZ)
-
- protected distribution systems (PDS)
- (I) A wireline or fiber-optic system that includes
sufficient safeguards (acoustic, electric, electromagnetic, and
physical) to permit its use for unencrypted transmission of (cleartext)
data. [RFC2828] Wire line or fiber optic distribution system
used to (PDS) transmit unencrypted classified national security
information through an area of lesser classification or control. [NSTISSC] (see also encryption, system)
- protected network
- A network segment or segments to which access is controlled by
the DUT/SUT. Firewalls are intended to prevent unauthorized access
either to or from the protected network. Depending on the configuration
specified by the policy and rule set, the DUT/SUT may allow hosts on
the protected segment to act as clients for servers on either the DMZ
or the unprotected network, or both. Protected networks are often
called 'internal networks.' That term is not used here because
firewalls increasingly are deployed within an organization, where all
segments are by definition internal. [RFC2647] (see also unprotected network, rule set, unauthorized access, demilitarized zone, firewall, networks)
- protected services list (PSL)
-
- protected wireline distribution system (PWDS)
- (see also system)
- protection needs elicitation (PNE)
- Discovering the customer's prioritized requirements for the protection of information. [IATF] (see also assurance, requirements, security)
- protection philosophy
- (1) An informal description of the overall design of a system
that delineates each of the protection mechanisms used. A combination
(appropriate to the evaluation class) of formal and informal techniques
is used to show that the mechanisms are adequate to enforce the
security policy. (2) Informal description of the overall design of an
IT product that shows how each of the supported control objectives is
dealt with. [AJP] An informal description of the overall design
of a system that delineates each of the protection mechanisms employed.
A combination (appropriate to the evaluation class) of formal and
informal techniques is used to show that the mechanisms are adequate to
enforce the security policy. [NCSC/TG004][TCSEC][TNI]
Informal description of the overall design of an IS delineating each of
the protection mechanisms employed. Combination of formal and informal
techniques, appropriate to the evaluation class, used to show the
mechanisms are adequate to enforce the security policy. [NSTISSC]
Informal description of the overall design of an IT product that shows
how each of the supported control objectives is dealt with. [FCv1] (see also assurance, evaluation, security) (includes object)
- protection profile (PP)
- (1) An implementation-independent specification of the
security requirements to be met by any of a set of possible products or
systems. It is a high-level abstraction of the security target, and
principally includes rationale, functional requirements, and assurance
requirements. (2) Statement of security criteria shared by IT product
producers, consumers, and evaluators - built from functional,
development assurance, and evaluation assurance requirements to meet
identified security needs through the development of conforming IT
products. [AJP] A protection profile defines an
implementation-independent set of IT security requirements and
objectives for a category of Target of Evaluations. PPs are intended to
meet common consumer needs for IT security. A rationale for the
selected functional and assurance components is provided. [CC1]
An implementation-independent set of security requirements for a
category of IT products or systems that meet specific consumer needs. [SC27]
An implementation-independent set of security requirements for a
category of IT products or systems that meet specific consumer needs.
[ISO/IEC 15292: 2001] An implementation-independent set of security
requirements for a category of TOEs that meet specific consumer needs. [SC27]
An implementation-independent set of security requirements for a
category of TOEs [Target of Testing] that meet specific consumer needs.
[OVT] An implementation-independent set of security requirements for a category of TOEs that meet specific consumer needs. [CC2][CC21][IATF][SC27] An implementation-independent set of security requirements for a category of products which meet similar consumer needs. [NIAP]
Statement of security criteria; shared by IT product producers,
consumers, and evaluators; built from functional, development
assurance, and evaluation assurance requirements; to meet identified
security needs through the development of conforming IT products. [FCv1] (see also assurance, computer security, test, Common Criteria for Information Technology Security Evaluation, Federal Criteria Vol. I, profile, requirements, security) (includes assignment, decomposition, external security controls, functional protection requirements, product rationale, protection profile family, refinement, trusted computing base)
- protection profile family
- Two or more protection profiles with similar functional
requirements and rationale sections but with different assurance
requirements. [AJP][FCv1] (see also assurance, profile, protection profile)
- protection ring
- (I) One of a hierarchy of privileged operation modes of
a system that gives certain access rights to processes authorized to
operate in that mode. [RFC2828] One of a hierarchy of privileged
modes of a system that gives certain access rights to user programs and
processes authorized to operate in a given mode. [AJP][NCSC/TG004]
One of a hierarchy of privileged modes of an IS that gives certain
access rights to user programs and processes that are authorized to
operate in a given mode. [NSTISSC] (see also assurance, user, modes of operation)
- protection-critical portions of the TCB
- Those portions of the TCB whose normal function is to deal with the control of access between subjects and objects. [TCSEC][TNI]
Those portions of the TCB whose normal function is to deal with the
control of access between subjects and objects. Their correct operation
is essential to the protection of the data on the system. [AJP][NCSC/TG004] (see also assurance, trusted computing base) (includes object, subject)
- protective packaging
- Packaging techniques for COMSEC material that discourage
penetration, reveal a penetration has occurred or was attempted, or
inhibit viewing or copying of keying material prior to the time it is
exposed for use. [NSTISSC] (see also communications security)
- protective technologies
- Special tamper-evident features and materials employed for the
purpose of detecting tampering and deterring attempts to compromise,
modify, penetrate, extract, or substitute information processing
equipment and keying material. protective technology/ Any penetration
of INFOSEC protective technology package incident or packaging, such as
a crack, cut, or tear. (C.F.D.) [NSTISSC] (see also incident, tamper)
- protocol
- (I) A set of rules (i.e., formats and procedures) to
implement and control some type of association (e.g. communication)
between systems. (C) In particular, a series of ordered steps
involving computing and communication that are performed by two or more
system entities to achieve a joint objective. [RFC2828] A format for transmitting data between devices. [FFIEC]
A set of conventions that govern the interaction of processes, devices,
and other components within a system. (ISO) A set of semantic and
syntactic rules that determines the behavior of functional units in
achieving communication. (I) A set of rules (i.e., formats and
procedures) to implement and control some type of association (e.g.,
communication) between systems. Agreed-upon methods of communications
used by computers. A specification that describes the rules and
procedures that products should follow to perform activities on a
network, such as transmitting data. If they use the same protocols,
products from different vendors should be able to communicate on the
same network. A set of rules and formats, semantic and syntactic, that
permits entities to exchange information. Code of correct conduct:
'safety protocols'; 'academic protocol'. Forms of ceremony and
etiquette observed by diplomats and heads of state. [OVT] A set of rules and formats, semantic and syntactic, that allow one IS to exchange information with another. [CIAO] A set of rules and formats, semantic, and syntactic, that permits entities to exchange information. [AJP][NCSC/TG004]
Agreed-upon methods of communications used by computers. A
specification that describes the rules and procedures that products
should follow to perform activities on a network, such as transmitting
data. If they use the same protocols, products from different vendors
should be able to communicate on the same network. [NSAINT] Set of rules and formats, semantic and syntactic, permitting IS's to exchange information. [NSTISSC] (see also communications, internet, networks) (includes security protocol)
- protocol data unit (PDU)
- A PDU is a message of a given protocol comprising payload and
protocol-specific control information, typically contained in a header.
PDUs pass over the protocol interfaces which exist between the layers
of protocols (per OSI model). [OVT]
- protocol suite
- (I) A complementary collection of communication protocols used in computer network. [RFC2828] (see also communications, networks)
- prototyping
- Creating a demonstration model of a new computer application system. [SRV] (see also model)
- prove a correspondence
- Provide a formal correspondence, using a formal reasoning
system (e.g. typed lambda calculus), between the levels of abstraction.
Note: this involves proving that required properties continue to hold
under the interpretation given in the formal correspondence. [AJP][FCv1]
- prowler
- A daemon that is run periodically to seek out and erase core
files, truncate administrative logfiles, nuke lost+found directories,
and otherwise clean up. [NSAINT] (see also threat)
- proxy
- A firewall mechanism that replaces the IP address of a host on
the internal (protected) network with its own IP address for all
traffic passing through it. A software agent that acts on behalf of a
user, typical proxies accept a connection from a user, make a decision
as to whether or not the user or client IP address is permitted to use
the proxy, perhaps does additional authentication, and then completes a
connection on behalf of the user to a remote destination. [NSAINT]
A request for a connection made on behalf of a host. Proxy-based
firewalls do not allow direct connections between hosts. Instead, two
connections are established: one between the client host and the
DUT/SUT, and another between the DUT/SUT and server host. As with
packet-filtering firewalls, proxy-based devices use a rule set to
determine which traffic should be forwarded and which should be
rejected. There are two types of proxies: application proxies and
circuit proxies. [RFC2647] A software agent that acts on behalf
of a user. Typical proxies accept a connection from a user, make a
decision as to whether or not the user or client IP address is
permitted to use the proxy, perhaps does additional authentication, and
then completes a connection on behalf of the user to a remote
destination. [IATF] An application or device acting on behalf of another in responding to protocol requests. [CIAO]
Software agent that performs a function or operation on behalf of
another application or system while hiding the details involved. [NSTISSC] (see also authentication, networks, packet filtering, software, stateful packet filtering, firewall, user) (includes application proxy, circuit proxy, proxy server)
- proxy server
- (I) A computer process--often used as, or as part of, a
firewall--that relays a protocol between client and server computer
systems, by appearing to the client to be the server and appearing to
the server to be the client. (C) In a firewall, a proxy server
usually runs on a bastion host, which may support proxies for several
protocols (e.g. FTP, HTTP, and TELNET). Instead of a client in the
protected enclave connecting directly to an external server, the
internal client connects to the proxy server which in turn connects to
the external server. The proxy server waits for a request from inside
the firewall, forwards the request to the remote server outside the
firewall, gets the response, then sends the response back to the
client. The proxy may be transparent to the clients, or they may need
to connect first to the proxy server, and then use that association to
also initiate a connection to the real server. (C) Proxies are
generally preferred over SOCKS for their ability to perform caching,
high-level logging, and access control. A proxy can provide security
service beyond that which is normally part of the relayed protocol,
such as access control based on peer entity authentication of clients,
or peer entity authentication of servers when clients do not have that
capability. A proxy at OSI layer 7 can also provide finer-grained
security service than can a filtering router at OSI layer 3. For
example, an FTP proxy could permit transfers out of, but not into, a
protected network. [RFC2828] A server that runs a proxy version
of an application, such as email, and filters messages according to a
set of rules for that application. [CIAO] A software agent that
acts on behalf of something or someone else; decides whether or not the
user has permission to use the proxy, perhaps does additional
authentication, then connects to a remote destination on behalf of the
user. [misc] An Internet server that controls client computers'
access to the Internet. Using a proxy server, a company can stop
employees from accessing undesirable websites, improve performance by
storing webpages locally, and hide the internal network's identity so
monitoring is difficult for external users. [FFIEC] (see also access control, authentication, world wide web, internet, proxy)
- pseudo-flaw
- An apparent loophole deliberately implanted in an operating system program as a trap for intruders. [AJP][NCSC/TG004] (see also risk management, threat)
- pseudo-random
- (I) A sequence of values that appears to be random (i.e., unpredictable) but is actually generated by a deterministic algorithm. [RFC2828] (see also random)
- pseudo-random number generator
- (I) A process used to deterministically generate a
series of numbers (usually integers) that appear to be random according
to certain statistical tests, but actually are pseudo-random. (C) Pseudo-random number generators are usually implemented in software. [RFC2828] (see also software, test, random)
- psychological operations (PSYOP)
- Planned operations to convey selected information and
indicators to foreign audiences to influence their emotions, motives,
objective reasoning, and ultimately the behavior of foreign
governments, organizations, groups, and individuals. The purpose of
psychological operations is to induce or reinforce foreign attitudes
and behavior favorable to the originator's objectives. (JP 1-02) [NSAINT] (see also threat)
- public accreditation verification exponent
- Value agreed by all members of a group of entities, and which,
in conjunction with the modulus, determines the value of the private
accreditation exponent. [SC27] (see also verification, accreditation)
- public component
- (I) A synonym for 'public key'. (D) In most
cases, ISDs SHOULD NOT use this term; to avoid confusing readers, use
'private key' instead. However, the term MAY be used when specifically
discussing a key pair; e.g. 'A key pair has a public component and a
private component.' [RFC2828] (see also key)
- public confidence
- Trust bestowed by citizens based on demonstrations and
expectations of their government's ability to provide for their common
defense and economic security and behave consistent with the interests
of society; and their critical infrastructures' ability to provide
products and services at expected levels and to behave consistent with
their customers' best interests. [CIAO] (see also trust)
- public cryptography
- Body of cryptographic and related knowledge, (C.F.D.) study,
techniques, and applications that is, or is intended to be, in the
public domain. public key cryptography (PKC) Encryption system using a
linked pair of keys. What one key encrypts, the other key decrypts.
public key infrastructure (PKI) Framework established to issue,
maintain, and revoke public key certificates accommodating a variety of
security technologies, including the use of software. [NSTISSC] (see also encryption)
- public encipherment key
- Public key which defines the public encipherment transformation. [SC27] (see also key, public-key infrastructure)
- public encipherment transformation
- Encipherment transformation determined by an asymmetric encipherment system and the public key of an asymmetric key pair. [SC27] (see also public-key infrastructure)
- public key
- (I) The publicly-disclosable component of a pair of cryptographic keys used for asymmetric cryptography. (O) '(In a public key cryptosystem) that key of a user's key pair which is publicly known.' [RFC2828]
A cryptographic key used with a public key cryptographic algorithm,
uniquely associated with an entity, and that may be made public. In an
asymmetric (public) key cryptosystem that key of an entity's key pair
that may be publicly known. A public key may be used to (1) verify a
digital signature that is signed by the corresponding private key, (2)
encrypt data that may be decrypted by the corresponding private key,
and (3) compute a piece of shared information by other parties. The
public key is used to verify a digital signature. This key is
mathematically linked with a corresponding private key. [SRV] That key of an entity's asymmetric key pair which can be made public. [SC27]
That key of an entity's asymmetric key pair which can be made public.
NOTE - In the case of an asymmetric signature system the public key
defines the verification transformation. In the case of an asymmetric
encipherment system the public key defines the encipherment
transformation. A key that is 'publicly known' is not necessarily
globally available. The key may only be available to all members of a
pre-specified group. [SC27] That key of an entity's asymmetric
key pair which can be made public. [ISO/IEC FDIS 9796-2 (12/2001),
ISO/IEC 11770-1: 1996, ISO/IEC WD 18033-1 (12/2001)] That key of an
entity's asymmetric key pair which can be made public. NOTE - In the
case of an asymmetric signature system the public key defines the
verification transformation. In the case of an asymmetric encipherment
system the public key defines the encipherment transformation. A key
that is 'publicly known' is not necessarily globally available. The key
may only be available to all members of a pre-specified group. [SC27]
The key in a matched key pair - private key and public key - that may
be published, e.g. posted in a directory, for public key cryptography. [AJP]
The key in a matched key pair-private key and public key - that is made
public; for example, posted in a public directory for public key
cryptography. [SRV] (see also asymmetric algorithm, key, public-key infrastructure)
- public key derivation function
- A domain parameter, whose function is to map strings of bits
into positive integers. NOTE 1 - This function is used to transform an
entity's identification data into the entity's verification key, and
satisfies the following two properties.
- It is computationally infeasible to find any two distinct inputs which map to the same output.
- Either the probability that a randomly chosen value Y
is in the range of the function is negligibly small, or for a given
output it is computationally infeasible to find for a given output, an
input which maps to this output.
[SC27] A domain
parameter, whose function is to map strings of bits into positive
integers. NOTE 1 - This function is used to transform an entity's
identification data into the entity's verification key, and satisfies
the following two properties. - It is computationally infeasible to find any two distinct inputs which map to the same output.
- Either the probability that a randomly chosen value Y
is in the range of the function is negligibly small, or for a given
output it is computationally infeasible to find for a given output, an
input which maps to this output.
NOTE 2 - Negligibility and computational infeasibility depend on the specific security requirements and environment. [SC27] (see also identification, asymmetric cryptography, public-key infrastructure)
- public key information
- Information containing at least the entity's distinguishing
identifier and public key. The public key information is limited to
data regarding one entity, and one public key for this entity. There
may be other static information regarding the certification authority,
the entity, the public key, restrictions on key usage, the validity
period, or the involved algorithms, included in the public key
information. [SC27] Information specific to a single entity and
which contains at least the entity's distinguishing identifier and at
least one public key for this entity. There may be other information
regarding the certification authority, the entity, and the public key
included in the public key information, such as the validity period of
the public key, the validity period of the associated private key, or
the identifier of the involved algorithms. [SC27] Information
specific to a single entity and which contains at least the entity's
distinguishing identifier and at least one public key for this entity.
There may be other information regarding the certification authority,
the entity, and the public key included in the public key information,
such as the validity period of the public key, the validity period of
the associated private key, or the identifier of the involved
algorithms. [ISO/IEC 9798-1: 1997] Information specific to a single
entity which contains at least the entity's distinguishing identifier
and at least one public key for this entity. There may be other
information regarding the certification authority, the entity, and the
public key included in the public key information, such as the validity
period of the public key, the validity period of the associated private
key, or the identifier of the involved algorithms. [ISO/IEC 11770-1:
1996] Information containing at least the entity's distinguishing
identifier and public key. The public key information is limited to
data regarding one entity, and one public key for this entity. There
may be other static information regarding the certification authority,
the entity, the public key, restrictions on key usage, the validity
period, or the involved algorithms, included in the public key
information. [SC27] Information specific to a single entity
which contains at least the entity's distinguishing identifier and at
least one public key for this entity. There may be other information
regarding the certification authority, the entity, and the public key
included in the public key information, such as the validity period of
the public key, the validity period of the associated private key, or
the identifier of the involved algorithms. [SC27] (see also asymmetric cryptography, public-key infrastructure)
- public key system
- Cryptographic scheme consisting of three functions:
- Key production, a method for generating a key pair made up of a private signature key and a public verification key,
- Signature production, a method for generating a signature S from a message representative F and a private signature key, and
- Signature opening, a method for obtaining the recovered message representative F* from a signature S
and a public verification key. The output of this function also
contains an indication as to whether the signature opening procedure
succeeded or failed.
[SC27] (see also asymmetric cryptography, public-key infrastructure, system)
- public law 100-235
- Also known as the Computer Security Act of 1987. This U.S. law
creates a means for establishing minimum acceptable security practices
for improving the security and privacy of sensitive information in
federal computer systems. This law assigns to the U.S. National
Institute of Standards and Technology responsibility for developing
standards and guidelines for federal computer systems processing
unclassified data. The law also requires establishment of security
plans by all operators of federal computer systems that contain
sensitive information. [AJP][NCSC/TG004] (see also computer security, privacy, security)
- public verification key
- Public key which defines the public verification transformation. [SC27] (see also public-key infrastructure)
- public-key algorithm (PKA)
- (see also key)
- public-key certificate
- (I) A digital certificate that binds a system entity's
identity to public key value, and possibly to additional data items; a
digitally-signed data structure that attests to the ownership of a
public key. (C) The digital signature on a public-key
certificate is unforgeable. Thus, the certificate can be published,
such as by posting it in a directory, without the directory having to
protect the certificate's data integrity. (O) 'The public key of
a user, together with some other information, rendered unforgeable by
encipherment with the private key of the certification authority which
issued it.' [RFC2828] Contains the name of a user, the public
key component of the user, and the name of the issuer who vouches that
the public key component is bound to the named user. [NSTISSC] The public key information of an entity signed by the certification authority and thereby rendered unforgeable. [SC27]
The public key information of an entity signed by the certification
authority and thereby rendered unforgeable. NOTE - In the context of
this part of ISO/IEC 9796 the public key information contains the
information about the verification key and the domain parameters. [SC27]
The public key information of an entity signed by the certification
authority and thereby rendered unforgeable. [ISO/IEC 9798-1: 1997,
ISO/IEC 11770-1: 1996, ISO/IEC 11770-3: 1999, ISO/IEC WD 13888-1
(11/2001)] The public key information of an entity signed by the
certification authority and thereby rendered unforgeable. NOTE - In the
context of this part of ISO/IEC 9796 the public key information
contains the information about the verification key and the domain
parameters. [SC27] (see also certification, digital signature, test, certificate, key)
- public-key cryptography (PKC)
- (I) The popular synonym for 'asymmetric cryptography'. [RFC2828]
Cryptography using two matched keys (or asymmetric cryptography) in
which a single private key is not shared by a pair of users. Instead,
each user has a key pair. Each key pair consists of a private key that
is kept secret by the user and a public key that is posted in a public
directory. Public key cryptography is used to perform: (1) digital
signature, (2) secure transmission or exchange of secret keys, and/or
(3) encryption and decryption. [SRV] Cryptography using two
matched keys (or asymmetric cryptography) in which a single private key
is not shared by a pair of users. Instead, users have their own key
pairs. Each key pair consists of a matched private and public key.
Public key cryptography can perform (1) digital signature, (2) secure
transmission or exchange of secret keys, and/or (3) encryption and
decryption. Examples of public key cryptography are DSS (Digital
Signature Standard) and RSA (Rivest, Shamir, and Adleman). [AJP]
Type of cryptography in which the encryption process is publicly
available and unprotected, but in which a part of the decryption key is
protected so that only a party with knowledge of both parts of the
decryption process can decrypt the cipher text. [NSAINT] (see also encryption, public-key infrastructure, key) (includes Rivest-Shamir-Adleman)
- public-key cryptography standards (PKCS)
- (I) A series of specifications published by RSA
Laboratories for data structures and algorithm usage for basic
applications of asymmetric cryptography. (C) The PKCS were begun
in 1991 in cooperation with industry and academia, originally including
Apple, Digital, Lotus, Microsoft, Northern Telecom, Sun, and MIT.
Today, the specifications are widely used, but they are not sanctioned
by an official standards organization, such as ANSI, ITU-T, or IETF.
RSA Laboratories retains sole decision-making authority over the PKCS. [RFC2828] A set of standards proposed by RSA Data Security Inc. for a public-key based system. [misc] (see also public-key infrastructure, Rivest-Shamir-Adleman, asymmetric algorithm, key) (includes PKCS #10, PKCS #11, PKCS #7)
- public-key forward secrecy
- (I) For a key agreement protocol based on asymmetric
cryptography, the property that ensures that a session key derived from
a set of long-term public and private keys will not be compromised if
one of the private keys is compromised in the future. (C) Some
existing RFCs use the term 'perfect forward secrecy' but either do not
define it or do not define it precisely. While preparing this Glossary,
we tried to find a good definition for that term, but found this to be
a muddled area. Experts did not agree. For all practical purposes, the
literature defines 'perfect forward secrecy' by stating the
Diffie-Hellman algorithm. The term 'public-key forward secrecy'
(suggested by Hilarie Orman) and the 'I' definition stated for it here
were crafted to be compatible with current Internet documents, yet be
narrow and leave room for improved terminology. (C) Challenge to
the Internet security community: We need a taxonomy--a family of
mutually exclusive and collectively exhaustive terms and definitions to
cover the basic properties discussed here--for the full range of
cryptographic algorithms and protocols used in Internet Standards: (C) Involvement of session keys vs. long-term keys: Experts disagree about the basic ideas involved.
- One
concept of 'forward secrecy' is that, given observations of the
operation of a key establishment protocol up to time t, and given some
of the session keys derived from those protocol runs, you cannot derive
unknown past session keys or future session keys.
- A related
property is that, given observations of the protocol and knowledge of
the derived session keys, you cannot derive one or more of the
long-term private keys.
- The 'I' definition presented above
involves a third concept of 'forward secrecy' that refers to the effect
of the compromise of long-term keys.
- All three concepts
involve the idea that a compromise of 'this' encryption key is not
supposed to compromise the 'next' one. There also is the idea that
compromise of a single key will compromise only the data protected by
the single key. In Internet literature, the focus has been on
protection against decryption of back traffic in the event of a
compromise of secret key material held by one or both parties to a
communication.
(C) Forward vs. backward: Experts are
unhappy with the word 'forward', because compromise of 'this'
encryption key also is not supposed to compromise the 'previous' one,
which is 'backward' rather than forward. In S/KEY, if the key used at
time t is compromised, then all keys used prior to that are
compromised. If the 'long-term' key (i.e., the base of the hashing
scheme) is compromised, then all keys past and future are compromised;
thus, you could say that S/KEY has neither forward nor backward
secrecy. (C) Asymmetric cryptography vs. symmetric: Experts
disagree about forward secrecy in the context of symmetric
cryptographic systems. In the absence of asymmetric cryptography,
compromise of any longterm key seems to compromise any session key
derived from the long-term key. For example, Kerberos isn't forward
secret, because compromising a client's password (thus compromising the
key shared by the client and the authentication server) compromises
future session keys shared by the client and the ticket-granting
server. (C) Ordinary forward secrecy vs. 'perfect' forward
secret: Experts disagree about the difference between these two. Some
say there is no difference, and some say that the initial naming was
unfortunate and suggest dropping the word 'perfect'. Some suggest using
'forward secrecy' for the case where one long-term private key is
compromised, and adding 'perfect' for when both private keys (or, when
the protocol is multi-party, all private keys) are compromised. (C)
Acknowledgments: Bill Burr, Burt Kaliski, Steve Kent, Paul Van
Oorschot, Michael Wiener, and, especially, Hilarie Orman contributed
ideas to this discussion. [RFC2828] (see also authentication, encryption, hash, internet, key, passwords, security, forward secrecy)
- public-key infrastructure (PKI)
- (I) A system of CAs (and, optionally, RAs and other
supporting servers and agents) that perform some set of certificate
management, archive management, key management, and token management
functions for a community of users in an application of asymmetric
cryptography. (O) PKIX usage: The set of hardware, software,
people, policies, and procedures needed to create, manage, store,
distribute, and revoke digital certificates based on asymmetric
cryptography. (C) The core PKI functions are (a) to register
users and issue their public-key certificates, (b) to revoke
certificates when required, and (c) to archive data needed to validate
certificates at a much later time. Key pairs for data confidentiality
may be generated (and perhaps escrowed) by CAs or RAs, but requiring a
PKI client to generate its own digital signature key pair helps
maintain system integrity of the cryptographic system, because then
only the client ever possesses the private key it uses. Also, an
authority may be established to approve or coordinate CPSs, which are
security policies under which components of a PKI operate. (C) A
number of other servers and agents may support the core PKI, and PKI
clients may obtain services from them. The full range of such services
is not yet fully understood and is evolving, but supporting roles may
include archive agent, certified delivery agent, confirmation agent,
digital notary, directory, key escrow agent, key generation agent,
naming agent who ensures that issuers and subjects have unique
identifiers within the PKI, repository, ticket-granting agent, and time
stamp agent. [RFC2828] An architecture that is used to bind
public keys to entities, enable other entities to verify public key
bindings, revoke such bindings, and provide other services critical to
managing public keys. [SRV] Framework established to issue,
maintain, and revoke public key certificates accommodating a variety of
security technologies, including the use of software. [CIAO]
Public and private keys, digital certificates, certification
authorities, certificate revocation lists, and the standards that
govern the use and validity of these elements make up an infrastructure
where principals can engage in private and non-repudiable transactions.
This combination is called the Public Key Infrastructure. [IATF][misc]
The system consisting of TTPs, together with the services they make
available to support the application (including generation and
validation) of digital signatures, and of the persons or technical
components, who use these services. NOTE - Sometimes the persons and
the technical components participating in a PKI by using the services
of TTPs, but not being TTPs themselves, are referred as end entities.
An example of a technical equipment used by an end entity is a smart
card which may be used as a storage and or processing device. [SC27]
The use of public key cryptography in which each customer has a key
pair (i.e., a unique electronic value called a public key and a
mathematically-related private key). The private key is used to encrypt
(sign) a message that can only be decrypted by the corresponding public
key or to decrypt a message previously encrypted with the public key.
The public key is used to decrypt a message previously encrypted
(signed) using an individual's private key or to encrypt a message so
that it can only be decrypted (read) using the intended recipient's
private key. [FFIEC] (see also Abstract Syntax Notation One, Cryptographic Message Syntax, Internet Policy Registration Authority, MISSI user, Open Systems Interconnection Reference model, X.500 Directory, archive, authenticate, authority, bind, capability, certificate chain, certificate chain validation, certificate domain parameters, certificate expiration, certificate management services, certification, certification policy, certify, common security, confidentiality, critical, cryptoperiod, directory service, directory vs. Directory, domain, end entity, end-user, geopolitical certificate authority, issue, issuer, key lifetime, key management, key material identifier, object identifier, permissions, personal security environment, policy mapping, pre-authorization, privacy enhanced mail, public-key cryptography, public-key cryptography standards, registration, registration service, relying party, repository, secure hypertext transfer protocol, security event, slot, software, strong authentication, subject, tokens, trust, trust chain, trust hierarchy, trusted key, trusted third party, tunnel, unforgeable, valid signature, validate vs. verify, web of trust, key, policy, security) (includes Federal Public-key Infrastructure, Minimum Interoperability Specification for PKI Components, PKCS #10, PKIX, PKIX private extension, RA domains, SET private extension, SET qualifier, Simple Public Key Infrastructure/Simple Distributed Security Infrastructure, X.509, X.509 authority revocation list, X.509 certificate revocation list, account authority digital signature, attribute authority, bilateral trust, brand CRL identifier, brand certification authority, cardholder certification authority, certificate authority, certificate creation, certificate directory, certificate management, certificate policy, certificate policy qualifier, certificate reactivation, certificate rekey, certificate renewal, certificate request, certificate revocation, certificate status responder, certificate update, certificate validation, certification authorities, certification authority, certification authority digital signature, certification authority workstation, certification hierarchy, certification path, certification practice statement, certification request, certification service, class 2, 3, 4, or 5, common name, compromised key list, delta CRL, digital id, digital signature, directly trusted CA, directly trusted CA key, distinguished name, distribution point, extension, hierarchical PKI, hierarchy management, hierarchy of trust, indirect certificate revocation list, invalidity date, merchant certification authority, mesh PKI, path discovery, path validation, payment gateway certification authority, personality label, policy approving authority, policy certification authority, policy creation authority, policy management authority, private key, public encipherment key, public encipherment transformation, public key, public key derivation function, public key information, public key system, public verification key, registration authority, revocation date, root, subordinate certification authority, top CA, trust-file PKI, v1 CRL, v2 CRL, validity period)
- purge
- The removal of sensitive data from an AIS, AIS storage device,
or peripheral device with storage capacity, at the end of a processing
period. This action is performed in such a way that there is assurance
proportional to the sensitivity of the data that the data may not be
reconstructed. An AIS must be disconnected from any external network
before a purge. After a purge, the medium can be declassified by
observing the review procedures of the respective agency. [AJP][NCSC/TG004] To render stored applications, files, and other information on a system unrecoverable. [CIAO] (see also assurance, networks, risk)
- purging
- (1) The orderly review of storage and removal of inactive or
obsolete data files. (2) The removal of obsolete data by erasure, by
overwriting of storage, or by resetting registers. [SRV] Rendering stored information unrecoverable. [NSTISSC]
- push technology
- Technology that allows users to sign up for automatic
downloads of online content, such as virus signature file updates,
patches, news, and Web site updates, to their email boxes or other
designated directories on their computers. [CIAO] (see also world wide web)
- QUADRANT
- Short name referring to technology that provides tamper-resistant protection to crypto-equipment. [NSTISSC] (see also cryptography, tamper)
- quality
- (1) The degree to which a system, component, or process meets
specified requirements. (2) The degree to which a system, component, or
process meets customer or user needs or expectations. [IEEE610] (see also Forum of Incident Response and Security Teams, National Information Assurance partnership, accountability, attribute, benchmarking, business process reengineering, data integrity, evaluation, evaluation authority, performance gap, process management approach, security, standard, stretch goal, system integrity, value analysis) (includes European quality award, business process improvement, continuous process improvement, national quality award, quality assurance, quality attributes, quality control, quality function deployment, quality of protection, software quality assurance, total quality management)
- quality assurance (QA)
- A planned and systematic pattern of all actions necessary to
provide confidence that adequate technical requirements are
established, that products and services conform to established
technical requirements, and that satisfactory performance is achieved. [SRV] (see also assurance, quality)
- quality assurance/control (QA/QC)
- (see also assurance)
- quality attributes
- Requirements that software must meet, such as usability, efficiency, reliability, maintainability, and portability. [SRV] (see also software, quality)
- quality control (QC)
- The system or procedure used to check on product quality throughout the acquisition process. [SRV] (see also quality)
- quality function deployment (QFD)
- A system for translating consumer/customer requirements into
appropriate company requirements at each stage, from research and
product development, to engineering and manufacturing, to
marketing/sales and distribution (ASI). [SRV] (see also quality)
- quality of protection (QOP)
- Quality of protection refers to the set of security functions
that are applied to what needs to be protected. The QOP can consist of
any combination of authentication, privacy, integrity, and
non-repudiation. [misc] (see also assurance, security, evaluation, quality) (includes authentication, encryption strength, integrity, non-repudiation, privacy)
- questions on controls
- The policies and procedures and practices and organizational
structures designed to provide reasonable assurance that business
objectives will be achieved and that undesired events will be prevented
or detected and corrected. [CIAO] (see also security controls)
- queuing theory
- An area of operations research that describes the behavior of networks of queues and servers using algebra. [SRV] (see also networks)
- RA domains
- (I) A capability of a CAW that allows a CA to divide the responsibility for certification requests among multiple RAs. (C)
This capability might be used to restrict access to private
authorization data that is provided with a certification request, and
to distribute the responsibility to review and approve certification
requests in high volume environments. RA domains might segregate
certification requests according to an attribute of the certificate
subject, such as an organizational unit. [RFC2828] (see also certificate, certification, public-key infrastructure)
- radix
- Base of a geometric progression. [SC27]
- rainbow series
- (O) A set of more than 30 technical and policy
documents with colored covers, issued by the NCSC, that discuss in
detail the TCSEC and provide guidance for meeting and applying the
criteria. [RFC2828] Set of publications that interpret Orange Book (C.F.D.) requirements for trusted systems. [NSTISSC] (see also National Security Agency, Trusted Computer System Evaluation Criteria) (includes Green book, Orange book, Red book, Yellow book)
- random
- (I) General usage: In mathematics, random means
'unpredictable'. A sequence of values is called random if each
successive value is obtained merely by chance and does not depend on
the preceding values of the sequence, and a selected individual value
is called random if each of the values in the total population of
possibilities has equal probability of being selected. (I)
Security usage: In cryptography and other security applications, random
means not only unpredictable, but also 'unguessable'. When selecting
data values to use for cryptographic keys, 'the requirement is for data
that an adversary has a very low probability of guessing or
determining.' It is not sufficient to use data that 'only meets
traditional statistical tests for randomness or which is based on
limited range sources, such as clocks. Frequently such random
quantities are determinable [i.e., guessable] by an adversary searching
through an embarrassingly small space of possibilities.' [RFC2828] (see also cryptography, key, security, test) (includes pseudo-random, pseudo-random number generator, random number, random number generator, randomized, randomizer)
- random access memory (RAM)
- (see also automated information system)
- random number
- A time variant parameter whose value is unpredictable. [SC27] (see also random)
- random number generator
- (I) A process used to generate an unpredictable, uniformly distributed series of numbers (usually integers). (C)
True random number generators are hardware-based devices that depend on
the output of a 'noisy diode' or other physical phenomena. [RFC2828] (see also FIPS PUB 140-1, random)
- random number sampling
- A sampling method in which combinations of random digits,
within the range of the number of items in a population, are selected
by using one of the random number generation methods until a given
sample size is obtained. For example, if a sample of 60 items is
required from a population numbered 1 through 2,000, then 60 random
numbers between 1 and 2,000 are selected. [SRV]
- random selection
- A selection method that uses an acceptable method of
generating random numbers in a standard manner. The method minimizes
the influence of nonchance factors in selecting the sample items. [SRV]
- randomized
- Dependent on a randomizer. [SC27] (see also random)
- randomizer
- A secret data item produced by the signing entity in the
pre-signature production process, and not predictable by other
entities. [SC27] Analog or digital source of unpredictable,
unbiased, and usually independent bits. Randomizers can be used for
several different functions, including key generation or to provide a
starting state for a key generator. [NSTISSC] (see also random)
- range
- The distance (or difference) between the highest and lowest
values. This is a quick measure of the dispersion (spread) of the
distribution. It is a statistic used primarily with interval-ratio
variables. [SRV]
- rapid application development (RAD)
- A methodology for developing software that relies on prototyping techniques and extensive user interaction. [SRV] (see also software)
- rapid automatic cryptographic equipment (RACE)
- (see also cryptography)
- rating
- A measure for the assurance that may be held in a Target of
Evaluation, consisting of a reference to its security target, an
evaluation level established by assessment of the correctness of its
implementation and consideration of its effectiveness in the context of
actual or proposed operational use, and a confirmed rating of the
minimum strength of its security mechanisms. [AJP][ITSEC] (see also security target, assurance)
- rating maintenance program (RAMP)
-
- ratio estimate
- An estimate of a population parameter that is obtained by
multiplying the known population total for another variable by a ratio
of appropriate sample values of the two variables. [SRV]
- ratio variable
- A quantitative variable, the attributes of which are ordered, spaced equally, and with a true zero point. [SRV]
- read
- A fundamental operation that results only in the flow of information from an object to a subject. [AJP][NCSC/TG004][TCSEC][TNI] Fundamental operation in an IS that results only in the flow of information from an object to a subject. [NSTISSC] (includes object, subject)
- read access
- (1) Permission to read information. (2) A fundamental
operation that results only in the flow of information from an object
to a subject. [AJP] Permission to read information in an IT system. [NSTISSC] Permission to read information. [NCSC/TG004][TCSEC][TNI] The ability to look at and copy data or a software program. [CIAO] (see also access) (includes object, subject)
- read-only memory (ROM)
- A storage area in which the contents can be read but not altered during normal computer processing. [AJP][TCSEC] (see also automated information system)
- real time
- The actual time in which something, such as the communication of information, takes place. [AJP]
- real-time processing
- Operations performed on a computer simultaneously with a
physical process or activity, so that the answers obtained through the
computer operations can affect the process or activity. [SRV]
- real-time reaction
- Immediate response to a penetration attempt that is detected and diagnosed in time to prevent access. [NSTISSC]
- real-time system
- An interactive system that updates computer files as transactions are processed. [SRV] (see also system)
- realm
- (O) Kerberos usage: The domain of authority of a
Kerberos server (consisting of an authentication server and a
ticket-granting server), including the Kerberized clients and the
Kerberized application servers [RFC2828] (see also authentication)
- recipient
- The entity that gets (receives or fetches) a message for which non-repudiation services are to be provided. [SC27] (see also non-repudiation)
- reciprocal agreement
- An agreement whereby two organizations with similar computer
systems agree to provide computer processing time for the other in the
event one of the systems is rendered inoperable. Processing time may be
provided on a 'best effort' or 'as time available' basis. [FFIEC]
- recommended practices
- Generally accepted principles, procedures, and methods to assure commonality, efficiency, and interoperability. [CIAO] (see also best practices, risk management)
- reconstitution
- Owner/operator directed restoration of critical assets and/or infrastructure. [CIAO] (see also disaster recovery)
- record
- A group of related data fields or elements. [SRV]
- recoverable part
- Part of the message conveyed in the signature. [SC27]
- recovery
- (see also accountability, contingency plan, contingency planning, continuity of services and operations, emergency services, failure control, general controls, laboratory attack, non-recoverable part, run manual, sanitize, security management infrastructure, system testing, vaulting, zeroization, zeroize, availability) (includes archive, backup, backup procedures, disaster recovery, disaster recovery plan, key recovery, recovery point objectives, recovery procedures, recovery site, recovery time objectives, recovery vendors, trusted recovery)
- recovery point objectives
- The amount of data that can be lost without severely impacting the recovery of operations. [FFIEC] (see also recovery)
- recovery procedures
- Actions necessary to restore data files of an IS and computational capability after a system failure. [NSTISSC] The actions necessary to restore a system's computational and processing capability and data files after a system failure. [SRV] The actions necessary to restore a system's computational capability and data files after a system failure. [AJP][NCSC/TG004] (see also failure, contingency plan, recovery)
- recovery site
- An alternate location for processing information (and possibly
conducting business) in an emergency. Usually distinguished as 'hot'
sites that are fully configured centers with compatible computer
equipment and 'cold' sites that are operational computer centers
without the computer equipment. [FFIEC] (see also business process, recovery)
- recovery time objectives
- The period of time that a process can be inoperable. [FFIEC] (see also recovery)
- recovery vendors
- Organizations that provide recovery sites and support services for a fee. [FFIEC] (see also recovery)
- RED
- (I) Designation for information system equipment or
facilities that handle (and for data that contains) only plaintext (or,
depending on the context, classified information), and for such data
itself. This term derives from U.S. Government COMSEC terminology. [RFC2828]
Designation applied to an IS, and associated areas, circuits,
components, and equipment in which unencrypted national security
information is being processed. [NSTISSC] (see also communications security, security)
- Red book
- (D) ISDs SHOULD NOT use this term as a synonym for
'Trusted Network Interpretation of the Trusted Computer System
Evaluation Criteria'. Instead, use the full proper name of the document
or, in subsequent references, a more conventional abbreviation. [RFC2828] (see also evaluation, networks, trust, rainbow series)
- RED signal
- Any electronic emission (e.g., plain text, key, key stream,
subkey stream, initial fill, or control signal) that would divulge
national security information if recovered. [NSTISSC] (see also emanation, emissions security, threat)
- RED team
- Independent and focused threat-based effort by an
interdisciplinary, simulated adversary to expose and exploit
vulnerabilities as a means to improve the security posture of ISs. [NSTISSC]
Independent and focused threat-based effort by an interdisciplinary,
simulated adversary to expose and exploit vulnerabilities as a means to
improve the security posture of information systems. [CIAO] (see also threat)
- RED/BLACK concept
- Separation of electrical and electronic circuits, components,
equipment, and systems that handle national security information (RED),
in electrical form, from those that handle non-national security
information (BLACK) in the same form. [NSTISSC] (see also RED/BLACK separation)
- RED/BLACK separation
- (I) An architectural concept for cryptographic systems
that strictly separates the parts of a system that handle plaintext
(i.e., RED information) from the parts that handle ciphertext (i.e.,
BLACK information). This term derives from U.S. Government COMSEC
terminology. [RFC2828] (see also RED/BLACK concept, communications security, cryptography)
- reduction-function
- A function RED that is applied to the block Hq of length Lf to generate the hash-code H of length Lp. [SC27] A function RED that is applied to the block Hq of length Lf to generate the hash-code H of length Lp. [SC27] (see also hash)
- redundancy
- Any information that is known and can be checked. [SC27]
Duplication of system components (e.g., hard drives), information
(e.g., backup tapes, archived files), or personnel intended to increase
the reliability of service and/or decrease the risk of information
loss. [CIAO] (see also risk, contingency plan)
- redundant array of inexpensive disks (RAID)
-
- redundant identity
- Sequence of data items obtained from an entity's
identification data by adding redundancy using techniques specified in
ISO/IEC 9796. [SC27] (see also identification)
- reference monitor
- (I) 'An access control concept that refers to an abstract machine that mediates all accesses to objects by subjects.' (C)
A reference monitor should be (a) complete (i.e., it mediates every
access), (b) isolated (i.e., it cannot be modified by other system
entities), and (c) verifiable (i.e., small enough to be subjected to
analysis and tests to ensure that it is correct). [RFC2828] A
security control concept in which an abstract machine mediates accesses
to objects by subjects. In principle, a reference monitor should be
complete (in that it mediates every access), isolated from modification
by system entities, and verifiable. A security kernel is an
implementation of a reference monitor for a given hardware base. [NSAINT]
A system component that enforces access controls on an object. It is a
design concept for an operating system to ensure secrecy and integrity.
[SRV] Access control concept referring to an abstract machine that mediates all accesses to objects by subjects. [NSTISSC] Access mediation concept that refers to an abstract machine that mediates all accesses to objects by subjects. [FCv1] The concept of an abstract machine that enforces TOE access control policies. [CC2][CC21][SC27] (see also access control, analysis, security, test, reference monitor concept, target of evaluation) (includes network reference monitor, object, subject)
- reference monitor concept
- An access-control concept that refers to an abstract machine that mediates all accesses to objects by subjects. [NCSC/TG004][TCSEC][TDI][TNI] (see also access control) (includes object, reference monitor, security kernel, subject)
- reference validation mechanism
- An implementation of the reference monitor concept that
possesses the following properties: it is tamperproof, always invoked,
and simple enough to be subjected to thorough analysis and testing. [CC2][CC21][SC27]
Portion of a trusted computing base whose normal function is to control
access between subjects and objects and whose correct operation is
essential to the protection of data in the system. [NSTISSC] The
portion of a Trusted Computing Base, the normal function of that is to
mediate access between subjects and objects, and the correct operation
of that is essential to the protection of data in the system. Note:
this is the implementation of reference monitor. [FCv1] (see also analysis, tamper, test, trusted computing base, validation) (includes object, subject)
- refinement
- Requirement in a protection profile taken to a lower level of
abstraction than the component on which it is based. Note: The
refinement of a component requirement is necessary when multiple
environment-specific requirements must be assigned to a single
component requirement. [AJP][FCv1] The addition of details to a component. [CC2][CC21][SC27] (see also protection profile)
- reflection attack
- (I) A type of replay attack in which transmitted data is sent back to its originator. [RFC2828] A masquerade which involves sending a previously transmitted message back to its originator. [SC27] (see also attack)
- register
- A set of files (electronic, or a combination of electronic and
paper) containing entry labels and their associated definitions and
related information. [SC27] (see also registration)
- register entry
- The information within a register relating to a specific PP or package. [SC27]
- registration
- (I) An administrative act or process whereby an
entity's name and other attributes are established for the first time
at a CA, prior to the CA issuing a digital certificate that has the
entity's name as the subject. (C) Registration may be
accomplished either directly, by the CA, or indirectly, by a separate
RA. An entity is presented to the CA or RA, and the authority either
records the name(s) claimed for the entity or assigns the entity's
name(s). The authority also determines and records other attributes of
the entity that are to be bound in a certificate (such as a public key
or authorizations) or maintained in the authority's database (such as
street address and telephone number). The authority is responsible,
possibly assisted by an RA, for authenticating the entity's identity
and verifying the correctness of the other attributes, in accordance
with the CA's CPS. (C) Among the registration issues that a CPS may address are the following:
- How a claimed identity and other attributes are verified.
- How organization affiliation or representation is verified.
- What forms of names are permitted, such as X.500 DN, domain name, or IP address.
- Whether names are required to be meaningful or unique, and within what domain.
- How naming disputes are resolved, including the role of trademarks.
- Whether certificates are issued to entities that are not persons.
- Whether a person is required to appear before the CA or RA, or can instead be represented by an agent.
- Whether and how an entity proves possession of the private key matching a public key.
[RFC2828] The process of assigning a register entry. [SC27] (see also authentication, certificate, key, public-key infrastructure, register)
- registration authority (RA)
- (I) An optional PKI entity (separate from the CAs) that
does not sign either digital certificates or CRLs but has
responsibility for recording or verifying some or all of the
information (particularly the identities of subjects) needed by a CA to
issue certificates and CRLs and to perform other certificate management
functions. (C) Sometimes, a CA may perform all certificate
management functions for all end users for which the CA signs
certificates. Other times, such as in a large or geographically
dispersed community, it may be necessary or desirable to offload
secondary CA functions and delegate them to an assistant, while the CA
retains the primary functions (signing certificates and CRLs). The
tasks that are delegated to an RA by a CA may include personal
authentication, name assignment, token distribution, revocation
reporting, key generation, and archiving. An RA is an optional PKI
component, separate from the CA, that is assigned secondary functions.
The duties assigned to RAs vary from case to case but may include the
following:
- Verifying a subject's identity, i.e., performing personal authentication functions.
- Assigning a name to a subject.
- Verifying that a subject is entitled to have the attributes requested for a certificate.
- Verifying that a subject possesses the private key that matches the public key requested for a certificate.
- Performing
functions beyond mere registration, such as generating key pairs,
distributing tokens, and handling revocation reports. (Such functions
may be assigned to a PKI element that is separate from both the CA and
the RA.)
(I) PKIX usage: An optional PKI component,
separate from the CA(s). The functions that the RA performs will vary
from case to case but may include identity authentication and name
assignment, key generation and archiving of key pairs, token
distribution, and revocation reporting. (O) SET usage: 'An
independent third-party organization that processes payment card
applications for multiple payment card brands and forwards applications
to the appropriate financial institutions.' [RFC2828] An entity
who is responsible for identification and authentication of subjects of
certificates, but is not a CA or an AA, and hence does not sign or
issue certificates. An RA may assist in the certificate application
process, revocation process, or both. [SC27] An entity who is
responsible for identification and authentication of subjects of
certificates, but is not a CA or an AA, and hence does not sign or
issue certificates. An RA may assist in the certificate application
process, revocation process, or both. [ISO/IEC TR 14516: 2000]
Authority entitled and trusted to perform the registration service as
described below. [SC27] Authority entitled and trusted to perform the registration service as described below. [SC27] (see also authentication, certificate, identification, key, tokens, trust, Secure Electronic Transaction, public-key infrastructure)
- registration service
- The service of identifying entities and registering them in a
way that allows the secure assignment of certificates to these
entities. [SC27] (see also public-key infrastructure)
- regrade
- (I) Deliberately change the classification level of information in an authorized manner. [RFC2828] (see also classification level, authorization)
- regression testing
- A method to ensure that changes to one part of the software do not adversely impact other areas. [SRV]
Retesting of a previously tested program following modification to
ensure that faults have not been introduced or uncovered as a result of
the changes made. [OVT] (see also software, test)
- rejected traffic
- Packets dropped as a result of the rule set of the DUT/SUT.
For purposes of benchmarking firewall performance, it is expected that
firewalls will reject all traffic not explicitly permitted in the rule
set. Dropped packets must not be included in calculating the bit
forwarding rate or maximum bit forwarding rate of the DUT/SUT. [RFC2647] (see also illegal traffic, bit forwarding rate, rule set, firewall)
- rekey
- (I) Change the value of a cryptographic key that is being used in an application of a cryptographic system. (C) For example, rekey is required at the end of a cryptoperiod or key lifetime. [RFC2828] (see also cryptography, key)
- release
- The process of moving a baseline configuration item between organizations, such as from software vendor to customer. [SRV] (see also baseline, software)
- release prefix
- Prefix appended to the short title of U.S.-produced keying
material to indicate its foreign releasability. 'A' designates material
that is releasable to specific allied nations and 'U.S.' designates
material intended exclusively for U. S. use. [NSTISSC]
- reliability
- (1) The extent to which a system can be expected to perform
its intended function with required precision. (2) The probability of a
given system performing its mission adequately for a specified period
of time under the expected operating conditions. [AJP] (I) The ability of a system to perform a required function under stated conditions for a specified period of time. [RFC2828]
Extent to which a program can be expected to perform its intended
function, with the required precision, on a consistent basis. [SRV]
The capability of a computer, or information or telecommunications
system, to perform consistently and precisely according to its
specifications and design requirements, and to do so with high
confidence. [CIAO] The extent to which a computer program can be
expected to perform its intended function, with the required precision,
on a consistent basis. [SRV] The extent to which a system can be expected to perform its intended function with required precision. [TNI]
The probability of a given system performing its mission adequately for
a specified period of time under the expected operating conditions. [NCSC/TG004][SRV]
The probability of a given system performing its mission adequately for
a specified period of time under the expected operating conditions.
Software reliability is the probability that software will provide
failure-free operation in a fixed environment for a fixed interval of
time. Probability of failure is the probability that the software will
fail on the next input selected. Software reliability is typically
measured per some unit of time, whereas probability of failure is
generally time independent. These two measures can be easily related if
you know the frequency with which inputs are executed per unit of time.
Mean-time-to-failure is the average interval of time between failures;
this is also sometimes referred to as Mean-time-before-failure. [OVT] The property of consistent intended behavior and results. [SC27] (see also availability, risk management) (includes software reliability)
- reliability qualification tests (RQT)
- (see also test)
- relying party
- (N) A synonym for 'certificate user'. Used in a legal
context to mean a recipient of a certificate who acts in reliance on
that certificate. [RFC2828] (see also certificate, public-key infrastructure)
- remanence
- Residual information remaining on storage media after clearing. [NSTISSC] The residual magnetism that remains on magnetic storage media after degaussing. [SRV] (see also magnetic remanence, overwrite procedure)
- remediation
- Deliberate precautionary measures undertaken to improve the
reliability, availability, survivability, etc., of critical assets
and/or infrastructures, e.g., emergency planning for load shedding,
graceful degradation, and priority restoration; increased awareness,
training, and education; changes in business practices or operating
procedures, asset hardening or design improvements, and system-level
changes such as physical diversity, deception, redundancy, and backups.
[CIAO] (see also availability, business process, risk management)
- remote access
- Dial-up access by users to a modem for access to the PBX or
computer data. Pertaining to communications over a common carrier
facility or other external data link. [SRV] Use of a modem and
communications software to connect to a computer network from a distant
location via a telephone line or wireless connection. [CIAO] (see also communications, access)
- remote access software
- This software allows a computer to use a modem to connect to
another system. It also allows a computer to 'listen' for calls on a
modem (this computer provides 'remote access service'.) Remote access
software may provide access to a single computer or to a network. [RFC2504] (see also networks, remote login, secure socket layer, telnet, software)
- Remote Authentication Dial-In User Service (RADIUS)
- (I) An Internet protocol for carrying dial-in users'
authentication information and configuration information between a
shared, centralized authentication server (the RADIUS server) and
network access server (the RADIUS client) that needs to authenticate
the users of its network access ports. (C) A user of the RADIUS
client presents authentication information to the client, and the
client passes that information to the RADIUS server. The server
authenticates the client using a shared secret value, then checks the
user's authentication information, and finally returns to the client
all authorization and configuration information needed by the client to
deliver service to the user. [RFC2828] (see also networks, shared secret, Simple Authentication and Security Layer, security protocol, security software, user)
- remote job entry (RJE)
- (see also automated information system)
- remote login
- If an end-user uses a network to login to a system, this act is known as remote login. [RFC2504] (see also networks, remote access software)
- remote procedure call (RPC)
- (see also automated information system)
- remote rekeying
- Procedure by which a distant crypto-equipment is rekeyed electrically. [NSTISSC] (see also key)
- remote terminal emulation
- A benchmarking technique in which a driver computer system,
external to and independent of the computer system under test, connects
to it through communications device interfaces. [SRV] (see also communications, test, automated information system)
- renew
- (see certificate renewal)
- repair action
- NSA-approved change to a COMSEC end-item that does not affect
the original characteristics of the end-item and is provided for
optional application by holders. Repair actions are limited to minor
electrical and/or mechanical improvements to enhance operation,
maintenance, or reliability. They do not require an identification
label, marking, or control but must be fully documented by changes to
the maintenance manual. [NSTISSC] (see also communications security, identification)
- replay attack
- (I) An attack in which a valid data transmission is
maliciously or fraudulently repeated, either by the originator or by an
adversary who intercepts the data and retransmits it, possibly as part
of a masquerade attack. [RFC2828] A masquerade which involves use of previously transmitted messages. [SC27]
An attack in which an attacker captures a messages and at a later time
communicates that message to a principal. Though the attacker cannot
decrypt the message, it may benefit by receiving a service from the
principal to whom it is replaying the message. The best way to thwart a
replay attack is by challenging the freshness of the message. This is
done by embedding a time stamp, a sequence number, or a random number
in the message. [misc] The interception of communications, such
as an authentication communication, and subsequently impersonation of
the sender by retransmitting the intercepted communication. [FFIEC] (see also authentication, attack)
- replicator
- Any program that acts to produce copies of itself examples
include; a program, a worm, a fork bomb or virus. It is even claimed by
some that UNIX and C are the symbiotic halves of an extremely
successful replicator. [NSAINT] (see also worm)
- repository
- (I) A system for storing and distributing digital
certificates and related information (including CRLs, CPSs, and
certificate policies) to certificate users. (O) 'A trustworthy system for storing and retrieving certificates or other information relevant to certificates.' (C)
A certificate is published to those who might need it by putting it in
a repository. The repository usually is a publicly accessible, on-line
server. In the Federal Public-key Infrastructure, for example, the
expected repository is a directory that uses LDAP, but also may be the
X.500 Directory that uses DAP, or an HTTP server, or an FTP server that
permits anonymous login. [RFC2828] (see also certificate, key, public-key infrastructure, trust)
- repudiation
- (I) Denial by a system entity that was involved in an
association (especially an association that transfers information) of
having participated in the relationship. (O) 'Denial by one of the entities involved in a communication of having participated in all or part of the communication.' [RFC2828] A threat action whereby an entity deceives another by falsely denying responsibility for an act. [RFC2828]
The denial by one of the parties to a transaction of participation in
all or part of that transaction or of the content of the communication.
[FFIEC] (see also non-repudiation, internet, threat consequence)
- Request for Comment (RFC)
- (I) One of the documents in the archival series that is
the official channel for ISDs and other publications of the Internet
Engineering Steering Group, the Internet Architecture Board, and the
Internet community in general. [R2026, R2223] (C) This term is *not* a synonym for 'Internet Standard'. [RFC2828] (see also Internet Standard, Internet Society) (includes Internet Standards document, draft RFC)
- request for information (RFI)
-
- request for proposal (RFP)
- A solicitation document used in negotiated procurement actions. [SRV]
- requirements
- (1) A phase of the development process wherein the security
target of a Target of Evaluation is produced. (2) Phase of the
development process wherein the top-level definition of the
functionality of the computer system is produced. [AJP] A phase of the development process wherein the security target of a Target of Evaluation is produced. [ITSEC] Phase of the development process wherein the top-level definition of the functionality of the computer system is produced. [FCv1] (see also security, certification, software development, target of evaluation) (includes DoD Information Technology Security Certification and Accreditation Process, certification and accreditation, construction of TOE requirements, development assurance requirements, downgrade, evaluation assurance level, global requirements, granularity of a requirement, information systems security engineering, local requirements, protection needs elicitation, protection profile, requirements for content and presentation, requirements for evidence, requirements for procedures and standards, sanitization, scope of a requirement, software requirement, strength of a requirement, system requirement, system security authorization agreement)
- requirements analysis
- An analysis to determine and document the need for resources to perform an organization's mission. [SRV] (see also analysis)
- requirements for content and presentation
- A component of the evaluation criteria for a particular phase
or aspect of evaluation identifying what each item of documentation
identified as relevant to that phase or aspect of evaluation shall
contain and how its information is to be presented. [AJP][ITSEC] (see also evaluation, requirements)
- requirements for evidence
- A component of the evaluation criteria for a particular phase
or aspect of evaluation defining the nature of the evidence to show
that the criteria for that phase or aspect have been satisfied. [AJP][ITSEC] (see also evaluation, evidence, requirements)
- requirements for procedures and standards
- A component of the evaluation criteria for a particular phase
or aspect of evaluation identifying the nature and/or content of
procedures or standard approaches that shall be adopted or utilized
when the TOE is placed into live operation. [AJP] A component of
the evaluation criteria for a particular phase or aspect of evaluation
identifying the nature and/or content of procedures or standard
approaches that shall be adopted or utilized when the TOE is placed
into live operation. Security: the combination of confidentiality,
integrity, and availability. [ITSEC] (see also availability, confidentiality, security, requirements, target of evaluation)
- requirements traceability matrix
- An automated tool that maps functional requirements to physical configuration items, such as computer programs or databases. [SRV]
- reserve account
- A noninterest earning balance that depository institutions
maintain with the Federal Reserve Bank or with a correspondent bank to
satisfy the Federal Reserve's reserve requirements. Reserve account
balances play a central role in the exchange of funds between
depository institutions. [FFIEC]
- reserve keying material
- Key held to satisfy unplanned needs. [NSTISSC] (see also key)
- reserve requirements
- The percentage of deposits that a financial institution may
not lend out or invest and must hold either as vault cash or on deposit
at a Federal Reserve Bank. Reserve requirements affect the potential of
the banking system to create transaction deposits. [FFIEC]
- residual risk
- (I) The risk that remains after counter measures have been applied. [RFC2828]
Any combination of the risk that have been accepted by the
organization, the risks that remain after all identified controls have
been implemented because further action could not be identified. [SC27] Portion of risk remaining after security controls have been applied. [800-37] Portion of risk remaining after security measures have been applied. [NSTISSC] The portion of risk that remains after security measures have been applied. [AFSEC][AJP][FCv1][NCSC/TG004]
The portion of risk that remains after security measures have been
applied. (I) The risk that remains after countermeasures have been
applied. [OVT] The potential for the occurrence of an adverse event after adjusting for the impact of all in-place safeguards. [CIAO]
The remaining potential risk after all IS security measures are
applied. There is a residual risk associated with each threat. [SRV] The risk remaining in an information system or network after the implementation of security counter measures. [IATF] The risk that remains after implementation of the IT security plan. [SC27]
The risk that remains after implementation of the IT security plan.
[ISO/IEC PDTR 13335-1 (11/2001)] Any combination of the risk that have
been accepted by the organization, the risks that remain after all
identified controls have been implemented because further action could
not be identified. [SC27] (see also computer security, counter measures, networks, threat)
- residue
- Data left in storage after information processing operations
are complete, but before degaussing or overwriting has taken place. [NSTISSC] Data left in storage after processing operations are complete, but before degaussing or rewriting has taken place. [AJP][NCSC/TG004] (see also risk)
- resource
- Anything used or consumed while performing a function. The
categories of resources include: time, information, objects
(information containers), or processors (the ability to use
information). Specific examples include CPU time, terminal connect
time, amount of directly addressable memory, disk space, and number of
I/O requests per minute. [AJP][FCv1][TCSEC][TNI] (see also target of evaluation) (includes TOE security functions, object)
- resource encapsulation
- Method by which the reference monitor mediates accesses to an
IS resource. Resource is protected and not directly accessible by a
subject. Satisfies requirement for accurate auditing of resource usage.
[NSTISSC] The process of ensuring that a resource is not
directly accessible by a subject, but that it is protected so that the
reference monitor can properly mediate accesses to it. [AJP][NCSC/TG004] (includes subject)
- response
- Coordinated third party (not owner/operator) emergency (e.g.,
medical, fire, hazardous or explosive material handling), law
enforcement, investigation, defense, or other crisis management service
aimed at the source or cause of the incident. [CIAO] Data item
sent by the claimant to the verifier, and which the verifier can
process to help check the identity of the claimant. [SC27] (see also incident)
- response time
- The time period between a terminal operator's completion of an
inquiry and the receipt of a response. Response time includes the time
taken to transmit the inquiry, process it by the computer, and transmit
the response back to the terminal. Response time is frequently used as
a measure of the performance of an interactive system. [SRV]
- restart
- The resumption of the execution of a computer program using the data recorded at a checkpoint. [SRV]
- restricted area
- Any area to which access is subject to special restrictions or
controls for reasons of security or safeguarding of property or
material. [AJP][NCSC/TG004] (see also security) (includes subject)
- restructuring
- The transformation from one representation form to another at
the same relative abstraction level, while preserving the subject
system's external behavior, such as functions and semantics. [SRV]
- retro-virus
- A retro-virus is a virus that waits until all possible backup
media are infected too, so that it is not possible to restore the
system to an uninfected state. [AFSEC][NSAINT] (see also availability, threat)
- reusability
- The extent to which a computer program can be used in other
applications; related to the packaging and scope of the functions that
programs perform. [SRV] The extent to which a program can be
used in other applications. It is related to the packaging and scope of
the functions that programs perform. [SRV] (see also automated information system)
- reusable software asset
- An asset that has been catalogued and is stored in a reuse
library. An asset is any product of the software life cycle that can
potentially be reused. [SRV] (see also software)
- reverse engineering
- A process by which people take a computer chip or machine-code
executable version of a program and figure out what the program or chip
is doing. [AFSEC] Acquiring sensitive data by disassembling and analyzing the design of a system component. [RFC2828]
The process of analyzing a subject system to identify the system's
components and their interrelationships and to create representations
of the computer system in another form or at a higher level of
abstraction. [SRV] (see also threat, threat consequence) (includes reverse software engineering)
- reverse software engineering
- The process of analyzing existing software to derive its design, requirements, and other products. [SRV] (see also reverse engineering, software)
- review board
- The authority responsible for evaluating and approving, or
disapproving, proposed changes to a system and ensuring implementation
of approved changes. [SRV]
- revision
- A change to a baseline configuration item that encompasses
error corrections, minor enhancements, or adaptations, but in which
there is no change in the functional capabilities. [SRV] (see also baseline)
- revocation
- (see also certificate, certificate revocation)
- revocation date
- (N) In an X.509 CRL entry, a date-time field that
states when the certificate revocation occurred, i.e., when the CA
declared the digital certificate to be invalid. (C) The
revocation date may not resolve some disputes because, in the worst
case, all signatures made during the validity period of the certificate
may have to be considered invalid. However, it may be desirable to
treat a digital signature as valid even though the private key used to
sign was compromised after the signing. If more is known about when the
compromise actually occurred, a second date-time, an 'invalidity date',
can be included in an extension of the CRL entry. [RFC2828] (see also certificate, digital signature, key, public-key infrastructure)
- revocation list
- (see also certificate, certificate revocation list)
- revoke
- (see certificate revocation)
- Rexd
- This Unix command is the Sun RPC server for remote program
execution. This daemon is started by inetd whenever a remote execution
request is made. [NSAINT] (see also internet)
- risk
- (1) The expected loss due to, or impact of, anticipated
threats in light of system vulnerabilities and strength or
determination of relevant threat agents. (2) The probability that a
particular threat will exploit a particular vulnerability of the
computer system. [AJP] (I) An expectation of loss
expressed as the probability that a particular threat will exploit a
particular vulnerability with a particular harmful result. (O)
SET usage: 'The possibility of loss because of one or more threats to
information (not to be confused with financial or business risk).' [RFC2828]
A measure derived from the probability of failure occurring and the
severity of failure modes. The likelihood that a vulnerability may be
exploited or that a threat may become harmful. [SRV] A situation
where there is a known vulnerability and a potential adversary with the
motivation and capability to exploit that vulnerability. [IATF] Possibility that a particular threat will adversely impact an IS by exploiting a particular vulnerability. [NSTISSC]
The expected loss due to, or impact of, anticipated threats in light of
system vulnerabilities and strength or determination of relevant threat
agents. [FCv1] The net mission impact considering: (1) the
probability that a particular threat-source will exercise (accidentally
trigger or intentionally exploit) a particular IT system vulnerability
and (2) the resulting impact if this should occur. IT system-related
risks arise from legal liability or mission loss due to: (1)
unauthorized (malicious or accidental) disclosure, modification, or
destruction of information, (2) unintentional errors and omissions, (3)
IT disruptions due to natural or man-made disasters, and (4) failure to
exercise due care and diligence in the implementation and operation of
the IT system. [800-37] The possibility of an act or event
occurring that would have an adverse effect on the organization and its
information systems. [FFIEC] The possibility that a particular system vulnerability will be exploited. [AFSEC]
The potential that a given threat will exploit vulnerabilities of an
asset or group of assets and thereby cause harm to the organization. [SC27]
The probability that a particular critical infrastructure’s
vulnerability being exploited by a particular threat weighted by the
impact of that exploitation. [CIAO] The probability that a particular threat will exploit a particular vulnerability of the computer system. [NCSC/TG004]
The probability that a particular threat will exploit a particular
vulnerability of the system. (I) An expectation of loss expressed as
the probability that a particular threat will exploit a particular
vulnerability with a particular harmful result. [OVT] The probability that one or more adverse events will occur. [800-61] (see also security software, Common Criteria for Information Technology Security Evaluation, accreditation, accreditation disapproval, accreditation phase, accreditation range, adequate security, association, authorize processing, business case, business continuity plan, capability, certification agent or certifier, clean system, confinement, denial time, effectiveness, fault tolerance, inadvertent disclosure, infrastructure assurance, infrastructure protection, interdependence, interim accreditation action plan, levels of concern, low probability of detection, low probability of intercept, major application, management controls, minimum level of protection, multilevel device, post-accreditation phase, pre-certification phase, purge, redundancy, risk evaluation, risk identification, risk treatment, rules of behavior, safety, security controls, security purpose, separation of duties, simulation modeling, strengths, weaknesses, opportunities, threats, technical vulnerability, test plan, trusted gateway, trusted process, vaulting, virus scanner, virus-detection tool, work factor, Secure Electronic Transaction, security) (includes IS related risk, acceptable risk, attack, certification and accreditation, compromising emanation performance requirement, contamination, critical, debilitated, defect, designated approving authority, destruction, electromagnetic interference, failure, false negative, false positive, incapacitation, loop, maintenance hook, residue, risk assessment, risk management, risk plane, security-relevant event, shared account, threat, total risk, unauthorized disclosure, undesired signal data emanations, untrusted process)
- risk analysis
- A technique to identify and assess factors that may jeopardize
the success of a project or achievement of a goal. This technique also
helps define preventive measures to reduce the probability of these
factors from occurring and identify counter measures to successfully
deal with these constraints when they develop. Risk analysis is a part
of risk management. Synonymous with risk assessment. [SRV] Examination of information to identify the risk to an AIS. [NSTISSC]
The process of identifying security risks, determining their magnitude,
and identifying areas needing safeguards. Risk analysis is a part of
risk management. [AJP][NCSC/TG004] The process of
identifying security risks, determining their magnitude, and
identifying areas needing safeguards. Risk analysis is a part of risk
management. Synonymous with risk assessment. (C) The analysis lists
risks in order of cost and criticality, thereby determining where
countermeasures should be applied first. It is usually financially and
technically infeasible to counteract all aspects of risk, and so some
residual risk will remain, even after all available countermeasures
have been deployed. [FP031, R2196] [OVT] The systematic process of estimating the magnitude of risks. [SC27] (see also counter measures, evaluation, fault analysis, identification, risk assessment, threat, analysis, risk management) (includes business impact analysis, cost-risk analysis, gap analysis, security fault analysis, security objective, security requirements, security specifications, security testing, threat analysis, vulnerability analysis)
- risk assessment
- (I) A process that systematically identifies valuable
system resources and threats to those resources, quantifies loss
exposures (i.e., loss potential) based on estimated frequencies and
costs of occurrence, and (optionally) recommends how to allocate
resources to counter measures so as to minimize total exposure. (C)
The analysis lists risks in order of cost and criticality, thereby
determining where counter measures should be applied first. It is
usually financially and technically infeasible to counteract all
aspects of risk, and so some residual risk will remain, even after all
available counter measures have been deployed. [RFC2828] A process used to identify and evaluate risks and their potential effect. [FFIEC]
A study of vulnerabilities, threats, likelihood, loss or impact, and
theoretical effectiveness of security measures. The process of
evaluating threats and vulnerabilities, known and postulated, to
determine expected loss and establish the degree of acceptability to
system operations. [NSAINT][OVT] Formal description and evaluation of risk to an AIS. [NSTISSC]
Produced from the combination of Threat and Vulnerability Assessments.
Characterized by analyzing the probability of destruction or
incapacitation resulting from a threat’s exploitation of a critical
infrastructure’s vulnerabilities. [CIAO] The assessment of
threats to, impacts on and vulnerabilities of information and
information processing facilities and the likelihood of their
occurrence. [SC27] The process of combining risk identification, risk analysis and risk evaluation. [SC27]
The process of combining risk identification, risk analysis and risk
evaluation. [ISO/IEC PDTR 13335-1 (11/2001)] The assessment of threats
to, impacts on and vulnerabilities of information and information
processing facilities and the likelihood of their occurrence. [SC27]
The process of identifying the risks to system security and determining
the probability of occurrence, the resulting impact, and additional
safeguards that would mitigate this impact. Part of risk management and
synonymous with risk analysis. [800-37] (see also analysis, counter measures, critical infrastructure, exposure, risk analysis, threat, risk)
- risk evaluation
- The process of comparing analysed levels of risk against
pre-established criteria and identifying areas needing risk treatment. [SC27] (see also risk, evaluation)
- risk identification
- The process of identifying risks considering business
objectives, threats and vulnerabilities as the basis for further
analysis. [SC27] (see also analysis, risk, threat, identification)
- risk index
- Difference between the minimum clearance or authorization of
AIS users and the maximum sensitivity (e.g., classification and
categories) of data processed by the system. [NSTISSC] The
disparity between the minimum clearance or authorization of system
users and the maximum sensitivity (e.g. classification and categories)
of data processed by a system. (A complete explanation of this term is
provided in CSC-STD-003-85 and CSC-STD-004-85 - U.S. Government
publications). [AJP] The disparity between the minimum clearance
or authorization of system users and the maximum sensitivity (e.g.
classification and categories) of data processed by a system. See
CSC-STD-003-85 and CSC-STD-004-85 for a complete explanation of this
term. [NCSC/TG004] (see also classification level, user, risk management) (includes security range)
- risk management
- (1) A family of security controls in the management class
dealing with the process of identifying and applying controls
commensurate with the value of the assets protected based on a risk
assessment. (2) The total process of identifying, controlling, and
mitigating IT system-related risks. It includes risk assessment; cost
benefit analysis; and the selection, implementation, test and security
evaluation of security controls. This overall system security review
considers both effectiveness and efficiency, including impact on the
mission and constraints due to policy, regulations, and laws. [800-37] (I) The process of identifying, controlling, and eliminating or minimizing uncertain events that may affect system resources. [RFC2828]
1) Deliberate process of understanding risk and deciding upon and
implementing actions to reduce risk to a defined level. Characterized
by identifying, measuring, and controlling risks to a level
commensurate with an assigned value. 2) The identification, assessment,
and mitigation of probabilistic security events (risks) in information
systems to a level commensurate with the value of the assets protected.
[CIAO] Process of identifying and applying countermeasures
commensurate with the value of the assets protected based on a risk
assessment. [NSTISSC] The process of identifying, controlling
and minimizing or eliminating security risks that may affect
information systems, for an acceptable cost. [SC27] The total
process of identifying, controlling, and eliminating or minimizing
uncertain events that may affect IT system resources. [SC27] The
total process of identifying, controlling, and eliminating or
minimizing uncertain events that may affect IT system resources.
[ISO/IEC PDTR 13335-1 (11/2001)] The process of identifying,
controlling and minimizing or eliminating security risks that may
affect information systems, for an acceptable cost. [SC27] The
total process of identifying, controlling, and eliminating or
minimizing uncertain events that may affect an organization's
resources. It includes risk analysis; cost-benefit analysis; gap
analysis; sensitivity analysis; SWOT analysis; selection,
implementation, test, and evaluation of safeguards; and management
reviews. [SRV] The total process of identifying, controlling,
and eliminating or minimizing uncertain events that may affect system
resources. It includes risk analysis, cost benefit analysis, selection,
implementation and test, security evaluation of safeguards, and overall
security review. (I) The process of identifying, controlling, and
eliminating or minimizing uncertain events that may affect system
resources. [OVT] The total process of identifying, controlling,
and eliminating or minimizing uncertain events that may affect system
resources. It includes risk analysis, cost-benefit analysis, selection,
implementation and test, security evaluation of safeguards, and overall
security review. [AJP][NCSC/TG004] The total process to
identify, control, and minimize the impact of uncertain events. The
objective of the risk management program is to reduce risk and obtain
and maintain DAA (Designated Approving Authority) approval. [NSAINT]
The total process to identify, control, and minimize the impact of
uncertain events. The objective of the risk management program is to
reduce risk and obtain and maintain DAA approval. [AFSEC] (see also analysis, evaluation, security software, strengths, weaknesses, opportunities, threats, risk, security) (includes Automated Information System security, access control, automated security monitoring, availability, best practices, configuration management, consequence management, continuity of services and operations, control objectives, counter measures, crisis management, critical infrastructure, disaster recovery, entrapment, environmental failure protection, external security controls, failure control, flaw hypothesis methodology, internal security controls, intrusion detection, mitigation, penetration study, pseudo-flaw, recommended practices, reliability, remediation, risk analysis, risk index, risk-based management, security enforcing, security evaluation, security measures, security mechanism, security policy, security-critical mechanisms, segregation of duties, test, threat consequence, threat monitoring, user profile)
- risk plane
- A graphic technique for depicting the likelihood of particular
attacks occurring and the degree of consequence to an operational
mission. [IATF] (see also risk)
- risk treatment
- The process of defining an IT security management plan based on risk evaluation. [SC27] (see also computer security, evaluation, risk, security)
- risk-based management
- Risk management that considers unquantifiable, speculative
events as well as probabilistic events (that is, uncertainty as well as
risk). [CIAO] (see also risk management)
- Rivest Cipher 2 (RC2)
- (N) A proprietary, variable-key-length block cipher
invented by Ron Rivest for RSA Data Security, Inc. (now a wholly-owned
subsidiary of Security Dynamics, Inc.). [RFC2828] A symmetric encryption algorithm by Ron Rivest (the R of RSA). [misc] (see also key, symmetric algorithm)
- Rivest Cipher 4 (RC4)
- (N) A proprietary, variable-key-length stream cipher
invented by Ron Rivest for RSA Data Security, Inc. (now a wholly-owned
subsidiary of Security Dynamics, Inc.). [RFC2828] A symmetric encryption algorithm by Ron Rivest (the R of RSA). [misc] (see also key, symmetric algorithm)
- Rivest, Shamir, and Adleman
- A public key signature algorithm. [SRV] (see also key)
- Rivest-Shamir-Adelman algorithm (RSA)
- A public key algorithm can be used to generate digital
signatures, encrypt messages, and provide key management for Data
Encryption Standard and other secret key algorithms. [SRV] (see also encryption, key, algorithm)
- Rivest-Shamir-Adleman (RSA)
- (N) An algorithm for asymmetric cryptography, invented in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman [RSA78, Schn]. (C)
RSA uses exponentiation modulo the product of two large prime numbers.
The difficulty of breaking RSA is believed to be equivalent to the
difficulty of factoring integers that are the product of two large
prime numbers of approximately equal size. (C) To create an RSA
key pair, randomly choose two large prime numbers, p and q, and compute
the modulus, n = pq. Randomly choose number e, the public exponent,
that is less than n and relatively prime to (p-1)(q-1). Choose another
number d, the private exponent, such that ed-1 evenly divides
(p-1)(q-1). The public key is the set of numbers (n,e), and the private
key is the set (n,d). (C) It is assumed to be difficult to
compute the private key (n,d) from the public key (n,e). However, if n
can be factored into p and q, then the private key d can be computed
easily. Thus, RSA security depends on the assumption that it is
computationally difficult to factor a number that is the product of two
large prime numbers. (Of course, p and q are treated as part of the
private key, or else destroyed after computing n.) (C) For
encryption of a message, m, to be sent to Bob, Alice uses Bob's public
key (n,e) to compute m**e (mod n) = c. She sends c to Bob. Bob computes
c**d (mod n) = m. Only Bob knows d, so only Bob can compute c**d (mod
n) = m to recover m. (C) To provide data origin authentication
of a message, m, to be sent to Bob, Alice computes m**d (mod n) = s,
where (d,n) is Alice's private key. She sends m and s to Bob. To
recover the message that only Alice could have sent, Bob computes s**e
(mod n) m, where (e,n) is Alice's public key. (C) To ensure data
integrity in addition to data origin authentication requires extra
computation steps in which Alice and Bob use a cryptographic hash
function h (as explained for digital signature). Alice computes the
hash value h(m) = v, and then encrypts v with her private key to get s.
She sends m and s. Bob receives m' and s', either of which might have
been changed from the m and s that Alice sent. To test this, he
decrypts s' with Alice's public key to get v'. He then computes h(m') =
v'. If v' equals v', Bob is assured that m' is the same m that Alice
sent. [RFC2828] A public key algorithm invented by Ronald L.
Rivest, Adi Shamir, and Leonard M. Adleman (RSA). RSA can be used to
generate digital signatures, encrypt messages, and provide key
management for DES (Data Encryption Standard), RC2 (Rivest Cipher 2),
RC4 (Rivest Cipher 4), and other secret key algorithms. RSA performs
the key management process, in part, by encrypting a secret key for an
algorithm such as DES, RC2, or RC4 with the recipient's public key for
secure transmission to the recipient. This secret key can then be used
to support private communications. [AJP] (see also authentication, digital signature, encryption, hash, key, security, test, asymmetric algorithm, public-key cryptography) (includes RSA algorithm, public-key cryptography standards)
- robustness
- A characterization of the strength of a security function,
mechanism, service, or solution, and the assurance (or confidence) that
is implemented and functioning correctly. [IATF] The degree to
which a system or component can function correctly in the presence of
invalid inputs or stressful environmental conditions. [OVT] (see also software reliability, assurance)
- role
- A predefined set of rules establishing the allowed interactions between a user and the system. [CC2][CC21][SC27][SRV] (see also target of evaluation, user)
- role-based access control (RBAC)
- (I) A form of identity-based access control where the
system entities that are identified and controlled are functional
positions in an organization or process. [RFC2828] (see also access control)
- rolling cost forecasting technique
- A project cost estimating technique in which more cost details
are provided for the current phase and fewer cost details for the
latter phases of a system development life cycle project. All costs are
summed up for the entire project, and new costs are updated
periodically. [SRV] (see also business process)
- root
- (I) A CA that is directly trusted by an end entity.
Acquiring the value of a root CA's public key involves an out-of-band
procedure. (I) Hierarchical PKI usage: The CA that is the
highest level (most trusted) CA in a certification hierarchy; i.e., the
authority upon whose public key all certificate users base their trust.
(C) In a hierarchical PKI, a root issues public-key certificates
to one or more additional CAs that form the second highest level. Each
of these CAs may issue certificates to more CAs at the third highest
level, and so on. To initialize operation of a hierarchical PKI, the
root's initial public key is securely distributed to all certificate
users in a way that does not depend on the PKI's certification
relationships. The root's public key may be distributed simply as a
numerical value, but typically is distributed in a self-signed
certificate in which the root is the subject. The root's certificate is
signed by the root itself because there is no higher authority in a
certification hierarchy. The root's certificate is then the first
certificate in every certification path. (O) MISSI usage: A name
previously used for a MISSI policy creation authority, which is not a
root as defined above for general usage, but is a CA at the second
level of the MISSI hierarchy, immediately subordinate to a MISSI policy
approving authority. (O) UNIX usage: A user account (also called
'superuser') that has all privileges (including all security-related
privileges) and thus can manage the system and its other user accounts.
[RFC2828] (see also certificate, certification, key, trust, Multilevel Information System Security Initiative, public-key infrastructure)
- root CA
- The Certification Authority that is trusted by everyone. The root CA issues digital certificates to other CAs. [misc] (see also certification authority)
- root cause analysis
- A technique used to identify the conditions that initiate the
occurrence of an undesired activity or state. Pareto diagram can be
used for this purpose. [SRV] (see also analysis)
- root certificate
- (I) A certificate for which the subject is a root. (I) Hierarchical PKI usage: The self-signed public-key certificate at the top of a certification hierarchy. [RFC2828] (see also certification, key, certificate)
- root key
- (I) A public key for which the matching private key is held by a root. [RFC2828] (see also key)
- root registry
- (O) MISSI usage: A name previously used for a MISSI policy approving authority. [RFC2828] (see also Multilevel Information System Security Initiative)
- rootkit
- A hacker security tool that captures passwords and message
traffic to and from a computer. A collection of tools that allows a
hacker to provide a backdoor into a system, collect information on
other systems on the network, mask the fact that the system is
compromised, and much more. Rootkit is a classic example of Trojan
Horse software. Rootkit is available for a wide range of operating
systems. [NSAINT] A set of tools used by an attacker after
gaining root-level access to a host to conceal the attacker's
activities on the host and permit the attacker to maintain root-level
access to the host through covert means. [800-61] (see also networks, passwords, software, attack)
- rotational delay
- For disk drives, the delay in rotating the correct sector under the read/write head. [SRV] (see also automated information system)
- round-function
- A function f (.,.) that transforms two binary strings of lengths L f to a binary string of length L f . NOTE - It is used iteratively as part of a hash function, where it combines an 'expanded' data block of length L f with the previous output of length L f . [SC27] A function f(.,.) that transforms two binary strings of lengths L1 and L2 to a binary string of length L2. It is used iteratively as part of a hash function, where it combines a data string of length L1 with the previous output of length L2. [ISO/IEC 10118-1: 2000, ISO/IEC ] Function f(.,.) that transforms two binary strings of lengths L1 and L2 to a binary string of length L2. NOTE - It is used iteratively as part of a hash function, where it combines a data string of length L1 with the previous output of length L2. [ISO/IEC FDIS 9797-2 (09/2000)] A function f(.,.) that transforms two binary strings of lengths Lf to a binary string of length Lf. NOTE - It is used iteratively as part of a hash function, where it combines an 'expanded' data block of length Lf with the previous output of length Lf. [SC27] A function f (.,.) that transforms two binary strings of lengths L 1 and L 2 to a binary string of length L 2. It is used iteratively as part of a hash function, where it combines a data string of length L 1 with the previous output of length L 2. [SC27] Function f (.,.) that transforms two binary strings of lengths L 1 and L 2 to a binary string of length L 2. NOTE - It is used iteratively as part of a hash function, where it combines a data string of length L 1 with the previous output of length L 2. [SC27] (see also hash)
- router
- (I) A computer that is a gateway between two networks
at OSI layer and that relays and directs data packets through that
internetwork. The most common form of router operates on IP packets. (I)
Internet usage: In the context of the Internet protocol suite,
networked computer that forwards Internet Protocol packets that are not
addressed to the computer itself. [RFC2828] A device that connects two networks or network segments and may use IP to route messages. [CIAO] A hardware device that connects two or more networks and routes incoming data packets to the appropriate network. [FFIEC] A router keeps a record of network node addresses and current network status; it also extends LANs. [SRV]
An interconnection device that is similar to a bridge but serves
packets or frames containing certain protocols. Routers link LANs at
the network layer. [NSAINT] (see also bridge, networks, internet) (includes filtering router, screening router)
- router-based firewall
- A firewall where the security is implemented using screening routers as the primary means of protecting the network. [SRV] (see also networks, security, firewall)
- routing
- The process of moving information from its source to a destination. [FFIEC]
- routing control
- The application of rules during the process of routing so as to choose or avoid specific networks, links or relays. [NSAINT] (see also networks)
- RSA algorithm
- RSA stands for Rivest-Shamir-Aldeman. A public-key
cryptographic algorithm that hinges on the assumption that the
factoring of the product of two large primes is difficult. [NSAINT] (see also Rivest-Shamir-Adleman)
- rule set
- The collection of access control rules that determines which
packets the DUT/SUT will forward and which it will reject. Rule sets
control access to and from the network interfaces of the DUT/SUT. By
definition, rule sets do not apply equally to all network interfaces;
otherwise there would be no need for the firewall. For benchmarking
purposes, a specific rule set is typically applied to each network
interface in the DUT/SUT. The tester must describe the complete
contents of the rule set of each DUT/SUT. To ensure measurements
reflect only traffic forwarded by the DUT/SUT, testers are encouraged
to include a rule denying all access except for those packets allowed
by the rule set. [RFC2647] (see also access control, allowed traffic, demilitarized zone, illegal traffic, networks, policy, protected network, rejected traffic, security association, test, unprotected network, firewall)
- rule-based security policy
- (I) 'A security policy based on global rules imposed
for all users. These rules usually rely on comparison of the
sensitivity of the resource being accessed and the possession of
corresponding attributes of users, a group of users, or entities acting
on behalf of users.' [RFC2828] A security policy based on global
rules imposed for all subjects. These rules usually rely on a
comparison of the sensitivity of the objects being accessed and the
possession of corresponding attributes by the subjects requesting
access. [SRV] (see also policy, security)
- rules based detection
- The intrusion detection system detects intrusions by looking
for activity that corresponds to known intrusion techniques
(signatures) or system vulnerabilities. Also known as Misuse Detection.
[NSAINT] (see also misuse detection model, security software)
- rules of behavior
- The rules that have been established and implemented
concerning use of, security in, and acceptable level of risk for the
system. Rules will clearly delineate responsibilities and expected
behavior of all individuals with access to the system. Rules should
cover such matters as work at home, dial-in access, connection to the
Internet, use of copyrighted works, unofficial use of federal
government equipment, the assignment and limitation of system
privileges, and individual accountability. [800-37] (see also internet, risk, security)
- run
- An expression to execute a computer program. [SRV]
- run manual
- A document that provides application-specific operating
instructions, such as error messages, job setup procedures, console
commands and messages, job/step checkpoints, and job/step restart and
recovery procedures. [SRV] (see also recovery)
- S/Key
- (I) A security mechanism that uses a cryptographic hash
function to generate a sequence of 64-bit, one-time passwords for
remote user login. (C) The client generates a one-time password
by applying the MD4 cryptographic hash function multiple times to the
user's secret key. For each successive authentication of the user, the
number of hash applications is reduced by one. (Thus, an intruder using
wiretapping cannot compute a valid password from knowledge of one
previously used.) The server verifies a password by hashing the
currently presented password (or initialization value) one time and
comparing the hash result with the previously presented password. [RFC2828] (see also authentication, hash, key)
- safeguarding statement
- Statement affixed to a computer output or printout that states
the highest classification being processed at the time the product was
produced and requires control of the product, at that level, until
determination of the true classification by an authorized person. [NSTISSC]
- safeguards
- A practice, procedure or mechanism that reduces risk. Note
that the term 'safeguard' is normally considered to be synonymous with
the term 'control'. [SC27] (see security safeguards)
- safety
- (I) The property of a system being free from risk of causing harm to system entities and outside entities. [RFC2828]
(DOD) Freedom from those conditions that can cause death, injury,
occupational illness, or damage to or loss of equipment or property, or
damage to the environment. (I) The property of a system being free from
risk of causing harm to system entities and outside entities. Software
is deemed safe if it is impossible (or at least highly unlikely) that
the software could ever produce an output that would cause a
catastrophic event for the system that the software controls. Examples
of catastrophic events include loss of physical property, physical
harm, and loss-of-life. [OVT] Freedom from those conditions that can cause death or injury, or damage to or loss of data, hardware, or software. [SRV] (see also risk, software)
- safety-critical software
- Safety-critical software is any software that can directly or
indirectly contribute to the occurrence of a hazardous system state. [OVT] (see also automated information system)
- salami technique
- The process of secretly and repetitively slicing away tiny amounts of money in a way that is unlikely to be noticed. [AFSEC] (see also threat)
- salt
- (I) A random value that is concatenated with a password
before applying the one-way encryption function used to protect
passwords that are stored in the database of an access control system. (C) Salt protects a password-based access control system against a dictionary attack. [RFC2828] Random data produced by the signing entity during the generation of the message representative in Signature scheme 2. [SC27] (see also access control, attack, encryption, passwords)
- sample
- A portion of a population that is examined or tested in order
to obtain information or draw conclusions about the entire population. [SRV] (see also test)
- sampling distribution
- The distribution of a statistic. [SRV]
- sampling error
- Each estimate generated from a probability sample has a
measurable precision, or sampling error, that may be expressed as a
plus or minus figure. A sampling error indicates how closely we can
reproduce from a sample the results that we would obtain if we were to
take a complete count of the population using the same measurement
methods. By adding the sampling error to and subtracting it from the
estimate, we can develop upper and lower bounds for each estimate. This
range is called a confidence interval. Sampling errors and confidence
intervals are stated at a certain confidence level. For example, a
confidence interval at the 95-percent confidence level means that in 95
of 100 instances, the sampling procedure we used would produce a
confidence interval containing the population value we are estimating. [SRV] (see also precision)
- sampling frame
- A means of access to a population, usually a list of the
sampling units contained in the population. The list may be a paper
printout, a magnetic tape/disk file, or a physical file of such things
as payroll records or accounts receivable. [SRV]
- Samurai
- A hacker who hires out for legal cracking jobs, snooping for
factions in corporate political fights, lawyers pursuing privacy-rights
and First Amendment cases, and other parties with legitimate reasons to
need an electronic locksmith. [NSAINT] (see also hacker, privacy)
- sandboxed environment
- The enforcement of access control by a native programming
language such that an applet can only access limited resources. Java
applets run in a sandboxed environment where an applet cannot read or
write local files, cannot start or interact with local processes, and
cannot load or link with dynamic libraries. While a sandboxed
environment provides excellent protection against accidental or
malicious destruction or abuse of local resources, it does not address
the security issues related to authentication, authorization, privacy,
integrity, and non-repudiation. [misc] (see also authentication, non-repudiation, privacy, access control)
- sanitization
- The changing of content information in order to meet the
requirements of the sensitivity level of the network to which the
information is being sent. [IATF] (see also networks, requirements, security)
- sanitize
- (I) Delete sensitive data from a file, a device, or a
system; or modify data so as to be able to downgrade its classification
level. [RFC2828] Process to remove information from media such
that data recovery is not possible. It includes removing all classified
labels, markings, and activity logs. [NSTISSC] To expunge data from storage media (e.g., diskettes, CD-ROMs, tapes) so that data recovery is impossible. [CIAO] (see also classification level, recovery, security)
- sanitizing
- The degaussing or overwriting of sensitive information in magnetic or other storage media. Synonymous with scrubbing. [SRV]
- sas 70 report
- An audit report of a servicing organization prepared in
accordance with guidance provided in the American Institute of
Certified Public Accountants' Statement of Auditing Standards Number
70. [FFIEC] (see also audit)
- SATAN
- Security Administrator Tool for Analyzing Networks - A tool
for remotely probing and identifying the vulnerabilities of systems on
IP networks. A powerful freeware program which helps to identify system
security weaknesses. [NSAINT] (see also networks, security software)
- SAVILLE Advanced Remote Keying (SARK)
- (see also key)
- scalability
- The ability to move application software source code and data
into systems and environments that have a variety of performance
characteristics and capabilities without significant modification. [SRV]
The ability to move application software source code and data, without
significant modification, into systems and environments that have a
variety of performance characteristics and capabilities. [SRV] (see also software)
- scaling
- Ability to easily change in size or configuration to suit changing conditions. [CIAO]
- scanning
- Sending packets or requests to another system to gain information to be used in a subsequent attack. [800-61] (see also attack)
- scavenging
- Searching through data residue in a system to gain unauthorized knowledge of sensitive data. [RFC2828]
Searching through object residue to acquire data. scratch pad store
(SPS) Temporary key storage in crypto-equipment. (C.F.D.) [NSTISSC] Searching through object residue to acquire unauthorized data. [AJP][NCSC/TG004] Searching through residue for the purpose of unauthorized data acquisition. [SRV] (see also cryptography, attack, threat consequence) (includes object)
- scheme
- Set of rules defining the environment, including criteria and methodology required to conduct an assessment. [SC27]
- scope of a requirement
- Determination of whether a requirement applies to: all users,
subjects, and objects of the TCB; all the TCB commands and application
programming interfaces; all TCB elements; all configurations, or only a
defined subset of configurations. [AJP][FCv1] (see also requirements, trusted computing base) (includes object, subject)
- Scope of Accreditation
- The test methods for which a CCTL has been accredited by NVLAP
and the specific technology areas where those approved test methods may
be applied when conducting IT security evaluations within the NIAP
Common Criteria Evaluation and Validation Scheme. [NIAP] (see also computer security, evaluation, security, test, Common Criteria Testing Laboratory, accreditation)
- scratch pad store (SPS)
-
- screen scraping
- A process used by information aggregators to gather
information from a customer's website, whereby the aggregator accesses
the target site by logging in as the customer, electronically reads and
copies selected information from the displayed webpage(s), then
redisplays the information on the aggregator's site. The process is
analogous to 'scraping' the information off the computer screen. [FFIEC] (see also automated information system)
- screened host firewall
- It combines a packet-filtering router with an application gateway located on the protected subnet side of the router. [SRV] (see also automated information system, firewall)
- screened subnet firewall
- Conceptually, it is similar to a dual-homed gateway, except
that an entire network, rather than a single host is reachable from the
outside. It can be used to locate each component of the firewall on a
separate system, thereby increasing throughput and flexibility. [SRV] (see also networks, firewall)
- screening router
- (I) A synonym for 'filtering router'. [RFC2828]
A router is used to implement part of the security of a firewall by
configuring it to selectively permit or deny traffic at a network
level. [SRV] (see also filtering router, firewall, networks, security, router)
- script
- A file containing active content; for example, commands or instructions to be executed by the computer. [FFIEC]
- seal
- (O) To use cryptography to provide data integrity service for a data object. (D)
ISDs SHOULD NOT use this definition; instead, use language that is more
specific with regard to the mechanism(s) used, such as 'sign' when the
mechanism is digital signature. [RFC2828] (see also cryptography, digital signature)
- secrecy policy
- A security policy to prevent unauthorized users from reading sensitive information. [AJP][TNI] (see also security, security policy, policy)
- secret
- (I) (1.) Adjective: The condition of information being
protected from being known by any system entities except those who are
intended to know it. (2.) Noun: An item of information that is
protected thusly. (C) This term applies to symmetric keys, private keys, and passwords. [RFC2828]
A PIN or password that is only known to a single entity (as opposed to
shared secret). In conjunction with a personal token it is possible to
demonstrate 'something you know' authentication when the correct
operation of the hardware token is dependent on entering the correct
secret. In this scenario, it is not necessary for the secret to be
shared in order to establish authentication. [misc] Information that must be known only to authorized users and/or the TSF in order to enforce a specific SFP. [CC2][CC21][SC27] (see also authentication, key, passwords, private key, shared secret, tokens, TOE security functions, classification level)
- secret and below interoperability (SABI)
-
- secret key
- A cryptographic key used with a secret key cryptographic
algorithm, uniquely associated with one or more entities, and that
shall not be made public. The use of the term secret in this context
does not imply a classification level, rather the term implies the need
to protect the key from disclosure or substitution. [SRV] A key used by a symmetric algorithm to encrypt and decrypt data. [IATF] A key used with symmetric cryptographic techniques and usable only by a set of specified entities. [SC27]
A key used with symmetric cryptographic techniques and usable only by a
set of specified entities. [ISO/IEC 11770-1: 1996, ISO/IEC WD 13888-1
(11/2001)] A key used with symmetric cryptographic techniques by a set
of specified entities. [ISO/IEC 11770-3: 1999, ISO/IEC FDIS 15946-3
(02/2001)] Key used with symmetric cryptographic techniques by a set of
specified entities. [SC27] A key used with symmetric cryptographic techniques by a set of specified entities. [SC27] Key used with symmetric cryptographic techniques by a set of specified entities. [SC27]
The key that two parties share and keep secret for secret key
cryptography. Given secret key algorithms of equal strength, the
approximate difficulty of decrypting encrypted messages by brute force
search can be measured by the number of possible keys. e.g. a key
length of 56 bits is over 65,000 times stronger or more resistant to
attack than a key length of 40 bits. [AJP] (see also key, secret-key cryptography, symmetric algorithm)
- secret-key cryptography
- (I) A synonym for 'symmetric cryptography'. [RFC2828] Cryptography based on a single key (or symmetric cryptography). It uses the same secret key for encryption and decryption. [SRV]
Cryptography based on a single key (or symmetric cryptography). It uses
the same secret key for encryption and decryption. Messages are
encrypted using a secret key and a secret key cryptographic algorithm,
such as Skipjack, DES (Data Encryption Standard), RC2 (Rivest Cipher
2), or RC4 (Rivest Cipher 4). [AJP] (see also encryption, key) (includes secret key)
- sector
- 1) One of the two divisions of the economy (private or
public); 2) A group of industries or infrastructures that perform a
similar function within a society. (e.g., vital human services) [CIAO]
- sector coordinator
- The majority of critical infrastructures are owned and
operated by private sector entities. Members of each critical
infrastructure sector will designate an individual to work with the
Federal Lead Agency Sector Liaison to address problems related to
critical infrastructure protection and recommend components for the
National Plan for Information Systems Protection. [CIAO] (see also critical infrastructure)
- sector liaison
- An individual of Assistant Secretary rank or higher designated
by each Federal Lead Agency who cooperates with private sector
representatives in addressing problems related to critical
infrastructure protection and recommending components for the National
Plan for Information Systems Protection. [CIAO] (see also critical infrastructure)
- secure channel
- An information path in which the set of all possible senders
can be known to the receivers, the set of all possible receivers can be
known to the senders, or both. [SRV] (see also security)
- secure communications
- Telecommunications deriving security through use of type 1 products and/or PDSs. [NSTISSC] (see also security)
- secure configuration management
- The set of procedures appropriate for controlling changes to a
system's hardware and software structure for the purpose of ensuring
that changes will not lead to violations of the computer system's
security policy. [AJP][NCSC/TG004][SRV] (see also policy, software, configuration management)
- Secure Data Exchange (SDE)
- (N) A local area network security protocol defined by the IEEE 802.10 standard. [RFC2828] (see also communications security, networks, security protocol)
- Secure Data Network System (SDNS)
- (N) An NSA program that developed security protocols
for electronic mail (Message Security Protocol), OSI layer 3 (SP3), OSI
layer 4 (SP4), and key management (KMP). [RFC2828] (see also National Security Agency, email, key, networks, security protocol, system)
- secure digital net radio interface unit (SDNRIU)
- (see also security)
- Secure Electronic Transaction (SET)
- (N) A protocol developed jointly by MasterCard
International and Visa International and published as an open standard
to provide confidentiality of transaction information, payment
integrity, and authentication of transaction participants for payment
card transactions over unsecured networks, such as the Internet. (C)
This term and acronym are trademarks of SETCo. MasterCard and Visa
announced the SET standard on 1 February 1996. On 19 December
MasterCard and Visa formed SET Secure Electronic Transaction LLC
(commonly referred to as 'SETCo') to implement the SET 1.0
specification. A memorandum of understanding adds American Express and
JCB Credit Card Company as co-owners of SETCo. [RFC2828] (see also authentication, confidentiality, internet, networks) (includes SET private extension, SET qualifier, acquirer, authorize, baggage, bank identification number, brand, brand CRL identifier, brand certification authority, cardholder, cardholder certificate, cardholder certification authority, certificate, certificate policy, certification, certification hierarchy, dual signature, electronic commerce, encryption, geopolitical certificate authority, issuer, key, merchant, merchant certificate, merchant certification authority, payment card, payment gateway, payment gateway certification authority, primary account number, registration authority, risk, tokens, tunnel)
- secure envelope (SENV)
- A set of data items which is constructed by an entity in such
a way that any entity holding the secret key can verify their integrity
and origin. For the purpose of generating evidence, the SENV is
constructed and verified by a TTP with a secret key known only to the
TTP. [SC27] (see also evidence, security)
- secure hash algorithm (SHA)
- A message digest algorithm that digests a message of arbitrary size to 160 bits. SHA is a cryptographic checksum algorithm. [misc] Algorithm that can generate a condensed message representation called a message digest. [CIAO] An algorithm that can generate a condensed message representation of a message or a data file, called a message digest. [SRV] (see also Digital Signature Algorithm, algorithm, hash, integrity)
- Secure Hash Standard (SHA-1)
- (N) The U.S. Government standard that specifies the
Secure Hash Algorithm (SHA-1), a cryptographic hash function that
produces a 160-bit output (hash result) for input data of any length
< 2**64 bits. [RFC2828] Specification for a secure hash algorithm that can generate a condensed message representation called a message digest. [NSTISSC] (see also cryptography, hash)
- secure hypertext transfer protocol (S-HTTP)
- (I) A Internet protocol for providing client-server security services for HTTP communications. (C)
S-HTTP was originally specified by CommerceNet, a coalition of
businesses interested in developing the Internet for commercial uses.
Several message formats may be incorporated into S-HTTP clients and
servers, particularly CMS and MOSS. S-HTTP supports choice of security
policies, key management mechanisms, and cryptographic algorithms
through option negotiation between parties for each transaction. S-HTTP
supports both asymmetric and symmetric key operation modes. S-HTTP
attempts to avoid presuming particular trust model, but it attempts to
facilitate multiply-rooted hierarchical trust and anticipates that
principals may have many public key certificates. [RFC2828] An extension to the HTTP protocol to protect the privacy and integrity of HTTP communications. [misc] (see also certificate, communications, key, model, privacy, public-key infrastructure, trust, internet, security protocol)
- secure hyptertext transfer protocol
- (see also world wide web)
- secure mobile unit (SMU)
- (see also security)
- secure multipurpose internet mail extensions (S/MIME)
- A protocol for sending secure e-mail. [misc] S/MIME A
version of the MIME protocol that supports encrypted messages. S/MIME
is based on RSA's public-key encryption technology. [IATF] (see also Secure/MIME, email, encryption, key, multipurpose internet mail extensions, security protocol)
- secure network server
- A device that acts as a gateway between a protected enclave and the outside world. [NSAINT] (see also networks, security)
- secure operating system
- An operating system that effectively controls hardware and
software functions in order to provide the level of protection
appropriate to the value of the data and resources managed by the
operating system. [SRV] Resident software controlling hardware
and other (C.F.D.) software functions in an IS to provide a level of
protection or security appropriate to the classification, sensitivity,
and/or criticality of the data and resources it manages. [NSTISSC] (see also software, system)
- secure profile inspector (SPI)
- A network monitoring tool for Unix, developed by the Department of Energy. [NSAINT] (see also networks, security)
- secure shell (SSH)
- (I) A protocol for secure remote login and other secure network services over an insecure network. (C) Consists of three major components:
- Transport
layer protocol: Provides server authentication, confidentiality, and
integrity. It may optionally also provide compression. The transport
layer will typically be run over a TCP/IP connection, but might also be
used on top of any other reliable data stream.
- User authentication protocol: Authenticates the client-side user to the server. It runs over the transport layer protocol.
- Connection
protocol: Multiplexes the encrypted tunnel into several logical
channels. It runs over the user authentication protocol.
[RFC2828] A completely encrypted shell connection between two machines protected by a super long pass-phrase. [NSAINT] (see also authentication, confidentiality, encryption, networks, internet)
- secure single sign-on (SSSO)
- Secure single sign-on, or SSSO satisfies three synergetic sets
of requirements. From an end-user perspective, SSSO refers to the
ability of using a single user ID and a single password to logon once
and gain access to all resources that one is allowed to access. From an
administrative perspective, SSSO allows management of all
security-related aspects of one's enterprise from a central location.
This includes adding, modifying, and removing users as well as granting
and revoking access to resources. From an enterprise perspective, SSSO
provides the ability to protect the privacy and the integrity of
transactions as well as to engage in auditable and non-repudiable
transactions. [misc] (see also audit, non-repudiation, privacy, single sign-on, authorization, passwords)
- secure socket layer (SSL)
- (N) An Internet protocol (originally developed by
Netscape Communications, Inc.) that uses connection-oriented end-to-end
encryption to provide data confidentiality service and data integrity
service for traffic between a client (often a web browser) and a
server, and that can optionally provide peer entity authentication
between the client and the server. (C) SSL is layered below HTTP
and above a reliable transport protocol (TCP). SSL is independent of
the application it encapsulates, and any higher level protocol can
layer on top of SSL transparently. However, many Internet applications
might be better served by IPsec. (C) SSL has two layers: (a)
SSL's lower layer, the SSL Record Protocol, is layered on top of the
transport protocol and encapsulates higher level protocols. One such
encapsulated protocol is SSL Handshake Protocol. (b) SSL's upper layer
provides asymmetric cryptography for server authentication (verifying
the server's identity to the client) and optional client authentication
(verifying the client's identity to the server), and also enables them
to negotiate a symmetric encryption algorithm and secret session key
(to use for data confidentiality) before the application protocol
transmits or receives data. A keyed hash provides data integrity
service for encapsulated data. [RFC2828] A session layer protocol that provides authentication and confidentiality to applications. [NSAINT] A standard by for establishing a secure communication link using a public key system. [misc]
An encryption system developed by Netscape. SSL protects the privacy of
data exchanged by the website and the individual user. It is used by
websites whose names begin with https instead of http. [FFIEC]
The secure socket layer is a protocol invented by Netscape
Communications, Inc. to provide end-to-end encryption of application
layer network traffic. [SRV] (see also authentication, communications, confidentiality, encryption, hash, hypertext transfer protocol, key, networks, privacy, remote access software, transport layer security, security protocol, world wide web)
- secure state
- (I) A system condition in which no subject can access any object in an unauthorized manner. [RFC2828] A condition in which no subject can access any object in an unauthorized manner. [AJP][NCSC/TG004] Condition in which no subject can access any object in an unauthorized manner. [NSTISSC] Condition in which no subject can access or utilize any object in an unauthorized manner. [IATF] (see also access control) (includes object, subject)
- secure subsystem
- A subsystem that contains its own implementation of the
reference monitor concept for those resources it controls. However, the
secure subsystem must depend on other controls and the base operating
system for the control of subjects and the more primitive system
objects. [AJP][NCSC/TG004] Subsystem containing its own
implementation of the reference monitor concept for those resources it
controls. Secure subsystem must depend on other controls and the base
operating system for the control of subjects and the more primitive
system objects. [NSTISSC] (see also security, system) (includes object, subject)
- secure telephone unit (STU)
- (see also security)
- secure terminal equipment (STE)
- (see also security)
- Secure/MIME
- (I) Secure/Multipurpose Internet Mail Extensions, an
Internet protocol to provide encryption and digital signatures for
Internet mail messages. [RFC2828] (see also secure multipurpose internet mail extensions, digital signature, encryption, internet)
- security
- (1) The combination of confidentiality, integrity, and
availability. (2) The quality or state of being protected from
uncontrolled losses or effects. Note: Absolute security may in practice
be impossible to reach; thus the security 'quality' could be relative.
Within state models of security systems, security is a specific 'state'
that is to be preserved under various operations. [AJP] (I)
(1.) Measures taken to protect a system. (2.) The condition of system
that results from the establishment and maintenance of measures to
protect the system. (3.) The condition of system resources being free
from unauthorized access and from unauthorized or accidental change,
destruction, or loss. [RFC2828] A condition that results from
the establishment and maintenance of protective measures that ensure a
state of inviolability from hostile acts or influences. [NSAINT]
A condition that results from the establishment and maintenance of
protective measures that ensure a state of inviolability from hostile
acts or influences. The subfield of information science concerned with
ensuring that information systems are imbued with the condition of
being secure, as well as the means of establishing, testing, auditing,
and otherwise maintaining that condition. (I) (1.) Measures taken to
protect a system. (2.) The condition of a system that results from the
establishment and maintenance of measures to protect the system. (3.)
The condition of system resources being free from unauthorized access
and from unauthorized or accidental change, destruction, or loss.
Security is concerned with the protection of assets from threats, where
threats are categorised as the potential for abuse of protected assets.
All categories of threats should be considered; but in the domain of
security greater attention is given to those threats that are related
to malicious or other human activities. [OVT] All aspects
related to defining, achieving, and maintaining confidentiality,
integrity, availability, accountability, authenticity, and reliability.
NOTE - A product, system, or service is considered to be secure to the
extent that its users can rely that it functions (or will function) in
the intended way. This is usually considered in the context of an
assessment of actual or perceived threats. [SC27] Preservation
of the authenticity, integrity, confidentiality, and ensured service of
any sensitive or nonsensitive system-valued function and/or information
element. [SRV] Security is a system property. Security is much
more than a set of functions and mechanisms. Information system
security is a system characteristic as well as a set of mechanisms that
span the system both logically and physically. [SRV] The combination of confidentiality, integrity, and availability. [FCv1]
The quality or state being protected from uncontrolled losses or
effects. Note: Absolute security may in practice be impossible to
reach; thus the security 'quality' could be relative. Within
state-models of security systems, security is a specific 'state', that
is to be preserved under various operations. [JTC1/SC27] (see also Abrams, Jojodia, Podell essays, BLACK, British Standard 7799, Defense Information Infrastructure, Defensive Information Operations, Evaluation Work Plan, FIPS PUB 140-1, Federal Information Processing Standards, Federal Standard 1027, IEEE 802.10, IPsec Key Exchange, International Traffic in Arms Regulations, Internet Engineering Task Force, Monitoring of Evaluations, Open Systems Interconnection Reference model, Orange book, POSIX, Post Office Protocol, version 3, RED, Rivest-Shamir-Adleman, Scope of Accreditation, Wassenaar Arrangement, Yellow book, access, accreditation disapproval, accreditation phase, accreditation range, aggregation, alert, anonymous, approval/accreditation, availability, benign environment, beyond A1, binding, binding of functionality, breach, category, certificate domain, certification agent or certifier, certification phase, classification level, classified, clean system, clearance level, command and control warfare, compromise, concealment system, confidence, conformant validation certificate, connectionless data integrity service, contingency planning, control, control class, control family, control identification list, criteria, critical elements, critical mechanism, database management system, declassification of AIS storage media, deliverable, designated, designation policy, domain of interpretation, domain parameter, dominated by, dominates, element, enhanced hierarchical development methodology, evaluated system, evaluation, exploitation, facility manager, family, filtering router, formal top-level specification, formal verification, full accreditation, functionality, functionality class, hardware and system software maintenance, https, incident response capability, independent assessment, indistinguishability, information flow control, interim accreditation, interim accreditation action plan, internal system exposure, least privilege, levels of concern, logical access, management controls, media protection, mode of operation, model, modes of operation, multilevel device, multilevel secure, network front-end, network management, network management software, network sponsor, network system, no-lone zone, non-repudiation service, object identifier, observation reports, operational controls, operations manager, out of band, overwrite procedure, package, packet filter, party, personalization service, physical and environmental protection, physical protection, policy, post-accreditation phase, pre-certification phase, print suppression, privacy, privacy protection, privileged process, producers, profile, program manager, protection philosophy, public law 100-235, public-key forward secrecy, quality, quality of protection, random, reference monitor, requirements, requirements for procedures and standards, restricted area, risk treatment, router-based firewall, rules of behavior, sanitize, screening router, secrecy policy, secure channel, secure communications, secure digital net radio interface unit, secure envelope, secure mobile unit, secure subsystem, secure telephone unit, secure terminal equipment, sensitive label, signed applet, simple network management protocol, single-level device, site certification, sneaker, special information operations, suitability of functionality, system development and acquisition, system files, system interconnection, system low, system testing, technology area, tiger team, top-level specification, trusted network interpretation, trusted third party, trustworthy system, two-person control, unauthorized access, validate vs. verify, verification techniques, vulnerability, vulnerability analysis, work factor, accreditation) (includes C2-protect, Common Criteria for Information Technology Security, Common IP Security Option, Cryptographic Application Program Interface, Generic Upper Layer Security, Guidelines and Recommendations for Security Incident Processing, National Industrial Security Advisory Committee, National Security Agency, National Security Decision Directive, National Security Decision Directive 145, National Security Directive, National Security Emergency Preparedness, National Security Telecommunications Advisory Committee, Simple Distributed Security Infrastructure, Standard Security Label, Standards for Interoperable LAN/MAN Security, TEMPEST, access control, accountability, add-on security, adequate security, adversary, application program interface, application-level firewall, assurance, asynchronous transfer mode, attack, audit, authentication, automated information system, baseline, binding of security functionality, biometrics, call back, call back security, closed security environment, code division multiple access, communications deception, compartmented security mode, computer emergency response team, computer security, concept of operations, confidentiality, contractor special security officer, control zone, correctness proof, data security, dedicated security mode, defense-in-depth, developer security, dial-up security, downgrade, dual control, economy of mechanism, electronic security, end-to-end security, entity-wide security, formal model of security policy, front-end security filter, functional security requirements specification, future narrow band digital terminal, generally accepted system security principles, global command and control system, global information grid, global network information environment, guard, hash, host-based security, information security, integrity, interconnection security agreements, internet control message protocol, key, key management, labeled security protections, layered solution, motivation, multilevel security, multilevel security mode, mutual suspicion, mutually suspicious, national security information, national security system, non-discretionary security, non-technical countermeasure, noncomputing security methods, nonkernel security related, open security, open security environment, open system interconnection model, open systems security, operational data security, operational integrity, operations security, parity, partitioned security mode, personal security environment, personnel security, practices dangerous to security, procedural security, protection needs elicitation, protection profile, public-key infrastructure, risk, risk management, rule-based security policy, sanitization, secure network server, secure profile inspector, security architecture, security attribute, security authority, security awareness, training, and education, security certificate, security certification level, security class, security clearance, security compromise, security controls, security domain, security element, security environment, security event, security fault analysis, security filter, security flaw, security flow analysis, security function, security gateway, security goals, security information object, security information object class, security inspection, security intrusion, security label, security level, security management, security model, security net control station, security objective, security officer, security parameters index, security perimeter, security plan, security policy information file, security program manager, security protocol, security purpose, security range, security relevant, security requirements review, security service, security situation, security software, security specifications, security tag, security target, security test & evaluation, security testing, security-compliant channel, semantic security, separation of duties, signals security, signature, software security, special security officer, strength of mechanisms, subject security level, system integrity service, system security management, system security officer, system security plan, systems security steering group, tamper, technical countermeasure, term rule-based security policy, time division multiple access, top-level security objectives, traffic-flow security, transmission security, transport layer security, trusted computing system, tunneling router, virtual network perimeter)
- security architecture
- (I) A plan and set of principles that describe (a) the
security services that a system is required to provide to meet the
needs of its users, (b) the system elements required to implement the
services, and (c) the performance levels required in the elements to
deal with the threat environment. (C) A security architecture is
the result of applying the system engineering process. A complete
system security architecture includes administrative security,
communication security, computer security, emanations security,
personnel security, and physical security. A complete security
architecture needs to deal with both intentional, intelligent threats
and accidental kinds of threats. [RFC2828] A detailed
description of all aspects of the computer system that relate to
security, along with a set of principles to guide the design. A
security architecture describes how the system is put together to
satisfy the security requirements. [NSAINT] The subset of computer architecture dealing with the security of the computer or network system. [AJP][TNI] (see also communications security, computer security, emanation, emanations security, networks, threat, security) (includes computer architecture, network architecture)
- security association
- (I) A relationship established between two or more
entities to enable them to protect data they exchange. The relationship
is used to negotiate characteristics of protection mechanisms, but does
not include the mechanisms themselves. (C) A security
association describes how entities will use security services. The
relationship is represented by a set of information that is shared
between the entities and is agreed upon and considered a contract
between them. (O) IPsec usage: A simplex (uni-directional)
logical connection created for security purposes and implemented with
either AH or ESP (but not both). The security services offered by a
security association depend on the protocol selected, the IPsec mode
(transport or tunnel), the endpoints, and the election of optional
services within the protocol. A security association is identified by a
triple consisting of (a) a destination IP address, (b) a protocol (AH
or ESP) identifier, and (c) a Security Parameter Index. [RFC2828]
The set of security information relating to a given network connection
or set of connections. This definition covers the relationship between
policy and connections. Security associations (SAs) are typically set
up during connection establishment, and they may be reiterated or
revoked during a connection. For purposes of benchmarking firewall
performance, measurements of bit forwarding rate or UOTs per second
must be taken after all security associations have been established. [RFC2647] (see also connection establishment, policy, rule set, security protocol)
- security association identifier (SAID)
- (I) A data field in a security protocol (such as NLSP
or SDE), used to identify the security association to which a protocol
data unit is bound. The SAID value is usually used to select a key for
decryption or authentication at the destination. [RFC2828] (see also authentication, key, security protocol)
- security attribute
- Information associated with subjects, users and/or objects that is used for the enforcement of the TSP. [CC2][CC21][SC27] (see also security) (includes TOE security functions, object, subject)
- security audit
- (I) An independent review and examination of a system's
records and activities to determine the adequacy of system controls,
ensure compliance with established security policy and procedures,
detect breaches in security services, and recommend any changes that
are indicated for counter measures. [I7498 Part 2, NCS01] (C)
The basic audit objective is to establish accountability for system
entities that initiate or participate in security-relevant events and
actions. Thus, means are needed to generate and record security audit
trail and to review and analyze the audit trail to discover and
investigate attacks and security compromises. [RFC2828] A search through a computer system for security problems and vulnerabilities. [NSAINT]
An examination of security procedures and measures for the purpose of
evaluating their adequacy and compliance with established policy. [SRV] (see also attack, counter measures, policy, audit)
- security audit trail
- (I) A chronological record of system activities that is
sufficient to enable the reconstruction and examination of the sequence
of environments and activities surrounding or leading to an operation,
procedure, or event in a security-relevant transaction from inception
to final results. [RFC2828] The set of records that collectively
provide documentary evidence of processing used to aid in tracing from
original transactions forward to related records and reports, and/or
backward from records and reports to their component source
transactions. [AJP][TCSEC] (see also evidence, audit trail)
- security authority
- The entity accountable for the administration of a security policy within a security domain. [SC27] (see also security)
- security awareness, training, and education
- A family of security controls in the operations class dealing
with ensuring that employees receive adequate training to fulfill their
security responsibilities. [800-37] (see also security)
- security breach
- A violation of controls of a particular information system
such that information assets or system components are unduly exposed. [AFSEC] (see also threat)
- security certificate
- A chunk of information (often stored as a text file) that is used by the SSL protocol to establish a secure connection. [AFSEC] (see also security)
- security certification level
- A combination of techniques and procedures used during a
C&A process to verify the correctness and effectiveness of security
controls in an IT system. Security certification levels, ident ified as
SCL-1, SCL-2, or SCL-3, represent increasing levels of intensity and
rigor in the verification process and include such techniques as
reviewing and examining documentation, interviewing personnel,
conducting demonstrations and exercises, conducting functional,
regression, and penetration testing, and analyzing system design
documentation. [800-37] (see also test, verification, certification, security)
- security class
- (D) A synonym for 'security level'. For consistency, ISDs SHOULD use 'security level' instead of 'security class'. [RFC2828] (see also security)
- security clearance
- (I) A determination that a person is eligible, under
the standards of a specific security policy, for authorization to
access sensitive information or other system resources. [RFC2828] (see also clearance level, security)
- security compromise
- (I) A security violation in which a system resource is exposed, or is potentially exposed, to unauthorized access. [RFC2828] (see also unauthorized access, compromise, security)
- security controls
- Management, operational, and technical measures prescribed for
an IT system which, taken together, satisfy the specified security
requirements and protect the confidentiality, integrity, and
availability of the system and its information. Security controls can
be selected from a variety of families including risk management,
system development and acquisition, configuration management, system
interconnection, personnel security, media protection, physical and
environmental protection, contingency planning, incident response
capability, hardware and system software maintenance, system and data
integrity, security awareness, training, and education, documentation,
identification and authentication, logical access, audit, and
communications. [800-37] (see also application controls, authentication, availability, baseline controls, computer related controls, confidentiality, incident, integrity, management controls, operational controls, questions on controls, risk, technical controls, security) (includes external security controls, internal security controls)
- security counter measures
- Counter measures that are aimed at specific threats and
vulnerabilities or involve more sophisticated techniques as well as
activities traditionally perceived as security. [AFSEC][NSAINT] (see also counter measures)
- security domain
- A collections of users and systems subject to a common security policy. [SC27] A set of subjects, their information objects, and a common security policy. [SRV] The sets of objects that a subject has the ability to access. [NSAINT] (see also domain, policy, security)
- security element
- An indivisible security requirement. [CC2][CC21][SC27] (see also security)
- security enforcing
- That which directly contributes to satisfying the security objectives of the Target of Evaluation. [AJP][ITSEC] (see also risk management, target of evaluation) (includes object)
- security environment
- (I) The set of external entities, procedures, and
conditions that affect secure development, operation, and maintenance
of a system. [RFC2828] (see also security)
- security evaluation
- An evaluation done to assess the degree of trust that can be
placed in systems for the secure handling of sensitive information. It
is a major step in the certification and accreditation process. [SRV]
An evaluation done to assess the degree of trust that can be placed in
systems for the secure handling of sensitive information. One type, a
product evaluation, is an evaluation performed on the hardware and
software features and assurances of a computer product from a
perspective that excludes the application environment. The other type,
a system evaluation, is done for the purpose of assessing a system's
security safeguards with respect to a specific operational mission and
is a major step in the certification and accreditation process. [AJP][NCSC/TG004][OVT] (see also accreditation, assurance, software, trust, evaluation, risk management)
- security event
- (I) A occurrence in a system that is relevant to the security of the computer system.(C)
The term includes both events that are security incidents and those
that are not. In a CA workstation, for example, a list of security
events might include the following:
- Performing a cryptographic operation, e.g. signing a digital certificate or CRL.
- Performing a cryptographic card operation: creation, insertion, removal, or backup.
- Performing a digital certificate lifecycle operation: rekey, renewal, revocation, or update.
- Posting information to an X.500 Directory.
- Receiving a key compromise notification.
- Receiving an improper certification request.
- Detecting an alarm condition reported by a cryptographic module.
- Logging the operator in or out.
- Failing a built-in hardware self-test or a software system integrity check.
[RFC2828] An event that compromises the confidentiality, integrity, availability, or accountability of an information system. [FFIEC] (see also availability, certificate, certification, confidentiality, cryptography, incident, key, public-key infrastructure, security-relevant event, software, test, security)
- security fault analysis (SFA)
- (I) A security analysis, usually performed on hardware
at a logic gate level, gate-by-gate, to determine the security
properties of device when a hardware fault is encountered. [RFC2828]
A security analysis, usually performed on hardware at gate level, to
determine the security properties of a device when a hardware fault is
encountered. [AJP][NCSC/TG004] Assessment, usually
performed on IS hardware, to (SFA) determine the security properties of
a device when hardware fault is encountered. [NSTISSC] (see also analysis, fault, risk analysis, security)
- security features
- The security relevant functions, mechanisms, and
characteristics of system hardware and software. Security features are
a subset of system security safeguards. [SRV] The security-relevant functions, mechanisms, and characteristics of AIS hardware and software. [NSAINT]
The security-relevant functions, mechanisms, and characteristics of
system hardware and software. Security features are a subset of system
security safeguards. [AJP][NCSC/TG004] These are features
which provide protection or enable end-users and administrators to
assess the security of a system, for example, by auditing it. [RFC2504] (see also audit, software, security safeguards)
- security features users guide (SFUG)
- Guide or manual explaining how the security (SFUG) mechanisms in a specific system work. [NSTISSC] (see also user)
- security filter
- A trusted subsystem that enforces a security policy on the data that pass through it. [AJP][NCSC/TG004] IS trusted subsystem that enforces security policy on the data passing through it. [NSTISSC] (see also trust, security) (includes firewall)
- security flaw
- An error of commission or omission in a system that may allow protection mechanisms to be bypassed. [AFSEC][AJP][NCSC/TG004][OVT] Error of commission or omission in an IS that may (C.F.D.) allow protection mechanisms to be bypassed. [NSTISSC] (see also security, threat)
- security flow analysis
- A security analysis performed on a formal system specification that locates potential flows of information within the system. [AJP][NCSC/TG004] (see also analysis, security)
- security function (SF)
- A part or parts of the TOE [Target of Testing] that have to be
relied upon for enforcing a closely related subset of the rules from
the TSP [TOE Security Policy]. [OVT] A part or parts of the TOE that have to be relied upon for enforcing a closely related subset of the rules from the TSP. [CC2][CC21][SC27] (see also test, security, target of evaluation) (includes object)
- security function policy (SFP)
- The security policy enforced by an SF. [CC2][CC21][SC27] (see also policy, security policy) (includes object)
- security gateway
- (I) A gateway that separates trusted (or relatively
more trusted) hosts on the internal network side from untrusted (or
less trusted) hosts on the external network side. (O) IPsec
usage: 'An intermediate system that implements IPsec protocols.'
Normally, AH or ESP is implemented to serve a set of internal hosts,
providing security services for the hosts when they communicate with
other, external hosts or gateways that also implement IPsec. [RFC2828] (see also networks, trust, security)
- security goals
- The five security goals are integrity, availability, confidentiality, accountability, and assurance. [SRV] (see also assurance, availability, confidentiality, security)
- security incident
- (I) A security event that involves a security violation. (C) In other words, a security-relevant system event in which the system's security policy is disobeyed or otherwise breached. (O)
'Any adverse event which compromises some aspect of computer or network
security.'(D) ISDs SHOULD NOT use this 'O' definition because (a) a
security incident may occur without actually being harmful (i.e.,
adverse) and (b) this Glossary defines 'compromise' more narrowly in
relation to unauthorized access. [RFC2828] Any act or
circumstance that involves classified information that deviates from
the requirements of governing security publications, for example,
compromise, possible compromise, inadvertent disclosure, and deviation.
An event involving classified information in which there is a deviation
from the requirements of the governing security regulations. [AFSEC]
Any act or circumstance that involves classified information that
deviates from the requirements of governing security publications. For
example, compromise, possible compromise, inadvertent disclosure, and
deviation. [NSAINT] (see also communications security, networks, unauthorized access, incident)
- security information object
- An instance of an SIO class. [SC27] (see also security)
- security information object class
- An Information Object Class that has been tailored for security use. [SC27] (see also security)
- security inspection
- Examination of an IS to determine compliance with security policy, procedures, and practices. [NSTISSC] (see also security)
- security intrusion
- (I) A security event, or a combination of multiple
security events, that constitutes a security incident in which an
intruder gains, or attempts to gain, access to a system (or system
resource) without having authorization to do so. [RFC2828] (see also intrusion, incident, security)
- security kernel
- (I) 'The hardware, firmware, and software elements of a
trusted computing base that implement the reference monitor concept. It
must mediate all accesses, be protected from modification, and be
verifiable as correct.' (C) That is, a security kernel is an implementation of a reference monitor for a given hardware base. [RFC2828]
Hardware, firmware, and software elements of a trusted computing base
implementing the reference monitor concept. Security kernel must
mediate all accesses, be protected from modification, and be verifiable
as correct. [NSTISSC] The central part of a computer system that
implements the fundamental security procedures for controlling access
to system resources. A most trusted portion of a system that enforces a
fundamental property, and on which the other portions of the computer
system depend. [SRV] The hardware, firmware, and software
elements of a TCB that implement the reference monitor concept. It must
mediate all accesses, be protected from modification, and be verifiable
as correct. [NCSC/TG004] The hardware, firmware, and software
elements of a Trusted Computing Base (or Network Trusted Computing Base
partition) that implement the reference monitor concept. It must
mediate all accesses, be protected from modification, and be verifiable
as correct. [AJP][TNI] The hardware, firmware, and
software elements of a Trusted Computing Base that implement the
reference monitor concept. It must mediate all accesses, be protected
from modification, and be verifiable as correct. [NSAINT][TCSEC] (see also networks, software, trust, access control, reference monitor concept)
- security label
- (I) A marking that is bound to a system resource and
that names or designates the security-relevant attributes of that
resource. [I7498 Part 2, R1457] (C) The recommended definition
is usefully broad, but usually the term is understood more narrowly as
a marking that represents the security level of an information object,
i.e., a marking that indicates how sensitive an information object is. (C)
System security mechanisms interpret security labels according to
applicable security policy to determine how to control access to the
associated information, otherwise constrain its handling, and affix
appropriate security markings to visible (printed and displayed) images
thereof. [RFC2828] A designation assigned to a system resource
such as a file that cannot be changed except in emergency situations.
The label can be used to protect against computer viruses and corporate
espionage. A security level (i.e., a classification level) is
associated with an object. [SRV] A piece of information that represents the security level of an object. [NCSC/TG004]
Information representing the sensitivity of a subject or object, such
as its hierarchical classification (CONFIDENTIAL, SECRET, TOP SECRET)
together with any applicable nonhierarchical security categories (e.g.,
sensitive compartmented information, critical nuclear weapon design
information). [NSTISSC] Piece of information that represents the
sensitivity of a subject or object, such as its hierarchical
classification (CONFIDENTIAL, SECRET, TOP SECRET) together with any
applicable non-hierarchical security categories (e.g. sensitive
compartmented information, critical nuclear weapon design information).
[NSAINT] (see also classification level, security) (includes label, object, sensitivity label)
- security level
- (I) The combination of a hierarchical classification
level and a set of non-hierarchical category designations that
represents how sensitive information is. [RFC2828] The
combination of a hierarchical classification and a set of
non-hierarchical categories that represents the sensitivity of
information. [AJP][NCSC/TG004][NSAINT][TCSEC][TNI]
The combination of hierarchical classification and a set of
non-hierarchical categories that represent the sensitivity of
information. A clearance level associated with a subject, or a
classification level (or sensitivity label) associated with an object. [SRV] (see also classification level, security) (includes access level)
- security management
- The process of monitoring and controlling access to network
resources. This includes monitoring usage of network resources,
recording information about usage of resources, detecting attempted or
successful violations, and reporting such violations. [SRV] (see also networks, security)
- security management infrastructure (SMI)
- (I) System elements and activities that support
security policy by monitoring and controlling security services and
mechanisms, distributing security information, and reporting security
events. The associated functions are as follows [I7498-4]:
- Controlling
(granting or restricting) access to system resources: This includes
verifying authorizations and identities, controlling access to
sensitive security data, and modifying access priorities and procedures
in the event of attacks.
- Retrieving (gathering) and archiving
(storing) security information: This includes logging security events
and analyzing the log, monitoring and profiling usage, and reporting
security violations.
- Managing and controlling the encryption
process: This includes performing the functions of key management and
reporting on key management problems.
[RFC2828] A
set of interrelated activities providing security services needed by
other security features and mechanisms; SMI functions include
registration, ordering, key generation, certificate generation,
distribution, accounting, compromise recovery, rekey, destruction, data
recovery, and administration. [IATF] (see also attack, encryption, recovery, key)
- security measures
- Elements of software, firmware, hardware, or procedures that
are included in a system for the satisfaction of security
specifications. [AJP][NCSC/TG004][OVT] (see also software, risk management)
- security mechanism
- (1) That which implements a security function. (2) The logic
or algorithm that implements a particular security enforcing or
security-relevant function in hardware and software. [AJP] (I)
A process (or a device incorporating such a process) that can be used
in a system to implement a security service that is provided by or
within the system. (C) Some examples of security mechanisms are
authentication exchange, checksum, digital signature, encryption, and
traffic padding. [RFC2828] That which implements a security function. [JTC1/SC27]
The logic or algorithm that implements a particular security enforcing
or security relevant function in hardware and software. [ITSEC] (see also authentication, digital signature, encryption, software, risk management)
- security model
- (I) A schematic description of a set of entities and
relationships by which a specified set of security services are
provided by or within a system. (C) An example is the Bell-LaPadula model. [RFC2828] (see also model, security) (includes Bell-LaPadula security model)
- security net control station
- Management system overseeing and controlling implementation of network security policy. [NSTISSC] (see also communications security, networks, security)
- security objective
- A statement of intent to counter identified threats and/or satisfy identified organisation security policies and assumptions. [CC2][CC21][SC27] The contribution to security which a Target of Evaluation is intended to achieve. [ITSEC] The contribution to security which a system or product is intended to achieve. [AJP][JTC1/SC27] (see also threat, risk analysis, security, target of evaluation)
- security officer
- The ADP official having the designated responsibility for the security of and ADP system [NSAINT] (see also security)
- security parameters index (SPI)
- (I) IPsec usage: The type of security association
identifier used in IPsec protocols. A 32-bit value used to distinguish
among different security associations terminating at the same
destination (IP address) and using the same IPsec security protocol (AH
or ESP). Carried in AH and ESP to enable the receiving system to
determine under which security association to process a received
packet. [RFC2828] (see also security)
- security perimeter
- (I) The boundary of the domain in which a security
policy or security architecture applies; i.e., the boundary of the
space in which security services protect system resources. [RFC2828]
A boundary within which security controls are applied to protect
assets. A security perimeter typically includes a security kernel, some
trusted-code facilities, hardware, and possibly some communications
channels. [SRV] All components/devices of an IS to be
accredited. Separately accredited components generally are not included
within the perimeter. [NSTISSC] The boundary where security controls are in effect to protect assets. [AJP][NCSC/TG004][NSAINT] (see also trust, security) (includes perimeter-based security)
- security plan
- Formal document that provides an overview of the security
requirements of the IT system and describes the security controls in
place or planned for meeting those requirements. [800-37] (see also security)
- security policy
- (1) A set of rules and procedures regulating the use of
information, including its processing, storage, distribution, and
presentation. (2) The set of laws, rules, and practices that regulate
how an organization manages, protects, and distributes sensitive
information. [AJP] (I) A set of rules and practices that
specify or regulate how a system or organization provides security
services to protect sensitive and critical system resources. (O) 'The set of rules laid down by the security authority governing the use and provision of security services and facilities.' (C)
Ravi Sandhu notes that security policy is one of four layers of the
security engineering process (as shown in the following diagram). Each
layer provides a different view of security, ranging from what services
are needed to how services are implemented. What Security Services
Should Be Provided?
| + - - - - - - - - - - - +
| | Security Policy |
| + - - - - - - - - - - - + + - - - - - - - - - - - - - - +
| | Security Model | | A 'top-level specification' |
| + - - - - - - - - - - - + <- | is at a level below 'model' |
| | Security Architecture | | but above 'architecture'. |
| + - - - - - - - - - - - + + - - - - - - - - - - - - - - +
| | Security Mechanism |
| + - - - - - - - - - - - +
v
How Are Security Services Implemented?
[RFC2828]
A security policy is written by organisations to address security
issues, in the form of 'do's' and 'don'ts'. These guidelines and rules
are for users with respect to physical security, data security,
information security and content (eg. rules stating that sites with
sexual content should not be visited, and that copyrights should be
honoured when downloading software, etc). [RFC2504] A set of
rules and procedures regulating the use of information including its
processing, storage, distribution and presentation. [JTC1/SC27]
The set of laws, rules, and practices that regulate how an organization
manages, protects, and distributes sensitive information. [AJP][FCv1][NCSC/TG004][NSAINT][TCSEC][TDI][TNI] The statement of required protection of the information objects. [SRV]
What security means to the user; a statement of what is meant when
claims of security are made. More formally, it is the set of rules and
conditions governing the access and use of information. Typically, a
security policy will refer to the conventional security services, such
as confidentiality, integrity, availability, etc., and perhaps their
underlying mechanisms and functions. [IATF] (see also availability, confidentiality, incident, information protection policy, integrity policy, model, secrecy policy, software, threat, component operations, information systems security policy, policy, risk management, security-relevant event, user) (includes FIPS approved security method, TOE security policy, corporate security policy, critical security parameters, cryptographic module security policy, formal security policy model, object, organisational security policy, security function policy, security policy model, system security policy, technical security policy, trusted functionality, trusted process, trusted subject, usage security policy)
- security policy information file
- A construct that conveys domain-specific security policy information. [SC27] (see also policy, security)
- security policy model
- (1) A formal presentation of the security policy enforced by
the system. It must identify the set of rules and practices that
regulate how a system manages, protects, and distributes sensitive
information. (2) An informal presentation of a formal security policy
model. Note: this is the original definition from the U.S. Trusted
Computer System Evaluation Criteria. [AJP] A formal presentation
of the security policy enforced by the system. It must identify the set
of rules and practices that regulate how a system manages, protects,
and distributes sensitive information. [NCSC/TG004][NSAINT] An informal presentation of a formal security policy model. [TCSEC][TNI] (see also evaluation, policy, trust, trusted computer system, model, security policy) (includes anomaly detection model, misuse detection model)
- security program manager
- Ensures a standard C&A process is used throughout the
agency, provides internal C&A guidance or policy, and, if
appropriate, reviews certification packages prior to DAA review. [800-37] (see also certification, security)
- Security Protocol 3 (SP3)
- (O) A protocol developed by SDNS to provide connectionless data security at the top of OSI layer 3. [RFC2828] (see also security protocol)
- Security Protocol 4 (SP4)
- (O) A protocol developed by SDNS to provide either
connectionless or end-to-end connection-oriented data security at the
bottom of OSI layer 4. [RFC2828] (see also security protocol)
- security protocol
- (see also protocol, security) (includes Authentication Header, Challenge Handshake Authentication Protocol, Distributed Authentication Security Service, Extensible Authentication Protocol, Generic Security Service Application Program Interface, Identification Protocol, Internet Protocol Security Option, Internet Protocol security, Internet Security Association and Key Management Protocol, Key Management Protocol, Layer 2 Forwarding Protocol, Layer 2 Tunneling Protocol, Lightweight Directory Access Protocol, MIME Object Security Services, Message Security Protocol, Network Layer Security Protocol, On-line Certificate Status Protocol, Password Authentication Protocol, Remote Authentication Dial-In User Service, Secure Data Exchange, Secure Data Network System, Security Protocol 3, Security Protocol 4, Simple Authentication and Security Layer, Simple Key-management for Internet Protocols, Terminal Access Controller Access Control System, Transport Layer Security Protocol, encapsulating security payload, multipurpose internet mail extensions, point-to-point tunneling protocol, pretty good privacy, privacy enhanced mail, secure hypertext transfer protocol, secure multipurpose internet mail extensions, secure socket layer, security association, security association identifier, simple key management for IP, virtual private network)
- security purpose
- The IS security purpose is to provide value by enabling an
organization to meet all mission/business objectives while ensuring
that system implementations demonstrate due care consideration of risks
to the organization and its customers. [SRV] (see also computer security, risk, security)
- security range
- Highest and lowest security levels that are permitted in or on an IS, system component, subsystem, or network. [NSTISSC] The highest and lowest security levels that are permitted in or on a system, system component, subsystem, or network. [AJP][NCSC/TG004] (see also networks, risk index, security)
- security relevant
- That which is not security enforcing, but must function correctly for the Target of Evaluation to enforce security. [AJP][ITSEC] (see also security, target of evaluation) (includes security-relevant event)
- security requirements
- Security requirements generally include both requirements for
the presence of desired behavior and requirements for the absence of
undesired behavior. It is normally possible to demonstrate, by use or
testing, the presence of the desired behavior. It is not always
possible to perform a conclusive demonstration of absence of undesired
behavior. Testing, design review, and implementation review contribute
significantly to reducing the risk that such undesired behavior is
present. [OVT] The types and levels of protection necessary for
equipment, data, information, applications, and facilities to meet
security policy. [AJP][NCSC/TG004][SRV] Types and
levels of protection necessary for equipment, data, information,
applications, and facilities to meet IS security policy. [NSTISSC] Types and levels of protection necessary for equipment, data, information, applications, and facilities. [NSAINT] (see also computer security, policy, test, risk analysis, security target) (includes security requirements baseline)
- security requirements baseline
- A description of minimum requirements necessary for a system to maintain an acceptable level of security. [AJP][NCSC/TG004] Description of the minimum requirements necessary for an IS to maintain an acceptable level of security. [NSTISSC] (see also baseline, security requirements)
- security requirements review (SRR)
- (see also security)
- security safeguards
- Protective measures and controls prescribed to meet the
security requirements specified for an IT system. Safeguards may
include security features, management constraints, personnel security,
and security of physical structures, areas, and devices. [NSTISSC]
The protective measures and controls that are prescribed to meet the
security requirements specified for a system. Those safeguards may
include but are not necessarily limited to hardware and software
security features, operating procedures, accountability procedures,
access and distribution controls, management constraints, personnel
security, and physical structures, areas, and devices. [AJP][NCSC/TG004] (see also security software, software, Automated Information System security) (includes security features)
- security service
- (I) A processing or communication service that is
provided by a system to give a specific kind of protection to system
resources. (O) 'A service, provided by a layer of communicating
open systems, which ensures adequate security of the computer systems
or the data transfers.' (C) Security services implement security policies, and are implemented by security mechanisms. [RFC2828]
A service, provided by a layer of communicating open systems, which
ensures adequate security of the computer systems or of data transfers.
[NSAINT] (see also security software, security)
- security situation
- (I) ISAKMP usage: The set of all security-relevant
information-- e.g. network addresses, security classifications, manner
of operation (normal or emergency)--that is needed to decide the
security services that are required to protect the association that is
being negotiated. [RFC2828] (see also classification level, networks, security)
- security software
- (see also attack, risk, threat, vulnerability, Automated Information System security, alarm reporting, alarm surveillance, anti-spoof, audit, computer security object, counter measures, risk management, rules based detection, security safeguards, security service, software security, trap, trusted computing system, security, software) (includes Intrusion Detection In Our Time, Kerberos, Remote Authentication Dial-In User Service, SATAN, Tiger, Tripwire, activity analysis, anomaly detection, antivirus software, attack signature recognition, authentication tools, automated security incident measurement, automated security monitoring, computer oracle and password system, email security software, encryption tools, firewall, integrity-checking tools, intrusion detection system, intrusion detection tools, network monitoring tools, security support programming interface, service-filtering tools, tcpwrapper, tinkerbell program, vaccines, virus scanner, virus-detection tool)
- security specifications
- A detailed description of the safeguards required to protect a system. [AJP][NCSC/TG004] Detailed description of the safeguards required to protect an IT system. [NSTISSC] (see also development process, risk analysis, security)
- security support programming interface (SSPI)
- A standard programming interface by Microsoft Corporation
where two applications can establish a security context independent of
the underlying security mechanisms. SSPI is very similar to GSS-API and
may be eventually replaced by the GSS-API. [MSC] (see also Generic Security Service Application Program Interface, security software, software)
- security tag
- An information unit containing a representation of a certain security-related data. [SRV] (see also security)
- security target (ST)
- (1) A specification of the security required of a Target of
Evaluation, used as a baseline for evaluation. The security target will
specify the security enforcing functions of the Target of Evaluation.
It will also specify the security objectives, the threats to those
objectives, and any specific security mechanisms that will be used. (2)
Product-specific description, elaborating the more general requirements
in a protection profile and including all evidence generated by the
producers, of how a specific IT product meets the security requirements
of a given protection profile. [AJP] A security target contains
the IT security objectives and requirements of a specific identified
Target of Evaluation and defines the functional and assurance measures
offered by that Target of Evaluation to meet stated requirements. The
ST may claim conformance to one or more PPs. [CC1] A set of
security requirements and specifications to be used as the basis for
evaluation of an identified IT product or system. [SC27] A set
of security requirements and specifications to be used as the basis for
evaluation of an identified IT product or system. [ISO/IEC 15292: 2001]
A set of security requirements and specifications to be used as the
basis for evaluation of an identified TOE. [SC27] A set of
security requirements and specifications to be used as the basis for
evaluation of an identified TOE [Target of Testing]. [OVT] A set of security requirements and specifications to be used as the basis for evaluation of an identified TOE. [CC2][CC21][IATF][SC27]
A specification of the security required (both functionality and
assurance) of a Target of Evaluation (TOE), used as a baseline for
evaluation under the Common Criteria. The security target will specify
the security enforcing functions of the TOE. It will also specify the
security objectives, the threats to those objectives, and any specific
security mechanisms that will be employed. [NIAP] A specification of the security required of a Target of Evaluation, used as a baseline for evaluation. [JTC1/SC27]
A specification of the security required of a Target of Evaluation,
used as a baseline for evaluation. The security target will specify the
security enforcing functions of the Target of Evaluation. It will also
specify the security objectives, the threats to those objectives, and
any specific security mechanisms that will be employed. [ITSEC]
Product-specific description, elaborating the more general requirements
in a protection profile and including all evidence generated by the
producers, of how a specific IT product meets the security requirements
of a given protection profile. [FCv1] (see also assurance, baseline, computer security, correctness, deliverable, deliverables list, effectiveness, evidence, rating, suitability of functionality, test, threat, vulnerability assessment, Common Criteria for Information Technology Security Evaluation, component extensibility, construction of TOE requirements, functional package, security, target of evaluation) (includes functional component, security requirements)
- security test & evaluation
- The techniques and procedures employed during a C&A
process to verify the correctness and effectiveness of security
controls in an IT system. There are typically two types of ST&E
activities, (i.e., developmental and operational ST&E), that can be
applied during the certification phase depending on where the system is
in the system development life cycle. [800-37] (see also certification, security, test)
- security test and evaluation (ST&E)
- An examination and analysis of the security safeguards of a
system as they have been applied in an operational environment to
determine the security posture of the computer system. [AJP][NCSC/TG004]
Examination and analysis of the safeguards (ST&E) required to
protect an IS, as they have been applied in an operational environment,
to determine the security posture of that system. [NSTISSC] (see also analysis, software security, software system test and evaluation process, test) (includes security testing)
- security testing
- A process used to determine that the security features of a
system are implemented as designed and that they are adequate for a
proposed application environment. This process includes hands-on
functional testing, penetration testing, and verification. [AJP][TCSEC][TNI]
A process used to determine that the security features of a system are
implemented as designed. This includes hands-on functional testing,
penetration testing, and verification. [NCSC/TG004] Process to determine that an IS protects data and maintains functionality as intended. [NSTISSC]
Testing whether the system meets its specified security objectives.
Security testing attempts to verify that protection mechanisms built
into a system will, in fact, protect it from improper penetration. ...
Given enough time and resources, good security testing will ultimately
penetrate a system. (p.652) A process used to determine that the
security features of a system are implemented as designed. This
includes hands-on functional testing, penetration testing, and
verification. [OVT] (see also risk analysis, security, security test and evaluation, test) (includes functional testing, penetration testing, verification)
- security threat
- The technical and operational capability of an adversary to detect and exploit vulnerabilities. [AFSEC] (see also exploit, threat)
- security token
- (see also tokens)
- security violation
- (I) An act or event that disobeys or otherwise breaches security policy. [RFC2828]
An instance in which a user or other person circumvents or defeats the
controls of a system to obtain unauthorized access to information
contained therein or to system resources. [AFSEC][NSAINT] (see also threat consequence, unauthorized access, threat)
- security-compliant channel
- A channel is security compliant if the enforcement of the
network policy depends only upon characteristics of the channel either
(1) included in the evaluation, or (2) assumed as an installation
constraint and clearly documented in the trusted facility manual. [AJP][TNI] (see also trusted channel, covert channel, computer security, evaluation, networks, trust, channel, security)
- security-critical mechanisms
- Those security mechanisms whose correct operation is necessary to ensure that the security policy is enforced. [AJP][NCSC/TG004] (see also risk management)
- security-relevant event
- Any event that attempts to change the security state of the
computer system (e.g. change access controls, change the security level
of a user, change a user password). Also, any event that attempts to
violate the security policy of the computer system (e.g. too many
attempts to login, attempts to violate the mandatory access control
limits of a device, attempts to downgrade a file, and so on). [AJP]
Any event that attempts to change the security state of the computer
system (e.g. change access controls, change the security level of a
user, change a user password). Also, any event that attempts to violate
the security policy of the computer system (e.g. too many logon
attempts). [FCv1] Any event that attempts to change the security
state of the computer system, (e.g. change access controls, change the
security level of the subject, change user password, etc.). Also, any
event that attempts to violate the security policy of the computer
system, (e.g. too many attempts to login, attempts to violate the
mandatory access control limits of a device, attempts to downgrade a
file, etc.). [TCSEC] (see also passwords, security event, risk, security relevant) (includes access control, security policy, subject, user)
- seed key
- Initial key used to start an updating or key generation process. [NSTISSC] (see also key)
- seek time
- For disk drives, the delay in positioning the read/write head over the correct track. [SRV]
- segregation of duties
- Policies, procedures, and an organizational structure
established so that one individual cannot control key aspects of
physical and/or computer-related operations and thereby conduct
unauthorized actions or gain unauthorized access to MEI Resource
Elements. [CIAO] (see also minimum essential infrastructure, unauthorized access, risk management)
- selection
- The specification of one or more items from a list in a component. [CC2][CC21][SC27]
- self-signed certificate
- (I) A public-key certificate for which the public key
bound by the certificate and the private key used to sign the
certificate are components of the same key pair, which belongs to the
signer. (C) In a self-signed X.509 public-key certificate, the issuer's DN is the same as the subject's DN. [RFC2828] (see also key, certificate)
- semantic security
- (I) An attribute of a encryption algorithm that is a
formalization of the notion that the algorithm not only hides the
plaintext but also reveals no partial information about the plaintext.
Whatever is efficiently computable about the plaintext when given the
ciphertext, is also efficiently computable without the ciphertext. [RFC2828] (see also cryptography, encryption, security)
- semiformal
- Expressed in a restricted syntax language with defined semantics. [CC2][CC21][SC27]
- sensitive
- (I) Information is sensitive if disclosure, alteration,
destruction, or loss of the information would adversely affect the
interests or business of its owner or user. [RFC2828] (see also classification level)
- sensitive but unclassified (SBU)
- (see also classification level, sensitive information)
- sensitive compartmented information (SCI)
-
- sensitive compartmented information facility (SCIF)
-
- sensitive information
- (1) Information that, as determined by a competent authority,
must be protected because its unauthorized disclosure, alteration,
loss, or destruction will at least cause perceivable damage to someone
or something. (2) Any information, the loss, misuse, modification of,
or unauthorized access to, could affect the U.S. National interest or
the conduct of federal programs, or the privacy to which individuals
are entitled under Section 552a of Title 5, U.S. Code, but that has not
been specifically authorized under criteria established by an executive
order or an act of Congress to be kept classified in the interest of
national defense or foreign policy. [AJP] Any information, the
loss, misuse, modification of, or unauthorized access to, could affect
the U.S. National interest or the conduct of Federal programs, or the
privacy to which individuals are entitled under Section 552a of Title
5, U.S. Code, but that has not been specifically authorized under
criteria established by an Executive order or an act of Congress to be
kept classified in the interest of national defense or foreign policy. [NCSC/TG004]
Information that, as determined by a competent authority, must be
protected because its unauthorized disclosure, alteration, loss, or
destruction will at least cause perceivable damage to someone or
something. [TCSEC] Information the loss, misuse, or unauthorized
access to or modification of, which would adversely affect the national
interest or the conduct of federal programs, or the privacy to which
individuals are entitled under 5 U.S.C. Section 552a (the Privacy Act),
but that has not been specifically authorized under criteria
established by an Executive Order or an Act of Congress to be kept
classified in the interest of national defense or foreign policy.
Systems that are not national security systems, but contain sensitive
information, are to be protected in accordance with the requirements of
the Computer Security Act of 1987 (P.L. 100-235). Some specific
categories of sensitive information are protected by statute,
regulation or contract, (e.g., privacy information, proprietary
information, export control information, pre-publication academic
information). [800-37] Information, the loss, misuse, or
unauthorized access to or modification of, which could adversely affect
the national interest or the conduct of federal programs, or the
privacy to which individuals are entitled under 5 U.S.C. Section 552a
(the Privacy Act), but that has not been specifically authorized under
criteria established by an Executive Order or an Act of Congress to be
kept classified in the interest of national defense or foreign policy.
(Systems that are not national security systems, but contain sensitive
information, are to be protected in accordance with the requirements of
the Computer Security Act of 1987 (P.L.100-235).) [NSTISSC]
Unclassified information, the loss, misuse, or unauthorized disclosure
or modification of which could adversely affect the national interest,
the conduct of Federal programs, or the privacy of individuals
protected by the Privacy Act (5 U.S.C. Section 552a). Information
systems containing sensitive information are to be protected in
accordance with the requirements of the Computer Security Act of 1987
(P.L. 100-235). [CIAO] (see also computer security, privacy, unauthorized access) (includes sensitive but unclassified)
- sensitive label
- A piece of information that represents the security level of an object. Compare to security label. [SRV] (see also security)
- sensitivity analysis
- Analysis of how sensitive outcomes are to changes in the
assumptions. The assumptions that deserve the most attention should
depend largely on the dominant benefit and cost elements and the areas
of greatest uncertainty of the program or process being analyzed. [SRV] (see also test, analysis)
- sensitivity label
- A piece of information that represents the security level of
an object and that describes the sensitivity (e.g. classification) of
the data in the object. Sensitivity labels are used by the TCB/NTCB as
the basis for mandatory access control decisions. [AJP][TCSEC][TNI]
A piece of information that represents the security level of an object.
Sensitivity labels are used by the TCB/NTCB as the basis for mandatory
access control decisions. [NCSC/TG004] Information representing
elements of the security label(s) of a subject and an object.
Sensitivity labels are used by the trusted computing base (TCB) as the
basis for mandatory access control decisions. [NSTISSC] (see also classification level, trust, access control, security label) (includes object)
- sensor or monitor
- A component/agent of an IDS, which collects event data from an IT system under observation.[ISO/IEC DTR 15947 (10/2001)] [SC27]
- separation of duties
- (I) The practice of dividing the steps in a system
function among different individuals, so as to keep a single individual
from subverting the process. [RFC2828] (see also risk, security)
- sequence number
- A time variant parameter whose value is taken from a specified sequence which is non-repeating within a certain time period. [SC27]
- serial number
- (see certificate serial number)
- server
- (I) A system entity that provides a service in response to requests from other system entities called clients. [RFC2828]
A computer or other device that manages a network service. An example
is a print server, a device that manages network printing. [FFIEC]
A computer program that provides services to other computer programs in
the same or another computer. A computer running a server program is
frequently referred to as a server, though it may also be running other
client (and server) programs. [CIAO] A server is a computer system, or a set of processes on a computer system providing services to clients across a network. [RFC2504]
A system that provides network service such as disk storage and file
transfer, or a program that provides such a service. A kind of daemon
which performs a service for the requester, which often runs on a
computer other than the one which the server runs. [NSAINT] (see also networks)
- service-filtering tools
- (see also security software)
- session hijacking
- Taking over an authorized user's terminal session, either
physically when the user leaves his terminal unattended or
electronically when the intruder carefully connects to a
just-disconnected communications line. [AFSEC] (see also IP splicing/hijacking, hijack attack, threat)
- session key
- (I) In the context of symmetric encryption, a key that is temporary or is used for a relatively short period of time. (C)
Usually, a session key is used for a defined period of communication
between two computers, such as for the duration of a single connection
or transaction set, or the key is used in an application that protects
relatively large amounts of data and, therefore, needs to be rekeyed
frequently. [RFC2828] A temporary symmetric key that is only
valid for a short period. Session keys are typically random numbers
that can be chosen by either party to a conversation, by both parties
in cooperation with one another, or by a trusted third party. [IATF][misc] The cryptographic key used by a device (module) to encrypt and decrypt data during a session. [SRV] (see also encryption, Kerberos, key, key recovery, trust, virtual private network)
- SET private extension
- (O) One of the private extensions defined by SET for
X.509 certificates. Carries information about hashed root key,
certificate type, merchant data, cardholder certificate requirements,
encryption support for tunneling, or message support for payment
instructions. [RFC2828] (see also certificate, encryption, hash, key, Secure Electronic Transaction, public-key infrastructure)
- SET qualifier
- (O) A certificate policy qualifier that provides information about the location and content of a SET certificate policy. (C)
In addition to the policies and qualifiers inherited from its own
certificate, each CA in the SET certification hierarchy may add one
qualifying statement to the root policy when the CA issues certificate.
The additional qualifier is a certificate policy for that CA. Each
policy in a SET certificate may have these qualifiers:
- A URL where a copy of the policy statement may be found.
- An electronic mail address where a copy of the policy statement may be found.
- A hash result of the policy statement, computed using the indicated algorithm.
- A statement declaring any disclaimers associated with the issuing of the certificate.
[RFC2828] (see also certificate, certification, email, hash, Secure Electronic Transaction, public-key infrastructure)
- settlement
- The final step in the transfer of ownership involving the
physical exchange of securities or payment. In a banking transaction,
settlement is the process of recording the debit and credit positions
of the parties involved in a transfer of funds. In a financial
instrument transaction, settlement includes both the transfer of
securities by the seller and the payment by the buyer. Settlements can
be 'gross' or 'net.' Gross settlement means each transaction is settled
individually. Net settlement means that parties exchanging payments
will offset mutual obligations to deliver identical items (e.g.,
dollars and EUROs), at a specified time, after which only one net
amount of each item is exchanged. [FFIEC]
- shall
- Indication that a requirement must be met unless a justification of why it cannot be met is given and accepted. [AJP][FCv1] (includes object)
- shared account
- A common account is one which is shared by a group of users as
opposed to a normal account which is available to only one user. If the
account is misused, it is very difficult or impossible to know which of
users was responsible. [RFC2504] (see also risk)
- shared secret
- (I) A synonym for 'keying material' or 'cryptographic key'. [RFC2828] (see also Challenge-Response Authentication Mechanism, POP3 APOP, Remote Authentication Dial-In User Service, cryptography, key, key agreement, out of band, passwords, personal identification number, secret)
- shielded enclosure
- Room or container designed to attenuate electromagnetic radiation. [NSTISSC]
- short title
- Identifying combination of letters and numbers assigned to
certain COMSEC materials to facilitate handling, accounting, and
controlling. [NSTISSC] (see also communications security)
- should
- Indication of an objective requirement that requires less
justification for nonconformance and should be more readily approved.
Note: 'Should' is often used when a specific requirement is not
feasible in some situations or with common current technology. [AJP][FCv1] (includes object)
- shoulder surfing
- Stealing passwords or PINs by looking over someone's shoulder. [SRV] (see also eavesdropping, attack)
- shrink-wrapped software
- Commercial software that can be used out of the box without
change (i.e., customization). The term derives from the plastic
wrapping used to seal microcomputer software. [SRV] (see also software)
- sign
- (I) Create a digital signature for a data object. [RFC2828] (see also digital signature)
- signaling
- The process by which a caller on the transmitting end of a
line informs the party at the receiving end that a message is to be
communicated. Signals hold the voice path together for the duration of
the telephone call. [SRV] The process of generating and
exchanging information between components for telecommunications
systems to establish, monitor, or release connections (call handling
functions) and to control related network and system operations and
functions. [SRV] (see also communications, networks)
- signaling system 7 (SS-7)
- A protocol used by phone companies. Has three basic functions:
Supervising, Alerting and Addressing. Supervising monitors the status
of a line or circuit to see if it is busy, idle, or requesting service.
Alerting indicates the arrival of an incoming call. Addressing is the
transmission of routing and destination signals over the network in the
form of dial tone or data pulses. [NSAINT] (see also networks, system)
- signals analysis
- Gaining indirect knowledge of communicated data by monitoring
and analyzing a signal that is emitted by a system and that contains
the data but is not intended to communicate the data. [RFC2828] (see also analysis, threat consequence)
- signals security (SIGSEC)
- (see also security)
- signature
- A process that operates on a message to assure message source
authenticity and integrity, and may be required for source
non-repudiation. [IATF] A recognizable, distinguishing pattern
associated with an attack, such as a binary string in a virus or a
particular set of keystrokes used to gain unauthorized access to a
system. [800-61] String of bits resulting from the signature process. [SC27]
String of bits resulting from the signature process. [ISO/IEC FDIS
9796-2 (12/2001)] The string of bits resulting from the signature
process NOTE - This string of bits may have internal structure specific
to the signature mechanism. The signatures produced by the mechanisms
specified in this part of ISO/IEC 9796 have two parts, of which only
the second one depends on the signature key. [ISO/IEC 9796-3: 2000] The
string of bits resulting from the signature process. [ISO/IEC FDIS
15946-2 (04/2001), ISO/IEC WD 15946-4 (10/2001)] The string of bits
resulting from the signature process. NOTE - This string of bits may
have internal structure specific to the signature mechanism. [SC27] The string of bits resulting from the signature process. [SC27]
The string of bits resulting from the signature process. NOTE - This
string of bits may have internal structure specific to the signature
mechanism. [SC27] The string of bits resulting from the
signature process. NOTE - This string of bits may have internal
structure specific to the signature mechanism. The signatures produced
by the mechanisms specified in this part of ISO/IEC 9796 have two
parts, of which only the second one depends on the signature key. [SC27] (see also attack, unauthorized access, virus, security) (includes digital signature, electronic signature)
- signature certificate
- (I) A public-key certificate that contains a public key
that is intended to be used for verifying digital signatures, rather
than for encrypting data or performing other cryptographic functions. (C)
A v3 X.509 public-key certificate may have a 'keyUsage' extension which
indicates the purpose for which the certified public key is intended. [RFC2828] (see also digital signature, encryption, key, certificate)
- signature equation
- An equation defining the signature function. [SC27] (see also digital signature)
- signature function
- A function in the signature process which is determined by the
signature key and the domain parameters. A signature function takes the
assignment and possibly the randomizer as inputs and gives the second
part of the signature as output. [SC27] A function in the
signature process which is determined by the signature key and the
domain parameters. A signature function takes the assignment and
possibly the randomizer as inputs and gives the second part of the
signature as output. NOTE - In the context of this part of ISO/IEC
9796, the assignment is the data input. [SC27] A function in the
signature process which is determined by the signature key and the
domain parameters. A signature function takes the assignment and
possibly the randomizer as inputs and gives the second part of the
signature as output. [ISO/IEC 14888-1: 1998] A function in the
signature process which is determined by the signature key and the
domain parameters. A signature function takes the assignment and
possibly the randomizer as inputs and gives the second part of the
signature as output. NOTE - In the context of this part of ISO/IEC
9796, the assignment is the data input. [SC27] (see also digital signature)
- signature key
- A secret data item specific to an entity and usable only by this entity in the signature process. [SC27] (see also digital signature, key)
- signature process
- A process which takes as inputs the message, the signature key
and the domain parameters, and which gives as output the signature. [SC27] (see also digital signature)
- signature system
- A system based on asymmetric cryptographic techniques whose
private transformation is used for signing and whose public
transformation is used for verification. [SC27] (see also digital signature, system)
- signed applet
- An applet that is digitally signed by the source that provides
it. Signed applets are integrity-protected and cannot be tampered with
while en route from the server to the browser. [misc] (see also security, tamper, trusted applet, software)
- signed message
- A set of data items consisting of the signature, the part of
the message which cannot be recovered from the signature, and an
optional text field. [SC27] A set of data items consisting of
the signature, the part of the message which cannot be recovered from
the signature, and an optional text field. [ISO/IEC 9796-3: 2000,
ISO/IEC 14888-1: 1998] A set of data items formed by the signature, the
part of the message which cannot be recovered from the signature, and
an optional text field. [SC27] A set of data items formed by the
signature, the part of the message which cannot be recovered from the
signature, and an optional text field. [SC27]
- signer
- (N) A human being or an organization entity that uses its private key to create a digital signature for a data object. [RFC2828] The entity generating a digital signature. [SC27] (see also digital signature, key)
- silver bullet
- A methodology, practice, or prescription that promises
miraculous results if followed - e.g., structured programming will rid
you of all bugs, as will human sacrifices to the Atlantean god Fugawe.
Named either after the Lone Ranger whose silver bullets always brought
justice or, alternatively, as the only known antidote to werewolves. [OVT]
- simple authentication
- (I) An authentication process that uses a password as the information needed to verify an identity claimed for an entity. (O) 'Authentication by means of simple password arrangements.' [RFC2828] (see also passwords, authentication)
- Simple Authentication and Security Layer (SASL)
- (I) An Internet specification for adding authentication
service to connection-based protocols. To use SASL, a protocol includes
a command for authenticating a user to a server and for optionally
negotiating protection of subsequent protocol interactions. The command
names a registered security mechanism. SASL mechanisms include
Kerberos, GSSAPI, S/KEY, and others. Some protocols that use SASL are
IMAP4 and POP3. [RFC2828] (see also key, authentication, internet, security protocol) (includes Kerberos, Remote Authentication Dial-In User Service)
- Simple Distributed Security Infrastructure (SDSI)
- (see also Simple Public Key Infrastructure/Simple Distributed Security Infrastructure, security)
- simple key management for IP (SKIP)
- A protocol for protecting the privacy and integrity of IP packets. [misc] (see also privacy, security protocol)
- Simple Key-management for Internet Protocols
- (I) A key distribution protocol that uses hybrid encryption to convey session keys that are used to encrypt data in IP packets. (C)
SKIP uses the Diffie-Hellman algorithm (or could use another key
agreement algorithm) to generate a key-encrypting key for use between
two entities. A session key is used with a symmetric algorithm to
encrypt data in one or more IP packets that are to be sent from one of
the entities to the other. The KEK is used with a symmetric algorithm
to encrypt the session key, and the encrypted session key is placed in
a SKIP header that is added to each IP packet that is encrypted with
that session key. [RFC2828] (see also encryption, key, internet, security protocol)
- simple mail transfer protocol (SMTP)
- (I) A TCP-based, application-layer, Internet Standard protocol for moving electronic mail messages from one computer to another. [RFC2828] (see also email, internet)
- simple network management protocol (SNMP)
- (I) A UDP-based, application-layer, Internet Standard
protocol [R2570, R2574] for conveying management information between
managers and agents. (C) SNMP version 1 uses cleartext passwords
for authentication and access control. Version 2 adds cryptographic
mechanisms based on DES and MD5. Version 3 provides enhanced,
integrated support for security services, including data
confidentiality, data integrity, data origin authentication, and
message timeliness and limited replay protection. [RFC2828] A
network management protocol used with TCP/IP suite of protocols. SNMP
specifies a set of management operations for retrieving and altering
information in a management information base, authorization procedures
for accessing information base tables, and mappings to lower TCP/IP
layers. [SRV] Software used to control network communications devices using TCP/IP [NSAINT] (see also access control, authentication, communications, confidentiality, cryptography, passwords, security, software, internet, networks)
- Simple Public Key Infrastructure (SPKI)
- (see also Simple Public Key Infrastructure/Simple Distributed Security Infrastructure)
- Simple Public Key Infrastructure/Simple Distributed Security Infrastructure (SPKI/SDSI)
- The SPKI efforts of the IETF have been combined with SDSI. The
IETF draft creates Public Key Infrastructure (PKI), emphasizing
authorizations rather than identities, allowing certificates to be
created that indicate what the person is authorized to do on a network
rather than their name. [misc] (see also networks, key, public-key infrastructure) (includes Simple Distributed Security Infrastructure, Simple Public Key Infrastructure)
- simple random sample
- A probability sample in which each member of the population has an equal chance of being drawn to the sample. [SRV]
- simple security condition
- A Bell-LaPadula security model rule allowing a subject read
access to an object only if the security level of the subject dominates
the security level of the object. [AJP][NCSC/TG004][TCSEC][TNI] (see also model, Bell-LaPadula security model, simple security property) (includes object, subject)
- simple security property
- A Bell-LaPadula security model rule allowing a subject read
access to an object only if the security level of the subject dominates
the security level of the object. [AJP][NCSC/TG004][TCSEC][TNI]
An invariant state property allowing a subject read access to an object
only if the security level of the subject dominates the security level
of the object. [FCv1] Bell-La Padula security model rule
allowing a subject read access to an object, only if the security level
of the subject dominates the security level of the object. [NSTISSC] (see also model, Bell-LaPadula security model) (includes object, simple security condition, subject)
- simulation modeling
- A simulation is a computer program that replicates the
operations of a business process and estimates rates at which outputs
are produced and resources are consumed. Models test the consistency of
the facts, logic, and assumptions used by planners to design a proposed
business process, to compare alternative business processes, or to test
the sensitivity of a process to changes in selected assumptions. Models
help decision makers assess the potential benefits, costs, and risks of
alternative processes and strategies. [SRV] (see also business process, risk, test, model)
- single point keying (SPK)
- Means of distributing key to multiple, local crypto-equipment or devices from a single fill point. [NSTISSC] (see also key)
- single sign-on
- (I) A system that enables a user to access multiple
computer platforms (usually a set of hosts on the same network) or
application systems after being authenticated just one time. (C)
Typically, a user logs in just once, and then is transparently granted
access to a variety of permitted resources with no further login being
required until after the user logs out. Such a system has the
advantages of being user friendly and enabling authentication to be
managed consistently across an entire enterprise, and has the
disadvantage of requiring all hosts and applications to trust the same
authentication mechanism. [RFC2828] (see also authentication, networks, secure single sign-on, trust)
- single-level device
- A device that is used to process data of a single security
level at any one time. Since the device need not be trusted to separate
data of different security levels, sensitivity labels do not have to be
stored with the data being processed. [AJP][TCSEC][TNI] An Automated Information Systems device that is used to process data of a single security level at any one time. [NCSC/TG004] IS device not trusted to properly maintain and (C.F.D.) separate data to different security levels. [NSTISSC] (see also security, trust, modes of operation)
- site accreditation
- An accreditation where all systems at a location are grouped
into a single management entity. A DAA may determine that a site
accreditation approach is optimal given the number of IT systems, major
applications, networks, or unique operational characteristics. Site
accreditation begins with all systems and their interoperability and
major applications at the site being certified and accredited. The site
is then accredited as a single entity, and an accreditation baseline is
established. [800-37] (see also baseline, accreditation)
- site certification
- The comprehensive assessment of the technical and nontechnical
security functions of an IT system in its operational environment to
establish the extent to which the system meets a set of specified
security requirements, performed to support operational system
accreditation. [AJP][JTC1/SC27] (see also accreditation, security, certification)
- situation
- (see security situation)
- Skipjack
- (N) A Type II block cipher with a block size of 64 bits
and key size of 80 bits, that was developed by NSA and formerly
classified at the U.S. Department of Defense 'Secret' level. (C) On 23 June 1998, NSA announced that SKIPJACK had been declassified. [RFC2828]
A classified 64-bit block encryption, or secret key encryption
algorithm. The algorithm uses 80-bit keys (compared with 56 for DES)
and has 32 computational rounds or iterations (compared with 16 for
DES). Skipjack supports all DES modes of operation. Skipjack provides
high-speed encryption when implemented in a key-escrow chip. [AJP] An NSA-developed encryption algorithm for the Clipper chip. The details of the algorithm are unpublished. [NSAINT] (see also key, National Security Agency, symmetric algorithm)
- slot
- (O) MISSI usage: One of the FORTEZZA PC card storage
areas that are each able to hold an X.509 certificate and additional
data that is associated with the certificate, such as the matching
private key. [RFC2828] (see also Fortezza, certificate, key, public-key infrastructure, Multilevel Information System Security Initiative)
- smart testing
- Tests that based on theory or experience are expected to have
a high probability of detecting specified classes of bugs; tests aimed
at specific bug types. [OVT] (see also test)
- smartcards
- (I) A credit-card sized device containing one or more
integrated circuit chips, which perform the functions of a computer's
central processor, memory, and input/output interface. (C)
Sometimes this term is used rather strictly to mean a card that closely
conforms to the dimensions and appearance of the kind of plastic credit
card issued by banks and merchants. At other times, the term is used
loosely to include cards that are larger than credit cards, especially
cards that are thicker, such as PC cards. (C) A 'smart token' is
a device that conforms to the definition of smart card except that
rather than having standard credit card dimensions, the token is
packaged in some other form, such as a dog tag or door key shape. [RFC2828] A card with an embedded computer chip on which information can be stored and processed. [FFIEC] A small computer in the shape of a credit card used to identify and authenticate its owner. [SRV]
A tamper-resistant hardware device where sensitive information can be
stored. Typically a smart card stores the private key(s) of a
principal. Smart Cards can also be used to encrypt or decrypt data on
the card directly. This has the desirable effect of not exposing the
private keys, even to the owner of the key. Smart Cards are password
protected; in order for an application to use the keys and functions of
a smart card the user must enter the correct password to open the card.
[misc] (see also key, passwords, tamper, tokens)
- smurf
- (I) Software that mounts a denial-of-service attack
('smurfing') by exploiting IP broadcast addressing and ICMP ping
packets to cause flooding. (D) ISDs SHOULD NOT use this term because it is not listed in most dictionaries and could confuse international readers. (C)
A smurf program builds a network packet that appears to originate from
another address, that of the 'victim', either a host or an IP router.
The packet contains an ICMP ping message that is addressed to an IP
broadcast address, i.e., to all IP addresses in a given network. The
echo responses to the ping message return to the victim's address. The
goal of smurfing may be either to deny service at a particular host or
to flood all or part of an IP network. [RFC2828] (see also denial of service, exploit, networks, smurfing, software, attack)
- smurfing
- A denial of service attack in which an attacker spoofs the
source address of an echo-request ICMP (ping) packet to the broadcast
address for a network, causing the machines in the network to respond
en masse to the victim thereby clogging its network. [NSAINT] (see also networks, smurf, attack)
- snake oil
- Derogatory term applied to a product whose developers describe
it with misleading, inconsistent, or incorrect technical statements. [OVT]
- snarf
- To grab a large document or file for the purpose of using it with or without the author's permission. [AFSEC][NSAINT] (see also threat)
- sneaker
- An individual hired to break into places in order to test their security; analogous to tiger team. [AFSEC][NSAINT][OVT] (see also security, test, tiger team, threat)
- sniffer
- A program to capture data across a computer network. Used by
hackers to capture user id names and passwords. Software tool that
audits and identifies network traffic packets. [AFSEC] A program
to capture data across a computer network. Used by hackers to capture
user id names and passwords. Software tool that audits and identifies
network traffic packets. Is also used legitimately by network
operations and maintenance personnel to troubleshoot network problems. [NSAINT]
A software or hardware tool that monitors data packets on a network to
make sure messages are arriving as they should and everything else is
working correctly. On a TCP/IP network, sniffers audit information
packets. [CIAO] Software tool for auditing and identifying network traffic packets. [NSTISSC] (see also audit, networks, passwords, sniffing, software, internet, threat) (includes packet sniffer)
- sniffing
- (C) A synonym for 'passive wiretapping'. (D)
ISDs SHOULD NOT use this term because it unnecessarily duplicates the
meaning of a term that is better established. Green Book. [RFC2828] The passive interception of data transmissions. [FFIEC] (see also sniffer, threat) (includes ethernet sniffing, password sniffing)
- social engineering
- (I) A euphemism for non-technical or low-technology
means--such as lies, impersonation, tricks, bribes, blackmail, and
threats--used to attack information systems. (D) ISDs SHOULD NOT use this term because it is vague; instead, use a term that is specific with regard to the means of attack. [RFC2828]
An attack based on deceiving users or administrators at the target Site
and are typically carried out by an adversary telephoning users or
operators and pretending to be an authorized user, to attempt to gain
illicit access to systems. [IATF] An attack based on deceiving
users or administrators at the target site. Social engineering attacks
are typically carried out by telephoning users or operators and
pretending to be an authorized user, to attempt to gain illicit access
to the systems. [AFSEC] An attempt to trick someone into revealing information (e.g., a password) that can be used to attack systems or networks. [800-61]
It refers to a person's ability to use personality, knowledge of human
nature, and social skills (e.g. theft, trickery, coercion) to steal
passwords, keys, tokens, or telephone toll calls. [SRV] Obtaining information from individuals by trickery. [FFIEC] (see also tokens, attack, user)
- SOCKS
- (I) An Internet protocol that provides a generalized
proxy server that enables client-server applications--such as TELNET,
FTP, and HTTP; running over either TCP or UDP--to use the services of a
firewall. (C) SOCKS is layered under the application layer and
above the transport layer. When a client inside a firewall wishes to
establish a connection to an object that is reachable only through the
firewall, it uses TCP to connect to the SOCKS server, negotiates with
the server for the authentication method to be used, authenticates with
the chosen method, and then sends a relay request. The SOCKS server
evaluates the request, typically based on source and destination
addresses, and either establishes the appropriate connection or denies
it. [RFC2828] A networking proxy protocol that enables full
access across the SOCKS server from one host to another without
requiring direct IP reachability. The SOCKS server authenticates and
authorizes the requests, establishes a proxy connection, and transmits
the data. SOCKS is commonly used as a network firewall that enables
hosts behind a SOCKS server to gain full access to the Internet, while
preventing unauthorized access from the Internet to the internal hosts.
[IATF] networking middleware that creates a secure, proxy data
channel between two computers; SOCKS v5 adds strong authentication and
encryption. [misc] (see also authentication, networks, unauthorized access, internet)
- SOF-basic
- A level of the TOE strength of function where analysis shows
that the function provides adequate protection against casual breach of
TOE security by attackers possessing a low attack potential. [CC2][CC21][SC27] (see also analysis, attack, strength of function, target of evaluation)
- SOF-high
- A level of the TOE strength of function where analysis shows
that the function provides adequate protection against deliberately
planned or organised breach of TOE security by attackers possessing a
high attack potential. [CC2][CC21][SC27] (see also analysis, attack, strength of function, target of evaluation)
- SOF-medium
- A level of the TOE strength of function where analysis shows
that the function provides adequate protection against straightforward
or intentional breach of TOE security by attackers possessing a
moderate attack potential. [CC2][CC21][SC27] (see also analysis, attack, strength of function, target of evaluation)
- soft TEMPEST
- (O) The use of software techniques to reduce the radio frequency information leakage from computer displays and keyboards. [RFC2828] (see also software, TEMPEST)
- software
- (I) Computer programs (which are stored in and executed
by computer hardware) and associated data (which also is stored in the
hardware) that may be dynamically written or modified during execution.
[RFC2828] The electronically stored commands and instructions
that make an IS functional, including the operating system,
applications, and communications protocols. [CIAO] The programs, and possibly associated data that can be dynamically written and modified. [FIPS140] (see also Automated Information System security, CASE tools, Clark Wilson integrity model, Common Criteria for Information Technology Security, FIPS PUB 140-1, Fortezza, HMAC, IT security product, Integrated CASE tools, PKCS #11, TCB subset, TOE security functions, Tiger, Tripwire, Trusted Computer System Evaluation Criteria, acceptance inspection, access control, access control mechanism, add-on security, anomaly, application generator, application programming interface, approval/accreditation, authentication, authentication code, automated data processing system, automated information system, automated security monitoring, availability, back door, baseline, bastion host, benchmark, black-box testing, bomb, candidate TCB subset, cardholder, clean system, coding, completeness, component, computer architecture, computer fraud, computer oracle and password system, computer security, computer security technical vulnerability reporting program, computer-assisted audit technique, computing security methods, configuration, configuration control, configuration item, configuration management, controlled security mode, conversion, correctness, cryptographic module, cryptographic service, data driven attack, database management system, debug, development process, domain name system, dongle, ethernet sniffing, evaluated products list, executive state, fail safe, fail soft, failure, failure access, failure control, fault tolerance, firmware, formal specification, front-end security filter, group of users, host, host-based firewall, implementation, independent validation and verification, information processing standard, information technology, integrity, internal security controls, interoperable, intrusion detection, key management infrastructure, keystroke monitoring, license, loophole, maintenance, maintenance hook, malicious code, malicious logic, malware, message authentication code vs. Message Authentication Code, message integrity code, metric, modes of operation, modularity, network architecture, network management architecture, network trusted computing base, noncomputing security methods, operating system, packet switching, pilot testing, platform, plug-in modules, portability, pretty good privacy, privacy programs, process, product, proxy, pseudo-random number generator, public-key infrastructure, quality attributes, rapid application development, regression testing, release, rootkit, safety, scalability, secure configuration management, secure operating system, security evaluation, security event, security features, security kernel, security measures, security mechanism, security policy, security safeguards, simple network management protocol, smurf, sniffer, soft TEMPEST, software publisher certificate, source code, source code generator, system, system development methodologies, system life, system low, system safety, system-high security mode, tcpwrapper, technical attack, technical countermeasure, technical security policy, technical vulnerability, technological attack, telecommuting, test coverage, test plan, testability, trap door, trojan horse, trust-file PKI, trusted channel, trusted computer system, trusted computing base, trusted distribution, trusted gateway, trusted path, trustworthy system, unit, unit testing, utility programs, validation, verification, verification and validation, version, virus scanner, virus-detection tool, vulnerability, web server, wedged, workgroup computing) (includes CGI scripts, COTS software, Java, application, application program interface, application software, audit software, commercial software, computer-aided software engineering, cryptographic application programming interface, email security software, encryption software, mass-market software, modular software, network management software, networking features of software, programming languages and compilers, remote access software, reusable software asset, reverse software engineering, security software, security support programming interface, shrink-wrapped software, signed applet, software architecture, software build, software development, software development life cycle, software development methodologies, software engineering, software enhancement, software library, software life cycle, software maintenance, software operation, software performance engineering, software product, software quality assurance, software reengineering, software release, software reliability, software repository, software requirement, software security, software system test and evaluation process, support software, system software, systems software, trusted software, virus)
- software architecture
- The organizational structure of the software or module. [IEEE610] (see also software, software development)
- software build
- An operational version of a software system or component that
incorporates a specified subset of the capabilities the final software
system or component will provide. [IEEE610] (see also software, software development)
- software configuration management (SCM)
- (see also software development)
- software development
- (see also integrated test facility, integration test, test, test case, test design, test facility, white-box testing, software, software product) (includes acceptance procedure, advanced development model, architectural design, change control and life cycle management, closed security environment, compiler, configuration management, detailed design, development process, requirements, software architecture, software build, software configuration management, software development life cycle, software development methodologies, software engineering, software enhancement, software life cycle, software performance engineering, software quality assurance, software reengineering, software system test and evaluation process, software verification and validation, source code)
- software development life cycle
- The sequence of events in the development of software. [SRV] (see also software, software development)
- software development methodologies
- Methodologies for specifying and verifying design programs for
system development. Each methodology is written for a specific computer
language. [AJP][NCSC/TG004] (see also development assurance, software, software development, system development methodologies) (includes Gypsy verification environment, enhanced hierarchical development methodology, formal development methodology, hierarchical development methodology)
- software engineering
- The use of a systematic, disciplined, quantifiable approach to
the development, operation, and maintenance of software, that is, the
use of engineering principles in the development of software. [SRV] (see also software, software development)
- software enhancement
- Significant functional or performance improvements. [SRV] (see also software, software development)
- software error
- (see also threat consequence)
- software library
- The controlled collection of configuration items associated
with defined baselines: Three libraries can exist: (1) a dynamic
library used for newly created or modified software elements, (2) a
controlled library used for managing current baselines and controlling
changes to them, and (3) a static library used to archive baselines. [SRV] (see also baseline, software)
- software life cycle
- The period of time that begins when a software product is
conceived and ends when the software is no longer available for use.
The software life cycle typically includes a concept phase,
requirements phase, design phase, implementation phase, test phase,
installation and checkout phase, operation and maintenance phase, and,
sometimes, retirement phase. [IEEE610] (see also test, software, software development, software product)
- software maintenance
- Activities that modify software to keep it performing satisfactorily. [SRV] (see also software)
- software operation
- Routine activities that make the software perform without modification. [SRV] (see also software)
- software performance engineering
- A method for constructing software to meet performance objectives. [SRV] (see also software, software development)
- software product
- The complete set, or any of the individual items of the set,
of computer programs, procedures, and associated documentation and data
designated for delivery to a customer or end user. [IEEE610] (see also product, software) (includes mass-market software, software development, software life cycle, software requirement)
- software publisher certificate (SPC)
- (see also software)
- software quality assurance (SQA)
- The planned systematic pattern of all actions necessary to
provide adequate confidence that the product, or process by which the
product is developed, conforms to established requirements. [SRV] (see also assurance, quality, software, software development)
- software reengineering
- The examination and alteration of a subject system to
reconstitute it in a new form, and the subsequent implementation of the
new form. Reengineering is also known as renovation and reclamation. [SRV] The process of examining, altering, and re-implementing existing software to reconstitute it in a new form. [SRV] (see also software, software development)
- software release
- An updated version of commercial software to correct errors, resolve incompatibilities, or improve performance. [SRV] (see also software)
- software reliability
- (IEEE) (1) the probability that software will not cause the
failure of a system for a specified time under specified conditions.
The probability is a function of the inputs to and use of the system in
the software. The inputs to the system determine whether existing
faults, if any, are encountered. (2) The ability of a program to
perform its required functions accurately and reproducibly under stated
conditions for a specified period of time. [OVT] The probability
that a given software operates for some time period on the machine for
which it was designed, without system failure due to a software fault,
given that it is used within design limits. [SRV] (see also failure, fault, robustness, reliability, software)
- software repository
- A permanent, archival storage place for software and related documentation. [SRV] (see also software)
- software requirement
- A condition or capability that must be met by software needed by a user to solve a problem or achieve an objective. [IEEE610] (see also requirements, software, software product) (includes object, software security, testability)
- software security
- General-purpose (executive, utility, or software development)
tools and applications programs or routines that protect data handled
by a system. [AJP][NCSC/TG004] (see also security software, security, software, software requirement) (includes security test and evaluation)
- software system test and evaluation process
- A process that plans, develops, and documents the quantitative
demonstration of the fulfillment of all baseline functional,
performance, operational, and interface requirements. [AJP][NCSC/TG004]
Process that plans, develops, and documents the evaluation process
quantitative demonstration of the fulfillment of all baseline
functional performance, operational, and interface requirements. [NSTISSC] (see also baseline, evaluation, software, software development, system, test) (includes security test and evaluation)
- software verification and validation (SV&V)
- (see also software development)
- sole source acquisition
- A contract for the purchase of supplies or services entered
into or proposed to be entered into by an organization after soliciting
and negotiation with only one source. [SRV]
- solicitation
- In contracting, the term means information materials to go out
to prospective bidders, requesting their response to a proposal. [SRV]
- source authentication
- (D) ISDs SHOULD NOT use this term because it is
ambiguous. If the intent is to authenticate the original creator or
packager of data received, then say 'data origin authentication'. If
the intent is to authenticate the identity of the sender of data, then
say 'peer entity authentication'.. [RFC2828] (see also authentication)
- source code
- The form in which a computer program is written by the
programmer. Source code is written in a programming language that is
then compiled into object code or machine code or executed by an
interpreter (the software). [SRV] (see also compiler, software, software development) (includes source code generator)
- source code generator
- A tool that uses software requirements and/or designs to
automatically generate source code. An application generator generates
entire applications, whereas a source code generator may generate
smaller pieces of source code. [SRV] (see also software, source code)
- source data automation
- Automating the data capture process at its source to reduce delays and to improve its accuracy. [SRV]
- source data entry
- Conversion of paper-based data into machine-readable form for input into a computer system. [SRV]
- source integrity
- (I) The degree of confidence that can be placed in information based on the trustworthiness of its sources. [RFC2828] (see also trust, integrity)
- source program
- A form of masquerading where a trusted IP address is used
instead of the true IP address as a means of gaining access to a
computer system. [FFIEC]
- source selection
- The process where requirements, technical evaluations, costs,
commendations, and policy relevant to an award decision of a
competitive procurement are examined, and the decision is made as to
the source to supply the required system-related products and services.
[SRV] (see also evaluation, policy)
- spam
- (I) (1.) Verb: To indiscriminately send unsolicited,
unwanted, irrelevant, or inappropriate messages, especially commercial
advertising in mass quantities. (2.) Noun: electronic 'junk mail'. (D)
This term SHOULD NOT be written in upper-case letters, because
SPAM(trademark) is a trademark of Hormel Foods Corporation. Hormel
says, 'We do not object to use of this slang term to describe
[unsolicited commercial email (UCE)], although we do object to the use
of our product image in association with that term. Also, if the term
is to be used, it should be used in all lower-case letters to
distinguish it from our trademark SPAM, which should be used with all
uppercase letters.' (C) In sufficient volume, spam can cause
denial of service. According to the SPAM Web site, the term was adopted
as result of the Monty Python skit in which a group of Vikings sang
chorus of 'SPAM, SPAM, SPAM . . .' in an increasing crescendo, drowning
out other conversation. Hence, the analogy applied because UCE was
drowning out normal discourse on the Internet. [RFC2828] To
crash a program by overrunning a fixed-site buffer with excessively
large input data. Also, to cause a person or newsgroup to be flooded
with irrelevant or inappropriate messages. [AFSEC][NSAINT] (see also denial of service, spamming, email, threat)
- spamming
- Posing identical messages to multiple unrelated newsgroups.
Often used as cheap advertising, to promote pyramid schemes, or simply
to annoy other people. [SRV] (see also spam, threat)
- special access office (SAO)
-
- special access program (SAP)
-
- special information operations (SIO)
- Information Operations that by their sensitive nature, due to
their potential effect or impact, security requirements, or risk to the
national security of the United States, require a special review and
approval process. (DODD S-3600.1 of 9 Dec 96) [NSAINT] (see also security)
- special intelligence (SI)
-
- special mission modification
- Mandatory or optional modification that applies (C.F.D.) only
to a specific mission, purpose, operational, or environmental need. [NSTISSC]
- special security officer (SSO)
- (see also security)
- specific SIO class
- An SIO class in which the data types for all components are fully specified.[ISO/IEC 15816: 2002] [SC27]
- specification
- A description of the technical requirements for a system, product, or service. [SRV]
- speech privacy
- Techniques using fixed sequence permutations or (C.F.D.)
voice/speech inversion to render speech unintelligible to the casual
listener. [NSTISSC] (see also privacy)
- split key
- (I) A cryptographic key that is divided into two or
more separate data items that individually convey no knowledge of the
whole key that results from combining the items. [RFC2828] (see also key)
- split knowledge
- (I) A security technique in which two or more entities
separately hold data items that individually convey no knowledge of the
information that results from combining the items. (O) 'A
condition under which two or more entities separately have key
components that individually convey no knowledge of the plaintext key
that will be produced when the key components are combined in the
cryptographic module.' [RFC2828] A condition under which two or
more entities separately have key components that individually convey
no knowledge of the plaintext key that will be produced when the key
components are combined in the cryptographic module. [FIPS140][SRV]
Separation of data or information into two or more parts, each part
constantly kept under control of separate authorized individuals or
teams so that no one individual or team will know the whole data. [NSTISSC] (see also key, key recovery)
- sponsor
- An entity (organisation, individual, etc.) responsible for the content of a register entry. [SC27] The person or organization that requests an evaluation of an IT product. [NIAP] The person or organization that requests an evaluation. [AJP][ITSEC] (see also evaluation)
- spoof
- Attempt by an unauthorized entity to gain access to a system by posing as an authorized user. [RFC2828] (see also spoofing, threat consequence)
- spoofing
- A form of masquerading where a trusted IP address is used
instead of the true IP address as a means of gaining access to a
computer system. [FFIEC] An attempt to gain access to a system by posing as an authorized user. [AJP][NCSC/TG004]
Pretending to be someone else. The deliberate inducement of a user or a
resource to take an incorrect action. Attempt to gain access to an AIS
by pretending to be an authorized user. Impersonating, masquerading,
and mimicking are forms of spoofing. [NSAINT] The deliberate
inducement of a user or a resource to take an incorrect action.
Assuming the characteristics of another computer system or user, for
purposes of deception. Using various techniques to subvert IP-based
access control by masquerading as another system by using their IP
address. [SRV] The deliberate inducement of a user or resource to take an incorrect action. [SRV]
Unauthorized use of legitimate Identification and Authentication
(I&A) data, however it was obtained, to mimic a subject different
from the attacker. Impersonating, masquerading, piggybacking, and
mimicking are forms of spoofing. spread spectrum Telecommunications
techniques in which a signal is transmitted in a bandwidth considerably
greater than the frequency content of the original information.
Frequency hopping, direct sequence spreading, time scrambling, and
combinations of these techniques are forms of spread spectrum. [NSTISSC]
Unauthorized use of legitimate identification and authentication data,
such as user IDs and passwords, by an intruder to impersonate an
authorized user or process to gain access to an IS or data on it. [CIAO] (see also mimicking, anti-spoof, access control, authentication, hijack attack, attack, masquerade) (includes DNS spoofing, address spoofing, ip spoofing, spoof)
- spoofing attack
- (I) A synonym for 'masquerade attack'. [RFC2828] (see also attack, masquerade)
- spread
- A general term for the extent of variation among cases. [SRV]
- SSO PIN
- (O) MISSI usage: One of two personal identification
numbers that control access to the functions and stored data of a
FORTEZZA PC card. Knowledge of the SSO PIN enables the card user to
perform the FORTEZZA functions intended for use by an end user and also
the functions intended for use by a MISSI certification authority. [RFC2828] (see also Fortezza, certification, identification, Multilevel Information System Security Initiative)
- SSO-PIN ORA
- (O) MISSI usage: A MISSI organizational RA that
operates in a mode in which the ORA performs all card management
functions and, therefore, requires knowledge of the SSO PIN for an end
user's FORTEZZA PC card. [RFC2828] (see also Fortezza, Multilevel Information System Security Initiative)
- stakeholder
- An individual or group with an interest in the success of an
organization in delivering intended results and maintaining the
viability of the organization's products and services. Stakeholders
influence plans, programs, products, and services. [SRV]
- stand-alone, shared system
- A system that is physically and electrically isolated from all
other systems, and is intended to be used by more than one person,
either simultaneously (e.g. a system with multiple terminals) or
serially, with data belonging to one user remaining available to the
system while another user is using the system (e.g. a personal computer
with nonremovable storage media such as a hard disk). [AJP][NCSC/TG004] (see also modes of operation, system)
- stand-alone, single-user system
- A system that is physically and electrically isolated from all
other systems, and is intended to be used by one person at a time, with
no data belonging to other users remaining in the system (e.g. a
personal computer with removable storage media such as a floppy disk). [AJP][NCSC/TG004] (see also modes of operation, system, user)
- standard
- An established basis of performance used to determine quality and acceptability. [SRV] (see also quality)
- standard deviation
- The standard deviation is a numerical measure of the spread of
a group of values about their mean. It is a measure of the average
squared deviation from the mean. It is the square root of the variance.
We take the square root to account for the fact that we squared the
differences in computing the variance. It is the measure of variability
of a statistical sample that serves as an estimate of the population
variability. A measure of spread used with interval-ratio variables. A
numerical measurement of the dispersion, or scatter, of a group of
values about their mean, also called root mean square deviation. This
is the most common and useful of the dispersion measures. [SRV]
- standard error of the mean
- The standard deviation of the sampling distribution of a sample statistic. It is a measure of the variability within a sample. [SRV]
- standard generalized markup language
- A markup language used to define the structure of and manage documents in electronic form. [CIAO] (see also automated information system, hypertext, wireless application protocol) (includes hypertext markup language, markup language)
- Standard Security Label (SSL)
- (see also security)
- Standards for Interoperable LAN/MAN Security (SILS)
- (N) (1.) The IEEE 802.10 standards committee. (2.) A
developing set of IEEE standards, which has eight parts: (a) Model,
including security management, (b) Secure Data Exchange protocol, (c)
Key Management, (d) [has been incorporated in (a)], (e) SDE Over
Ethernet 2.0, (f) SDE Sublayer Management, (g) SDE Security Labels, and
(h) SDE PICS Conformance. Parts b, e, f, g, and h are incorporated in
IEEE Standard 802.10-1998. [RFC2828] (see also key, model, security)
- star (*) property
- (I) (Written '*-property'.) See: 'confinement property' under Bell-LaPadula model. [RFC2828]
Bell-La Padula security model rule allowing a subject write access to
an object only if the security level of the object dominates the
security level of the subject. [NSTISSC] (see *-property)
- Star Trek attack
- (C) An attack that penetrates your system where no attack has ever gone before. [RFC2828] (see also attack)
- start-up KEK
- Key-encryption-key held in common by a group of potential
communicating entities and used to establish ad hoc tactical networks. [NSTISSC] (see also encryption, key, networks)
- starting variable (SV)
- Variable defining the starting point of the mode of operation.
NOTE - The method of deriving the starting variable from the
initializing value is not defined in this International Standard. It
needs to be described in any application of the modes of operation. [SC27]
Variable derived from the initializing value and used in defining the
starting point of the modes of operation. NOTE - The method of deriving
the starting variable from the initializing value is not defined in
this International Standard. It needs to be described in any
application of the modes of operation. [SC27] Variable derived
from the initializing value and used in defining the starting point of
the modes of operation. NOTE - The method of deriving the starting
variable from the initializing value is not defined in this
International Standard. It needs to be described in any application of
the modes of operation. [ISO 8372: 1987] Variable defining the starting
point of the mode of operation. NOTE - The method of deriving the
starting variable from the initializing value is not defined in this
International Standard. It needs to be described in any application of
the modes of operation. [SC27]
- state
- Give required information with no attempt or implied requirement, to justify the information presented. [AJP][FCv1]
- state delta verification system
- A system designed to give high confidence regarding microcode
performance by using formulas that represent isolated states of a
computation to check proofs concerning the course of that computation. [AJP][NCSC/TG004] (see also system)
- state transition diagram (STD)
- (see also networks)
- state variable
- A variable that represents either the state of the computer system or the state of some system resource. [AJP][NCSC/TG004] Variable representing either the state of an IS or the state of some system resource. [NSTISSC]
- stateful inspection
- A firewall inspection technique that examines the claimed
purpose of a communication for validity. For example, a communication
claiming to respond to a request is compared to a table of outstanding
requests. [FFIEC]
- stateful packet filtering
- The process of forwarding or rejecting traffic based on the
contents of a state table maintained by a firewall. Packet filtering
and proxy firewalls are essentially static, in that they always forward
or reject packets based on the contents of the rule set. In contrast,
devices using stateful packet filtering will only forward packets if
they correspond with state information maintained by the device about
each connection. For example, a stateful packet filtering device will
reject a packet on port 20 (ftp-data) if no connection has been
established over the ftp control port (usually port 21). [RFC2647] (see also proxy, firewall, packet filtering)
- statement coverage
- Metric of the number of source language statements executed under test. [OVT] (see also test)
- static analysis
- The process of evaluating a system or component based on its
form, structure, content, or documentation. Contrast with: dynamic
analysis. Analysis of a program carried out without executing the
program. (NBS) Analysis of a program that is performed without
executing the program. [OVT] (see also analysis)
- static binding
- A binding in which the name/class association is made when the
name is declared (at compile time), but before the creation of the
object that the name designates. [SRV]
- statistic
- A number computed from data on one or more variables. [SRV]
- statistical estimate
- A numerical value assigned to a population parameter on the basis of evidence from a sample. [SRV] (see also evidence)
- statistical process control (SPC)
- The application of statistical techniques for measuring, analyzing, and controlling the variation in processes. [SRV]
- status information
- Information that is output from a cryptographic module for the
purposes of indicating certain operational characteristics or states of
the module. [FIPS140] (see also cryptography)
- stealth probe
- A probe that does not use standard connection protocols. Its
activity is normally low enough that it does not trigger standard
intrusion detection. A low level and inconspicuous network connection. [AFSEC] (see also networks, threat)
- steganography
- (I) Methods of hiding the existence of a message or
other data. This is different than cryptography, which hides the
meaning of a message but does not hide the message itself. (C) An example of a steganographic method is 'invisible' ink. [RFC2828] (see also cryptography)
- storage channel
- (see covert channel)
- storage object
- An object supporting both read and write accesses to an AIS. [NSTISSC] An object that supports both read and write accesses. [AJP][ITSEC][NCSC/TG004][TCSEC][TDI][TNI] (includes object)
- stovepipe systems
- A computer system developed to solve a specific problem,
characterized by a limited focus and functionality, and containing data
that cannot be easily shared with other computer systems. Most
stovepipe systems are legacy systems. [SRV] Systems developed to
solve a specific problem and having little or no interconnection with
other systems. They are characterized by a limited focus and
functionality, and typically contain redundant data, nonstandard data
element names, and data that cannot be easily shared with other
systems. [SRV] (see also system)
- strata
- Two or more mutually exclusive subdivisions of a population,
defined in such a way that each sampling unit can belong to only one
subdivision or stratum. [SRV]
- stratified random sample
- If the population to be sampled is first subclassified into
several subpopulations called strata the sample may be drawn by taking
random samples from each stratum. The samples need not be proportional
to the strata sizes. [SRV]
- stream cipher
- (I) An encryption algorithm that breaks plaintext into
a stream of successive bits (or characters) and encrypts the n-th
plaintext bit with the n-th element of a parallel key stream, thus
converting the plaintext bit stream into a ciphertext bit stream. [RFC2828]
Symmetric encryption algorithm with the property that the encryption
process involves combining the plaintext with a pseudorandom
enciphering sequence one bit at a time. Each ciphertext bit is thus a
function of both the corresponding plaintext bit and its position
within the sequence of plaintext bits. [SC27] (see also encryption, key)
- strength of a requirement
- Definition of the conditions under which a functional component withstands a defined attack or tolerates failures. [AJP][FCv1] (see also attack, failure, evaluation, requirements)
- strength of encryption
- (see encryption strength)
- strength of function (SOF)
- A qualification of a TOE security function expressing the
minimum efforts assumed necessary to defeat its expected security
behavior by directly attacking its underlying security mechanisms. [CC2][CC21][SC27] (see also attack, TOE security functions, target of evaluation) (includes SOF-basic, SOF-high, SOF-medium)
- strength of mechanisms (SML)
- A rating of the ability of a security mechanism to withstand a direct attack. [AJP][JTC1/SC27] A scale for measuring the relative strength of a security mechanism hierarchically ordered from SML 1 through SML 3. [IATF]
An aspect of the assessment of the effectiveness of a Target of
Evaluation, namely, the ability of its security mechanisms to withstand
direct attack against deficiencies in their underlying algorithms,
principles, and properties. [AJP][ITSEC] (see also attack, security, target of evaluation)
- strengths, weaknesses, opportunities, threats (SWOT)
- (see also risk, risk management, threat) (includes SWOT analysis)
- stress testing
- Testing in which a system is subjected to unrealistically
harsh inputs or load with inadequate resources with the intention of
breaking it. Testing conducted to evaluate a system or component at or
beyond the limits of its specified requirements. Stress tests are
designed to confront programs with abnormal situations. ... Stress
testing executes a system in a manner that demands resources in
abnormal quantity, frequency, or volume. ... Essentially, the tester
attempts to break the program. (p.652-653) [OVT] (see also black-box testing, boundary value, test)
- stretch goal
- A goal that requires a significant change in the performance (e.g. quality, time, cost) of a process. [SRV] (see also quality)
- strong authentication
- (I) An authentication process that uses
cryptography--particularly public-key certificates--to verify the
identity claimed for an entity. (O) 'Authentication by means of cryptographically derived credentials.' [RFC2828] (see also certificate, cryptography, key, public-key infrastructure, authentication)
- structural testing
- Testing that takes into account the internal mechanism of a
system or component. Types include branch testing, path testing,,
statement testing. Syn: glass-box testing; white-box testing. Contrast
with: functional testing (1) (1) (IEEE) Testing that takes into account
the internal mechanism [structure] of a system or component. Types
include branch testing, path testing, statement testing. (2) Testing to
insure each program statement is made to execute during testing and
that each program statement performs its intended function. Contrast
with functional testing. Syn: white-box testing, glass-box testing,
logic driven testing. [OVT] (see also test)
- structured query language (SQL)
- (see also automated information system)
- sub-registration authority (SRA)
- Individual with primary responsibility for managing (C.F.D.) the distinguished name process. [NSTISSC]
- subassembly
- Major subdivision of an assembly consisting of a package of parts, elements, and circuits that perform a specific function. [NSTISSC]
- subclass
- A class that inherits from one or more other classes. [SRV]
- subcommittee on Automated Information System security (SAISS)
- NSDD (National Security Decision Directive) 145 authorized and
directed the establishment, under the NTISSC (National
Telecommunications and Information Systems Security Committee), of a
permanent Subcommittee on Automated Information System Security
(SAISS). The SAISS is composed of one voting member from each U.S.
federal organization represented on the NTISSC. In 1990, the NTISSC was
replaced with the NSTISSC (National Security Telecommunications and
Information Systems Security Committee) pursuant to NSD-42. [AJP]
NSDD-145 authorizes and directs the establishment, under the NTISSC, of
a permanent Subcommittee on Automated Information System Security. The
SAISS is composed of one voting member from each organization
represented on the NTISSC. [NCSC/TG004] (see also National Security Decision Directive 145, computer security, system) (includes Automated Information System security)
- Subcommittee on Information Systems Security (SISS)
- (see also computer security, system)
- subcommittee on telecommunications security (STS)
- NSDD (National Security Decision Directive) 145 authorized and
directed the establishment, under the NTISSC (National
Telecommunications and Information Systems Security Committee), of a
permanent Subcommittee on Telecommunications Security (STS). The STS is
composed of one voting member from each U.S. federal organization
represented on the NTISSC. In 1990, the NTISSC was replaced with the
NSTISSC (National Security Telecommunications and Information Systems
Security Committee) pursuant to NSD-42. [AJP] NSDD-145
authorizes and directs the establishment, under the NTISSC, of a
permanent Subcommittee on Telecommunications Security. The STS is
composed of one voting member from each organization represented on the
NTISSC. [NCSC/TG004] (see also computer security, National Security Decision Directive 145, communications security)
- subject
- (I) in a system: A system entity that causes
information to flow among objects or changes the system state;
technically, a process-domain pair. (I) Of a certificate: The
entity name that is bound to the data items in a digital certificate,
and particularly a name that is bound to a key value in a public-key
certificate. [RFC2828] Active entity in an IT product or AIS,
generally in the form of a process or device, that causes information
to flow among objects or changes the system state. [AJP][FCv1]
An active entity, generally in the form of a person, process, or
device, that causes information to flow among objects or changes the
system state. Technically, a process/domain pair. [NCSC/TG004][TCSEC][TDI][TNI] An active entity, generally in the form of a person, process, or device. [ITSEC]
An active entity- e.g. a process or device acting on behalf of a user,
or in some cases the actual user- that can make a request to perform an
operation on an object. [SRV] An entity within the TSC that causes operations to be performed. [CC2][CC21][SC27] Generally a person, process, or device causing information to flow among objects or change to the system state. [NSTISSC] (see object) (see also certificate, key, public-key infrastructure, Bell-LaPadula security model, TCB subset, access, candidate TCB subset, component reference monitor, covert storage channel, declassification of AIS storage media, exploitable channel, granularity of a requirement, internal security controls, isolation, least privilege, list-oriented, network reference monitor, object reuse, owner, permissions, protection-critical portions of the TCB, read, read access, reference monitor, reference monitor concept, reference validation mechanism, resource encapsulation, restricted area, scope of a requirement, secure state, secure subsystem, security attribute, security-relevant event, simple security condition, simple security property, technical policy, ticket-oriented, transaction, write) (includes domain, internal subject, process, subject security level, trusted subject)
- subject security level
- A subject's security level is equal to the security level of
the objects to which it has both read and write access. A subject's
security level must always be dominated by the clearance of the user
the subject is associated with. [AJP][NCSC/TG004][TCSEC][TNI]
Sensitivity label(s) of the objects to which the subject has both read
and write access. Security level of a subject must always be dominated
by the clearance level of the user associated with the subject. [NSTISSC] (see also user, security, subject) (includes object)
- subnetwork
- (N) An OSI term for a system of packet relays and
connecting links that implement the lower three protocol layers of the
OSIRM to provide a communication service that interconnects attached
end systems. Usually the relays operate at OSI layer 3 and are all of
the same type (e.g. all X.25 packet switches, or all interface units in
an IEEE 802.3 LAN). [RFC2828] (see also communications, networks)
- subordinate certification authority (SCA)
- (I) A CA whose public-key certificate is issued by another (superior) CA. (O)
MISSI usage: The fourth-highest (bottom) level of a MISSI certification
hierarchy; a MISSI CA whose public-key certificate is signed by a MISSI
CA rather than by a MISSI PCA. A MISSI SCA is the administrative
authority for a subunit of an organization, established when it is
desirable to organizationally distribute or decentralize the CA
service. The term refers both to that authoritative office or role, and
to the person who fills that office. A MISSI SCA registers end users
and issues their certificates and may also register ORAs, but may not
register other CAs. An SCA periodically issues a CRL. [RFC2828] (see also certificate, certification, key, Multilevel Information System Security Initiative, public-key infrastructure)
- subordinate distinguished name
- (I) An X.500 DN is subordinate to another X.500 DN if
it begins with a set of attributes that is the same as the entire
second DN except for the terminal attribute of the second DN (which is
usually the name of a CA). For example, the DN is subordinate to the DN . [RFC2828] (see also distinguished name)
- subprocess
- A collection of related activities and tasks within a process. [SRV]
- subset-domain
- A set of system domains. For evaluation by parts, each
candidate TCB subset must occupy a distinct subset-domain such that
modify-access to a domain within a TCB subset's subset-domain is
permitted only to that TCB subset and (possibly) to more primitive TCB
subsets. [AJP][TDI] (see also evaluation, trusted computing base)
- substitution
- Altering or replacing valid data with false data that serves to deceive an authorized entity. [RFC2828] (see also threat consequence)
- subsystem
- A major subdivision or component of an IT system consisting of hardware/software/firmware that performs a specific function. [800-37]
- subtest
- The smallest identifiable part of a test consisting of at least one input and one outcome. [OVT] (see also test)
- subversion
- Occurs when an intruder modifies the operation of the intrusion detector to force false negatives to occur. [NSAINT] (see also attack)
- suitability of functionality
- An aspect of the assessment of the effectiveness of a Target
of Evaluation, namely, the suitability of its security enforcing
functions and mechanisms to in fact counter the threats to the security
of the Target of Evaluation identified in its security target. [AJP][ITSEC] (see also security, security target, threat, target of evaluation)
- superclass
- The class from which another class inherits. [SRV]
- superencryption
- (I) An encryption operation for which the plaintext
input to be transformed is the ciphertext output of a previous
encryption operation. [RFC2828] Process of encrypting encrypted
information. Occurs when a message, encrypted off-line, is transmitted
over a secured, on-line circuit, or when information encrypted by the
originator is multiplexed onto a communications trunk, which is then
bulk encrypted. [NSTISSC] (see also encryption)
- supersession
- Scheduled or unscheduled replacement of a COMSEC aid with a different edition. [NSTISSC] (see also communications security)
- superuser
- A user who is authorized to modify and control IS processes, devices, networks, and file systems. [CIAO] Special user who can perform control of processes, (C.F.D.) devices, networks, and file systems. [NSTISSC] (see also networks, user)
- supervisor state
- (see executive state)
- supplementary character
- Check character which does not belong to the character set of the strings which are to be protected. [SC27]
- supplementary check character
- (see supplementary character)
- support software
- All software that indirectly supports the operation of a
computer system and its functional applications; for example, MACRO
instructions, call routines, read and write routines. [SRV] (see also software)
- suppression measure
- Action, procedure, modification, or device that reduces the
level of, or inhibits the generation of, compromising emanations in an
IT system. [NSTISSC] (see also emanation, emanations security)
- surrogate access
- (see also discretionary access control)
- survivability
- (I) The ability of a system to remain in operation or
existence despite adverse conditions, including both natural
occurrences, accidental actions, and attacks on the system. [RFC2828] (see also attack)
- suspicious activity report (SAR)
- Reports required to be filed by the Bank Secrecy Act when a financial institution identifies or suspects fraudulent activity. [FFIEC] (see also assurance, threat)
- suspicious event
- Any event that has the potential to become a validated computer security incident. [AFSEC] (see also computer security, incident, threat)
- switched multi-megabit data service (SMDS)
-
- SWOT analysis
- An analysis of strengths, weaknesses, opportunities, and
threats facing an organization to identify business drives for
improvement and to set business strategy. [SRV] (see also threat, analysis, strengths, weaknesses, opportunities, threats)
- syllabary
- List of individual letters, combination of letters, or
syllables, with their equivalent code groups, used for spelling out
words or proper names not present in the vocabulary of a code. A
syllabary may also be a spelling table. [NSTISSC]
- symbolic execution
- A software analysis technique in which program execution is
simulated using symbols, such as variable names, rather than actual
values for input data, and program outputs are expressed as logical or
mathematical expressions involving these symbols. [OVT] (see also analysis)
- symmetric algorithm
- An algorithm where the same key can be used for encryption and decryption. [IATF][misc] (see also algorithm, encryption, key) (includes Data Encryption Standard, International Data Encryption Algorithm, Rivest Cipher 2, Rivest Cipher 4, Skipjack, secret key)
- symmetric cryptographic technique
- A cryptographic technique that uses the same secret key for
both the originator's and the recipient's transformation. Without
knowledge of the secret key, it is computationally infeasible to
compute either the originator's or the recipient's transformation. [SC27]
A cryptographic technique that uses the same secret key for both the
originator's and the recipient's transformation. Without knowledge of
the secret key, it is computationally infeasible to compute either the
originator's or the recipient's transformation. [ISO/IEC 9798-1: 1997,
ISO/IEC 11770-1: 1996] Cryptographic technique that uses the same
secret key for both the encryption and the decryption transformation.
Without knowledge of the secret key, it is computationally infeasible
to compute either the originator's or the recipient's transformation. [SC27]
Cryptographic technique that uses the same secret key for both the
encryption and the decryption transformation. Without knowledge of the
secret key, it is computationally infeasible to compute either the
originator's or the recipient's transformation. [SC27] (see also symmetric cryptography)
- symmetric cryptography
- (I) A branch of cryptography involving algorithms that
use the same key for two different steps of the algorithm (such as
encryption and decryption, or signature creation and signature
verification). (C) Symmetric cryptography has been used for
thousands of years. A modern example of a symmetric encryption
algorithm is the U.S. Government's Data Encryption Algorithm. (C)
Symmetric cryptography is sometimes called 'secret-key cryptography'
(versus public-key cryptography) because the entities that share the
key, such as the originator and the recipient of a message, need to
keep the key secret. For example, when Alice wants to ensure
confidentiality for data she sends to Bob, she encrypts the data with a
secret key, and Bob uses the same key to decrypt. Keeping the shared
key secret entails both cost and risk when the key is distributed to
both Alice and Bob. Thus, symmetric cryptography has a key management
disadvantage compared to asymmetric cryptography. [RFC2828] (see also confidentiality, digital signature, encryption, key, symmetric cryptographic technique, symmetric encipherment algorithm, symmetric encryption algorithm) (includes Advanced Encryption Standard, Blowfish, CAST, Data Encryption Algorithm)
- symmetric encipherment algorithm
- An encipherment algorithm that uses the same secret key for both the originator's and the recipient's transformation. [SC27] (see also symmetric cryptography)
- symmetric encryption algorithm
- Encryption algorithm that uses the same secret key for both
the encryption and decryption processes. NOTE - A symmetric encryption
algorithm is a symmetric cryptographic technique that is also an
encryption algorithm. [SC27] (see also symmetric cryptography)
- symmetric key
- (I) A cryptographic key that is used in a symmetric cryptographic algorithm. [RFC2828]
A cryptographic key that is used in symmetric cryptographic algorithms.
The symmetric key used for encryption is also used for decryption. [SRV] Encryption methodology in which the encryptor and decryptor use the same key, which must be kept secret. [NSTISSC] (see also encryption, key)
- symmetric measure of association
- A measure of association that does not make a distinction between independent and dependent variables. [SRV]
- SYN flood
- (I) A denial of service attack that sends a host more
TCP SYN packets (request to synchronize sequence numbers, used when
opening a connection) than the protocol implementation can handle. [RFC2828] When the SYN queue is flooded, no new connections can be opened. [AFSEC][NSAINT] (see also denial of service, attack, synchronous flood)
- synchronous crypto-operation
- Method of on-line crypto-operation in which crypto-equipment
and associated terminals have timing systems to keep them in step. [NSTISSC] (see also cryptography)
- synchronous flood
- A method of disabling a system by sending more SYN packets than its networking code can handle. [SRV] (see also networks) (includes SYN flood)
- synchronous transmission
- The serial transmission of a bit stream in which each bit
occurs at a fixed time interval and the entire stream is preceded by a
specific combination of bits that initiate the timing. [SRV] (see also networks)
- syntax
- The structural or grammatical rules that define how symbols in
a language are to be combined to form words, phrases, expressions, and
other allowable constructs. [OVT]
- syntax testing
- A test case design technique for a component or system in which test case design is based upon the syntax of the input. [OVT] (see also test)
- synthetic benchmarks
- A performance test consisting of programs and data written specifically as a benchmark. [SRV] (see also test)
- system
- (1) A specific IT installation, with a particular purpose and
operational environment. (2) An assembly of computer and/or
communications hardware, software, and firmware configured for the
purpose of classifying, sorting, calculating, computing, summarizing,
transmitting, receiving, storing, and retrieving data, with the purpose
of supporting users. (3) IT products assembled together - either
directly or with additional computer hardware, software, and/or
firmware - configured to perform a particular function within a
particular operational environment. [AJP] (C) In this Glossary, the term is mainly used as an abbreviation for 'automated information system'. [RFC2828] A collection of components organized to accomplish a specific function or set of functions. [IEEE610] A generic term used for briefness to mean either a major application or a general support system. [800-37] A specific IT installation, with a particular purpose and operational environment. [AJP][CC2][CC21][ITSEC][JTC1/SC27][NIAP][SC27]
An assembly of computer and/or communications hardware, software, and
firmware configured for the purpose of classifying, sorting,
calculating, computing, summa, transmitting and receiving, storing and
retrieving data, with the purpose of supporting users. [TNI] IT
products assembled together; either directly or with additional
computer hardware, software, and/or firmware; configured to perform a
particular function within a particular operational environment. [FCv1] (see also Open Systems Interconnection Reference model, Trusted Computer System Evaluation Criteria, Trusted Systems Interoperability Group, information system security officer, information systems security, software, system administrator privileges, system development methodologies, system high, system integrity, system integrity service, system life, system life cycle, system low, system parameter, system requirement, system safety, system security authorization agreement, system security officer, system security policy, system-high security mode, systematic selection with a random start, systems administrator, systems engineering, systems software) (includes Automated Information System security, COMSEC Material Control System, Defense Information System Network, DoD Trusted Computer System, DoD Trusted Computer System Evaluation Criteria, Information Systems Security products and services catalogue, Multilevel Information System Security Initiative, National Communications System, National Security Telecommunications and Information Systems Security Advisory/Information Memorandum, National Security Telecommunications and Information Systems Security Committee, National Security Telecommunications and Information Systems Security Directive, National Security Telecommunications and Information Systems Security Instruction, National Security Telecommunications and Information Systems Security Policy, National Telecommunications and Information Systems Security Advisory Memoranda/Instructions, National Telecommunications and Information Systems Security Directive, National Telecommunications and Information Systems Security Instruction, National Telecommunications and Information Systems Security Policy, Network File System, Secure Data Network System, Subcommittee on Information Systems Security, Terminal Access Controller Access Control System, The Exponential Encryption System, asymmetric encipherment system, asymmetric signature system, authentication system, auto-manual system, automated data processing system, automated information system, automated key management system, automated office support systems, bulletin board services (systems), certified information systems security professional, check character system, clean system, coded switch system, computer oracle and password system, computer security subsystem, concealment system, cryptographic system, cryptosystem, cryptosystem analysis, cryptosystem evaluation, cryptosystem review, cryptosystem survey, database management system, decision support systems, defense communications system, defense message system, domain name system, electronic document management system, electronic funds transfer system, electronic generation, accounting, and distribution system, electronic key management system, elliptic curve cryptosystem, embedded system, end system, evaluated system, executive information systems, federal telecommunications system, general-purpose system, generally accepted system security principles, global command and control system, global positioning system, imaging system, improved emergency message automatic transmission system, information system, information systems security association, information systems security engineering, information systems security manager, information systems/technology, information technology system, intrusion detection system, kernelized secure operating system, key management system, key management system Agent, key-escrow system, legacy systems, lock-and-key protection system, logical system definition, manager information systems, message handling system, mission critical system, multilevel information systems security initiative, national security system, national telecommunications and information system security directives, network system, on-line system, one-time cryptosystem, open system environment, open system interconnection, open system interconnection model, open systems, open systems interconnection, open systems security, operating system, password system, positive enable system, program automated information system security incident support team, protected distribution systems, protected wireline distribution system, public key system, real-time system, secure operating system, secure subsystem, signaling system 7, signature system, software system test and evaluation process, stand-alone, shared system, stand-alone, single-user system, state delta verification system, stovepipe systems, subcommittee on Automated Information System security, system acquisition plan, system administrator, system assets, system design review, system development, system development life cycle, system entity, system entry, system files, system profile, system security management, system security plan, system software, system verification, systems security steering group, triÂservice tactical communications system, trusted computer system, trusted computing system, trustworthy system, user interface system)
- system accreditation
- Authorizes the operation of a major application or a general
support system at a particular location with specified environmental
constraints. [800-37] (see also accreditation)
- system acquisition plan (SAP)
- (see also system)
- system administrator (SA)
- Individual responsible for the installation and maintenance of
an IS, providing effective IS utilization, adequate security
parameters, and sound implementation of established INFOSEC policy and
procedures. [NSTISSC] Person responsible for the effective
operation and maintenance of an IS, including implementation of
standard procedures and controls to enforce an organization’s security
policy. [CIAO] (see also system)
- system administrator privileges
- System administrators have more rights (greater permissions) as their work involve the maintenance of system files. [RFC2504] (see also system)
- system and data integrity
- A family of security controls in the operations class dealing
with the logical correctness and reliability of the operating system,
the logical completeness of the hardware and software implementing the
protection mechanisms, and the consistency of the data structures and
occurrence of the stored data. [800-37] (see also integrity)
- system assets
- Any software, hardware, data, administrative, physical, communications, or personnel resource within an IT system. [NSTISSC] (see also system)
- system boundary
- Encompasses all those components of the system that are to be
accredited by the DAA and excludes separately accredited systems, to
which the system is connected. [800-37]
- system design review (SDR)
- (see also system)
- system development
- Methodologies developed through software methodologies
engineering to manage the complexity of system development. Development
methodologies include software engineering aids and high-level design
analysis tools. [NSTISSC] (see also analysis, system)
- system development and acquisition
- A family of security controls in the management class dealing with the design, development and acquisition of IT systems. [800-37] (see also security)
- system development life cycle (SDLC)
- A written strategy or plan for the development and
modification of computer systems, including initial approvals,
development documentation, testing plans and results, and approval and
documentation of subsequent modifications. [FFIEC] (see also test, system)
- system development methodologies
- Methodologies developed through software engineering to manage
the complexity of system development. Development methodologies include
software engineering aids and high-level design analysis tools. [AJP][NCSC/TG004] (see also analysis, software, system) (includes software development methodologies)
- system entity
- (I) An active element of a system-- e.g. an automated
process, a subsystem, a person or group of persons-- that incorporates
a specific set of capabilities. [RFC2828] (see also authentication, system)
- system entry
- Mechanism by which an identified and authenticated user is provided access into the system. [AJP][FCv1] (see also authentication, access control, system)
- system files
- The set of files on a system that do not belong to end-users,
which govern the functionality of the computer system. System files
have a great impact on the security of the computer system. [RFC2504] (see also security, system)
- system high
- (I) The highest security level supported by a system at a particular time or in a particular environment. [RFC2828] Highest security level supported by an IT system. [NSTISSC] The highest security level supported by a system at a particular time or in a particular environment. [AJP][TNI] (see also system low, system, modes of operation, system-high security mode)
- system high mode
- IS security mode of operation wherein each user, with direct
or indirect access to the IS, its peripherals, remote terminals, or
remote hosts, has all of the following: a. valid security clearance for
all information within an IS; b. formal access approval and signed
nondisclosure agreements for all the information stored and/or
processed (including all compartments, subcompartments and/or special
access programs); and c. valid need-to-know for some of the information
contained within the IS. [NSTISSC] (see also computer security, user)
- system indicator
- Symbol or group of symbols in an off-line encrypted message
identifying the specific cryptosystem or key used in the encryption. [NSTISSC] (see also cryptography, encryption)
- system integrity
- (1) The quality of a system fulfilling its operational purpose
while (a) preventing unauthorized users from making modifications to
resources or using resources, and (b) preventing authorized users from
making improper modifications to resources or making improper use of
resources. (2) The quality that a system has when it performs its
intended function in an unimpaired manner, free from deliberate or
inadvertent unauthorized manipulation of the computer system. [AJP] (I)
'The quality that a system has when it can perform its intended
function in a unimpaired manner, free from deliberate or inadvertent
unauthorized manipulation.' [RFC2828] Attribute of an IS when it
performs its intended function in an unimpaired manner, free from
deliberate or inadvertent unauthorized manipulation of the computer
system. [NSTISSC] Optimal functioning of an IS, free from unauthorized impairment or manipulation. [CIAO]
The quality of a system fulfilling its operational purpose while:
preventing unauthorized users from making modifications to resources or
using resources preventing authorized users from making improper
modifications to resources or making improper use of resources. [JTC1/SC27]
The quality that a system has when it performs its intended function in
an unimpaired manner, free from deliberate or inadvertent unauthorized
manipulation of the computer system. [NCSC/TG004][SRV] (see also quality, system, integrity)
- system integrity service
- (I) A security service that protects system resources
in a verifiable manner against unauthorized or accidental change, loss,
or destruction. [RFC2828] (see also system, security)
- system interconnection
- A family of security controls in the management class dealing
with the operational, technical, and management requirements for
interconnecting IT systems. [800-37] (see also security)
- system life
- A projection of the time period that begins with the
installation of a system resource (e.g. software or hardware) and ends
when the organization's need for that resource has terminated. [SRV] (see also software, system)
- system life cycle
- The evolution with time of the computer system from conception through to disposal. [SC27] (see also system)
- system low
- (I) The lowest security level supported by a system at a particular time or in a particular environment.$ system resource (I)
Data contained in an information system; or a service provided by a
system; or a system capability, such as processing power or
communication bandwidth; or an item of system equipment (i.e., a system
component--hardware, firmware, software, or documentation); or a
facility that houses system operations and equipment. [RFC2828] Lowest security level supported by an IT system. [NSTISSC] The lowest security level supported by a system at a particular time or in a particular environment. [AJP][NCSC/TG004][TNI] (see also system high, security, software, system, modes of operation)
- system owner
- Represents the interests of the user community and the IT
system throughout the system's life cycle. The system owner assumes
responsibility for the system after delivery and installation during
operation, maintenance, and disposal. [800-37]
- system parameter
- A factor or property whose value determines a characteristic or behavior of the computer system. [SRV] (see also system)
- system profile
- Detailed security description of the physical structure,
equipment component, location, relationships, and general operating
environment of an IT system. [NSTISSC] (see also system)
- system requirement
- A condition or capability that must be met or possessed by a
system or system component to satisfy a condition or capability needed
by a user to solve a problem. [IEEE610] (see also system, requirements)
- system resources
- Capabilities that can be accessed by a user or program either
on the user's machine or across the network. Capabilities can be
services, such as file or print services, or devices, such as routers. [FFIEC] (see also automated information system)
- system safety
- Freedom from those conditions that can cause death or injury, or damage to or loss of data, hardware, or software. [SRV] (see also software, system)
- system security
- (see also information systems security)
- system security authorization agreement (SSAA)
- The SSAA is the formal agreement among the DAA(s), Certifier,
user representative, and program manager. It is used throughout the
entire DITSCAP to guide actions, document decisions, specify IA
requirements, document certification tailoring and level-of-effort,
identify potential solutions, and maintain operational systems
security. [IATF] (see also system, authorization, requirements)
- system security engineering
- (see also information systems security)
- system security evaluation
- Risk assessment of a system, considering its (C.F.D.) vulnerabilities and perceived security threat. [NSTISSC] (see also threat, evaluation)
- system security management
- Formal document fully describing the plan (C.F.D.)
responsibilities for security tasks planned to meet system security
requirements. [NSTISSC] (see also security, system)
- system security officer (SSO)
- (I) A person responsible for enforcement or administration of the security policy that applies to the system. [RFC2828]
Person assigned to implement an organization’s computer security
policy. Also referred to as a system security program manager. [CIAO]
The person responsible for the security of a system. The SSO is
authorized to act in the 'security administrator' role. Functions that
the SSO is expected to perform include: auditing and changing security
characteristics of a user. [TNI] The person responsible to the
Designated Approving Authority, program manager, and/or system/data
owner for ensuring the security of an IT system throughout its life
cycle, from design through disposal. [800-37] (see also audit, system, security) (includes information system security officer)
- system security plan (SSP)
- A formal document listing the tasks necessary to meet system
security requirements, a schedule for their accomplishments, and to
whom responsibilities for each task are assigned. [CIAO] Formal document fully describing the planned (C.F.D.) security tasks required to meet system security requirements. [NSTISSC] (see also security, system)
- system security policy
- The set of laws, rules, and practices that regulate how
sensitive information and other resources are managed, protected, and
distributed within a specific system. [AJP][ITSEC] (see also system, policy, security policy)
- system software
- Controls that limit and monitor access to the powerful
programs and sensitive files that (1) control the computer hardware and
(2) secure applications supported by the system. [CIAO] The
special software (e.g. operating system, compilers or utility programs)
designed for a specific computer system or family of computer systems
to facilitate the operation and maintenance of the computer system,
programs, and data. [FIPS140] (see also software, system)
- system testing
- The testing of a complete system prior to delivery. The
purpose of system testing is to identify defects that will only surface
when a complete system is assembled. That is, defects that cannot be
attributed to individual components or the interaction between two
components. System testing includes testing of performance, security,
configuration sensitivity, startup and recovery from failure modes. [OVT] (see also recovery, security, test)
- system under test (SUT)
- The real open system in which the Implementation Under Test (IUT) resides. [OVT] (see also test)
- system verification
- (see also system, verification)
- system-high security mode
- (I) A mode of operation of an information system,
wherein all users having access to the system possess a security
clearance or authorization, but not necessarily a need-to-know, for all
data handled by the system. (C) This mode is defined formally in
U.S. Department of Defense policy regarding system accreditation, but
the term is widely used outside the Defense Department and outside the
Government. [RFC2828] The mode of operation in which system
hardware and software is only trusted to provide discretionary
protection between users. In this mode, the entire system, to include
all components electrically and/or physically connected, must operate
with security measures commensurate with the highest classification and
sensitivity of the information being processed and/or stored. All
system users in this environment must possess clearances and
authorization for all information contained in the system. All system
output must be clearly marked with the highest classification and all
system caveats until the information has been reviewed manually by an
authorized individual to ensure appropriate classifications and that
caveats have been affixed. Compare Dedicated Security Mode, Multilevel
Security Mode. [TNI] (see also accreditation, classification level, software, system, trust, modes of operation, multilevel security mode) (includes system high)
- systematic selection with a random start
- A sampling method in which a given sample size is divided into
the population size in order to obtain a sampling interval. A random
starting point between 1 and the sampling interval is obtained. This
item is selected first; then every item whose number or location is
equal to the previously selected item plus the sampling interval is
selected, until the population is used up. [SRV] (see also system)
- systems administrator
- The individual who maintains the system and has system
administrator privileges. In order to avoid errors and mistakes done by
this individual while not acting as an administrator, he/she should
limit the time he/she acts as an administrator (as known to the system)
to a minimum. [RFC2504] (see also system)
- systems engineering
- The systematic application of technical and managerial
processes and concepts to transform an operational need into an
efficient, cost-effective system, using an iterative approach to
define, analyze, design, build, test, and evaluate the system. [SRV] (see also system, test)
- systems security steering group
- The senior U.S. Government body established by NSDD (National
Security Decision Directive) 145 to provide top-level review and policy
guidance for the telecommunications security and Automated Information
System security activities of the U.S. Government. This group is
chaired by the Assistant to the President for National Security Affairs
and consists of the Secretary of State, Secretary of Treasury,
Secretary of Defense, Attorney General, Director of the Office of
Management and Budget, and Director of Central Intelligence. In 1990,
NSDD 145 was partially replaced by NSD-42. [AJP] The senior
government body established by NSDD-145 to provide top-level review and
policy guidance for the telecommunications security and Automated
Information System security activities of the U.S. Government. This
group is chaired by the Assistant to the President for National
Security Affairs and consists of the Secretary of State, Secretary of
Treasury, the Secretary of Defense, the Attorney General, the Director
of the Office of Management and Budget, and the Director of Central
Intelligence. [NCSC/TG004] (see also communications security, computer security, security, system)
- systems software
- A major category of programs used to control the computer and
process other programs, such as secure operating systems,
communications control programs, and database managers. Contrasts with
applications software, which comprises the data entry, update, query,
and report programs that process an organization's data. [SRV] A series of control programs including the operating system, communications software, and database management system. [SRV] (see also system, software)
- t-1 line
- A special type of telephone line for digital communication only. [FFIEC]
- tactical terminal (TACTERM)
-
- tactical trunk encryption device (TACTED)
- (see also encryption)
- tamper
- (I) Make an unauthorized modification in a system that
alters the system's functioning in a way that degrades the security
services that the system was intended to provide. [RFC2828] In
context of corruption, deliberate alteration of a system's logic, data,
or control information to interrupt or prevent correct operation of
system functions. [RFC2828] In context of misuse, deliberate
alteration of a system's logic, data, or control information to cause
the system to perform unauthorized functions or services. [RFC2828]
Unauthorized modification that alters the proper functioning of
cryptographic or automated information system security equipment in a
manner that degrades the security or functionality it provides. [IATF] (see also Clipper chip, Federal Standard 1027, QUADRANT, TCB subset, computer security, denial of service, personal security environment, protective technologies, reference validation mechanism, signed applet, smartcards, encryption, security, threat consequence) (includes tampering)
- tampering
- An unauthorized modification that alters the proper
functioning of equipment or system in a manner that degrades the
security or functionality it provides. [AFSEC][AJP][NCSC/TG004][SRV] Unauthorized modification altering the proper functioning of INFOSEC equipment. [NSTISSC] (see also attack, tamper)
- target of evaluation (TOE)
- An IT product or system and its associated administrator and user guidance documentation that is the subject of evaluation. [CC2][CC21][IATF][OVT][SC27] An IT product which is subjected to security evaluation under the Common Criteria. [NIAP] An IT system, product, or component that is identified/subjected as requiring security evaluation. [AJP] An IT system, product, or component that is subjected to security evaluation. [CC1][ITSEC] (see also user, evaluation, trusted computing base) (includes European Information Technology Security Evaluation Criteria, IT security certification, SOF-basic, SOF-high, SOF-medium, TOE resource, TOE security functions, TOE security functions interface, TOE security policy, TOE security policy model, TSF data, TSF scope of control, acceptance procedure, administration documentation, administrator, architectural design, asset, assurance, binding of functionality, component, configuration, configuration control, connectivity, construction, construction of TOE requirements, critical mechanism, deliverables list, delivery, detailed design, developer, development environment, development process, documentation, ease of use, end-user, external it entity, formal model of security policy, functionality, functionality class, human user, implementation, inter-TSF transfers, internal TOE transfer, internal communication channel, operating procedure, operation, operational documentation, operational environment, penetration testing, production, programming languages and compilers, reference monitor, requirements, requirements for procedures and standards, resource, role, security enforcing, security function, security objective, security relevant, security target, strength of function, strength of mechanisms, suitability of functionality, tool, transfers outside TSF control, user documentation, vulnerability, vulnerability assessment)
- task
- (1) A sequence of instructions treated as a basic unit of work. [IEEE610]
- TCB subset
- A set of software, firmware, and hardware (where any of these
three could be absent) that mediates the access of a set S of subjects
to a set O of objects on the basis of a stated access control policy P
and satisfies the properties: (1) M mediates every access to objects in
O by subjects in S, (2) M is tamper resistant, and (3) M is small
enough to be subject to analysis and tests, the completeness of which
can be assured. [AJP][FCv1][TDI] (see also access control, analysis, software, tamper, test, trusted computing base) (includes object, subject)
- tcpwrapper
- A software tool for security which provides additional network
logging, and restricts service access to authorized hosts by service. [NSAINT] (see also networks, software, security software)
- technical attack
- An attack that can be perpetrated by circumventing hardware
and software protection mechanisms, rather than by subverting system
personnel or other users. [SRV] An attack that can be
perpetrated by circumventing or nullifying hardware and software
protection mechanisms, rather than by subverting system personnel or
other users. [AFSEC][AJP][NCSC/TG004][OVT] (see also software, user, attack)
- technical controls
- Consist of hardware and software controls used to provide
automated protection to the system or applications. Technical controls
operate within the IT system and applications. [800-37] (see also security controls)
- technical countermeasure
- A security feature implemented in hardware and/or software,
that is incorporated in the network information security processing
system. [IATF] (see also networks, software, counter measures, security)
- technical policy
- (1) The set of rules regulating access of subjects to objects
enforced by a TCB subset. (2) The set of rules regulating access of
subjects to objects enforced by a computer system. [AJP] The set of rules regulating access of subjects to objects enforced by a TCB subset. [FCv1] The set of rules regulating access of subjects to objects enforced by a computer system. [TDI] (see also trust, access control, policy) (includes object, subject)
- technical review board (TRB)
-
- technical security policy
- (1) Specific protection conditions and/or protection
philosophy that expresses the boundaries and responsibilities of the IT
product in supporting the information protection policy control
objectives and countering expected threats. (2) The set of laws, rules,
and practices regulating the processing of sensitive information and
the use of resources by the hardware and software of An IT system,
product, or component. [AJP] Specific protection conditions and
/or protection philosophy that express the boundaries and
responsibilities of the IT product in supporting the information
protection policy control objectives and countering expected threats. [FCv1]
The set of laws, rules, and practices regulating the processing of
sensitive information and the use of resources by the hardware and
software of An IT system, product, or component. [ITSEC] (see also software, threat, policy, security policy) (includes object)
- technical surveillance countermeasures (TSCM)
- (see also counter measures)
- technical vulnerability
- A hardware, firmware, communication, or software flaw that
leaves a computer processing system open for potential exploitation,
either externally or internally, thereby resulting in risk for the
owner, user, or manager of the computer system. [AFSEC][AJP][NCSC/TG004][SRV]
A hardware, firmware, communication, or software flaw that leaves a
computer processing system open for potential exploitation, either
externally or internally, thereby resulting in risk for the owner,
user, or manager of the system. [OVT] (see also exploit, risk, software, user, vulnerability)
- technological attack
- An attack that can be perpetrated by circumventing or
nullifying hardware and software access control mechanisms, rather than
by subverting system personnel or other users. [SRV] (see also access control, software, attack)
- technology
- 1) Broadly defined, includes processes, systems, models and
simulations, hardware, and software. 2) All hardware and software,
connectivity, countermeasures and/or safeguards that are utilized in
support of the core process. [CIAO] (see also counter measures)
- technology area
- The specific areas of IT, for example, general purpose
operating systems, database management systems, network components
(firewalls, routers, guards), specialized subsystem components, and
limited functionality devices such as telecommunications switches, that
require particular expertise and knowledge to effectively conduct IT
security evaluations of products in those areas through the correct and
consistent application of the IT security evaluation criteria. [NIAP] (see also computer security, evaluation, networks, security)
- technology gap
- A technology that is needed to mitigate a threat at a sufficient level but is not available. [IATF] (see also threat)
- telecommunications
- Any transmission, emission, or reception of signs, signals,
writing, images, sounds or other information by wire, radio, visual, or
any electromagnetic systems. [SRV] Preparation, transmission,
communication, or related processing of information (text, images,
sounds, or other data) by electrical, electromagnetic, or similar
means. [CIAO] Preparation, transmission, communication, or
related processing of information (writing, images, sounds, or other
data) by electrical, electromagnetic, electromechanical,
electro-optical, or electronic means. [NSTISSC] (see also emissions security, networks, communications)
- telecommunications security (TSEC)
- (see also communications security, information systems security)
- telecommuting
- The practice of working in one location (often, at home) and
communicating with a main office in a different location through a
personal computer equipped with a modem and communications software;
also called electronic commuting. [SRV] (see also communications, software)
- teleprocessing
- Pertaining to an information transmission system that combines
telecommunications, computer application systems, and man-machine
interface equipment for the purpose of interacting and functioning as
an integrated whole. [SRV] (see also communications)
- telnet
- (I) A TCP-based, application-layer, Internet Standard protocol for remote login from one host to another. [RFC2828] A protocol that enables remote login to other computer systems over the network. [RFC2504] A protocol used for (possibly remote) login to a computer host. [SRV] (see also networks, remote access software, internet)
- TEMPEST
- (O) A nickname for specifications and standards for
limiting the strength of electromagnetic emanations from electrical and
electronic equipment and thus reducing vulnerability to eavesdropping.
This term originated in the U.S. Department of Defense. [Army, Kuhn,
Russ] (D) ISDs SHOULD NOT use this term as a synonym for 'electromagnetic emanations security'. [RFC2828] Short name referring to investigation, study, and control of compromising emanations from IS equipment. [NSTISSC]
The investigation, study and control of compromising emanations from
telecommunications and automated information systems equipment. [IATF] The study and control of spurious electronic signals emitted by electrical equipment, such as computer equipment. [AJP][NCSC/TG004][TCSEC] (see also International Traffic in Arms Regulations, approval/accreditation, inspectable space, optional modification, preferred products list, security) (includes Certified TEMPEST Technical Authority, Endorsed TEMPEST Products List, TEMPEST Endorsement Program, TEMPEST advisory group, TEMPEST shielded, TEMPEST test, TEMPEST zone, certified TEMPEST technical, compromising emanations, emanation, emanations security, emissions security, equipment radiation TEMPEST zone, soft TEMPEST)
- TEMPEST advisory group (TAG)
- (see also TEMPEST)
- TEMPEST Endorsement Program (TEP)
- (see also TEMPEST)
- TEMPEST shielded
- Rules for limiting compromising signals emanating from electrical equipment. [SRV] (see also TEMPEST)
- TEMPEST test
- Laboratory or on-site test to determine the nature of compromising emanations associated with an IT system. [NSTISSC] (see also emanation, emanations security, TEMPEST, test)
- TEMPEST zone
- Designated area within a facility where equipment with
appropriate TEMPEST characteristics (TEMPEST zone assignment) may be
operated. [NSTISSC] (see also TEMPEST)
- term rule-based security policy
- A security policy based on global rules imposed for all users.
These rules usually rely on a comparison of the sensitivity of the
resources being accessed and the possession of corresponding attributes
of users, a group of users, or entities acting on behalf of users. [NSAINT] (see also policy, security)
- Terminal Access Controller Access Control System (TACACS+)
- (I) A UDP-based authentication and access control
protocol in which a network access server receives an identifier and
password from a remote terminal and passes them to a separate
authentication server for verification. (C) TACACS was developed
for ARPANET and has evolved for use in commercial equipment. TACs were
a type of network access server computer used to connect terminals to
the early Internet, usually using dial-up modem connections. TACACS
used centralized authentication servers and served not only network
access servers like TACs but also routers and other networked computing
devices. TACs are no longer in use, but TACACS+ is.
- 'XTACACS': The name of Cisco Corporation's implementation, which enhances and extends the original TACACS.
- 'TACACS+':
A TCP-based protocol that improves on TACACS and XTACACS by separating
the functions of authentication, authorization, and accounting and by
encrypting all traffic between the network access server and
authentication server. It is extensible to allow any authentication
mechanism to be used with TACACS+ clients.
[RFC2828] (see also authentication, encryption, networks, passwords, access control, internet, security protocol, system)
- terminal hijacking
- Allows an attacker, on a certain machine, to control any
terminal session that is in progress. An attack hacker can send and
receive terminal I/O while a user is on the terminal. [NSAINT] (see also TTY watcher, derf, hijack attack, attack)
- terminal identification
- The means used to uniquely identify a terminal to a system. [AJP][NCSC/TG004] (see also identification)
- test
- (1) An activity in which a system or component is executed
under specified conditions, the results are observed or recorded and an
evaluation is made of some aspect of the system or component. (2) To
conduct an activity as in (1). (3) A set of one or more test cases. (4)
A set of one or more test procedures. (5) A set of one or more test
cases and procedures. Subtests are grouped into tests, which must be
run as a set, typically because the outcome of one subtest is the input
or the initial condition for the next subtest in the test. Tests can be
run independently of one another but are typically defined over the
same database. (p.447) [OVT] The process of exercising a product to identify differences between expected and actual behavior. [SRV] (see also analysis, CASE tools, FIPS PUB 140-1, National Information Assurance partnership, Rivest-Shamir-Adleman, Scope of Accreditation, TCB subset, abend, acceptance inspection, accreditation, allowed traffic, approved technologies list, authentication, bebugging, benchmark, bit forwarding rate, boundary value analysis, boundary value coverage, branch coverage, certificate, certificate authority, certification, change management, code coverage, component, computer-assisted audit technique, concurrent connections, configuration management, connection establishment, connection teardown, coverage, development assurance, error guessing, exercised, flaw hypothesis methodology, goodput, homed, identity validation, independent validation and verification, information processing standard, instrument, lattice, lattice model, logging, message digest, mutation analysis, non-repudiation service, oracle, password cracker, path coverage, point of control and observation, protection profile, pseudo-random number generator, public-key certificate, random, reference monitor, reference validation mechanism, remote terminal emulation, rule set, sample, security certification level, security event, security function, security requirements, security target, sensitivity analysis, simulation modeling, sneaker, software development, software life cycle, statement coverage, synthetic benchmarks, system development life cycle, systems engineering, tiger team, time-stamping service, trusted certificate, trusted process, unit, unit of transfer, user, validate vs. verify, validation, assurance, audit, risk management) (includes Common Criteria Testing Laboratory, Common Criteria Testing Program, TEMPEST test, acceptance testing, ad hoc testing, ad-lib test, approved test methods list, black-box testing, boundary value testing, certification test and evaluation, environmental failure testing, exhaustive testing, functional test case desgin, functional testing, implementation under test, integrated test facility, integration test, interface testing, mutation testing, negative tests, operational testing, penetration test, penetration testing, pilot testing, regression testing, reliability qualification tests, security test & evaluation, security test and evaluation, security testing, smart testing, software system test and evaluation process, stress testing, structural testing, subtest, syntax testing, system testing, system under test, test bed, test bed configuration, test case, test case generator, test case specification, test case suite, test coverage, test cycle, test design, test driver, test environment, test execution, test facility, test generator, test item, test key, test log, test method, test plan, test procedure, test report, test result analyzer, test strategy, test suite, testability, tester, testing, unit testing, white-box testing)
- test bed
- An environment containing the hardware, instrumentation,
simulators, software tools, and other support elements needed to
conduct a test. Any system whose primary purpose is to provide a
framework within which other systems can be tested. Test beds are
usually tailored to a specific programming language and implementation
technique, and often to a specific application. Typically a test bed
provides some means of simulating the environment of the system under
test, of test-data generation and presentation, and of recording test
results. [OVT] (see also test)
- test bed configuration
- This includes many things: hardware physical configuration,
platform software configuration, operating system version, sysgen
details, test terminals, test tools, etc. It must be possible to
precisely recreate the entire test situation. [OVT] (see also test case generator, test case specification, test)
- test case
- (1) A set of test inputs, execution conditions, and expected
results developed for a particular objective, such as to exercise a
particular program path or to verify compliance with a specific
requirement [do178b?]. (2) Documentation specifying inputs, predicted
results, and a set of execution conditions for a test item. A document
describing a single test instance in terms of input data, test
procedure, test execution environment and expected outcome. Test cases
also reference test objectives such as verifying compliance with a
particular requirement or execution of a particular program path. [OVT]
A set of test inputs, execution conditions, and expected results
developed for a particular objective, for example, to exercise a
particular program path. [SRV] (see also software development, test procedure, test)
- test case generator
- A software tool that accepts as input source code, test
criteria, specifications, or data structure definitions; uses these
inputs to generate test input data; and, sometimes, determines expected
results. Syn: test data generator, test generator. [OVT] (see also test bed configuration, test generator, test)
- test case specification
- A document that specifies the test inputs, execution
conditions, and predicted results for an item to be tested. Syn: test
description, test specification. [OVT] (see also test bed configuration, test)
- test case suite
- A collection of one or more test cases for the software under test. [OVT] (see also test)
- test coverage
- The extent to which the test cases test the software requirements. [SRV] (see also software, test)
- test cycle
- A formal test cycle consists of all tests performed. In
software development, it can consist of, for example, the following
tests: unit/component testing, integration testing, system testing,
user acceptance testing and the code inspection. [OVT] (see also user, test)
- test design
- Documentation specifying the details of the test approach for
a software feature or combination of software features and identifying
the associated tests. [OVT] The test approach and associated tests. [SRV] (see also software development, test)
- test driver
- A program or testing tool used to execute and control testing.
Includes initialization, data object support, preparation of input
values, call to tested object, recording and comparison of outcomes to
required outcomes. A software module used to invoke a module under test
and, often, provide test inputs, control and monitor execution, and
report test results. Syn: test harness. A program or test tool used to
execute software against a test case suite. [OVT] (see also test)
- test environment
- A description of the hardware and software environment in
which the tests will be run, and any other software with which the
software under test interacts when under test including stubs and test
drivers. [OVT] (see also test)
- test execution
- The processing of a test case suite by the software under test, producing an outcome. [OVT] (see also test)
- test facility
- An environment that partially represents the production
environment but is isolated from it and is dedicated to the testing and
validation of processes, applications, and system components. [SRV] (see also software development, test)
- test generator
- A program that generates tests in accordance to a specified strategy or heuristic. [OVT] (see also test case generator, test)
- test item
- A software item which is an object of testing. [OVT] (see also test)
- test key
- Key intended for testing of COMSEC equipment or systems. [NSTISSC] (see also communications security, key, test)
- test log
- A chronological record of all relevant details about the execution of a test. [OVT] (see also test)
- test method
- An evaluation assurance package from the Common Criteria and
the associated evaluation methodology for that assurance package from
the Common Methodology. [NIAP] (see also evaluation, test)
- test plan
- A document describing the scope, approach, resources, and
schedule of intended test activities. It identifies test items, the
features to be tested, the testing tasks, who will do each task, and
any risks requiring contingency planning. A record of the test planning
process detailing the degree of tester independence, the test
environment, the test case design techniques and test measurement
techniques to be used, and the rationale for their choice. [OVT] A plan that details the specific tests and procedures to be followed when testing software. [SRV] (see also risk, software, test)
- test procedure
- (1) Detailed instructions for the set-up, execution, and
evaluation of results for a given test case. (2) A document containing
a set of associated instructions as in (1). (3) Documentation
specifying a sequence of actions for the execution of a test. (NIST) A
formal document developed from a test plan that presents detailed
instructions for the setup, operation, and evaluation of the results
for each defined test. [OVT] Detailed instructions for the setup, execution, and evaluation of results for a given test case. [SRV] (see also evaluation, test case, test)
- test report
- A document that summarizes the outcome of testing in terms of
items tested, summary of results (e.g. defect density), effectiveness
of testing and lessons learned. A document that describes the conduct
and results of the testing carried out for a system or component. Syn:
test summary report. [OVT] (see also test)
- test result analyzer
- A software tool used to test output data reduction, formatting, and printing. [OVT] (see also test)
- test strategy
- Any method for generating tests based on formally or informally defined criteria of test completeness (also test technique). [OVT] (see also test)
- test suite
- A test suite is a set of related tests, usually pertaining to
a group of features or software component and usually defined over the
same database. Suites are combined into groups. (p.448) A group of
tests with a common purpose and database, usually run as a group. [OVT] (see also test)
- testability
- (1) The degree to which a system or component facilitates the
establishment of test criteria and the performance of tests to
determine whether those criteria have been met. (2) The degree to which
a requirement is stated in terms that permit establishment of test
criteria and performance of tests to determine whether those criteria
have been met. [IEEE610] The degree to which software or a
software component facilitates the establishment of test criteria and
the performance of tests to determine whether those criteria have been
met. The effort required to test a program to ensure it performs its
intended function. [SRV] The effort required to test a computer program to ensure it performs its intended function. [SRV] (see also software, software requirement, test)
- tester
- One who writes and/or executes tests of software with the
intention of demonstrating that the software does not work. Contrast
with programmer whose tests (if any) are intended to show that the
program does work. [OVT] (see also test)
- testing
- The purpose of testing is to discover errors. Testing is the
process of trying to discover every conceivable fault or weakness in a
work product. (1) The process of operating a system or component under
specified conditions, observing or recording the results, and making an
evaluation of some aspect of the system or component. (2) The process
of analyzing a software item to detect the differences between existing
and required conditions, (that is, bugs) and to evaluate the features
of the software items. [OVT] (see also dynamic analysis, evaluation, test)
- The Exponential Encryption System (TESS)
- (I) A system of separate but cooperating cryptographic
mechanisms and functions for the secure authenticated exchange of
cryptographic keys, the generation of digital signatures, and the
distribution of public keys. TESS employs asymmetric cryptography,
based on discrete exponentiation, and a structure of self-certified
public keys. [RFC2828] (see also authentication, digital signature, encryption, key, system)
- theft
- Gaining access to sensitive data by stealing a shipment of a
physical medium, such as a magnetic tape or disk, that holds the data. [RFC2828] (see also threat consequence)
- theft of data
- Unauthorized acquisition and use of data. [RFC2828] (see also threat consequence)
- theft of functionality
- Unauthorized acquisition of actual hardware, software, or firmware of a system component. [RFC2828] (see also threat consequence)
- theft of service
- Unauthorized use of service by an entity. [RFC2828] (see also threat consequence)
- thermostat
- A device that automatically responds to temperature changes
and activates switches controlling equipment such as refrigerators,
furnaces, and air conditioners. [SRV]
- think time
- The amount of time spent by an interactive user between the
completion of the transaction response from the system and the start of
user typing or other system input. [SRV]
- third party trusted host model
- An authentication model in which a trusted third party
authenticates principals to each other. The trusted third party shares
a secret (password) with each principal. It uses a key derived from the
password to issue tickets to these principals. [misc] (see also authentication, passwords, Kerberos, model, trust) (includes ticket)
- thrashing
- A state in which a computer system is expending most or all of
its resources on overhead operations, such as swapping data between
main and auxiliary storage, rather than on intended computing
functions. [OVT]
- threat
- (1) An action or event that might prejudice security. (2)
Sequence of circumstances and events that allows a human or other agent
to cause an information-related misfortune by exploiting a
vulnerability in an IT product. (3) Any circumstance or event with the
potential to cause harm to a system in the form of destruction,
disclosure, modification of data, or denial of service. [AJP] (I)
A potential for violation of security, which exists when there is a
circumstance, capability, action, or event that could breach security
and cause harm. (C) That is, a threat is a possible danger that
might exploit a vulnerability. A threat can be either 'intentional'
(i.e., intelligent; e.g. an individual cracker or a criminal
organization) or 'accidental' (e.g. the possibility of a computer
malfunctioning, or the possibility of an 'act of God' such as an
earthquake, a fire, or a tornado). (C) In some contexts, such as the following, the term is used narrowly to refer only to intelligent threats: (N)
U. S. Government usage: The technical and operational capability of a
hostile entity to detect, exploit, or subvert friendly information
systems and the demonstrated, presumed, or inferred intent of that
entity to conduct such activity. [RFC2828] 1) A foreign or
domestic entity possessing both the capability to exploit a critical
infrastructure’s vulnerabilities and the malicious intent of
debilitating defense or economic security. A threat may be an
individual, an organization, or a nation. 2) Any circumstance or event
that could harm a critical asset through unauthorized access,
compromise of data integrity, denial or disruption of service, or
physical destruction or impairment. [CIAO] A potential cause of an unwanted incident that may result in harm to a system or organization. [SC27]
A potential cause of an unwanted incident that may result in harm to a
system or organization. [ISO/IEC PDTR 13335-1 (11/2001)] A potential
cause of an unwanted incident that may result in harm to an IT system.
[ISO/IEC DTR 15947 (10/2001)] A potential cause of an unwanted incident
which may result in harm to a system or organization. [SC27] A potential cause of an unwanted incident that may result in harm to an IT system. [SC27] A potential cause of an unwanted incident which may result in harm to a system or organization. [SC27] An action or event that might prejudice security. [ITSEC]
Any circumstance or event with the potential to adversely impact an IS
through unauthorized access, destruction, disclosure, modification of
data, and/or denial of service. [NSTISSC] Any circumstance or
event with the potential to cause harm to a system in the form of
destruction, disclosure, modification of data, and/or denial of
service. [NCSC/TG004] Any circumstance or event with the
potential to cause harm to a system in the form of destruction,
disclosure, modification of data, and/or denial of service. The
potential for exploitation of a vulnerability. An entity or event with
the potential to harm a system. [SRV] Capabilities, intentions,
and attack methods of adversaries to exploit, or any circumstance or
event with the potential to cause harm to, information or an
information system. [IATF] Sequence of circumstances and events
that allows a (human or other) agent to cause an information-related
misfortune by exploiting a vulnerability in an IT product. [FCv1]
The means through which the ability or intent of a threat agent to
adversely affect an automated system, facility, or operation can be
manifest. A potential violation of security. [AFSEC][NSAINT]
The means through which the ability or intent of a threat agent to
adversely affect an automated system, facility, or operation can be
manifest. A potential violation of security. Any circumstance or event
with the potential to cause harm to a system in the form of
destruction, disclosure, modification of data, and/or denial of
service. [OVT] The potential for a threat-source to exercise
(accidentally trigger or intentionally exploit) a specific
vulnerability; or Any circumstance or even with the potential to harm
an IS through unauthorized access, destruction, disclosure,
modification of data, and/or denial of service. [800-37] The potential source of an adverse event. [800-61]
The potential that an existing vulnerability can be exploited to
compromise the security of systems or networks. Even if a vulnerability
is not known, it represents a threat by this definition. [RFC2504] (see also security software, Common Criteria for Information Technology Security, IS related risk, OAKLEY, RED team, SWOT analysis, adversary, advisory, anonymous login, computer emergency response team, defense, disaster plan, effectiveness, electronic warfare support, emergency plan, emergency response, evaluation assurance, firewall, information protection policy, information sharing and analysis center, infrastructure assurance, infrastructure protection, joint task force-computer network defense, keyed hash, level of protection, levels of concern, masquerade, national computer security assessment program, networks, one-time passwords, passive, physical and environmental protection, physical security, post-accreditation phase, privacy protection, product rationale, risk analysis, risk assessment, risk identification, security architecture, security objective, security policy, security target, strengths, weaknesses, opportunities, threats, suitability of functionality, suspicious activity report, system security evaluation, technical security policy, threat consequence, tiger team, component operations, risk) (includes CGI scripts, Chernobyl packet, PHF, PHF hack, RED signal, abuse of privilege, acceptable level of risk, ankle-biter, attack, back door, blue box devices, bomb, breach, buffer overflow, bug, code amber, code red, compromise, compromised key list, compromising emanations, computer abuse, computer fraud, computer related crime, counter measures, crack, crash, dangling threat, dark-side hacker, deadlock, deadly embrace, derf, dumpster diving, emanation, ethernet meltdown, exploit, exploitable channel, failure access, fault, flaw, fork bomb, generic threat, hacking, incident, incomplete parameter checking, infection, information systems security, information systems security engineering, information warfare, intelligent threat, intruder, intrusion, leakage, letterbomb, logic bomb, loophole, lurking, mailbomb, malicious applets, malicious code, malicious logic, malicious program, malware, mission needs statement, mockingbird, natural disaster, passive threat, password cracker, phage, phracker, phreaker, piggyback entry, promiscuous mode, prowler, pseudo-flaw, psychological operations, residual risk, retro-virus, reverse engineering, salami technique, security breach, security flaw, security threat, security violation, session hijacking, snarf, sneaker, sniffer, sniffing, spam, spamming, stealth probe, suspicious event, technology gap, threat action, threat agent, threat analysis, threat assessment, threat event, threat monitoring, threat source, time bomb, traffic analysis, trap, trap door, trojan horse, troll, unauthorized access, vulnerability, war dialer, wedged)
- threat action
- (I) An assault on system security. (C) A
complete security architecture deals with both intentional acts (i.e.
attacks) and accidental events. Various kinds of threat actions are
defined as subentries under 'threat consequence'. [RFC2828] (see also threat consequence, threat)
- threat agent
- A method used to exploit a vulnerability in a system, operation, or facility. [AJP][NCSC/TG004][SRV]
Methods and things used to exploit a vulnerability in an information
system, operation, or facility; fire, natural disaster and so forth. [AFSEC][NSAINT] (see also exploit, vulnerability, threat)
- threat analysis
- (I) An analysis of the probability of occurrences and consequences of damaging actions to a system. [RFC2828] Examination of information to identify the elements comprising a threat. [NSTISSC] The examination of all actions and events that might adversely affect a system or operation. [AFSEC][AJP][NCSC/TG004][OVT][SRV] (see also analysis, risk analysis, threat)
- threat assessment
- Formal description and evaluation of threat to an AIS. [NSTISSC] Process of formally evaluating the degree of threat to an information system and describing the nature of the threat. [AFSEC][NSAINT] (see also evaluation, threat)
- threat consequence
- (I) A security violation that results from a threat action. Includes disclosure, deception, disruption, and usurpation. (C)
The following subentries describe four kinds of threat consequences,
and also list and describe the kinds of threat actions that cause each
consequence. Threat actions that are accidental events are marked by
'*'.
- '(Unauthorized) Disclosure' (a threat consequence): A
circumstance or event whereby an entity gains access to data for which
the entity is not authorized. The following threat actions can cause
unauthorized disclosure: A. 'Exposure': A threat action whereby
sensitive data is directly released to an unauthorized entity. This
includes: a. 'Deliberate Exposure': Intentional release of sensitive
data to an unauthorized entity. b. 'Scavenging': Searching through data
residue in a system to gain unauthorized knowledge of sensitive data.
c* 'Human error': Human action or inaction that unintentionally results
in an entity gaining unauthorized knowledge of sensitive data. d*
'Hardware/software error'. System failure that results in an entity
gaining unauthorized knowledge of sensitive data. B. 'Interception': A
threat action whereby an unauthorized entity directly accesses
sensitive data traveling between authorized sources and destinations.
This includes: a. 'Theft': Gaining access to sensitive data by stealing
a shipment of a physical medium, such as a magnetic tape or disk, that
holds the data. b. 'Wiretapping (passive)': Monitoring and recording
data that is flowing between two points in a communication system. c.
'Emanations analysis': Gaining direct knowledge of communicated data by
monitoring and resolving a signal that is emitted by a system and that
contains the data but is not intended to communicate the data. C.
'Inference': A threat action whereby an unauthorized entity indirectly
accesses sensitive data (but not necessarily the data contained in the
communication) by reasoning from characteristics or byproducts of
communications. This includes: a. Traffic analysis: Gaining knowledge
of data by observing the characteristics of communications that carry
the data. b. 'Signals analysis': Gaining indirect knowledge of
communicated data by monitoring and analyzing a signal that is emitted
by a system and that contains the data but is not intended to
communicate the data. D. 'Intrusion': A threat action whereby an
unauthorized entity gains access to sensitive data by circumventing a
system's security protections. This includes: a. 'Trespass': Gaining
unauthorized physical access to sensitive data by circumventing a
system's protections. b. 'Penetration': Gaining unauthorized logical
access to sensitive data by circumventing a system's protections. c.
'Reverse engineering': Acquiring sensitive data by disassembling and
analyzing the design of a system component. d. Cryptanalysis:
Transforming encrypted data into plaintext without having prior
knowledge of encryption parameters or processes.
- 'Deception'
(a threat consequence): A circumstance or event that may result in an
authorized entity receiving false data and believing it to be true. The
following threat actions can cause deception: A. 'Masquerade': A threat
action whereby an unauthorized entity gains access to a system or
performs a malicious act by posing as an authorized entity. a. 'Spoof':
Attempt by an unauthorized entity to gain access to a system by posing
as an authorized user. b. 'Malicious logic': In context of masquerade,
any hardware, firmware, or software (e.g. Trojan horse) that appears to
perform a useful or desirable function, but actually gains unauthorized
access to system resources or tricks a user into executing other
malicious logic. B. 'Falsification': A threat action whereby false data
deceives an authorized entity. a. 'Substitution': Altering or replacing
valid data with false data that serves to deceive an authorized entity.
b. 'Insertion': Introducing false data that serves to deceive an
authorized entity. C. 'Repudiation': A threat action whereby an entity
deceives another by falsely denying responsibility for an act. a.
'False denial of origin': Action whereby the originator of data denies
responsibility for its generation. b. 'False denial of receipt': Action
whereby the recipient of data denies receiving and possessing the data.
- 'Disruption' (a threat consequence): A circumstance or event
that interrupts or prevents the correct operation of system services
and functions. The following threat actions can cause disruption: A.
'Incapacitation': A threat action that prevents or interrupts system
operation by disabling a system component. a. 'Malicious logic': In
context of incapacitation, any hardware, firmware, or software (e.g.
logic bomb) intentionally introduced into a system to destroy system
functions or resources. b. 'Physical destruction': Deliberate
destruction of a system component to interrupt or prevent system
operation. c* 'Human error': Action or inaction that unintentionally
disables a system component. d* 'Hardware or software error': Error
that causes failure of a system component and leads to disruption of
system operation. e* 'Natural disaster': Any 'act of God' (e.g. fire,
flood, earthquake, lightning, or wind) that disables a system
component. [FP031 section 2] B. 'Corruption': A threat action that
undesirably alters system operation by adversely modifying system
functions or data. a. 'Tamper': In context of corruption, deliberate
alteration of a system's logic, data, or control information to
interrupt or prevent correct operation of system functions. b.
'Malicious logic': In context of corruption, any hardware, firmware, or
software (e.g. a computer virus) intentionally introduced into a system
to modify system functions or data. c* 'Human error': Human action or
inaction that unintentionally results in the alteration of system
functions or data. d* 'Hardware or software error': Error that results
in the alteration of system functions or data. e* 'Natural disaster':
Any 'act of God' (e.g. power surge caused by lightning) that alters
system functions or data. [FP031 section 2] C. 'Obstruction': A threat
action that interrupts delivery of system services by hindering system
operations. a. 'Interference': Disruption of system operations by
blocking communications or user data or control information. b.
'Overload': Hindrance of system operation by placing excess burden on
the performance capabilities of a system component.
- 'Usurpation'
(a threat consequence): A circumstance or event that results in control
of system services or functions by an unauthorized entity. The
following threat actions can cause usurpation: A. 'Misappropriation': A
threat action whereby an entity assumes unauthorized logical or
physical control of a system resource. a. 'Theft of service':
Unauthorized use of service by an entity. b. 'Theft of functionality':
Unauthorized acquisition of actual hardware, software, or firmware of a
system component. c. 'Theft of data': Unauthorized acquisition and use
of data. B. 'Misuse': A threat action that causes a system component to
perform a function or service that is detrimental to system security.
a. 'Tamper': In context of misuse, deliberate alteration of a system's
logic, data, or control information to cause the system to perform
unauthorized functions or services. b. 'Malicious logic': In context of
misuse, any hardware, software, or firmware intentionally introduced
into a system to perform or control execution of an unauthorized
function or service. c. 'Violation of permissions': Action by an entity
that exceeds the entity's system privileges by executing an
unauthorized function.
[RFC2828] (see also access control, attack, encryption, hardware error, security violation, software error, threat, threat action, risk management) (includes corruption, cryptanalysis, deception, deliberate exposure, disruption, emanations analysis, exposure, false denial of origin, false denial of receipt, falsification, hardware or software error, human error, incapacitation, inference, insertion, interception, interference, intrusion, malicious logic, masquerade, misappropriation, misuse, natural disaster, obstruction, overload, penetration, physical destruction, repudiation, reverse engineering, scavenging, signals analysis, spoof, substitution, tamper, theft, theft of data, theft of functionality, theft of service, traffic analysis, trespass, usurpation, violation of permissions, wiretapping)
- threat event
- A specific type of threat event as often specified in a risk analysis procedure. [AFSEC] (see also analysis, threat)
- threat monitoring
- Analysis, assessment, and review of audit trails and other
information collected for the purpose of searching out system events
that may constitute violations of system security. ticket-oriented IS
protection system in which each subject maintains a list of unforgeable
bit patterns called tickets, one for each object a subject is
authorized to access. [NSTISSC] The analysis, assessment, and
review of audit trails and other data collected for the purpose of
searching out system events that may constitute violations or attempted
violation of system security. [AFSEC][AJP][NCSC/TG004][SRV] (see also analysis, audit, risk management, threat) (includes audit trail)
- threat source
- Either (1) intent and method targeted at the intentional
exploitation of a vulnerability or (2) a situation and method that may
accidentally trigger a vulnerability. [800-37] (see also threat)
- thumbprint
- (I) A pattern of curves formed by the ridges on the tip of a thumb. (D)
ISDs SHOULD NOT use this term as a synonym for 'hash result' because
that meaning mixes concepts in a potentially misleading way. [RFC2828] (see also hash, biometric authentication)
- ticket
- (I) A synonym for 'capability'. (C) A ticket is
usually granted by a centralized access control server (ticket-granting
agent) to authorize access to a system resource for a limited time.
Tickets have been implemented with symmetric cryptography, but can also
be implemented as attribute certificates using asymmetric cryptography.
[RFC2828] A credential used in a third-party trusted host model.
A ticket is encrypted with the password of the principal to whom the
ticket is presented. A ticket contains a session key as well as the
identity of the principal to whom the ticket is issued. Tickets have an
expiration time. [misc] (see also access control, certificate, cryptography, model, passwords, credentials, third party trusted host model)
- ticket-oriented
- A computer protection system in which each subject maintains a
list of unforgeable bit patterns, called tickets, one for each object
the subject is authorized to access. [AJP][NCSC/TG004] (see also list-oriented, authorization) (includes object, subject)
- Tiger
- A software tool which scans for system weaknesses. [NSAINT] (see also software, security software)
- tiger team
- Government and industry-sponsored teams of computer experts
who attempt to break down the defenses of computer systems in an effort
to uncover, and eventually patch, security holes. [AFSEC][NSAINT]
[U.S. military jargon] 1. Originally, a team (of sneakers) whose
purpose is to penetrate security, and thus test security measures. ...
Serious successes of tiger teams sometimes lead to early retirement for
base commanders and security officers. 2. Recently, and more generally,
any official inspection team or special firefighting group called in to
look at a problem. A subset of tiger teams are professional crackers,
testing the security of military computer installations by attempting
remote attacks via networks or supposedly `secure' comm channels. The
term has been adopted in commercial computer-security circles in this
more specific sense. Government and industry - sponsored teams of
computer experts who attempt to break down the defenses of computer
systems in an effort to uncover, and eventually patch, security holes. [OVT] (see also attack, security, sneaker, test, threat)
- time bomb
- A Trojan horse set to trigger at a particular time. [SRV]
A logic bomb that is triggered by reaching some preset time, either
once or periodically. A variant of the Trojan horse in which malicious
code is inserted to be triggered later. [AFSEC] A time bomb is a type of logic bomb that is triggered by the arrival of a date or time. [CIAO] Resident computer program that triggers an unauthorized act at a predefined time. [NSTISSC] (see also logic bomb, threat)
- time compliance data (TCD)
-
- time division multiple access (TDMA)
- A technique to interweave multiple conversations into one transponder so as to appear to get simultaneous conversations. [IATF] (see also security)
- time stamp
- A data item which denotes a point in time with respect to a common time reference. [SC27] A time variant parameter which denotes a point in time with respect to a common time reference. [SC27]
A time variant parameter which denotes a point in time with respect to
a common time reference. [ISO/IEC 11770-1: 1996] A time variant
parameter which denotes a point in time with respect to a common time
reference. [ISO/IEC 9798-1: 1997] A data item which denotes a point in
time with respect to a common time reference. [ISO/IEC 11770-3: 1999] A
data item which denotes a point in time with respect to a common time
reference. [SC27] (includes time-stamp requester, time-stamp token, time-stamp verifier, time-stamping authority, time-stamping service, trusted time stamp, trusted time stamping authority)
- time variant parameter
- A data item used by an entity to verify that a message is not
a replay, such as a random number, a sequence number, or a time stamp. [SC27] A data item used to verify that a message is not a replay, such as a random number, a sequence number, or a time stamp. [SC27]
A data item used to verify that a message is not a replay, such as a
random number, a sequence number, or a time stamp. [ISO/IEC 9798-1:
1997, ISO/IEC 11770-2: 1996, ISO/IEC 11770-3: 1999] A data item used by
an entity to verify that a message is not a replay, such as a random
number, a sequence number, or a time stamp. [SC27]
- time-and-materials contract
- A contract in which the user organization reimburses a
contractor for total labor charges (based on time and expended at fixed
labor rates) and for materials used to complete the work. [SRV]
- time-compliance date
- Date by which a mandatory modification to a COMSEC end-item
must be incorporated if the item is to remain approved for operational
use. [NSTISSC] (see also communications security)
- time-dependent password
- A password that is valid only at a certain time of day or during a specified interval of time. [AJP][NCSC/TG004][SRV] Password that is valid only at a certain time of day or during a specified interval of time. [NSTISSC] (see also passwords)
- time-stamp requester
- An entity which possesses data it wants to be time-stamped.
NOTE - A requester may also be a Trusted Third Party including a
time-stamping authority. [SC27] (see also trust, time stamp)
- time-stamp token
- A data structure containing a verifiable cryptographic binding
between a data items' representation and a time-value. A time-stamp
token may also include additional data items in the binding. [SC27] (see also cryptography, time stamp, tokens)
- time-stamp verifier
- An entity which possesses data and wants to verify that it has
a valid time-stamp bound to it. The verification process may be
performed by the verified itself or by a Trusted Third Party. [SC27] (see also trust, time stamp)
- time-stamping authority (TSA)
- A trusted third party trusted to provide a time stamping service. [SC27] A trusted third party trusted to provide evidence that includes the time when the secure time stamp is generated. [SC27] (see also evidence, trust, time stamp)
- time-stamping service
- A service providing evidence that a data item existed before a
certain point in time. NOTE - An example is given by adding a time
stamp to a data items representation and signing the result. [SC27]
A service providing evidence that a data item existed before a certain
point in time. NOTE - An example is given by adding a time stamp to a
data items representation and signing the result. A service which
attests the existence of electronic data at a precise instant of time.
NOTE - Time stamping services are useful and probably indispensable to
support long term validation of signatures. They will be defined in a
separate document. [SC27] A service which attests the existence
of electronic data at a precise instant of time. NOTE - Time stamping
services are useful and probably indispensable to support long term
validation of signatures. They will be defined in a separate document. [SC27] (see also evidence, test, validation, time stamp)
- time-to-recover (TTR)
-
- timing attacks
- Attacks that take advantage of the timing of computer processes and operations to get access. [AFSEC] (see also attack)
- timing channel
- (see covert channel)
- tinkerbell program
- A monitoring program used to scan incoming network connections
and generate alerts when calls are received from particular sites, or
when logins are attempted using certain ID's. [NSAINT] (see also networks, security software)
- to be process model
- A process model that results from a business process redesign
or reengineering action. The to be model shows how the business process
will function after the improvement action is implemented. [SRV] (see also business process, model)
- TOE resource
- Anything useable or consumable in the TOE. [CC2][CC21][SC27] (see also target of evaluation)
- TOE security functions (TSF)
- A set consisting of all hardware, software, and firmware of
the TOE that must be relied upon for the correct enforcement of the
TSP. [CC2][CC21][SC27] All parts of the TOE which have to be relied upon for enforcement of the TOE security policy. [CC1] (see also software, trusted channel, object, resource, security attribute, target of evaluation) (includes TOE security functions interface, TSF data, TSF scope of control, inter-TSF transfers, secret, strength of function, transfers outside TSF control, trusted path, user data)
- TOE security functions interface (TSFI)
- A set of interfaces, whether interactive (man-machine
interface) or programmatic (application programming interface), through
which TOE resources are accessed, mediated by the TSF, or information
is obtained from the TSF. [CC2][CC21][SC27] (see also TOE security functions, target of evaluation)
- TOE security policy (TSP)
- A set of rules that regulate how assets are managed, protected and distributed within a TOE. [CC2][CC21][SC27] The rules defining the required security behavior of a Target of Evaluation. [CC1] (see also policy, security policy, target of evaluation) (includes object, trusted path)
- TOE security policy model
- A structured representation of the security policy to be enforced by the TOE. [CC2][CC21][SC27] (see also policy, model, target of evaluation)
- token backup
- (I) A token management operation that stores sufficient
information in a database (e.g. in a CAW) to recreate or restore
security token (e.g. a smart card) if it is lost or damaged. [RFC2828] (see also availability, tokens)
- token copy
- (I) A token management operation that copies all the
personality information from one security token to another. However,
unlike in token restore operation, the second token is initialized with
its own, different local security values such as PINs and storage keys.
[RFC2828] (see also key, tokens)
- token device
- A device used for generating passwords based on some
information (e.g. time, date, and personal identification number) that
is valid for only a brief period (e.g. one minute). [SRV] (see also identification, tokens)
- token management
- (I) The process of initializing security tokens,
loading data into the tokens, and controlling the tokens during their
life cycle. May include performing key management and certificate
management functions; generating and installing PINs; loading user
personality data; performing card backup, card copy, and card restore
operations; and updating firmware. [RFC2828] (see also availability, certificate, key, tokens)
- token restore
- (I) A token management operation that loads a security
token with data for the purpose of recreating (duplicating) the
contents previously held by that or another token. [RFC2828] (see also tokens)
- token storage key
- (I) A cryptography key used to protect data that is stored on a security token. [RFC2828] (see also key, tokens)
- tokens
- (I) General usage: An object that is used to control
access and is passed between cooperating entities in a protocol that
synchronizes use of a shared resource. Usually, the entity that
currently holds the token has exclusive access to the resource. (I)
Authentication usage: A data object or a portable, user-controlled,
physical device used to verify an identity in an authentication
process. (I) Cryptographic usage: See: cryptographic token. (O)
SET usage: 'A portable device [e.g. smart card or PCMCIA card]
specifically designed to store cryptographic information and possibly
perform cryptographic functions in a secure manner.' [RFC2828] A
hardware device that is used to augment password-based authentication
by challenging a principal to prove that possesses the token. [misc]
A message consisting of data fields relevant to a particular
communication and which contains information that has been transformed
using a cryptographic technique. [SC27] A small device with an embedded computer chip that can be used to store and transmit electronic information. [FFIEC]
A token is used to validate an end entity's identity and bind that
identity to its public key. An example is an X.509 certificate. [IATF] (see also 3-factor authentication, Europay, MasterCard, Visa, Fortezza, Generic Security Service Application Program Interface, PKCS #11, authentication, capability, cardholder certificate, cardholder certification authority, challenge/response, class 2, 3, 4, or 5, cryptographic ignition key, domain parameter, notary, passwords, personal security environment, public-key infrastructure, registration authority, secret, social engineering, witness, Secure Electronic Transaction, key) (includes NRD token, NRO token, NRS token, NRT token, authentication token, cryptographic card, cryptographic token, hash token, identity token, key token, non-repudiation token, notarization token, security token, smartcards, time-stamp token, token backup, token copy, token device, token management, token restore, token storage key)
- tolerable error
- The specified precision or the maximum sampling error that
will still permit the results to be useful. It is also called bound on
error. [SRV]
- tool
- A product used in the construction and/or documentation of a Target of Evaluation. [AJP][ITSEC] (see also target of evaluation)
- top CA
- (I) A CA that is the highest level (i.e., is the most trusted CA) in a certification hierarchy. [RFC2828] (see also certification, trust, public-key infrastructure)
- top-level certification
- More stringent than a mid-level certification, this
certification level is appropriate for systems engendering high levels
of concern for confidentiality, integrity, and/or availability. [800-37] (see also availability, confidentiality, integrity, certification)
- top-level security objectives (TLSO)
- (see also security, top-level specification)
- top-level specification (TLS)
- (I) 'A non-procedural description of system behavior at
the most abstract level; typically a functional specification that
omits all implementation details.' (C) A top-level specification may be descriptive or formal:
- 'Descriptive top-level specification': One that is written in a natural language like English or an informal design notation.
- 'Formal
top-level specification': One that is written in a formal mathematical
language to enable theorems to be proven that show that the
specification correctly implements a set of formal requirements or a
formal security model.
[RFC2828] A non-procedural
description of system behavior at the most abstract level. Typically, a
functional specification that omits all implementation details. [AJP][NCSC/TG004][TCSEC][TNI] (see also model, security, development process) (includes descriptive top-level specification, formal top-level specification, top-level security objectives)
- topical areas
- A grouping of related control objectives. [CIAO]
- topology
- A description of any kind of locality in terms of its physical
layout. In the context of communication networks, a topology describes
pictorially the configuration or arrangement of a network, including
its nodes and connecting communication lines. [FFIEC] The map or
plan of the network. The physical topology describes how the wires or
cables are laid out, and the logical or electrical topology describes
how the information flows. [NSAINT] (see also networks)
- total quality management (TQM)
- A performance-enhancement methodology for examining current
business processes. It does not usually involve radical changes and is
equal to BPI. [SRV] An approach that motivates, supports, and
enables quality management in all activities of the organization,
focusing on the needs and expectations of internal and external
customers. [SRV] (see also business process, quality)
- total risk
- The potential for the occurrence of an adverse event if no
mitigating action is taken (i.e., the potential for any applicable
threat to exploit a system vulnerability). [CIAO] (see also risk)
- trace a correspondence
- Explain a correspondence, using natural language prose, between levels of abstraction. [AJP][FCv1]
- trace packet
- In a packet-switching network, a unique packet that causes a
report of each stage of its progress to be sent to the network control
center from each visited system element. [NSAINT] (see also networks)
- traceability
- The degree to which a relationship can be established between
two or more products of the development process, especially products
having a predecessor-successor or master-subordinate relationship to
one another. [IEEE610] (see also attack)
- traceroute
- An operation of sending trace packets for determining
information; traces the route of UDP packets for the local host to a
remote host. Normally traceroute displays the time and location of the
route taken to reach its destination computer. [NSAINT] (see also internet)
- traditional
- COMSEC program Program in which NSA acts as the central
procurement agency for the development and, in some cases, the
production of INFOSEC items. This includes the authorized vendor
program. Modifications to the INFOSEC end-items used in products
developed and/or produced under these programs must be approved by NSA.
[NSTISSC] (see also communications security)
- traffic analysis (TA)
- (I) Inference of information from observable
characteristics of data flow(s), even when the data is encrypted or
otherwise not directly available. Such characteristics include the
identities and locations of the source(s) and destination(s), and the
presence, amount, frequency, and duration of occurrence. (O) 'The inference of information from observation of traffic flows (presence, absence, amount, direction, and frequency).' [RFC2828] Gaining knowledge of data by observing the characteristics of communications that carry the data. [RFC2828]
Study of communications patterns. traffic encryption key (TEK) Key used
to encrypt plain text or to superencrypt previously encrypted text
and/or to decrypt cipher text. [NSTISSC] The inference of information from observation of traffic flows (presence, absence, amount, direction, and frequency). [SRV] (see also cryptography, encryption, traffic flow confidentiality, traffic padding, analysis, threat, threat consequence)
- traffic encryption key (TEK)
- (see also key)
- traffic flow confidentiality
- (I) A data confidentiality service to protect against traffic analysis. (O) 'A confidentiality service to protect against traffic analysis.' [RFC2828] A confidentiality service to protect against traffic analysis. [SRV] (see also analysis, traffic analysis, confidentiality)
- traffic load
- The number of messages input to a network during a specific time period. [SRV] (see also networks)
- traffic padding
- (I) 'The generation of spurious instances of communication, spurious data units, and/or spurious data within data units.' [RFC2828] Generation of spurious communications or data units to disguise the amount of real data units being sent. [NSTISSC]
The protection that results from those features in some
crypto-equipment that conceal the presence of valid messages on a
communications circuit usually by causing the circuit to appear busy at
all times. [SRV] (see also cryptography, traffic analysis)
- traffic-flow security (TFS)
- Measure used to conceal the presence of valid messages in an on-line cryptosystem or secure communications system. [NSTISSC]
The protection resulting from encrypting the source and destination
addresses of valid messages transmitted over a communications circuit. [SRV] (see also cryptography, security)
- trailer
- String of bits of length one or two octets, concatenated to
the end of the recoverable part of the message during message
representative production. [SC27]
- training key
- Cryptographic key for training. (C.F.D.) [NSTISSC] (see also key)
- tranquility
- A security model rule stating that the security level of an active object cannot change during the period of activity. [NSAINT]
A security model rule stating that the security level of an object
cannot change while the object is being processed by an IT product. [AJP][NCSC/TG004] Property whereby the security level of an object cannot change while the object is being processed by an IT system. [NSTISSC] (see also model, Bell-LaPadula security model) (includes object)
- tranquility property
- (see Bell-LaPadula security model)
- transaction
- An activity or request to a computer. Purchase orders,
changes, additions, and deletions are examples of transactions that are
recorded in a business information environment. [SRV] The set of subject actions and their associated data storage accesses. [AJP][FCv1] (see also database management system) (includes subject)
- transaction file
- A group of related records processed with an associated master file. [SRV] (see also networks)
- transfer device (TD)
- (see also networks)
- transfer time
- For disk drives, the delay between reading data from the disk
and transferring it through the data path into system memory (or the
reverse for writing to disk). [SRV] (see also networks)
- transfers outside TSF control
- Communicating data to entities not under control of the TSF. [CC2][CC21][SC27] (see also TOE security functions, target of evaluation)
- transmission
- The sending and receiving of signals from point A to point B while maintaining integrity of the information. [SRV] (see also networks)
- transmission control protocol (TCP)
- (I) An Internet Standard protocol that reliably
delivers a sequence of datagrams (discrete sets of bits) from one
computer to another in a computer network. (C) TCP is designed
to fit into a layered hierarchy of protocols that support internetwork
applications. TCP assumes it can obtain simple, potentially unreliable
datagram service (such as the Internet Protocol) from the lower-layer
protocols. [RFC2828] A protocol that establishes a connection
and provides a reliable transport service between source and
destination systems. TCP calls IP to provide a routing service. [CIAO] (see also networks, internet)
- transmission control protocol/internet protocol (TCP/IP)
- (I) A synonym for 'Internet Protocol Suite', in which
the Transmission Control Protocol (TCP) and the Internet Protocol (IP)
are important parts. [RFC2828] Transmission Control Protocol/Internetwork Protocol. The suite of protocols the Internet is based on. [NSAINT] (see also internet)
- transmission medium
- A mechanism that supports propagation of digital signals.
Examples of a transmission medium are cables such as leased lines from
common commercial carriers, fiber optic cables, and satellite channels.
[SRV] (see also networks)
- transmission security (TRANSEC)
- Component of COMSEC resulting from the (TRANSEC) application
of measures designed to protect transmissions from interception and
exploitation by means other than cryptanalysis. [NSTISSC] Maintaining confidentiality of information in a telecommunications network. [AJP] (see also analysis, communications security, confidentiality, networks, security)
- transmission security key (TSK)
- (see also key)
- transport layer security (TLS)
- (I) TLS Version 1.0 is an Internet protocol based-on and very similar to SSL Version 3.0. (C) The TLS protocol is misnamed, because it operates well above the transport layer (OSI layer 4). [RFC2828] (see also secure socket layer, internet, security)
- Transport Layer Security Protocol (TLSP)
- (I) An end-to-end encryption protocol(ISO Standard
10736) that provides security services at the bottom of OSI layer 4,
i.e., directly above layer 3. (C) TLSP evolved directly from the SP4 protocol of SDNS. [RFC2828] (see also encryption, security protocol)
- transport mode vs. tunnel mode
- (I) IPsec usage: Two ways to apply IPsec protocols (AH and ESP) to protect communications:
- 'Transport
mode': The protection applies to (i.e., the IPsec protocol
encapsulates) the packets of upper-layer protocols, the ones that are
carried above IP.
- 'Tunnel mode': The protection applies to (i.e., the IPsec protocol encapsulates) IP packets.
(C)
A transport mode security association is always between two hosts. In a
tunnel mode security association, each end may be either a host or a
gateway. Whenever either end of an IPsec security association is a
security gateway, the association is required to be in tunnel mode. [RFC2828] (see also Internet Protocol security)
- transportation
- A critical infrastructure characterized by the physical
distribution system critical to supporting the national security and
economic well-being of this nation, including the national airspace
system, airlines and aircraft, and airports; roads and highways,
trucking and personal vehicles; ports and waterways and the vessels
operating thereon; mass transit, both rail and bus; pipelines,
including natural gas, petroleum, and other hazardous materials;
freight and long haul passenger rail; and delivery services. [CIAO] (see also critical infrastructure)
- trap
- A message indicating that a fault condition may exist or that a fault is likely to occur. [SRV] (see also fault, security software, threat)
- trap door
- (1) Hidden software or hardware mechanism that can be
triggered to permit protection mechanisms in an Automated Information
System to be circumvented. Note: A trap-door is usually activated in
some innocent-appearing manner (e.g. a special random key sequence at a
terminal). Software developers often write trap-doors in their code
that enable them to reenter the system to perform certain functions.
(2) A secret entry point to a cryptographic algorithm through which the
developer or another entity can bypass security controls and decrypt
messages. [AJP] (I) A hidden computer flaw known to an
intruder, or a hidden computer mechanism (usually software) installed
by an intruder, who can activate the trap door to gain access to the
computer without being blocked by security services or mechanisms. [RFC2828]
1) A means of disabling a system's security, by a hardware or software
mechanism which is intentionally hidden by designers of the system,
often for the purpose of providing access to service technicians or
maintenance programmers. 2) Hidden code or hardware device used to
circumvent security controls. [CIAO] A hidden flaw in a system mechanism that can be triggered to circumvent the system's security. [SRV]
A hidden software or hardware mechanism that can be triggered to permit
protection mechanisms in an Automated Information System to be
circumvented. Note: A trap-door is usually activated in some
innocent-appearing manner (e.g. a special random key sequence at a
terminal). Software developers often write trap-doors in their code
that enable them to reenter the system to perform certain functions. [FCv1]
A hidden software or hardware mechanism that can be triggered to permit
system protection mechanisms to be circumvented. It is activated in
some innocent-appearing manner; e.g. a special 'random' key sequence at
a terminal. Software developers often introduce trap-doors in their
code to enable them to reenter the system and perform certain
functions. [NCSC/TG004] A hidden software or hardware mechanism
that permits system protection mechanisms to be circumvented. It is
activated in some non-apparent manner (e.g. special 'random' key
sequence at a terminal). [TCSEC][TNI] A hidden software or hardware mechanism used to circumvent security control. aka Back door. [AFSEC] (see also back door, cryptography, software, threat)
- tree diagram
- A diagram to break a few larger steps into many smaller steps. [SRV]
- trespass
- Gaining unauthorized physical access to sensitive data by circumventing a system's protections. [RFC2828] (see also threat consequence)
- tri-homed
- A firewall with three network interfaces. Tri-homed firewalls
connect three network segments with different network addresses.
Typically, these would be protected, DMZ, and unprotected segments. A
tri-homed firewall may offer some security advantages over firewalls
with two interfaces. An attacker on an unprotected network may
compromise hosts on the DMZ but still not reach any hosts on the
protected network. [RFC2647] (see also homed)
- triple DES (3DES)
- (I) A block cipher, based on DES, that transforms each
64-bit plaintext block by applying the Data Encryption Algorithm three
successive times, using either two or three different keys, for an
effective key length of 112 or 168 bits. (C) IPsec usage: The
algorithm variation proposed for ESP uses a 168-bit key, consisting of
three independent 56-bit quantities used by the Data Encryption
Algorithm, and a 64-bit initialization value. Each datagram contains an
IV to ensure that each received datagram can be decrypted even when
other datagrams are dropped or sequence of datagrams is reordered in
transit.$ triple-wrapped (I) S/MIME usage: Data that has been signed with a digital signature, and then encrypted, and then signed again. [RFC2828] (see also digital signature, encryption, key)
- Tripwire
- A software tool for security. Basically, it works with a
database that maintains information about the byte count of files. If
the byte count has changed, it will identify it to the system security
manager. [NSAINT] (see also software, security software)
triÂservice tactical communications system
- triÂservice tactical communications system (TRI-TAC)
- (see also system)
- trojan horse
- (I) A computer program that appears to have a useful
function, but also has a hidden and potentially malicious function that
evades security mechanisms, sometimes by exploiting legitimate
authorizations of a system entity that invokes the program. [RFC2828]
1) Program containing hidden code allowing the unauthorized collection,
falsification, or destruction of information. 2) A malicious program
such as a virus or a worm, hidden in an innocent-looking piece of
software, usually for the purpose of unauthorized collection,
alteration, or destruction of information. [CIAO] A computer
program that conceals harmful code. A Trojan horse usually masquerades
as a useful program that a user would wish to execute. [SRV] A
computer program with an apparent or actual useful function that
contains additional (hidden) functions that surreptitiously bypass the
legitimate authorizations of the invoking process to the detriment of
security or integrity. It is a program that performs a useful function,
but also performs an unexpected action as well. [SRV] A computer
program with an apparently or actually useful function that contains
additional (hidden) functions that surreptitiously exploit the
legitimate authorizations of the invoking process to the detriment of
security or integrity. [NCSC/TG004] A computer program with an
apparently or actually useful function that contains additional
(hidden) functions that surreptitiously exploit the legitimate
authorizations of the invoking process to the detriment of security;
e.g. making a 'blind copy' of a sensitive file for the creator of the
Trojan horse. [AJP][TCSEC][TNI] A nonself-replicating program that seems to have a useful purpose, but in reality has a different, malicious purpose. [800-61] A program which carries within itself a means to allow the creator of the program access to the system using it. [RFC2504] A software entity that appears to do something normal but which in fact contains a trapdoor or attack program. [IATF]
An apparently useful and innocent program containing additional hidden
code which allows the unauthorized collection, exploitation,
falsification, or destruction of data. [AFSEC][NSAINT][OVT]
Computer program containing an apparent or actual useful function that
contains additional (hidden) functions that allow unauthorized
collection, falsification or destruction of data. [FCv1] Malicious code that is hidden in software that has an apparently beneficial or harmless use. [FFIEC] Program containing hidden code allowing the unauthorized collection, falsification, or destruction of information. [NSTISSC] (see also exploit, internet, software, worm, threat) (includes virus)
- troll
- An online message whose purpose is to attract responses and
make the responders look stupid. People who troll want to make you
waste your time responding to their pointless statements. [AFSEC] (see also threat)
- trunk
- A communication channel connecting two switching centers, or a
switching center with an individual terminal. A trunk can also be a
communication channel between two offices or between equipment in the
same office. A trunk is used commonly for all calls of the same class
that are generated between two terminals. [SRV]
- trunk encryption device (TED)
- (see also encryption)
- trust
- (I) Information system usage: The extent to which
someone who relies on a system can have confidence that the system
meets its specifications, i.e., that the system does what it claims to
do and does not perform unwanted functions. (C) 'trusted vs.
trustworthy': In discussing a system or system process or object, this
Glossary (and industry usage) prefers the term 'trusted' to describe a
system that operates as expected, according to design and policy. When
the trust can also be guaranteed in some convincing way, such as
through formal analysis or code review, the system is termed
'trustworthy'; this differs from the ABA Guidelines definition. (I)
PKI usage: A relationship between a certificate user and a CA in which
the user acts according to the assumption that the CA creates only
valid digital certificates. (O) 'Generally, an entity can be
said to 'trust' a second entity when it (the first entity) makes the
assumption that the second entity will behave exactly as the first
entity expects. This trust may apply only for some specific function.
The key role of trust in [X.509] is to describe the relationship
between an entity and a authority; an entity shall be certain that it
can trust the certification authority to create only valid and reliable
certificates.' [RFC2828] (see also A1, Biba model, Common Criteria for Information Technology Security, Federal Criteria for Information Technology Security, Internet Architecture Board, Internet Engineering Steering Group, Internet Society, Kerberos, NIAP Common Criteria Evaluation and Validation Scheme, National Computer Security Center, National Computer Security Center glossary, PKIX, Red book, Yellow book, accountability, accreditation, accreditation authority, accreditation range, analysis, attention character, attribute authority, authentic signature, authentication, authenticity, authorization, binding, certificate policy, certificate status responder, certificate validation, certification, certification path, certification practice statement, clean system, common security, confidence, controlled access protection, criteria, data integrity, delivery authority, descriptive top-level specification, design documentation, digital notary, domain modulus, dominated by, endorsed tools list, evaluated products list, evidence requester, external it entity, guard, inter-TSF transfers, key, key distribution centre, key generation exponent, key recovery, key translation centre, key-escrow, labeled security protections, mesh PKI, modes of operation, monitor, multilevel device, mutual suspicion, network component, non-repudiation service, notarization, notary, path discovery, penetration testing, personal security environment, personalization service, privileged process, public confidence, public-key infrastructure, registration authority, repository, root, secure hypertext transfer protocol, security evaluation, security filter, security gateway, security kernel, security perimeter, security policy model, security-compliant channel, sensitivity label, single sign-on, single-level device, source integrity, system-high security mode, technical policy, time-stamp requester, time-stamp verifier, time-stamping authority, top CA, tunneled VPN, user, valid certificate, validate vs. verify, web vs. Web) (includes Canadian Trusted Computer Product Evaluation Criteria, DoD Trusted Computer System, DoD Trusted Computer System Evaluation Criteria, Trusted Computer System Evaluation Criteria, Trusted Network Interpretation Environment Guideline, Trusted Products Evaluation Program, Trusted Systems Interoperability Group, bilateral trust, certification authority, directly trusted CA, directly trusted CA key, hierarchy of trust, session key, third party trusted host model, trust chain, trust hierarchy, trust level, trust-file PKI, trusted applet, trusted certificate, trusted facility manual, trusted functionality, trusted identification, trusted identification forwarding, trusted key, trusted network interpretation, trusted operating system, trusted process, trusted recovery, trusted system, trusted third party, trusted time stamp, trusted time stamping authority, trustworthy system, tunneling router, untrusted process, virtual network perimeter, web of trust)
- trust chain
- (D) ISDs SHOULD NOT use this term as a synonym for
'certification path' because it mixes concepts in a potentially
misleading way. [RFC2828] (see also certification, public-key infrastructure, trust)
- trust hierarchy
- (D) ISDs SHOULD NOT use this term as a synonym for
'certification hierarchy' because this term mixes concepts in a
potentially misleading way and duplicates the meaning of another,
standardized term. [RFC2828] (see also certification, public-key infrastructure, trust)
- trust level
- (I) A characterization of a standard of security protection to be met by a computer system. (C)
The TCSEC defines eight trust levels. From the lowest to the highest,
they are D, C1, C2, B1, B2, B3, and A1. A trust level is based not only
on the presence of security mechanisms but also on the use of systems
engineering discipline to properly structure the system and
implementation analysis to ensure that the system provides an
appropriate degree of trust. [RFC2828] (see also analysis, classification level, trust)
- trust-file PKI
- (I) A non-hierarchical PKI in which each certificate
user has a local file (which is used by application software) of
public-key certificates that the user trusts as starting points (i.e.,
roots) for certification paths. (C) For example, popular
browsers are distributed with an initial file of trusted certificates,
which often are self-signed certificates. Users can add certificates to
the file or delete from it. The file may be directly managed by the
user, or the user's organization may manage it from a centralized
server. [RFC2828] (see also certificate, certification, key, software, public-key infrastructure, trust)
- trusted applet
- (see also signed applet, trust)
- trusted certificate
- (I) A certificate upon which a certificate user relies
as being valid without the need for validation testing; especially a
public-key certificate that is used to provide the first public key in
a certification path. (C) A trusted public-key certificate might
be (a) the root certificate in a hierarchical PKI, (b) the certificate
of the CA that issued the user's own certificate in a mesh PKI, or (c)
any certificate accepted by the user in a trust-file PKI. [RFC2828] (see also certification, key, test, certificate, trust)
- trusted channel
- A means by which a TSF and a remote trusted IT product can communicate with necessary confidence to support the TSP. [CC2][CC21][SC27]
A mechanism by which two NTCB partitions can communicate directly. This
mechanism can be activated by either of the NTCB partitions, cannot be
imitated by untrusted software, and maintains the integrity of
information that is sent over it. A trusted channel may be needed for
the correct operation of other security mechanisms. [AJP][TNI] (see also security-compliant channel, TOE security functions, software, channel, trusted computing base)
- trusted computer system
- (I) Multilevel security usage: 'A system that employs
sufficient hardware and software assurance measures to allow its use
for simultaneous processing of a range of sensitive or classified
information.' [RFC2828] A system that employs sufficient
hardware and software assurance/integrity measures to allow its use for
simultaneous processing of a range of sensitive or classified
information. [AJP][NCSC/TG004][TCSEC][TNI]
IS employing sufficient hardware and software assurance measures to
allow simultaneous processing of a range of classified or sensitive
information. [NSTISSC] (see also trusted computing system, trusted operating system, trusted system, accreditation, accreditation range, assurance, evaluated products list, network component, security policy model, software, trusted network interpretation, National Computer Security Center, system, trusted computing base) (includes beyond A1)
- Trusted Computer System Evaluation Criteria (TCSEC)
- (N) A standard for evaluating the security provided by
operating systems [CSC001, DOD1]. Informally called the 'Orange Book'
because of the color of its cover; first document in the Rainbow
Series. [RFC2828] A document published by the U.S. National
Computer Security Center containing a uniform set of basic requirements
and evaluation classes for assessing degrees of assurance in the
effectiveness of hardware and software security controls built into
systems. These criteria are intended for use in the design and
evaluation of systems that will process and/or store sensitive or
classified data. This document is government standard DoD 5200.28-STD
and is frequently referred to as 'The Criteria' or 'The Orange Book.' [AJP][NCSC/TG004]
Dept. of Defense Standard, Department of Defense Trusted Computer
System Evaluation Criteria, DOD 5200.28-STD, GPO 1986-623-963, 643 0,
Dec. 26, 1985. [TCSEC] (see also computer security, software, system, Common Criteria for Information Technology Security Evaluation, criteria, evaluation, trust) (includes rainbow series, trusted computing base)
- trusted computing base (TCB)
- (I) 'The totality of protection mechanisms within a
system, including hardware, firmware, and software, the combination of
which is responsible for enforcing a security policy.' [RFC2828]
The totality of protection mechanisms within a system -including
hardware, firmware, and software - the combination of that is
responsible for enforcing a security policy. A TCB consists of one or
more components that together enforce a unified security policy over a
product or system. The ability of a Trusted Computing Base to correctly
enforce a security policy depends solely on the mechanisms within the
TCB and on the correct input by system administrative personnel of
parameters (e.g. a user's clearance) related to the security policy. [TCSEC]
The totality of protection mechanisms within a system -including
hardware, firmware, and software - the combination of that is
responsible for enforcing a security policy. It creates a basic
protection environment and provides additional user services required
for a Trusted Computer System. The ability of a Trusted Computing Base
to correctly enforce a security policy depends solely on the mechanisms
within the TCB and on the correct input by system administrative
personnel of parameters (e.g. a user's clearance) related to the
security policy. [TNI] The totality of protection mechanisms
within a system, including hardware, firmware, and software, the
combination of that is responsible for enforcing a security policy. A
TCB consists of one or more components that together enforce a unified
security policy over a product or system. The ability of a TCB to
correctly enforce a security policy depends solely on the mechanisms
within the TCB and on the correct input by system administrative
personnel of parameters (e.g. a user's clearance) related to the
security policy. [AJP][TDI] The totality of protection
mechanisms within a system, including hardware, firmware, and software,
the combination of that is responsible for enforcing a security policy.
A TCB consists of one or more components that together enforce a
unified security policy over a product or system. The ability of a TCB
to enforce correctly a unified security policy depends solely on the
mechanisms within the TCB and on the correct input by system
administrative personnel of parameters (e.g. a user's clearance level)
related to the security policy. [NCSC/TG004] The totality of
protection mechanisms within a system, the combination of which is
responsible for enforcing a security policy. [IATF] Totality of
protection mechanisms within a system, including hardware, firmware,
and software, the combination responsible for enforcing a security
policy. [NSTISSC] Totality of protection mechanisms within an IT
product, including hardware, firmware, software, and data, the
combination of that is responsible for enforcing a technical security
policy. Note: The ability of an organization to achieve an
organizational security policy depends jointly on the correctness of
the mechanisms within the TCB, the protection of those mechanisms to
ensure their correctness, and on adherence to associated usage security
policies by authorized users. [FCv1] (see also software, Trusted Computer System Evaluation Criteria, protection profile) (includes NTCB partition, TCB subset, access control, candidate TCB subset, dependency, depends, exploitable channel, formal security policy model, global requirements, granularity of a requirement, local requirements, monolithic TCB, network trusted computing base, output, primitive, protection-critical portions of the TCB, reference validation mechanism, scope of a requirement, subset-domain, target of evaluation, trusted channel, trusted computer system, trusted computing system, trusted distribution, trusted gateway, trusted path, trusted software, trusted subject)
- trusted computing system
- A system believed to enforce a given set of attributes to a stated degree of assurance (confidence). [SRV] (see also trusted computer system, assurance, security software, security, system, trusted computing base)
- trusted distribution
- (I) 'A trusted method for distributing the TCB
hardware, software, and firmware components, both originals and
updates, that provides methods for protecting the TCB from modification
during distribution and for detection of any changes to the TCB that
may occur.' [RFC2828] A trusted method for distributing the TCB
hardware, software, and firmware components, both originals and
updates, that provides methods for protecting the TCB from modification
during distribution and for detection of any changes to the TCB that
may occur. [AJP][NCSC/TG004] Method for distributing
trusted computing base (TCB) hardware, software, and firmware
components that protects the TCB from modification during distribution.
[NSTISSC] (see also software, trusted computing base)
- trusted facility manual (TFM)
- Document containing the operational requirements; security
environment; hardware and software configurations and interfaces; and
all security procedures, measures, and contingency plans. [NSTISSC] (see also trust)
- trusted functionality
- That which is determined to be correct with respect to some
criteria, e.g. as established by a security policy. The functionality
shall neither fall short of nor exceed the criteria. [AJP][TNI] (see also security policy, trust)
- trusted gateway
- Trusted gateways are firewalls that use very secure operating
systems. These operating systems are typically rated B1 or better
according to the Trusted Computing Base. Evaluation Criteria (the
Orange book). The firewall system itself is divided into three software
compartments: that which interacts with the Internet, that which
interacts with the enterprise, and a trusted gateway that mediates
communications between the other two compartments. The operating system
prevents applications that run in one compartment from accessing
resources outside of that compartment. Any application that runs on the
Internet compartment (e.g. a Web server), can only have access to
resources in the Internet compartment (e.g. public HTML pages), or else
it must use the trusted gateway to ask for information from the
enterprise compartment. [misc] (see also communications, risk, software, Common Criteria for Information Technology Security Evaluation, firewall, gateway, trusted computing base)
- trusted identification
- Identification method used in IS networks whereby forwarding
the sending host can verify an authorized user on its system is
attempting a connection to another host. The sending host transmits the
required user authentication information to the receiving host. [NSTISSC] (see also authentication, networks, user, identification, trust)
- trusted identification forwarding
- An identification method used in networks whereby the sending
host can verify that an authorized user on its system is attempting a
connection to another host. The sending host transmits the required
user authentication information to the receiving host. The receiving
host can then verify that the user is validated for access to its
system. This operation may be transparent to the user. [AJP][NCSC/TG004] (see also authentication, networks, identification, trust)
- trusted key
- (I) A public key upon which a user relies; especially a
public key that can be used as the first public key in a certification
path. (C) A trusted public key might be (a) the root key in a
hierarchical PKI, (b) the key of the CA that issued the user's own
certificate in a mesh PKI, or (c) any key accepted by the user in
trust-file PKI. [RFC2828] (see also certificate, certification, public-key infrastructure, key, trust)
- trusted network interpretation (TNI)
- The specific security features, the assurance requirements and
the rating structure of the Orange Book as extended to networks of
computers ranging from isolated LANs to WANs. [NSAINT] Trusted
Network Interpretation of the Trusted Computer System Evaluation
Criteria, NCSC-TG-005, National Computer Security Center, July 1987. [TNI] (see also computer security, evaluation, security, trusted computer system, networks, trust)
- Trusted Network Interpretation Environment Guideline (TNIEG)
- (see also networks, trust)
- trusted operating system
- An operating system that satisfies a number of stringent security requirements where high security is required. [IATF] (see also trusted computer system, trust)
- trusted path
- (I) COMPUSEC usage: A mechanism by which a computer
system user can communicate directly and reliably with the trusted
computing base (TCB) and that can be activated only by the user or the
TCB and cannot be imitated by untrusted software within the computer. (I)
COMSEC usage: A mechanism by which a person or process can communicate
directly with a cryptographic module and that can be activated only by
the person, process, or module, and cannot be imitated by untrusted
software within the module. [RFC2828] A means by which a user and a TSF can communicate with necessary confidence to support the TSP. [CC2][CC21][SC27]
A mechanism by which a person at a terminal can communicate directly
with the TCB. This mechanism can be activated only by the person or by
TCB and cannot be imitated by untrusted software. [NCSC/TG004] A
mechanism by which a person at a terminal can communicate directly with
the Trusted Computing Base. This mechanism can be activated only by the
person or by the Trusted Computing Base and cannot be imitated by
untrusted software. [AJP][TCSEC][TNI] A mechanism
by which a person or process can communicate directly with a
cryptographic module and which can be activated only by the person,
process, or module, and cannot be imitated by untrusted software within
the module. [FIPS140][SRV] Mechanism by which a person
using a terminal can communicate directly with the TCB. Note: Trusted
path can be activated only by the person or by TCB and cannot be
imitated by untrusted software. [FCv1] Mechanism by which a
person using a terminal can communicate directly with the trusted
computing base (TCB). Trusted path can only be activated by the person
or the TCB and cannot be imitated by untrusted software. [NSTISSC] (see also communications security, cryptography, software, TOE security functions, TOE security policy, trusted computing base)
- trusted process
- (I) A system process that has privileges that enable it
to affect the state of system security and that can, therefore, through
incorrect or malicious execution, violate the system's security
policy.$ trusted subnetwork (I) A subnetwork containing hosts
and routers that trust each other not to engage in active or passive
attacks. (There also is an assumption that the underlying communication
channels-- e.g. telephone lines, or a LAN--are protected from attack by
some means.) [RFC2828] A process whose incorrect or malicious execution is capable of violating system security policy. [AJP][NCSC/TG004]
Process that has privileges to circumvent the system security policy
and has been tested and verified to operate only as intended. [NSTISSC] (see also untrusted process, attack, networks, risk, test, security policy, trust)
- Trusted Products Evaluation Program (TPEP)
- (see also evaluation, trust)
- trusted recovery
- Ability to ensure recovery without compromise after a system failure. [NSTISSC] (see also recovery, trust)
- trusted software
- Software portion of a trusted computing base (TCB). [NSTISSC] The software portion of a Trusted Computing Base. [AJP][NCSC/TG004][TCSEC][TNI] (see also software, trusted computing base)
- trusted subject
- (1) A subject that is part of the TCB. It has the ability to
violate the security policy, but is trusted not to actually do so. e.g.
in the Bell-LaPadula model, a trusted subject is not constrained by the
*-property and thus has the ability to write sensitive information into
an object whose level is not dominated by the (maximum) level of the
subject, but it is trusted to only write information into objects with
a label appropriate for the actual level of the information. (2) A
subject that is permitted to have simultaneous view and alter-access to
objects of more than one sensitivity level. [AJP] A subject that
is part of the TCB. It has the ability to violate the security policy,
but is trusted not to actually do so. For example in the Bell-Lapadula
model a trusted subject is not constrained by the *-property and thus
has the ability to write sensitive information into an object whose
level is not dominated by the (maximum) level of the subject, but it is
trusted to only write information into objects with a label appropriate
for the actual level of the information. [TNI] A subject that is permitted to have simultaneous view and alter-access to objects of more than one sensitivity level. [TDI] (see also model, Bell-LaPadula security model, security policy, subject, trusted computing base) (includes object)
- trusted system
- (see also trusted computer system, trust)
- Trusted Systems Interoperability Group (TSIG)
- (N) A forum of computer vendors, system integrators,
and users devoted to promoting interoperability of trusted computer
systems. TSIG meetings are open to all persons who are working in the
INFOSEC area. [RFC2828] (see also system, trust)
- trusted third party
- A security authority or its agent, trusted by other entities
with respect to security-related activities. In the context of ISO/IEC
9798, a trusted third party is trusted by a claimant and/or a verifier
for the purposes of authentication. [SC27] A security authority, or its agent, trusted by other entities with respect to security related activities. [SC27]
A security authority, or its agent, trusted by other entities with
respect to security related activities. [ISO/IEC 11770-3: 1999, ISO/IEC
WD 13888-1 (11/2001), ISO/IEC 14888-2: 1999] A security authority or
its agent, trusted by other entities with respect to security-related
activities. In the context of ISO/IEC 9798, a trusted third party is
trusted by a claimant and/or a verifier for the purposes of
authentication. [SC27] (see also authentication, public-key infrastructure, security, trust)
- trusted time stamp
- A data item with time and date information assured by a trusted time stamping authority. [SC27] (see also time stamp, trust)
- trusted time stamping authority
- A trusted third party trusted to provide evidence that includes the time when the trusted time stamp is generated. [SC27] (see also evidence, time stamp, trust)
- trustworthy system
- (O) ABA usage: 'Computer hardware, software, and
procedures that: (a) are reasonably secure from intrusion and misuse;
(b) provide a reasonably reliable level of availability, reliability,
and correct operation; (c) are reasonably suited to performing their
intended functions; and (d) adhere to generally accepted security
principles.' This differs somewhat from other industry usage. [RFC2828] (see also availability, security, software, system, trust)
- TSEC nomenclature
- System for identifying the type and purpose of certain items of COMSEC material. [NSTISSC] (see also communications security)
- TSF data
- Data created by and for the TOE, that might affect the operation of the TOE. [CC2][CC21][SC27] (see also TOE security functions, target of evaluation)
- TSF scope of control (TSC)
- The set of interactions that can occur with or within a TOE and are subject to the rules of the TSP. [CC2][CC21][SC27] (see also TOE security functions, target of evaluation)
- TTY watcher
- A hacker tool that allows hackers with even a small amount of skill to hijack terminals. It has a GUI interface. [NSAINT] (see also terminal hijacking, attack)
- tunnel
- (see also communications, encryption, networks, public-key infrastructure, Secure Electronic Transaction, internet)
- tunnel
- (I) A communication channel created in a computer
network by encapsulating (carrying, layering) a communication
protocol's data packets in (on top of) a second protocol that normally
would be carried above, or at the same layer as, the first one. (C)
Tunneling can involve almost any OSI or TCP/IP protocol layers; for
example, a TCP connection between two hosts could conceivably be
tunneled through email messages across the Internet. Most often, a
tunnel is a logical point-to-point link -- i.e., an OSI layer 2
connection--created by encapsulating the layer 2 protocol in a
transport protocol (such as TCP), in a network or internetwork layer
protocol (such as IP), or in another link layer protocol. Often,
encapsulation is accomplished with an extra, intermediate protocol,
i.e., a tunneling protocol (such as L2TP) that is layered between the
tunneled layer 2 protocol and the encapsulating protocol. (C)
Tunneling can move data between computers that use a protocol not
supported by the network connecting them. Tunneling also can enable a
computer network to use the services of a second network as though the
second network were a set of point-to-point links between the first
network's nodes. (O) SET usage: The name of a SET private
extension that indicates whether the CA or the payment gateway supports
passing encrypted messages to the cardholder through the merchant. If
so, the extension lists OIDs of symmetric encryption algorithms that
are supported. [RFC2828]
- tunnel mode
- (I) IPsec usage: See: transport mode vs. tunnel mode. [RFC2828] (see also Internet Protocol security)
- tunneled VPN
- A bi-directional virtual private network that encapsulates data and transmits relatively securely across an untrusted network. [misc] (see also networks, trust, virtual private network)
- tunneling
- A method for circumventing a firewall by hiding a message that
would be rejected by the firewall inside a second, acceptable message. [CIAO]
Technology enabling one network to send its data via another network's
connections. Tunneling works by encapsulating a network protocol within
packets carried by the second network. [NSTISSC] (see also networks, virtual private network)
- tunneling attack
- An attack that attempts to exploit a weakness in a system at a low level of abstraction. [SRV] (see also attack)
- tunneling router
- A router or system capable of routing traffic by encrypting it
and encapsulating it for transmission across an untrusted network, for
eventual de-encapsulation and decryption. [IATF] (see also networks, security, trust)
- turnaround time
- The time interval between the initiation of a job or function and the availability of results. [SRV] (see also availability)
- twisted-pair wire
- A wire made of two separately insulated strands of wire twisted together. [SRV]
- two-part code
- Code consisting of an encoding section, in which the
vocabulary items (with their associated code groups) are arranged in
alphabetical or other systematic order, and a decoding section, in
which the code groups (with their associated meanings) are arranged in
a separate alphabetical or numeric order. [NSTISSC]
- two-person control (TPC)
- (I) The close surveillance and control of a system,
process, or materials (especially with regard to cryptography) at all
times by minimum of two appropriately authorized persons, each capable
of detecting incorrect and unauthorized procedures with respect to the
tasks to be performed and each familiar with established security
requirements. [RFC2828] Continuous surveillance and control of
positive control material at all times by a minimum of two authorized
individuals, each capable of detecting incorrect and unauthorized
procedures with respect to the task being performed, and each familiar
with established security and safety requirements. [NSTISSC] (see also cryptography, security)
- two-person integrity (TPI)
- System of storage and handling designed to prohibit individual
access to certain COMSEC keying material by requiring the presence of
at least two authorized persons, each capable of detecting incorrect or
unauthorized security procedures with respect to the task being
performed. [NSTISSC] (see also communications security)
- type 1 product
- Classified or controlled cryptographic item endorsed by the
NSA for securing classified and sensitive U.S. Government information,
when appropriately keyed. The term refers only to products, and not to
information, key, services, or controls. Type 1 products contain
classified NSA algorithms. They are available to U.S. Government users,
their contractors, and federally sponsored non-U.S. Government
activities subject to export restrictions in accordance with
International Traffic in Arms Regulation. [NSTISSC] (see also user)
- type 2 product
- Unclassified cryptographic equipment, assembly, or component,
endorsed by the NSA, for use in national security systems as defined in
Title 40 U.S.C. Section 1452. [NSTISSC]
- type 3 algorithm
- Cryptographic algorithm registered by the National Institute
of Standards and Technology (NIST) and published as a Federal
Information Processing Standard (FIPS) for use in protecting
unclassified sensitive information or commercial information. [NSTISSC]
- type 4 algorithm
- Unclassified cryptographic algorithm that has been registered
by the National Institute of Standards and Technology (NIST), but not
published as a Federal Information Processing Standard (FIPS). [NSTISSC]
- type accreditation
- In some situations, a major application or general support
system is intended for installation at multiple locations. The
application or system usually consists of a common set of hardware,
software, and firmware. Type accreditations are a form of interim
accreditation and are used to certify and accredit multiple instances
of a major application or general support system for operation at
approved locations with the same type of computing environment. [800-37] (see also accreditation)
- Type I cryptography
- (O) A cryptographic algorithm or device approved by NSA for protecting classified information. [RFC2828] (see also National Security Agency)
- Type II cryptography
- (O) A cryptographic algorithm or device approved by NSA
for protecting sensitive unclassified information (as specified in
section 2315 of Title 10 United States Code, or section 3502(2) of
Title 44, United States Code.) [RFC2828] (see also National Security Agency)
- Type III cryptography
- (O) A cryptographic algorithm or device approved as a Federal Information Processing Standard. [RFC2828] (see also cryptography)
- type time
- The amount of time spent by an interactive user typing or otherwise entering data or instructions to the computer. [SRV]
- U.S. person
- U.S. citizen or a permanent resident alien, an unincorporated
association substantially composed of U.S. citizens or permanent
resident aliens, or a corporation incorporated in U.S., except for a
corporation directed and controlled by a foreign government or
governments. [NSTISSC]
- U.S.-controlled facility
- Base or building to which access is physically controlled by
U.S. persons who are authorized U.S. Government or U.S. Government
contractor employees. [NSTISSC]
- U.S.-controlled space
- Room or floor within a facility that is not a U.S.-controlled
facility, access to which is physically controlled by U.S. persons who
are authorized U.S. Government or U.S. Government contractor employees.
Keys or combinations to locks controlling entrance to U.S.-controlled
spaces must be under the exclusive control of U.S. persons who are U.S.
Government or U.S. Government contractor employees. [NSTISSC] (see also key)
- unauthorized access
- A person gains logical or physical access without permission to a network, system, application, data, or other resource. [800-61] (see also SOCKS, access control, access control mechanism, access control service, adequate security, administrative security, between-the-lines-entry, computer intrusion, computer security intrusion, covert channel analysis, data compromise, failure access, fetch protection, file protection, firewall, information systems security, intrusion, intrusion detection tools, major application, malicious logic, motivation, network security, penetration, physical and environmental protection, physical security, piggyback, piggyback entry, probe, protected network, security, security compromise, security incident, security violation, segregation of duties, sensitive information, signature, vulnerability, threat)
- unauthorized disclosure
- Type of event involving exposure of information to individuals not authorized to receive it. [NSTISSC] (see also exposure, risk)
- unclassified
- (I) Not classified. [RFC2828] Information that
has not been determined pursuant to E.O. 12958 or any predecessor order
to require protection against unauthorized disclosure and that is not
designated as classified. [NSTISSC] (see also classified)
- underflow
- (ISO) The state in which a calculator shows a zero indicator
for the most significant part of a number while the least significant
part of the number is dropped. For example, if the calculator output
capacity is four digits, the number .0000432 will be shown as .0000. [OVT]
- undesired signal data emanations (USDE)
- (see also emanations security, risk)
- unencrypted
- (I) Not encrypted. [RFC2828] (see also encryption)
- unforgeable
- (I) Cryptographic usage: The property of a
cryptographic data structure (i.e., a data structure that is defined
using one or more cryptographic functions) that makes it
computationally infeasible to construct (i.e., compute) an unauthorized
but correct value of the structure without having knowledge of one of
more keys. (C) This definition is narrower than general English
usage, where 'unforgeable' means unable to be fraudulently created or
duplicated. In that broader sense, anyone can forge a digital
certificate containing any set of data items whatsoever by generating
the to-be-signed certificate and signing it with any private key
whatsoever. But for PKI purposes, the forged data structure is invalid
if it is not signed with the true private key of the claimed issuer;
thus, the forgery will be detected when a certificate user uses the
true public key of the claimed issuer to verify the signature. [RFC2828] (see also certificate, cryptography, digital signature, key, public-key infrastructure)
- uniform resource identifier (URI)
- (I) A type of formatted identifier that encapsulates
the name of an Internet object, and labels it with an identification of
the name space, thus producing a member of the universal set of names
in registered name spaces and of addresses referring to registered
protocols or name spaces. (C) URIs are used in HTML to identify
the target of hyperlinks. In common practice, URIs include uniform
resource locators and relative URLs, and may be URNs. [RFC2828] (see also identification, internet)
- uniform resource locator (URL)
- (I) A type of formatted identifier that describes the
access method and location of an information resource object on the
Internet. (C) A URL is a URI that provides explicit instructions
on how to access the named object. For example,
'ftp://bbnarchive.bbn.com/foo/bar/picture/cambridge.zip' is a URL. The
part before the colon specifies the access scheme or protocol, and the
part after the colon is interpreted according to that access method.
Usually, two slashes after the colon indicate the host name of a server
(written as a domain name). In an FTP or HTTP URL, the host name is
followed by the path name of a file on the server. The last (optional)
part of a URL may be either a fragment identifier that indicates a
position in the file, or a query string. [RFC2828] A way of
specifying the location of publicly available information on the
Internet, in the form: protocol://machine: port number/filename. Often
the port number and/or filename are unnecessary. [FFIEC] (see also internet)
- uniform resource name (URN)
- (I) A URI that has an institutional commitment to persistence and availability. [RFC2828] (see also availability, internet)
- unilateral authentication
- Entity authentication which provides one entity with assurance of the other's identity but not vice versa. [SC27] (see also mutual authentication, authentication)
- uninterruptible power supply (UPS)
- Typically a collection of batteries that provide electrical power for a limited period of time. [FFIEC] (see also failure)
- unique interswitch rekeying key (UIRK)
- (see also key)
- unit
- (1) A separately testable element specified in the design of a
computer software component. (2) A logically separable part of a
computer program. (3) A software component that is not subdivided into
other components. [IEEE610] The smallest piece of software that
can be independently tested (i.e., compiled or assembled, loaded, and
tested). Usually the work of one programmer consisting of a few hundred
lines of source code. [OVT] (see also software, test)
- unit of transfer
- A discrete collection of bytes comprising at least one header
and optional user data. This metric is intended for use in describing
steady-state forwarding rate of the DUT/SUT. The unit of transfer (UOT)
definition is deliberately left open to interpretation, allowing the
broadest possible application. Examples of UOTs include TCP segments,
IP packets, Ethernet frames, and ATM cells. While the definition is
deliberately broad, its interpretation must not be. The tester must
describe what type of UOT will be offered to the DUT/SUT, and must
offer these UOTs at a consistent rate. Traffic measurement must begin
after all connection establishment routines complete and before any
connection completion routine begins. Further, measurements must begin
after any security associations (SAs) are established and before any SA
is revoked. Testers also must compare only like UOTs. It is not
appropriate, for example, to compare forwarding rates by offering
1,500-byte Ethernet UOTs to one DUT/SUT and 53-byte ATM cells to
another. [RFC2647] (see also bit forwarding rate, firewall, test)
- unit testing
- The testing of software elements at the lowest level of development. [SRV] (see also software, test)
- unprotected network
- A network segment or segments to which access is not
controlled by the DUT/SUT. Firewalls are deployed between protected and
unprotected segments. The unprotected network is not protected by the
DUT/SUT. Note that a DUT/SUT's policy may specify hosts on an
unprotected network. For example, a user on a protected network may be
permitted to access an FTP server on an unprotected network. But the
DUT/SUT cannot control access between hosts on the unprotected network.
[RFC2647] (see also protected network, rule set, demilitarized zone, firewall, networks)
- untrusted process
- (I) A system process that is not able to affect the
state of system security through incorrect or malicious operation,
usually because its operation is confined by a security kernel. [RFC2828]
A process that has not been evaluated or examined for adherence to the
security policy. It may include incorrect or malicious code that
attempts to circumvent the security mechanisms. [AJP][NCSC/TG004]
Process that has not been evaluated or examined for adherence to the
security policy. It may include incorrect or malicious code that
attempts to circumvent the security mechanisms. [NSTISSC] (see also trusted process, risk, trust)
- update access
- The ability to change data or a software program [CIAO] (see also access)
- updating
- Automatic or manual cryptographic process that irreversibly modifies the state of a COMSEC key, equipment, device, or system. [NSTISSC] (see also communications security, cryptography)
- upload
- The process of transferring a copy of a file from a local computer to a remote computer. [SRV]
- usage security policy
- Assumptions regarding the expected environment and intended method of IT product use. [AJP][FCv1] (see also policy, security policy)
- USENET
- An e-mail-based discussion system, originally supported by dial-up connections, now usually accessed via TCP/IP. [SRV] (see also internet)
- user
- (1) Any person who interacts directly with a computer system.
(2) Any person who interacts directly with a network system. This
includes both those persons who are authorized to interact with the
system and those people who interact without authorization (e.g. active
or passive wiretappers). Note that 'users' do not include 'operators,'
'system programmers,' 'technical control officers,' 'system security
officers,' and other system support personnel. They are distinct from
users and are subject to the trusted facility manual and the system
architecture requirements. Such individuals may change the system
parameters of the network system, e.g. by defining membership of a
group. These individuals may also have the separate role of users. (3)
Any person or process accessing an IT product by direct connections
(e.g. via terminals) or indirect connections. Note: Indirect connection
relates to persons who prepare input data or receive output that is not
reviewed for content or classification by a responsible individual. [AJP] (I) A person, organization entity, or automated process that accesses a system, whether authorized to do so or not. (C)
Any ISD that uses this term SHOULD provide an explicit definition,
because this term is used in many ways and can easily be misunderstood.
[RFC2828] A person or process authorized to access an IT system. [CIAO]
A person or process requesting access to resources protected by the
DUT/SUT. 'User' is a problematic term in the context of firewall
performance testing, for several reasons. First, a user may in fact be
a process or processes requesting services through the DUT/SUT. Second,
different 'user' requests may require radically different amounts of
DUT/SUT resources. Third, traffic profiles vary widely from one
organization to another, making it difficult to characterize the load
offered by a typical user. For these reasons, testers should not
attempt to measure DUT/SUT performance in terms of users supported.
Instead, testers should describe performance in terms of maximum bit
forwarding rate and maximum number of connections sustained. Further,
testers should use the term 'data source' rather than user to describe
traffic generator(s). [RFC2647] Any entity (human user or external IT entity) outside the TOE that interacts with the TOE. [CC2][CC21][SC27] Any person who interacts directly with a computer system. [TCSEC][TDI]
Any person who interacts directly with a network system. This includes
both those persons who are authorized to interact with the system and
those people who interact without authorization (e.g. active or passive
wiretappers). Note that 'users' does not include 'operators,' 'system
programmers,' 'technical control officers,' 'system security officers,'
and other system support personnel. They are distinct from users and
are subject to the Trusted Facility Manual and the System Architecture
requirements. Such individuals may change the system parameters of the
network system, for example by defining membership of a group. These
individuals may also have the separate role of users. [TNI] Person or process authorized to access an IT system. [800-37]
Person or process authorized to access an IT system. (PKI) Individual
defined, registered, and bound to a public key structure by a
certification authority (CA). [NSTISSC] The party, or his
designee, responsible for the security of designated information. The
user works closely with an ISSE. Also referred to as the customer. [IATF] (see also attention character, authenticate, authentication, availability, availability of data, certification authority, classification level, cold start, compartmented mode, dedicated mode, direct shipment, identity validation, individual accountability, local authority, local management device/key processor, mode of operation, multilevel mode, networks, organizational maintenance, organizational registration, penetration testing, privileged access, protection ring, risk index, subject security level, system high mode, target of evaluation, technical attack, technical vulnerability, test, test cycle, trust, trusted identification, type 1 product, vendor, vulnerability, accountability, data source, security-relevant event) (includes Advanced Mobile Phone Service, MISSI user, Remote Authentication Dial-In User Service, access control, anonymity, authorization, certificate, certificate revocation list, certificate user, challenge/response, closed user group, compromised key list, consumers, denial of service, end-user, end-user computing, frequency division multiple access, graphical-user interface, group of users, hacker, human user, identity, information systems security, local-area network, multiuser mode of operation, owner, proxy, role, security features users guide, security policy, social engineering, stand-alone, single-user system, superuser, user PIN, user agent, user data, user documentation, user id, user identifier, user interface, user partnership program, user profile, user representative, user-PIN ORA, wide-area network)
- user agent (UA)
- (see also user)
- user data
- Data created by and for the user, that does not affect the operation of the TSF. [CC2][CC21][SC27] (see also TOE security functions, user)
- user data protocol (UDP)
- (I) An Internet Standard protocol that provides a datagram mode of packet-switched computer communication in an internetwork. (C)
UDP is a transport layer protocol, and it assumes that IP is the
underlying protocol. UDP enables application programs to send
transaction-oriented data to other programs with minimal protocol
mechanism. UDP does not provide reliable delivery, flow control,
sequencing, or other end-to-end services that TCP provides. [RFC2828] (see also communications, networks, internet)
- user datagram protocol
- (see also internet)
- user documentation
- The information about a Target of Evaluation supplied by the developer for use by its end-users. [AJP][ITSEC] (see also target of evaluation, user)
- user id
- A unique symbol or alphanumeric string that is used by a system to identify a specific user. [SRV] Unique symbol or alphanumeric string used by an IS to identify a specific user. [NSTISSC] Unique symbol or character string used by an IS to recognize a specific user. [CIAO] (see also user identifier, user)
- user identifier
- (I) A alphanumeric string or symbol that is used in a system to uniquely name a specific user or group of users. (C) Often verified by a password in an authentication process. [RFC2828]
Unique symbol or alphanumeric string that is used by An IT system,
product, or component to uniquely identify a specific user. [AJP] (see also user id, authentication, passwords, user)
- user interface
- A combination of menus, screen design, keyboard commands,
command language, and help screens that together create the way a user
interacts with a computer. Hardware, such as a mouse or touch screen,
is also included. Synonymous with graphical user interface. [SRV] (see also user)
- user interface system (UIS)
- (see also system)
- user partnership program (UPP)
- Partnership between the NSA and a U.S. (UPP) Government agency
to facilitate development of secure IS equipment incorporating
NSA-approved cryptography. The result of this program is the
authorization of the product or system to safeguard national security
information in the user's specific application. [NSTISSC] (see also cryptography, user)
- user PIN
- (O) MISSI usage: One of two personal identification
numbers that control access to the functions and stored data of a
FORTEZZA PC card. Knowledge of the user PIN enables the card user to
perform the FORTEZZA functions that are intended for use by an end
user. [RFC2828] (see also Fortezza, identification, Multilevel Information System Security Initiative, user)
- user profile
- Patterns of a user's activity that can be used to detect changes in normal routines. [NCSC/TG004][SRV] Patterns of a user's activity that can show changes from normal behavior. [NSTISSC] (see also risk management, user)
- user representative
- Person authorized by an organization to order COMSEC keying
material and interface with the keying system, provide information to
key users, and ensure the correct type of key is ordered. [NSTISSC]
The individual or organization that represents the operational
interests of the user community and serves as the liaison for that
community throughout the life cycle of the system. The user
representative also assists in the C&A process, when needed, to
ensure mission requirements are satisfied while meeting the security
requirements defined in the security plan. [800-37] (see also communications security, user)
- user-PIN ORA (UORA)
- (O) A MISSI organizational RA that operates in a mode
in which the ORA performs only the subset of card management functions
that are possible with knowledge of the user PIN for a FORTEZZA PC
card. [RFC2828] (see also Fortezza, Multilevel Information System Security Initiative, user)
- usurpation
- A circumstance or event that results in control of system services or functions by an unauthorized entity. [RFC2828] (see also threat consequence)
- UTCTime
- (N) The ASN.1 data type 'UTCTime' contains a calendar
date (YYMMDD) and a time to a precision of either one minute (HHMM) or
one second (HHMMSS), where the time is either (a) Coordinated Universal
Time or (b) the local time followed by an offset that enables
Coordinated Universal Time to be calculated. Note: UTCTime has the Year
2000 problem. [RFC2828] (see also GeneralizedTime, coordinated universal time)
- utility
- A program that performs a specific task for an IS, such as managing a disk drive or printer. [CIAO] (see also critical infrastructure)
- utility programs
- A program that supports the operation of the computer. Utility
programs provide file management capabilities, such as sorting,
copying, archiving, comparing, listing, and searching, as well as
diagnostic routines which check the health of the computer system. It
also includes compilers or software that translates a programming
language into machine language. [SRV] A program used to configure or maintain systems, or to make changes to stored or transmitted data. [FFIEC] (see also software)
- v1 certificate
- (C) Ambiguously refers to either an X.509 public-key
certificate in its version 1 format, or an X.509 attribute certificate
in its version 1 format. However, many people who use this term are not
aware that X.509 specifies attribute certificates that do not contain a
public key. Therefore, ISDs MAY use this term as an abbreviation for
'version 1 X.509 public-key certificate', but only after using the full
term at the first instance. (D) ISDs SHOULD NOT use this term as an abbreviation for 'version X.509 attribute certificate'. [RFC2828] (see also key, certificate)
- v1 CRL
- (I) An abbreviation for 'X.509 CRL in version 1 format'. (C) ISDs should use this abbreviation only after using the full term at its first occurrence and defining the abbreviation. [RFC2828] (see also certificate, public-key infrastructure)
- v2 certificate
- (I) An abbreviation for 'X.509 public-key certificate in version 2 format'. (C) ISDs should use this abbreviation only after using the full term at its first occurrence and defining the abbreviation. [RFC2828] (see also key, certificate)
- v2 CRL
- (I) An abbreviation for 'X.509 CRL in version 2 format'. (C) ISDs should use this abbreviation only after using the full term at its first occurrence and defining the abbreviation. [RFC2828] (see also certificate, public-key infrastructure)
- v3 certificate
- (I) An abbreviation for 'X.509 public-key certificate in version 3 format'. (C) ISDs should use this abbreviation only after using the full term at its first occurrence and defining the abbreviation. [RFC2828] (see also key, certificate)
- vaccines
- Program that injects itself into an executable program to perform a signature check and warns if there have been any changes. [NSAINT] (see also virus-detection tool, security software)
- valid certificate
- (I) A digital certificate for which the binding of the data items can be trusted; one that can be validated successfully. [RFC2828] (see also trust, certificate)
- valid signature
- (D) ISDs SHOULD NOT use this term; instead, use
'authentic signature'. This Glossary recommends saying 'validate the
certificate' and 'verify the signature'; therefore, it would be
inconsistent to say that a signature is 'valid'. [RFC2828] (see also certificate, digital signature, public-key infrastructure)
- validate vs. verify
- (C) The PKI community uses words inconsistently when
describing what a certificate user does to make certain that a digital
certificate can be trusted. Usually, we say 'verify the signature' but
say 'validate the certificate'; i.e., we 'verify' atomic truths but
'validate' data structures, relationships, and systems that are
composed of or depend on verified items. Too often, however, verify and
validate are used interchangeably. ISDs SHOULD comply with the
following two rules to ensure consistency and to align Internet
security terminology with ordinary English:
- Rule 1: Use 'validate' when referring to a process intended to establish the soundness or correctness of a construct.
- Rule 2: Use 'verify' when referring to a process intended to test or prove the truth or accuracy of a fact or value.
The rationale for Rule 1 is that 'valid' derives from a word that means
'strong' in Latin. Thus, to validate means to make sure that
construction is sound. A certificate user validates a public-key
certificate to establish trust in the binding that the certificate
asserts between an identity and a key. (To validate can also mean to
officially approve something; e.g. NIST validates cryptographic modules
for conformance with FIPS PUB 140-1.) The rationale for Rule 2 is that
'verify' derives from a word that means 'true' in Latin. Thus, to
verify means to prove the truth of an assertion by examining evidence
or performing tests. To verify an identity, an authentication process
examines identification information that is presented or generated. To
validate a certificate, a certificate user verifies the digital
signature on the certificate by performing calculations; verifies that
the current time is within the certificate's validity period; and may
need to validate a certification path involving additional
certificates. [RFC2828] (see also authentication, certificate, certification, cryptography, digital signature, evidence, identification, internet, key, public-key infrastructure, security, test, trust, validation, verification, National Institute of Standards and Technology)
- validated products list
- A publicly available document issued periodically by the NIAP
Oversight Body giving brief particulars of every product which holds a
currently valid validation certificate awarded by that body and every
product validated or certified under the authority of another Party for
which the validation certificate has been recognized. [NIAP] (see also National Information Assurance partnership)
- validation
- Confirmation, through review and/or examination, that relevant
security-related policies, plans, procedures, or documents have been
completed and/or any security-related activities accomplished in
support of the C&A process. [800-37] Process of applying
specialized security test and evaluation procedures, tools, and
equipment needed to establish acceptance for joint usage of an IS by
one or more departments or agencies and their contractors. [NSTISSC] The process carried out by the NIAP Oversight Body leading to the issue of a validation certificate. [NIAP] The process of assessing the usefulness of a system in relation to its intended use or purpose. [AJP][JTC1/SC27]
The process of evaluating a system or component (including software),
during or at the end of the development process, to determine whether
it satisfies specified requirements. [SRV] The process of
evaluating a system or component during or at the end of the
development process to determine whether it satisfies specified
requirements. (1) (FDA) Establishing documented evidence which provides
a high degree of assurance that a specific process will consistently
produce a product meeting its predetermined specifications and quality
attributes. Contrast with data validation. [OVT] The process of
evaluating software during or at the end of the development process to
determine whether it satisfies specified requirements. [IEEE610] (see also verification, assurance, conformant validation certificate, evidence, software, test, time-stamping service, validate vs. verify, development process, evaluation) (includes reference validation mechanism, validation report)
- Validation Certificate
- A brief publicly available document in which it is confirmed
by the NIAP Oversight Body that a given product has successfully
completed evaluation by a CCTL. A validation certificate always has
associated with it, a validation report. [NIAP] (see also evaluation, Common Criteria Testing Laboratory)
- validation report
- A publicly available document issued by the NIAP Oversight
Body which summarizes the results of an evaluation and confirms the
overall results, (i.e., that the evaluation has been properly carried
out, that the evaluation criteria, the evaluation methods, and other
procedures have been correctly applied and that the conclusions of the
evaluation technical report are consistent with the evidence adduced. [NIAP] (see also evidence, validation)
- validity period
- (I) A data item in a digital certificate that specifies
the time period for which the binding between data items (especially
between the subject name and the public key value in a public-key
certificate) is valid, except if the certificate appears on a CRL or
the key appears on a CKL. [RFC2828] (see also certificate, key, public-key infrastructure)
- value analysis
- Value analysis is related to product or service
characteristics such as quality, performance, marketability,
maintainability, and reliability. [SRV] (see also quality, analysis)
- value-added
- Those activities or steps that add to or change a product or
service as it goes through a process; these are the activities or steps
that customers view as important and necessary. [SRV]
- value-added network (VAN)
- (I) A computer network or subnetwork (which is usually
a commercial enterprise) that transmits, receives, and stores EDI
transactions on behalf of its customers. (C) A VAN may also
provide additional services, ranging from EDI format translation, to
EDI-to-FAX conversion, to integrated business systems. [RFC2828] (see also electronic data interchange, networks)
- variable sampling
- In variable sampling, the selected sampling units are measured
or evaluated (in terms of dollars, pounds, days, and so on), and some
statistical measure (statistic) is computed from these measurements to
estimate the population parameter or measure. [SRV]
- variance
- This measure is sometimes called the average squared
deviation. It is computed by taking the difference between the
individual value and the mean, and squaring it. Then, add all the
squared differences and divide by the number of items. [SRV]
- variant
- One of two or more code symbols having the same plain text equivalent. [NSTISSC]
- vaulting
- A process that periodically writes backup information over a computer network directly to the recovery site. [FFIEC] (see also availability, backup, recovery, risk)
- vendor
- A person or an organization that provides software and/or
hardware and/or firmware and/or documentation to the user for a fee or
in exchange for services. Such a firm could be a medical device
manufacturer. A 'vendor' is any entity that produces networking or
computing technology, and is responsible for the technical content of
that technology. Examples of 'technology' include hardware (desktop
computers, routers, switches, etc.), and software (operating systems,
mail forwarding systems, etc.). Note that the supplier of a technology
is not necessarily the ' vendor' of that technology. As an example, an
Internet Service Provider (ISP) might supply routers to each of its
customers, but the 'vendor' is the manufacturer, since the
manufacturer, rather than the ISP, is the entity responsible for the
technical content of the router. [OVT] (see also internet, user)
- verification
- (1) The process of ensuring correctness. (2) The process of
comparing two levels of system specification for proper correspondence
(e.g. security policy model with top-level specification (TLS), TLS
with source code, or source code with object code). This process may or
may not be automated. [AJP] Process of comparing two levels of
an IS specification for proper correspondence (e.g., security policy
model with top-level specification, top-level specification with source
code, or source code with object code). [NSTISSC] System
verification: The process of comparing two levels of system
specification for proper correspondence, such as comparing security
policy with a top-level specification, a top-level specification with
source code, or source code with object code. Identification
verification: Presenting information to establish the truth of a
claimed identity. [RFC2828] The assessment process, including
techniques and procedures, used to demonstrate that security controls
for an IT system are implemented correctly and are effective in their
application. [800-37] The process of comparing two levels of
system specification for proper correspondence (e.g. security policy
model with top-level specification, top-level specification with source
code, or source code with object code). This process may or may not be
automated. [NCSC/TG004][SRV] The process of ensuring correctness. [JTC1/SC27]
The process of evaluating a system or component (including software) to
determine whether the products of a given development process satisfy
the requirements imposed at the start of that process. [SRV] The
process of evaluating software to determine whether the products of a
given development phase satisfy the conditions imposed at the start of
that phase. [IEEE610] (see also validation, certification phase, domain verification exponent, identification, model, non-repudiation policy, policy, pre-certification phase, public accreditation verification exponent, security certification level, software, validate vs. verify, verification function, verification key, verification process, verifier, development process, evaluation, security testing) (includes formal verification, object, system verification, verification procedure refinements, verification techniques)
- verification and validation (V&V)
- The process of determining whether the requirements for a
system or component (including software) are complete and correct, the
products of each development process fulfill the requirements or
conditions imposed by the previous process, and the final system or
component (including software) complies with specified requirements. [SRV] (see also software)
- verification function
- A function in the verification process which is determined by
the verification key and which gives a recomputed value of the witness
as output. [SC27] (see also verification)
- verification key
- A data item which is mathematically related to an entity's
signature key and which is used by the verifier in the verification
process. [SC27] A value required to verify a cryptographic check value. [SC27]
A value required to verify a cryptographic check value. [ISO/IEC WD
13888-1 (11/2001)] A data item which is mathematically related to an
entity's signature key and which is used by the verifier in the
verification process. [SC27] (see also verification, key)
- verification procedure refinements
- Verification procedures that have been tailored to the
specific system and environment where the system is deployed for
operation (or in the case of new systems, where the system is intended
to be deployed for operation). [800-37] (see also verification)
- verification process
- A process which takes as input the signed message, the
verification key and the domain parameters, and which gives as output
the result of the signature verification: valid or invalid. [SC27]
A process which takes as input the signed message, the verification key
and the domain parameters, and which gives as output the result of the
signature verification: valid or invalid. [ISO/IEC 9796-3: 2000,
ISO/IEC 14888-1: 1998, ISO/IEC FDIS 15946-2 (04/2001)] A process, which
takes as input the signed message, the verification key and the domain
parameters, and which gives as its output the recovered message if
valid. [SC27] A process, which takes as input the signed
message, the verification key and the domain parameters, and which
gives as its output the recovered message if valid. [SC27] (see also verification)
- verification techniques
- Specific approaches that can be employed during the C&A
process to demonstrate compliance with the security requirements and to
determine the correctness and effectiveness of the security controls. [800-37] (see also security, verification)
- verified design
- Computer protection class in which formal security (C.F.D.)
verification methods are used to assure mandatory and discretionary
security controls can effectively protect classified and sensitive
information stored in, or processed by, the system. Class A1 system is
verified design. [NSTISSC]
- verifier
- An entity that is or represents the entity requiring an
authenticated identity. A verifier includes the functions necessary for
engaging in authentication exchanges. [SRV] An entity that verifies evidence. [SC27]
An entity that verifies evidence. [ISO/IEC WD 13888-1 (11/2001)] An
entity which is or represents the entity requiring an authenticated
identity. A verifier includes the functions necessary for engaging in
authentication exchanges. [SC27] An entity which is or
represents the entity requiring an authenticated identity. A verifier
includes the functions necessary for engaging in authentication
exchanges. [SC27] (see also authentication, evidence, verification)
- version
- A new release of commercial software reflecting major changes
made in functions. It is a change to a baseline configuration item that
modifies its functional capabilities. As functional capabilities are
added to, modified within, or deleted from a baseline configuration
item, its version identifier changes. [SRV] (see also baseline, software)
- victim
- A machine that is attacked. [800-61] (see also attack)
- view
- That portion of the database that satisfies the conditions specified in a query. [AJP][TDI] (see also database management system)
- view definition
- A stored query, sometimes loosely referred to as a 'view.' [AJP][TDI] (see also database management system)
- violation
- (see security violation) (see also penetration)
- violation of permissions
- Action by an entity that exceeds the entity's system privileges by executing an unauthorized function. [RFC2828] (see also threat consequence)
- virtual departments or divisions
- Several departments or divisions that provide information and services in a seamless manner, transparent to the customer. [SRV]
- virtual mall
- An Internet website offering products and services from multiple vendors or suppliers. [FFIEC] (see also world wide web)
- virtual network perimeter
- A network that appears to be a single protected network behind
firewalls, which actually encompasses encrypted virtual links over
untrusted networks. [IATF] (see also networks, security, trust)
- virtual password
- A password computed from a passphrase that meets the requirements of password storage. [SRV] IS password computed from a passphrase meeting (C.F.D.) the requirements of password storage (e.g., 64 bits). [NSTISSC] (see also passwords)
- virtual private network (VPN)
- (I) A restricted-use, logical (i.e., artificial or
simulated) computer network that is constructed from the system
resources of relatively public, physical (i.e., real) network (such as
the Internet), often by using encryption (located at hosts or
gateways), and often by tunneling links of the virtual network across
the real network. (C) For example, if a corporation has LANs at
several different sites, each connected to the Internet by a firewall,
the corporation could create a VPN by (a) using encrypted tunnels to
connect from firewall to firewall across the Internet and (b) not
allowing any other traffic through the firewalls. A VPN is generally
less expensive to build and operate than a dedicated real network,
because the virtual network shares the cost of system resources with
other users of the real network. [RFC2828] A way of using a
public network (typically the Internet) to link two sites of an
organization. A VPN is typically set up by protecting the privacy and
integrity of the communication line using a secret session key. The
secret session key is usually negotiated using the public keys of the
two principals. [misc] A wide-area network interconnected by common carrier lines or that uses the Internet as its network transport. [FFIEC]
Protected IS link utilizing tunneling, security controls, and end-point
address translation giving the impression of a dedicated line. [NSTISSC]
Virtual Private Network; a way of using a public network (typically the
Internet) to link two sites of an organization. A VPN is typically set
up by protecting the privacy and integrity of the communication line
using a secret session key. The secret session key is usually
negotiated using the public keys of the two principals. [IATF] (see also communications, encryption, extranet, internet, key, networks, privacy, security protocol) (includes point-to-point tunneling protocol, session key, tunneled VPN, tunneling)
- virus
- (1) Malicious software, a form of Trojan horse, which
reproduces itself in other executable code. (2) A self-propagating
Trojan horse, composed of a mission component, a trigger component, and
a self-propagating component. (3) Self-replicating malicious program
segment that attaches itself to an application or other executable
system component and leaves no external signs of its presence. [AJP] (I)
A hidden, self-replicating section of computer software, usually
malicious logic, that propagates by infecting-- i.e., inserting a copy
of itself into and becoming part of--another program. A virus cannot
run by itself; it requires that its host program be run to make the
virus active. [RFC2828] A computer program that can infect,
replicate, and spread among computer systems. Unlike the computer worm,
a virus requires human involvement to propagate. A code segment that
replicates by attaching copies to existing executable programs. A
self-propagating malicious software program, composed of a mission
component, a trigger component, and a self-propagating component. A
code segment that replicates by attaching copies to existing executable
programs. A self-propagating malicious software program, composed of a
mission component, a trigger component, and a self-propagating
component. A small program that inserts itself into another program
when executed. [SRV] A program that can "infect" other programs by modifying them to include a, possibly evolved, copy of itself. [NSAINT]
A program which replicates itself on computer systems by incorporating
itself (secretly and maliciously) into other programs. A virus can be
transferred onto a computer system in a variety of ways. [RFC2504] A self-propagating Trojan horse, composed of a mission component, a trigger component, and a self-propagating component. [NCSC/TG004] A self-replicating code segment; viruses may or may not contain attack programs or trapdoors. [IATF] A self-replicating program that runs and spreads by modifying other programs or files. [800-61]
A small, self-replicating, malicious program that attaches itself to an
executable file or vulnerable application and delivers a payload that
ranges from annoying to extremely destructive. A file virus executes
when an infected file is accessed. A macro virus infects the executable
code embedded in Microsoft® Office® programs that allows users to
generate macros. [CIAO] A variation of Trojan Horse. It is
propagating with a triggering mechanism (event time) with a mission
(delete files, corrupt data, send data). Often self replicating,
malicious program segment that attaches itself to an application
program or other executable system component and leaves no obvious
signs of its presence. [AFSEC] Malicious code that replicates itself within a computer. [FFIEC] Malicious software, a form of Trojan horse, which reproduces itself in other executable code. [TNI]
Self replicating, malicious program segment that attaches itself to an
application or other executable system component and leaves no external
signs of its presence. [FCv1] Self-replicating, malicious code
that attaches itself to an application program or other executable
system component and leaves no obvious signs of its presence. [NSTISSC] (see also antivirus software, malicious code, signature, virus scanner, virus-detection tool, worm, internet, software, trojan horse) (includes boot sector virus, file infector virus, macro virus, virus hoax)
- virus hoax
- An urgent warning message about a nonexistent virus. [800-61] (see also virus)
- virus scanner
- A software program which can search out, locate, and possibly remove a virus. [AFSEC] (see also virus-detection tool, risk, software, virus, security software)
- virus signature
- Alterations to files or applications indicating the presence of a virus, detectable by virus scanning software. [CIAO] (see also attack signature recognition)
- virus-detection tool
- Software that detects and possibly removes computer viruses, alerting the user appropriately. [RFC2504] (see also virus scanner, risk, software, vaccines, virus, security software)
- vision
- A description of the optimum environment that the organization is striving to achieve. [SRV]
- vulnerability
- (1) A security weakness in a Target of Evaluation (e.g. due to
failures in analysis, design, implementation, or operation). (2)
Weakness in an information system or components (e.g. system security
procedures, hardware design, or internal controls) that could be
exploited to produce an information-related misfortune. (3) A weakness
in system security procedures, system design, implementation, internal
controls, and so on, that could be exploited to violate system security
policy. [AJP] (I) A flaw or weakness in a system's
design, implementation, or operation and management that could be
exploited to violate the system's security policy. (C) Most
systems have vulnerabilities of some sort, but this does not mean that
the systems are too flawed to use. Not every threat results in an
attack, and not every attack succeeds. Success depends on the degree of
vulnerability, the strength of attacks, and the effectiveness of any
counter measures in use. If the attacks needed to exploit a
vulnerability are very difficult to carry out, then the vulnerability
may be tolerable. If the perceived benefit to an attacker is small,
then even an easily exploited vulnerability may be tolerable. However,
if the attacks are well understood and easily made, and if the
vulnerable system is employed by a wide range of users, then it is
likely that there will be enough benefit for someone to make an attack.
[RFC2828] 1) A characteristic of a critical infrastructure’s
design, implementation, or operation of that renders it susceptible to
destruction or incapacitation by a threat. 2) A flaw in security
procedures, software, internal system controls, or implementation of an
IS that may affect the integrity, confidentiality, accountability,
and/or availability of data or services. Vulnerabilities include flaws
that may be deliberately exploited and those that may cause failure due
to inadvertent human actions or natural disasters [CIAO] A flaw
or weakness in system security procedures, design, implementation, or
internal controls that could be exercised (accidentally triggered or
intentionally exploited) and result in a security breach or a violation
of the systems security policy. [800-37] A flaw that allows
someone to operate a computer system with authorization in excess of
that which the system owner specifically granted to him or her. [FFIEC] A security weakness in a Target of Evaluation (e.g. due to failures in analysis, design, implementation or operation). [ITSEC]
A vulnerability is the existence of a weakness, design, or
implementation error that can lead to an unexpected, undesirable event
compromising the security of the computer system, network, application,
or protocol involved. [RFC2504] A weakness in a system, application, or network that is subject to exploitation or misuse. [800-61]
A weakness in an information system or components (e.g. system security
procedures, hardware design, internal controls) that could be exploited
to produce an information-related misfortune. [FCv1] A weakness
in system security procedures, system design, implementation, internal
controls, etc, that could be accidentally triggered or intentionally
exploited and result in a violation of the computer system's security
policy. A condition or weakness in (or absence of) security procedures,
technical controls, physical controls, or other controls that could be
exploited by a threat. [SRV] A weakness in system security
procedures, system design, implementation, internal controls, etc.,
that could be exploited to violate system security policy. [NCSC/TG004] A weakness of an asset or group of assets which can be exploited by a threat. [SC27] A weakness of an asset or group of assets which can be exploited by one or more threats. [SC27]
A weakness of an asset or group of assets which can be exploited by one
or more threats. [ISO/IEC PDTR 13335-1 (11/2001)] A weakness that can
be exploited by one or more threats. [ISO/IEC DTR 15947 (10/2001)] A
weakness of an asset or group of assets which can be exploited by a
threat. [SC27] A weakness that can be exploited by one or more threats. [SC27]
A weakness that can be exploited to develop an attack against the
system or the type of protection that a counter measure is to provide. [IATF]
Hardware, firmware, or software flow that leaves a computer processing
system open for potential exploitation. A weakness in automated system
security procedures, administrative controls, physical layout, internal
controls, and so forth, that could be exploited by a threat to gain
unauthorized access to information or disrupt critical processing. [AFSEC]
Hardware, firmware, or software flow that leaves an AIS open for
potential exploitation. A weakness in automated system security
procedures, administrative controls, physical layout, internal
controls, and so forth, that could be exploited by a threat to gain
unauthorized access to information or disrupt critical processing. [NSAINT]
Hardware, firmware, or software flow that leaves an AIS open for
potential exploitation. A weakness in automated system security
procedures, administrative controls, physical layout, internal
controls, and so forth, that could be exploited by a threat to gain
unauthorized access to information or disrupt critical processing. A
weakness in system security procedures, system design, implementation,
internal controls, etc., that could be exploited to violate system
security policy. (I) A flaw or weakness in a system's design,
implementation, or operation and management that could be exploited to
violate the system's security policy. (C) Most systems have
vulnerabilities of some sort, but this does not mean that the systems
are too flawed to use. Not every threat results in an attack, and not
every attack succeeds. Success depends on the degree of vulnerability,
the strength of attacks, and the effectiveness of any countermeasures
in use. If the attacks needed to exploit a vulnerability are very
difficult to carry out, then the vulnerability may be tolerable. If the
perceived benefit to an attacker is small, then even an easily
exploited vulnerability may be tolerable. However, if the attacks are
well understood and easily made, and if the vulnerable system is
employed by a wide range of users, then it is likely that there will be
enough benefit for someone to make an attack. 'A state-space
vulnerability is a characterization of a vulnerable state which
distinguishes it from all non-vulnerable states. If generic, the
vulnerability may characterize many vulnerable states; if specific, it
may characterize only one...' [Bishop and Bailey 1996] The Data &
Computer Security Dictionary of Standards, Concepts, and Terms [Longley
and Shain 1990] defines computer vulnerability as: 1) In computer
security, a weakness in automated systems security procedures,
administrative controls, internal controls, etc., that could be
exploited by a threat to gain unauthorized access to information or to
disrupt critical processing. 2) In computer security, a weakness in the
physical layout, organization, procedures, personnel, management,
administration, hardware or software that may be exploited to cause
harm to the ADP system or activity. The presence of a vulnerability
does not itself cause harm. A vulnerability is merely a condition or
set of conditions that may allow the ADP system or activity to be
harmed by an attack. 3) In computer security, any weakness or flaw
existing in a system. The attack or harmful event, or the opportunity
available to threat agent to mount that attack. [Amoroso 1994] defines
a vulnerability as an unfortunate characteristic that allows a threat
to potentially occur. A threat is any potential occurrence, malicious
or otherwise, that can have an undesirable effect on these assets and
resources associated with a computer system. ...a fuzzy vulnerability
is a violation of the expectations of users, administrators, and
designers. Particularly when the violation of these expectations is
triggered by an external object. Software can be vulnerable because of
an error in its specification, development, or configuration. A
software vulnerability is an instance of an error in the specification,
development, or configuration of software such that its execution can
violate the security policy. A feature or a combination of features of
a system that allows an adversary to place the system in a state that
is both contrary to the desires of the people responsible for the
system and increases the risk (probability or consequence) of
undesirable behavior in or of the system. A feature or a combination of
features of a system that prevents the successful implementation of a
particular security policy for that system. A program with a buffer
that can be overflowed with data supplied by the invoker will usually
be considered a vulnerability. A telephone procedure that provides
private information about the caller without prior authentication will
usually be considered to have a vulnerability. A flaw or weakness in a
system's design, implementation, or operation and management that could
be exploited to violate the system's security policy. A 'vulnerability'
is a characteristic of a piece of technology which can be exploited to
perpetrate a security incident. For example, if a program
unintentionally allowed ordinary users to execute arbitrary operating
system commands in privileged mode, this 'feature' would be a
vulnerability. [OVT] Weakness in an IS, system security procedures, internal controls, or implementation that could be exploited. [NSTISSC] (see also security software, IS related risk, MEI resource elements, analysis, attack, authentication, authorization, availability, confidentiality, counter measures, critical asset, exploit, exploitation, failure, incident, infrastructure protection, level of protection, mission critical, networks, security, software, threat agent, unauthorized access, user, target of evaluation, threat) (includes areas of potential compromise, common vulnerabilities and exposures, dangling vulnerability, implementation vulnerability, technical vulnerability, vulnerability analysis, vulnerability assessment, vulnerability audit)
- vulnerability analysis
- Examination of information to identify the elements comprising a vulnerability. [NSTISSC]
Systematic examination of an AIS or product to determine the adequacy
of security measures, identify security deficiencies, provide data from
which to predict the effectiveness of proposed security measures, and
confirm the adequacy of such measures after implementation. The
systematic examination of systems in order to determine the adequacy of
security measures, identify security deficiencies, and provide data
from which to predict the effectiveness of proposed security measures. [OVT]
Systematic examination of an AIS or product to determine the adequacy
of security measures, to identify security deficiencies, provide data
from which to predict the effectiveness of proposed security measures,
and confirm the adequacy of such measures after implementation. [NSAINT]
Systematic examination of an information system or product to determine
the adequacy of security measures, to identify security deficiencies,
provide data from which to predict the effectiveness of proposed
security measures, and confirm the adequacy of such measures after
implementation. [AFSEC] The systematic examination of systems in
order to determine the adequacy of security measures, to identify
security deficiencies, and to provide data from which to predict the
effectiveness of proposed security measures. [SRV] The
systematic examination of systems to determine the adequacy of security
measures, to identify security deficiencies, and to provide data from
which to predict the effectiveness of proposed security measures. [AJP][NCSC/TG004] (see also vulnerability assessment, audit, gap analysis, security, analysis, risk analysis, vulnerability)
- vulnerability assessment
- (1) An aspect of the assessment of the effectiveness of a
Target of Evaluation, namely, whether known vulnerabilities in that
Target of Evaluation could in practice compromise its security as
specified in the security target. (2) A measurement of vulnerability
that includes the susceptibility of a particular system to a specific
attack and the opportunities available to a threat agent to mount that
attack. [AJP] 1) An examination of the ability of a system or
application, including current security procedures and controls, to
withstand assault. A vulnerability assessment may be used to: a)
identify weaknesses that could be exploited; and b) predict the
effectiveness of additional security measures in protecting information
resources from attack. 2) Systematic examination of a critical
infrastructure, the interconnected systems on which it relies, its
information, or product to determine the adequacy of security measures,
identify security deficiencies, evaluate security alternatives, and
verify the adequacy of such measures after implementation. [CIAO]
A measurement of vulnerability that includes the susceptibility of a
particular system to a specific attack and the opportunities available
to a threat agent to mount that attack. [NCSC/TG004][SRV]
A measurement of vulnerability which includes the susceptibility of a
particular system to a specific attack and the opportunities available
to a threat agent to mount that attack. [OVT] An aspect of the
assessment of the effectiveness of a Target of Evaluation, namely
whether known vulnerabilities in that Target of Evaluation could in
practice compromise its security as specified in the security target. [ITSEC] Formal description and evaluation of vulnerabilities of an IT system. [NSTISSC] (see also vulnerability analysis, attack, security target, target of evaluation, vulnerability)
- vulnerability audit
- The process of identifying and documenting specific vulnerabilities in critical information systems. [CIAO] (see also audit, vulnerability)
- war dialer
- (I) A computer program that automatically dials a
series of telephone numbers to find lines connected to computer
systems, and catalogs those numbers so that a cracker can try to break
into the systems. [RFC2828] A cracking tool, a program that
calls a given list or range of numbers and records those which answer
with handshake tones (and so might be entry points to computer or
telecommunications systems). [AFSEC] A program that dials a
given list or range of numbers and records those which answer with
handshake tones, which might be entry points to computer or
telecommunications systems. [NSAINT] (see also threat)
- warehouse attack
- The compromise of systems that store authenticators. [FFIEC] (see also attack)
- warfare
- (includes command and control warfare, electronic warfare, electronic warfare support, information warfare)
- Wassenaar Arrangement
- (N) The Wassenaar Arrangement on Export Controls for
Conventional Arms and Dual-Use Goods and Technologies is a global,
multilateral agreement approved by 33 countries in July 1996 to
contribute to regional and international security and stability, by
promoting information exchange concerning, and greater responsibility
in, transfers of arms and dual-use items, thus preventing destabilizing
accumulations. (C) The Arrangement began operations in September
1996. The participating countries are Argentina, Australia, Austria,
Belgium, Bulgaria, Canada, Czech Republic, Denmark, Finland, France,
Germany, Greece, Hungary, Ireland, Italy, Japan, Luxembourg,
Netherlands, New Zealand, Norway, Poland, Portugal, Republic of Korea,
Romania, Russian Federation, Slovak Republic, Spain, Sweden,
Switzerland, Turkey, Ukraine, United Kingdom, and United States.
Participants meet on a regular basis in Vienna, where the Arrangement
has its headquarters. Participating countries seek through their
national policies to ensure that transfers do not contribute to the
development or enhancement of military capabilities that undermine the
goals of the arrangement, and are not diverted to support such
capabilities. The countries maintain effective export controls for
items on the agreed lists, which are reviewed periodically to account
for technological developments and experience gained. Through
transparency and exchange of views and information, suppliers of arms
and dual-use items can develop common understandings of the risks
associated with their transfer and assess the scope for coordinating
national control policies to combat these risks. Members provide
semi-annual notification of arms transfers, covering seven categories
derived from the UN Register of Conventional Arms. Members also report
transfers or denials of transfers of certain controlled dual-use items.
However, the decision to transfer or deny transfer of any item is the
sole responsibility of each participating country. All measures
undertaken with respect to the arrangement are in accordance with
national legislation and policies and are implemented on the basis of
national discretion. [RFC2828] (see also key, security)
- water supply system
- A critical infrastructure characterized by the sources of
water, reservoirs and holding facilities, aqueducts and other transport
systems, the filtration, cleaning and treatment systems, the pipelines,
the cooling systems and other delivery mechanisms that provide for
domestic and industrial applications, including systems for dealing
with water runoff, waste water, and fire fighting. [CIAO] (see also critical infrastructure)
- watermarking
- (see digital watermarking)
- web browser cache
- This is the part of the file system that is used to store web
pages and related files. It can be utilized to reload recently accessed
files from the cache instead of loading it every time from the network.
[RFC2504] (see also networks, world wide web)
- web of trust
- (O) PGP usage: A trust-file PKI technique used in PGP
for building file of validated public keys by making personal judgments
about being able to trust certain people to be holding properly
certified keys of other people. [RFC2828] A trust network among
people who know and communicate with each other. Digital certificates
are used to represent entities in the web of trust. Any pair of
entities can determine the extent of trust between the two, based on
their relationship in the web. [misc] (see also key, networks, public-key infrastructure, trust) (includes certificate, pretty good privacy)
- web server
- (I) A software process that runs on a host computer
connected to the Internet to respond to HTTP requests for documents
from client web browsers. [RFC2828] (see also software, world wide web)
- web vs. Web
- (I) Capitalized: ISDs SHOULD capitalize 'Web' when
using the term (as either a noun or an adjective) to refer specifically
to the World Wide Web. (C) Not capitalized: ISDs SHOULD NOT
capitalize 'web' when using the term (usually as an adjective) to refer
generically to technology--such as web browsers, web servers, HTTP, and
HTML -- that is used in the Web or similar networks. (C) IETF
documents SHOULD spell out 'World Wide Web' fully at the first instance
of usage and SHOULD Use 'Web' and 'web' especially carefully where
confusion with the PGP 'web of trust' is possible. [RFC2828] (see also networks, trust, world wide web)
- weblinking
- The use of hyperlinks to direct users to webpages of other entities. [FFIEC] (see also world wide web)
- website
- A location on the World Wide Web, accessed by typing its
address (URL) into a Web browser. A Web site always includes a home
page and may contain additional documents or pages. [CIAO] A
webpage or set of webpages designed, presented, and linked together to
form a logical information resource and/or transaction initiation
function. [FFIEC] (see also world wide web)
- website hosting
- The service of providing ongoing support and monitoring of an
Internet-addressable computer that stores webpages and processes
transactions initiated over the Internet. [FFIEC] (see also world wide web)
- wedged
- To be stuck, incapable of proceeding without help. The system
or software is trying to do something but cannot make progress; it may
be capable of doing a few things, but not be fully operational. [AFSEC] (see also software, threat)
- white-box testing
- A method to examine the internal structure of a computer
program or module to determine if the logic paths correctly perform the
functions required. [SRV] (see also software development, test)
- wide area information service (WAIS)
- An Internet service that allows you to search a large number of specially indexed databases. [NSAINT] (see also internet)
- wide-area network (WAN)
- A communications network that connects geographically
separated areas. It can cover several sites that are geographically
distant. A WAN may span different cities or even different continents. [SRV]
A data communications network that spans any distance and is usually
provided by a public carrier. Users gain access to the two ends of the
circuit and the carrier handles the transmission and other services in
between. [IATF] A physical or logical network that provides
capabilities for a number of independent devices to communicate with
each other over a common transmission-interconnected topology in
geographic areas larger than those served by local area networks. [NSAINT] (see also communications, networks, user)
- wireless application protocol (WAP)
- A data transmission standard to deliver wireless markup language (WML) content. [FFIEC] (see also standard generalized markup language)
- wireless gateway server
- A computer (server) that transmits messages between a computer
network and a cellular telephone or other wireless access device. [FFIEC]
- wiretapping
- (I) An attack that intercepts and accesses data and other information contained in a flow in a communication system. (C)
Although the term originally referred to making a mechanical connection
to an electrical conductor that links two nodes, it is now used to
refer to reading information from any sort of medium used for a link or
even directly from a node, such as gateway or subnetwork switch. (C)
'Active wiretapping' attempts to alter the data or otherwise affect the
flow; 'passive wiretapping' only attempts to observe the flow and gain
knowledge of information it contains. [RFC2828] Interception of
communications signals with the intent to gain access to information
transmitted over communications circuits. [AFSEC] Monitoring and recording data that is flowing between two points in a communication system. [RFC2828]
The collection of transmitted voice or data, and the sending of that
data to a listening device. See active and passive wiretapping. [SRV]
The real-time collection of transmitted data, such as dialed digits,
and the sending of that data in real time to a listening device. [AJP] (see also networks, attack, threat consequence) (includes active wiretapping, passive wiretapping)
- witness
- A data item which provides evidence to the verifier. [SC27]
A data item which provides evidence to the verifier. NOTE - In the
context of this part of ISO/IEC 9796 the witness is based on a
hash-token. [SC27] Data item which provides evidence of the claimant's identity to the verifier. [SC27]
Data item which provides evidence of the claimant's identity to the
verifier. [ISO/IEC 9798-5: 1999] A data item which provides evidence to
the verifier. NOTE - In the context of this part of ISO/IEC 9796 the
witness is based on a hash-token. [ISO/IEC 9796-3: 2000] A data item
which provides evidence to the verifier. [SC27] (see also evidence, hash, tokens)
- word
- A string of 32 bits in dedicated hash-functions 1, 2, 3 and 4, or a string of 64 bits in dedicated hash functions 5 and 6. [SC27]
A string of 32 bits in dedicated hash-functions 1, 2, 3 and 4, or a
string of 64 bits in dedicated hash functions 5 and 6. [ISO/IEC CD
10118-3 (11/2001)] String of 32 bits. [SC27] String of 32 bits. [SC27] (see also hash)
- work breakdown structure (WBS)
-
- work factor
- (I) General security usage: The estimated amount of
effort or time that can be expected to be expended by a potential
intruder to penetrate a system, or defeat a particular countermeasure,
when using specified amounts of expertise and resources. (I) Cryptography usage: The estimated amount of computing time and power needed to break a cryptographic system. [RFC2828]
An estimate of the effort or time needed by a potential penetrator with
specified expertise and resources to overcome a protective measure. [AJP][NCSC/TG004]
Estimate of the effort or time needed by a potential perpetrator, with
specified expertise and resources, to overcome a protective measure. [NSTISSC] (see also counter measures, cryptography, risk, security)
- work product
- All items (i.e. documents, reports, files, data, etc.)
generated in the course of performing any process for developing and
supplying the deliverable. [SC27]
- work program
- A series of specific, detailed steps to achieve an audit objective. [FFIEC] (see also audit)
- workflow
- A graphic representation of the flow of work in a process and
its related subprocesses, including specific activities, information
dependencies, and the sequence of decisions and activities. [SRV] (see also automated information system)
- workgroup computing
- An application system designed for the use of collaborative
work groups (e.g. electronic mail, workflow systems, meeting and
conferencing software). [SRV] (see also software)
- workload
- A collection of logically distinct, identifiable problems on
which IS management takes action to support business functions, such as
payroll. [SRV] (see also automated information system, business process)
- workstation
- A piece of computer hardware that is operated by a user to
perform an application. Provides users with access to the distributed
information system or other dedicated systems; input/output via a
keyboard and video display terminal; or any method that supplies the
user with the required input/output capability. Computer power embodied
within the workstation may be used to furnish data processing
capability at the user level. [SRV] (see also automated information system)
- world class organizations
- Organizations that are recognized as the best for at least one
critical business process and are held as models for other
organizations. [SRV] (see also business process, model)
- world wide web (W3) (WWW)
- (N) The global, hypermedia-based collection of
information and services that is available on Internet servers and is
accessed by browsers using Hypertext Transfer Protocol and other
information retrieval mechanisms. [RFC2828] A system of Internet
hosts that support documents formatted in HTML, which contain links to
other documents (hyperlinks), and to audio, video, and graphics images.
Users can access the Web with special applications called browsers,
such as Netscape® Navigator® and Microsoft® Internet Explorer®. [CIAO] (see also applet, certificate, certificate owner, cookies, hypertext, link, pagejacking, plug-in modules, pop-up box, proxy server, push technology, internet) (includes CGI scripts, browser, common gateway interface, hyperlink, hypertext markup language, hypertext transfer protocol, secure hyptertext transfer protocol, secure socket layer, virtual mall, web browser cache, web server, web vs. Web, weblinking, website, website hosting)
- worm
- (I) A computer program that can run independently, can
propagate a complete working version of itself onto other hosts on a
network, and may consume computer resources destructively. [RFC2828]
A computer program which replicates itself and is self-propagating.
Worms, as opposed to viruses, are meant to spawn in network
environments. [RFC2504] A computer program which replicates
itself and is self-propagating. Worms, as opposed to viruses, are meant
to spawn in network environments. Network worms were first defined by
Shoch & Hupp of Xerox in ACM Communications (March 1982). The
Internet worm of November 1988 is perhaps the most famous; it
successfully propagated itself on over 6,000 systems across the
Internet. [RFC1983] A program or executable code module which
resides in distributed systems or networks. It will replicate itself,
if necessary, in order to exercise as much of the computer systems'
resources as possible for its own processing. Such resources may take
the form of CPU time, I/O channels, or system memory. It will replicate
itself from machine to machine across network connections, often
clogging networks and computer systems as it spreads. [AFSEC] A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself. [800-61] A small, malicious program similar to a virus, except that it cannot self-replicate. [CIAO]
An independent computer program that reproduces by copying itself from
one system to another while traveling from machine to machine across
the network. Unlike computer viruses, worms do not require human
involvement to propagate. Most worms and viruses are closely related-
they both spread and reproduce and their effects can be identical. [SRV]
Independent program that replicates from machine to machine across
network connections often clogging networks and information systems as
it spreads. [NSAINT] Independent program that replicates from
machine to machine across network connections often clogging networks
and information systems as it spreads. (I) A computer program that can
run independently, can propagate a complete working version of itself
onto other hosts on a network, and may consume computer resources
destructively. A computer program which replicates itself and is self-
propagating. Worms, as opposed to viruses, are meant to spawn in
network environments. Network worms were first defined by Shoch &
Hupp of Xerox in ACM Communications (March 1982). The Internet worm of
November 1988 is perhaps the most famous; it successfully propagated
itself on over 6,000 systems across the Internet. [OVT]
Malicious code that infects computers across a network without user
intervention. Typically, a worm is a program that scans a system or an
entire network for available, unused space in which to run. Worms tend
to tie up all computing resources in a system or on a network and
effectively shut it down. [FFIEC] Propagate itself through
memory or networks without necessarily modifying programs. A worm is
similar to a virus, because it has the ability to replicate, but
differs from a virus in that it does not seek a host. [IATF] (see also infection, networks, replicator, trojan horse, virus, internet, malicious code) (includes Internet worm, morris worm)
- wrap
- (O) To use cryptography to provide data confidentiality service for a data object. (D)
ISDs SHOULD NOT use this term with this definition because it
duplicates the meaning of other, standard terms. Instead, use 'encrypt'
or use a term that is specific with regard to the mechanism used. [RFC2828] (see also confidentiality, cryptography, encryption)
- write
- A fundamental operation that results only in the flow of information from a subject to an object. [AJP][NCSC/TG004][TCSEC][TNI] Fundamental operation in an IS that results only in the flow of information from a subject to an object. [NSTISSC] (includes object, subject)
- write access
- Permission to write an object. [AJP][NCSC/TG004][TNI] Permission to write to an object in an IT system. [NSTISSC] (includes object)
- X.400
- (N) An ITU-T Recommendation that is one part of a joint
ITU-T/ISO multi-part standard (X.400-X.421) that defines the Message
Handling Systems. (The ISO equivalent is IS 10021, parts 1-7.) [RFC2828] (see also email)
- X.500
- (see X.500 Directory)
- X.500 Directory
- (N) An ITU-T Recommendation that is one part of a joint
ITU-T/ISO multi-part standard (X.500-X.525) that defines the X.500
Directory, a conceptual collection of systems that provide distributed
directory capabilities for OSI entities, processes, applications, and
services. (The ISO equivalent is IS 9594-1 and related standards, IS
9594-x.) (C) The X.500 Directory is structured as a tree (the
Directory Information Tree), and information is stored in directory
entries. Each entry is a collection of information about one object,
and each object has a DN. A directory entry is composed of attributes,
each with a type and one or more values. For example, if a PKI uses the
Directory to distribute certificates, then the X.509 public-key
certificate of an end user is normally stored as a value of an
attribute of type 'userCertificate' in the Directory entry that has the
DN that is the subject of the certificate. [RFC2828] (see also certificate, key, public-key infrastructure)
- X.509
- (N) An ITU-T Recommendation that defines a framework to
provide and support data origin authentication and peer entity
authentication services, including formats for X.509 public-key
certificates, X.509 attribute certificates, and X.509 CRLs. (The ISO
equivalent is IS 9498-4.) (C) X.509 describes two levels of
authentication: simple authentication based on a password, and strong
authentication based on a public-key certificate. [RFC2828] (see also authentication, certificate, key, public-key infrastructure)
- X.509 attribute certificate
- (N) An attribute certificate in the version 1 (v1)
format defined by X.509. (The v1 designation for an X.509 attribute
certificate is disjoint from the v1 designation for an X.509 public-key
certificate, and from the v1 designation for an X.509 CRL.) (C)
An X.509 attribute certificate has a subject field, but the attribute
certificate is a separate data structure from that subject's public-key
certificate. A subject may have multiple attribute certificates
associated with each of its public-key certificates, and an attribute
certificate may be issued by a different CA than the one that issued
the associated public-key certificate. (C) An X.509 attribute
certificate contains a sequence of data items and has a digital
signature that is computed from that sequence. In addition to the
signature, an attribute certificate contains items 1 through 9 listed
below:
- version Identifies v1.
- subject Is one of the
following: 2a. baseCertificateID - Issuer and serial number of an X.509
public-key certificate. 2b. subjectName - DN of the subject.
- issuer DN of the issuer (the CA who signed).
- signature OID of algorithm that signed the cert.
- serialNumber Certificate serial number; an integer assigned by the issuer.
- attCertValidityPeriod Validity period; a pair of UTCTime values: 'not before' and 'not after'.
- attributes Sequence of attributes describing the subject.
- issuerUniqueId Optional, when a DN is not sufficient.
- extensions Optional.
[RFC2828] (see also digital signature, key, certificate)
- X.509 authority revocation list
- (N) An ARL in one of the formats defined by
X.509--version 1 (v1) or version 2 (v2). A specialized kind of
certificate revocation list. [RFC2828] (see also certificate, public-key infrastructure)
- X.509 certificate
- (N) Either an X.509 public-key certificate or an X.509 attribute certificate. (C)
This Glossary uses the term with the precise meaning recommended here.
However, some who use the term may not be aware that X.509 specifies
attribute certificates that do not contain a public key. Even among
those who are aware, this term is commonly used as an abbreviation to
mean 'X.509 public-key certificate'. ISDs MAY use the term as an
abbreviation for 'X.509 public-key certificate', but only after using
the full term at the first instance. (D) ISDs SHOULD NOT use this term as an abbreviation to mean 'X.509 attribute certificate'. [RFC2828] (see also key, certificate)
- X.509 certificate revocation list
- (N) A CRL in one of the formats defined by
X.509--version 1 (v1) or version 2 (v2). (The v1 and v2 designations
for an X.509 CRL are disjoint from the v1 and v2 designations for an
X.509 public-key certificate, and from the v1 designation for an X.509
attribute certificate.) (C) ISDs SHOULD NOT refer to an X.509
CRL as a digital certificate, but note that an X.509 CRL does meet this
Glossary's definition of 'digital certificate'. Like a digital
certificate, an X.509 CRL makes an assertion and is signed by a CA. But
instead of binding a key or other attributes to a subject, an X.509 CRL
asserts that certain previously-issued X.509 certificates have been
revoked. (C) An X.509 CRL contains a sequence of data items and
has a digital signature computed on that sequence. In addition to the
signature, both v1 and v2 contain items 2 through 6b listed below.
Version 2 contains item 1 and may optionally contain 6c and 7.
- version Optional. If present, identifies v2.
- signature OID of the algorithm that signed CRL.
- issuer DN of the issuer (the CA who signed).
- thisUpdate A UTCTime value.
- nextUpdate A UTCTime value.
- revokedCertificates 3-tuples of 6a, 6b, and (optional) 6c:
- userCertificate A certificate's serial number.
- revocationDate UTCTime value for the revocation date.
- crlEntryExtensions Optional.
- crlExtensions Optional.
[RFC2828] (see also certificate, digital signature, key, public-key infrastructure)
- X.509 public-key certificate
- (N) A public-key certificate in one of the formats
defined by X.509--version 1 (v1), version 2 (v2), or version 3 (v3).
(The v1 and v2 designations for an X.509 public-key certificate are
disjoint from the v1 and v2 designations for an X.509 CRL, and from the
v1 designation for an X.509 attribute certificate.) (C) An X.509
public-key certificate contains a sequence of data items and has a
digital signature computed on that sequence. In addition to the
signature, all three versions contain items 1 through 7 listed below.
Only v2 and v3 certificates may also contain items 8 and 9, and only v3
may contain item 10.
- version Identifies v1, v2, or v3.
- serialNumber Certificate serial number; an integer assigned by the issuer.
- signature OID of algorithm that was used to sign the certificate.
- issuer DN of the issuer (the CA who signed).
- validity Validity period; a pair of UTCTime values: 'not before' and 'not after'.
- subject DN of entity who owns the public key.
- subjectPublicKeyInfo Public key value and algorithm OID.
- issuerUniqueIdentifier Defined for v2, v3; optional.
- subjectUniqueIdentifier Defined for v2, v2; optional.
- extensions Defined only for v3; optional.
[RFC2828] (see also digital signature, key, certificate)
- Yellow book
- (D) ISDs SHOULD NOT use this term as a synonym for
'Computer Security Requirements: Guidance for Applying the Department
of Defense Trusted Computer System Evaluation Criteria in Specific
Environments'. Instead, use the full proper name of the document or, in
subsequent references, a conventional abbreviation. [RFC2828] (see also computer security, evaluation, security, trust, rainbow series)
- zero fill
- To fill unused storage locations in an IS with the representation of the character denoting '0.' [NSTISSC] (see also zeroize)
- zeroization
- A method of erasing electronically stored data by altering the
contents of the data storage so as to prevent the recovery of the data.
[FIPS140][SRV] (see also zeroize, FIPS PUB 140-1, recovery)
- zeroize
- (I) Use erasure or other means to render stored data
unusable and unrecoverable, particularly a key stored in a
cryptographic module or other device. (O) Erase electronically stored data by altering the contents of the data storage so as to prevent the recovery of the data. [RFC2828] To remove or eliminate the key from a crypto-equipment or fill device. [NSTISSC] (see also zeroization, FIPS PUB 140-1, cryptography, key, recovery, zero fill)