&item1=Access#Opportunity to make use of an information system (IS) resource.(CNSSI 4009)&
&item2=Access control#Limiting access to information system resources only to authorized users, programs, processes, or other systems.(CNSSI 4009)&
&item3=Access Control Lists#Access control lists are used in packet filtering. They consist of lines of text, called rulesets, that specify the criteria to use in determining whether or not a packet is allowed to pass.&
&item4=Access control mechanism#Security safeguard designed to detect and deny unauthorized access and permit authorized access in an IS.(CNSSI 4009)&
&item5=Access control officer (ACO)#Designated individual responsible for limiting access to information systems resources.(CNSSI 4009)&
&item6=Access level#Hierarchical portion of the security level used to identify the sensitivity of IS data and the clearance or authorization of users. Access level, in conjunction with the nonhierarchical categories, forms the sensitivity label of an object. See category.(CNSSI 4009)&
&item7=Access list#(IS) Compilation of users, programs, or processes and the access levels and types to which each is authorized. (COMSEC) Roster of persons authorized admittance to a controlled area.(CNSSI 4009)&
&item8=Access period#Segment of time, generally expressed in days or weeks, during which access rights prevail.(CNSSI 4009)&
&item9=Access profile#Associates each user with a list of protected objects the user may access.(CNSSI 4009)&
&item10=Access type#Privilege to perform action on an object. Read, write, execute, append, modify, delete, and create are examples of access types.(CNSSI 4009)&
&item11=Accountability#(IS) Process of tracing IS activities to a responsible source.(COMSEC) Principle that an individual is entrusted to safeguard and control equipment, keying material, and information and is answerable to proper authority for the loss or misuse of that equipment or information.(CNSSI 4009)&
&item12=Accreditation#Formal declaration by a Designated Approving Authority (DAA) that an IS is approved to operate in a particular security mode at an acceptable level of risk, based on the implementation of an approved set of technical, managerial, and procedural safeguards.(CNSSI 4009)&
&item13=Accreditation package#Product comprised of a System Security Plan (SSP) and a report documenting the basis for the accreditation decision.(CNSSI 4009)&
&item14=Accrediting authority#Synonymous with Designated Approving Authority (DAA).(CNSSI 4009) &
&item15=Add-on security#Incorporation of new hardware, software, or firmware safeguards in an operational IS.(CNSSI 4009)&
&item16=Advisory#Notification of significant new trends or developments regarding the threat to the IS of an organization. This notification may include analytical insights into trends, intentions, technologies, or tactics of an adversary targeting ISs.(CNSSI 4009)&
&item17=Alert#Notification that a specific attack has been directed at the IS of an organization.(CNSSI 4009)&
&item18=Anti-jam#Measures ensuring that transmitted information can be received despite deliberate jamming attempts.(CNSSI 4009)&
&item19=Anti-spoof#Measures preventing an opponentÆs participation in an IS.(CNSSI 4009)&
&item20=Assurance #See information assurance.(CNSSI 4009)&
&item21=Attack#Type of incident involving the intentional act of attempting to bypass one or more security controls (see Information Assurance) of an IS.(CNSSI 4009)&
&item22=Auditing#Auditing is the process of tracking and logging activity on the firewall.&
&item23=Audit trail#Chronological record of system activities to enable the reconstruction and examination of the sequence of events and/or changes in an event. Audit trail may apply to information in an IS, to message routing in a communications system, or to the transfer of COMSEC material.(CNSSI 4009)&
&item24=Authenticate#To verify the identity of a user, user device, or other entity, or the integrity of data stored, transmitted, or otherwise exposed to unauthorized modification in an IS, or to establish the validity of a transmission.(CNSSI 4009)&
&item25=Authentication#Security measure designed to establish the validity of a transmission, message, or originator, or a means of verifying an individualÆs authorization to receive specific categories of information.(CNSSI 4009)&
&item26=Authenticator#Means used to confirm the identity of a station, originator, or individual.(CNSSI 4009)&
&item27=Authorization#Access privileges granted to a user, program, or process.(CNSSI 4009)&
&item28=Authorized vendor#Manufacturer of INFOSEC equipment authorized to produce quantities in excess of contractual requirements for direct sale to eligible buyers. Eligible buyers are typically U.S. Government organizations or U.S. Government contractors. (CNSSI 4009)&
&item29=Automated security monitoring#Use of automated procedures to ensure security controls are not circumvented or the use of these tools to track actions taken by subjects suspected of misusing the IS.(CNSSI 4009)&
&item30=Availability#Timely, reliable access to data and information services for authorized users.(CNSSI 4009)&
&item31=Back door#Hidden software or hardware mechanism used to circumvent security controls. Synonymous with trap door.(CNSSI 4009)&
&item32=Backup#Copy of files and programs made to facilitate recovery, if necessary.(CNSSI 4009)&
&item33=Banner#Display on an IS that sets parameters for system or data use.(CNSSI 4009)&
&item34=Benign#Condition of cryptographic data that cannot be compromised by human access.(CNSSI 4009)&
&item35=Benign environment#Nonhostile environment that may be protected from external hostile elements by physical, personnel, and procedural security countermeasures.(CNSSI 4009)&
&item36=Biometrics#Automated methods of authenticating or verifying an individual based upon a physical or behavioral characteristic.(CNSSI 4009)&
&item37=Bit error rate#Ratio between the number of bits incorrectly received and the total number of bits transmitted in a telecommunications system.(CNSSI 4009)&
&item38=BLACK#Designation applied to information systems, and to associated areas, circuits, components, and equipment, in which national security information is encrypted or is not processed.(CNSSI 4009)&
&item39=Boundary#Software, hardware, or physical barrier that limits access to a system or part of a system.(CNSSI 4009)&
&item40=Brevity list#List containing words and phrases used to shorten messages.(CNSSI 4009)&
&item41=Bridge#A bridge is similar to a router except it joins segments, or enclaves, of a LAN. This architecture extends the distance over which a LAN can operate. Bridges operate at the Network layer of the OSI model and decide if data is being sent within the same enclave as the sender, or if it must be forwarded to a different enclave.&
&item42=Browsing#Act of searching through IS storage to locate or acquire information, without necessarily knowing the existence or format of information being sought.(CNSSI 4009)&
&item43=Call back#Procedure for identifying and authenticating a remote IS terminal, whereby the host system disconnects the terminal and reestablishes contact. Synonymous with dial back.(CNSSI 4009)&
&item44=Capability#Protected identifier that both identifies the object and specifies the access rights to be allowed to the subject who possesses the capability. In a capability-based system, access to protected objects such as files is granted if the would-be subject possesses a capability for the object.(CNSSI 4009)&
&item45=Cascading#Downward flow of information through a range of security levels greater than the accreditation range of a system network or component.(CNSSI 4009)&
&item46=Category#Restrictive label applied to classified or unclassified information to limit access.(CNSSI 4009)&
&item47=Certificate#Record holding security information about an IS user and vouches to the truth and accuracy of the information it contains.(CNSSI 4009)&
&item48=Certificate management#Process whereby certificates (as defined above) are generated, stored, protected, transferred, loaded, used, and destroyed.(CNSSI 4009)&
&item49=Certificate revocation list(CRL)#List of invalid certificates (as defined above) that have been revoked by the issuer.(CNSSI 4009)&
&item50=Certification#Comprehensive evaluation of the technical and nontechnical security safeguards of an IS to support the accreditation process that establishes the extent to which a particular design and implementation meets a set of specified security requirements.(CNSSI 4009)&
&item51=Certification authority(CA)#Third level of the Public Key Infrastructure (PKI) Certification Management Authority responsible for issuing and revoking user certificates, and exacting compliance to the PKI policy as defined by the parent Policy Creation Authority (PCA).(CNSSI 4009)&
&item52=Certification package#Product of the certification effort documenting the detailed results of the certification activities.(CNSSI 4009)&
&item53=Certification test(CTE)#Software and hardware security tests conducted during development of an IS.(CNSSI 4009)&
&item54=Certified TEMPEST(CTTA)#An experienced, technically qualified U.S. Government employee who has met established certification requirements in accordance with NSTISSC-approved criteria and has been appointed by a U.S. Government Department or Agency to fulfill CTTA responsibilities.(CNSSI 4009)&
&item55=Certifier#Individual responsible for making a technical judgment of the systemÆs compliance with stated requirements, identifying and assessing the risks associated with operating the system, coordinating the certification activities, and consolidating the final certification and accreditation packages.(CNSSI 4009)&
&item56=Checksum#Value computed on data to detect error or manipulation during transmission. See hash total.(CNSSI 4009)&
&item57=Ciphony#Process of enciphering audio information, resulting in encrypted speech.(CNSSI 4009)&
&item58=Circuit Switched Routing#Circuit switched routing mimics the phone system. Routing occurs when a direct, dedicated connection exists between the source and destination networks.&
&item59=Classified information#Information that has been determined pursuant to Executive Order 12958 or any predecessor Order, or by the Atomic Energy Act of 1954, as amended, to require protection against unauthorized disclosure and is marked to indicate its classified status.(CNSSI 4009)&
&item60=Clearing#Removal of data from an IS, its storage devices, and other peripheral devices with storage capacity, in such a way that the data may not be reconstructed using common system capabilities (i.e., keyboard strokes); however, the data may be reconstructed using laboratory methods. Cleared media may be reused at the same classification level or at a higher level. Overwriting is one method of clearing.(CNSSI 4009)&
&item61=Closed security environment#Environment providing sufficient assurance that applications and equipment are protected against the introduction of malicious logic during an IS life cycle. Closed security is based upon a systemÆs developers, operators, and maintenance personnel having sufficient clearances, authorization, and configuration control.(CNSSI 4009)&
&item62=Common Access Card#A Common Access Card, or CAC card, is a microprocessor on which information, software, and embedded applications can be stored. They are usually about the size of credit card. CAC cards are used to limit physical entry to buildings and controlled spaces, and they contain PKI certificates. When used in conjunction with a reader at a computer terminal, the PKI certificates on the CAC card can be used to digitally sign and encrypt e-mail messages and establish secure browser sessions.&
&item63=Command authority#Individual responsible for the appointment of user representatives for a department, agency, or organization and their key ordering privileges.(CNSSI 4009)&
&item64=Common criteria#Provides a comprehensive, rigorous method for specifying security function and assurance requirements for products and systems.(Information Technology Security Evaluation Criteria [ITSEC])(CNSSI 4009)&
&item65=Communications cover#Concealing or altering of characteristic communications patterns to hide information that could be of value to an adversary. (CNSSI 4009)&
&item66=Communications deception#Deliberate transmission, retransmission, or alteration of communications to mislead an adversaryÆs interpretation of the communications. See imitative communications deception and manipulative communications deception.(CNSSI 4009)&
&item67=Communications profile#Analytic model of communications associated with an organization or activity. The model is prepared from a systematic examination of communications content and patterns, the functions they reflect, and the communications security measures applied.(CNSSI 4009)&
&item68=Communications security#(COMSEC)Measures and controls taken to deny unauthorized persons information derived from telecommunications and to ensure the authenticity of such telecommunications. Communications security includes cryptosecurity, transmission security, emission security, and physical security of COMSEC material.(CNSSI 4009)&
&item69=Compartmentalization#A nonhierarchical grouping of sensitive information used to control access to data more finely than with hierarchical security classification alone. Compartmented mode INFOSEC mode of operation wherein each user with direct or indirect access to a system, its peripherals, remote terminals, or remote hosts has all of the following: (a) valid security clearance for the most restricted information processed in the system; (b) formal access approval and signed nondisclosure agreements for that information which a user is to have access; and (c) valid need-to-know for information which a user is to have access.(CNSSI 4009)&
&item70=Compromise#Type of incident where information is disclosed to unauthorized persons or a violation of the security policy of a system in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object may have occurred.(CNSSI 4009)&
&item71=Compromising emanations#Unintentional signals that, if intercepted and analyzed, would disclose the information transmitted, received, handled, or otherwise processed by information systems equipment. See TEMPEST.(CNSSI 4009)&
&item72=Computer abuse#Intentional or reckless misuse, alteration, disruption, or destruction of information processing resources.(CNSSI 4009)&
&item73=Computer security#Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware, and information being processed, stored, and communicated.(CNSSI 4009)&
&item75=Computer security subsystem#Hardware/software designed to provide computer security features in a larger system environment.(CNSSI 4009)&
&item76=COMSEC equipment#Equipment designed to provide security to telecommunications by converting information to a form unintelligible to an unauthorized interceptor and, subsequently, by reconverting such information to its original form for authorized recipients; also, equipment designed specifically to aid in, or as an essential element of, the conversion process. COMSEC equipment includes cryptoequipment, crypto-ancillary equipment, cryptoproduction equipment, and authentication equipment.(CNSSI 4009)&
&item77=Concept of operations#(CONOP)Document detailing the method, act, process, or effect of using an IS.(CNSSI 4009)&
&item78=Confidentiality#Assurance that information is not disclosed to unauthorized persons, processes, or devices. CNSSI 4009)&
&item79=Configuration control#Process of controlling modifications to hardware, firmware, software, and documentation to ensure the IS is protected against improper modifications prior to, during, and after system implementation.(CNSSI 4009)&
&item80=Configuration management#Management of security features and assurances through control of changes made to hardware, software, firmware, documentation, test, test fixtures, and test documentation throughout the life cycle of an IS.(CNSSI 4009)&
&item82=Contamination#Type of incident involving the introduction of data of one security classification or security category into data of a lower security classification or different security category.(CNSSI 4009)&
&item83=Contingency plan#Plan maintained for emergency response, backup operations, and post-disaster recovery for an IS, to ensure the availability of critical resources and to facilitate the continuity of operations in an emergency situation.(CNSSI 4009)&
&item84=Controlled cryptographic item#(CCI)Secure telecommunications or information handling equipment, or associated cryptographic component, that is unclassified but governed by a special set of control requirements. Such items are marked "CONTROLLED CRYPTOGRAPHIC ITEM" or, where space is limited, "CCI."(CNSSI 4009)&
&item86=Controlled sharing#Condition existing when access control is applied to all users and components of an IS.(CNSSI 4009)&
&item87=Controlled space#Three-dimensional space surrounding IS equipment, within which unauthorized persons are denied unrestricted access and are either escorted by authorized persons or are under continuous physical or electronic surveillance.(CNSSI 4009)&
&item88=Countermeasure#Action, device, procedure, technique, or other measure that reduces the vulnerability of an IS.(CNSSI 4009)&
&item89=Covert channel#Unintended and/or unauthorized communications path that can be used to transfer information in a manner that violates an IS security policy. See overt channel and exploitable channel.(CNSSI 4009)&
&item90=Covert channel analysis#Determination of the extent to which the security policy model and subsequent lower-level program descriptions may allow unauthorized access to information.(CNSSI 4009)&
&item91=Credentials#Information, passed from one entity to another, used to establish the sending entityÆs access rights.(CNSSI 4009)&
&item92=Critical infrastructures#Those physical and cyber-based systems essential to the minimum operations of the economy and government.(CNSSI 4009)&
&item93=CRYPTO#Marking or designator identifying COMSEC keying material used to secure or authenticate telecommunications carrying classified or sensitive U.S. Government or U.S. Government-derived information.(CNSSI 4009)&
&item94=Crypto-equipment#Equipment that embodies a cryptographic logic.(CNSSI 4009)&
&item95=Cryptography#Art or science concerning the principles, means, and methods for rendering plain information unintelligible and for restoring encrypted information to intelligible form.(CNSSI 4009)&
&item96=Crypto-ignition key(CIK)#Device or electronic key used to unlock the secure mode of crypto-equipment.(CNSSI 4009)&
&item97=Dangling threat#Set of properties about the external environment for which there is no corresponding vulnerability and therefore no implied risk.(CNSSI 4009)&
&item98=Dangling vulnerability#Set of properties about the internal environment for which there is no corresponding threat and, therefore, no implied risk.(CNSSI 4009)&
&item99=Data aggregation#The compilation of unclassified individual data systems and data elements resulting in the totality of the information being classified.(CNSSI 4009)&
&item100=Data flow control#Synonymous with information flow control.(CNSSI 4009)&
&item101=Data integrity#Condition existing when data is unchanged from its source and has not been accidentally or maliciously modified, altered, or destroyed.(CNSSI 4009)&
&item102=Data origin authentication#Corroborating the source of data is as claimed.(CNSSI 4009)&
&item103=Data security#Protection of data from unauthorized (accidental or intentional) modification, destruction, or disclosure.(CNSSI 4009)&
&item104=Decertification#Revocation of the certification of an IS item or equipment for cause.(CNSSI 4009)&
&item105=Dedicated mode#IS security mode of operation wherein each user, with direct or indirect access to the system, its peripherals, remote terminals, or remote hosts, has all of the following: a. valid security clearance for all information within the system; b. formal access approval and signed nondisclosure agreements for all the information stored and/or processed (including all compartments, subcompartments, and/or special access programs); and c. valid need-to-know for all information contained within the IS. When in the dedicated security mode, a system is specifically and exclusively dedicated to and controlled for the processing of one particular type or classification of information, either for full-time operation or for a specified period of time.(CNSSI 4009)&
&item106=Default classification#Temporary classification reflecting the highest classification being processed in an IS. Default classification is included in the caution statement affixed to an object.(CNSSI 4009)&
&item107=Denial of service#Type of incident resulting from any action or series of actions that prevents any part of an IS from functioning.(CNSSI 4009)&
&item108=Designated approving authority(DAA)#Official with the authority to formally assume responsibility for operating a system at an acceptable level of risk. This term is synonymous with designated accrediting authority and delegated accrediting authority.(CNSSI 4009)&
&item109=Dial back#Synonymous with call back.(CNSSI 4009)&
&item110=Digital signature#Cryptographic process used to assure message originator authenticity, integrity, and nonrepudiation.(CNSSI 4009)&
&item111=Discretionary access control(DAC)#Means of restricting access to objects based on the identity and need-to-know of users and/or groups to which the object belongs. Controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (directly or indirectly) to any other subject. See mandatory access control.(CNSSI 4009)&
&item112=Distance Vector Routing:#With distance vector routing protocols the routing table is updated every 10 to 90 seconds. These updates usually consist of transmitting the entire routing table to each neighboring router. The neighboring routers sift through the information for any changes and then update the routing table with their own information.&
&item113=Distinguished name#Globally unique identifier representing an individualÆs identity.(CNSSI 4009)&
&item114=DoD(TCSEC)#Document containing basic requirements and evaluation classes for assessing degrees of effectiveness of hardware and software security controls built into an IS. This document, DoD 5200.28 STD, is frequently referred to as the Orange Book.(CNSSI 4009)&
&item115=Domain#Unique context (e.g., access control parameters) in which a program is operating; in effect, the set of objects a subject has the privilege to access.(CNSSI 4009)&
&item116=Dominate#Term used to compare IS security levels. Security level S1 is said to dominate security level S2, if the hierarchical classification of S1 is greater than, or equal to, that of S2 and the non-hierarchical categories of S1 include all those of S2 as a subset.(CNSSI 4009)&
&item117=Dual-Homed Architecture#With the Dual-Homed Architecture, a host is set up as a gateway with two network interface cards, or NICs. One is connected to the external network through a router and the other is connected to the internal network. The gateway can be reached from both sides, but traffic cannot flow directly across it.&
&item118=Dynamic Routing#With dynamic routing, the routers generate routing tables using shared information about other networks.&
&item119=Electronic Key Management System (EKMS)#Interoperable collection of systems being developed by services and agencies of the U.S. Government to automate the planning, ordering, generating, distributing, storing, filling, using, and destroying of electronic key and management of other types of COMSEC material.(CNSSI 4009)&
&item120=Electronic messaging services#Services providing interpersonal messaging capability; meeting specific functional, management, and technical requirements; and yielding a business-quality electronic mail service suitable for the conduct of official government business.(CNSSI 4009)&
&item121=Electronic security(ELSEC)#Protection resulting from measures designed to deny unauthorized persons information derived from the interception and analysis of noncommunications electromagnetic radiations.(CNSSI 4009)&
&item122=Embedded computer#Computer system that is an integral part of a larger system.(CNSSI 4009)&
&item123=Embedded cryptography#Cryptography engineered into an equipment or system whose basic function is not cryptographic.(CNSSI 4009)&
&item124=Emissions security(EMSEC)#Protection resulting from measures taken to deny unauthorized persons information derived from intercept and analysis of compromising emanations from crypto-equipment or an IS.(CNSSI 4009)&
&item125=End-to-end security#Safeguarding information in an IS from point of origin to point of destination.(CNSSI 4009)&
&item126=Endorsement#NSA approval of a commercially developed product for safeguarding national security information.(CNSSI 4009)&
&item127=Entrapment#Deliberate planting of apparent flaws in an IS for the purpose of detecting attempted penetrations.(CNSSI 4009)&
&item128=Environment#Aggregate of external procedures, conditions, and objects affecting the development, operation, and maintenance of an IS.(CNSSI 4009)&
&item129=Erasure#Process intended to render magnetically stored information irretrievable by normal means.(CNSSI 4009)&
&item130=Evaluated Products List (EPL)#Equipment, hardware, software, and/or firmware evaluated by the National Computer Security Center (NCSC) in accordance with DoD TCSEC and found to be technically compliant at a particular level of trust. The EPL is included in the NSA Information Systems Security Products and Services Catalogue.(CNSSI 4009)&
&item131=Event#Occurrence, not yet assessed, that may affect the performance of an IS.(CNSSI 4009)&
&item132=Executive state#One of several states in which an IS may operate, and the only one in which certain privileged instructions may be executed. Such privileged instructions cannot be executed when the system is operating in other states. Synonymous with supervisor state.(CNSSI 4009)&
&item133=Exploitable channel#Channel that allows the violation of the security policy governing an IS and is usable or detectable by subjects external to the trusted computing base. See covert channel.(CNSSI 4009)&
&item134=Fail safe#Automatic protection of programs and/or processing systems when hardware or software failure is detected.(CNSSI 4009)&
&item135=Fail soft#Selective termination of affected nonessential processing when hardware or software failure is determined to be imminent.(CNSSI 4009)&
&item136=Failure access#Type of incident in which unauthorized access to data results from hardware or software failure.(CNSSI 4009)&
&item137=Failure control#Methodology used to detect imminent hardware or software failure and provide fail safe or fail soft recovery.(CNSSI 4009)&
&item138=Fetch protection#IS hardware provided restriction to prevent a program from accessing data in another userÆs segment of storage.(CNSSI 4009)&
&item139=File protection#Aggregate of processes and procedures designed to inhibit unauthorized access, contamination, elimination, modification, or destruction of a file or any of its contents.(CNSSI 4009)&
&item140=File security#Means by which access to computer files is limited to authorized users only.(CNSSI 4009)&
&item141=Filtering#Filtering is the process of allowing or disallowing traffic based on the packet information.&
&item142=FIREFLY#Key management protocol based on public key cryptography.(CNSSI 4009)&
&item143=Firewall#System designed to defend against unauthorized access to or from a private network.(CNSSI 4009)&
&item144=Firmware#Program recorded in permanent or semipermanent computer memory.(CNSSI 4009)&
&item145=Flaw#Error of commission, omission, or oversight in an IS that may allow protection mechanisms to be bypassed.(CNSSI 4009)&
&item146=Flaw hypothesis methodology#System analysis and penetration technique in which the specification and documentation for an IS are analyzed to produce a list of hypothetical flaws. This list is prioritized on the basis of the estimated probability that a flaw exists on the ease of exploiting it, and on the extent of control or compromise it would provide. The prioritized list is used to perform penetration testing of a system.(CNSSI 4009)&
&item147=Flooding#Type of incident involving insertion of a large volume of data resulting in denial of service.(CNSSI 4009)&
&item148=Formal access approval#Documented approval by a data owner allowing access to a particular category of information.(CNSSI 4009)&
&item149=Formal development methodology#Software development strategy that proves security design specifications.(CNSSI 4009)&
&item150=Formal security policy model#Mathematically precise statement of a security policy. Such a model must define a secure state, an initial state, and how the model represents changes in state. The model must be shown to be secure by proving the initial state is secure and all possible subsequent states remain secure.(CNSSI 4009)&
&item151=Frame#Any data that is sent within a network must be broken down into manageable pieces and encapsulated into frames, which are like envelopes that contain data.&
&item152=Frequency hopping#Repeated switching of frequencies during radio transmission according to a specified algorithm, to minimize unauthorized interception or jamming of telecommunications.(CNSSI 4009)&
&item153=Front-End Security Filter#Security filter logically separated from the remainder of an IS to protect system integrity. Synonymous with firewall.(CNSSI 4009)&
&item155=Functional testing#Segment of security testing in which advertised security mechanisms of an IS are tested under operational conditions.(CNSSI 4009)&
&item156=Gateway#Interface providing a compatibility between networks by converting transmission speeds, protocols, codes, or security measures.(CNSSI 4009)&
&item157=Granularity#Relative fineness to which an access control mechanism can be adjusted.(CNSSI 4009)&
&item158=Guard#Process limiting the exchange of information between systems.(CNSSI 4009)&
&item159=Gypsy verification environment#Integrated set of software tools for specifying, coding, and verifying programs written in the Gypsy language.(CNSSI 4009)&
&item160=Hacker#Unauthorized user who attempts to or gains access to an IS.(CNSSI 4009)&
&item161=Handshaking procedures#Dialogue between two ISÆs for synchronizing, identifying, and authenticating themselves to one another.(CNSSI 4009)&
&item162=Hash total#Value computed on data to detect error or manipulation. See checksum.(CNSSI 4009)&
&item163=Hashing#Computation of a hash total.(CNSSI 4009)&
&item165=Unauthorized Users#Human threats can be both intentional and unintentional.&
&item166=Identification#Process an IS uses to recognize an entity.(CNSSI 4009)&
&item167=Identity token#Smart card, metal key, or other physical object used to authenticate identity.(CNSSI 4009)&
&item168=Identity validation#Tests enabling an IS to authenticate users or resources.(CNSSI 4009)&
&item169=Imitative communications deception#Introduction of deceptive messages or signals into an adversary's telecommunications signals. See communications deception and manipulative communications deception.(CNSSI 4009)&
&item170=Impersonating#Form of spoofing.(CNSSI 4009)&
&item171=Implant#Electronic device or electronic equipment modification designed to gain unauthorized interception of information-bearing emanations.(CNSSI 4009)&
&item172=Inadvertent disclosure#Type of incident involving accidental exposure of information to a person not authorized access.(CNSSI 4009)&
&item173=Incident#(IS)Assessed occurrence having actual or potentially adverse effects on an IS. (COMSEC) Occurrence that potentially jeopardizes the security of COMSEC material or the secure electrical transmission of national security information or information governed by 10 U.S.C. Section 2315.(CNSSI 4009)&
&item174=Incomplete parameter checking#System flaw that exists when the operating system does not check all parameters fully for accuracy and consistency, thus making the system vulnerable to penetration.(CNSSI 4009)&
&item175=Indicator#A recognized action, specific, generalized, or theoretical, that an adversary might be expected to take in preparation for an attack.(CNSSI 4009)&
&item176=Individual accountability#Ability to associate positively the identity of a user with the time, method, and degree of access to an IS.(CNSSI 4009)&
&item177=Information assurance(IA)#Information operations (IO) that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and nonrepudiation. This includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.(CNSSI 4009)&
&item178=Information environment#Aggregate of individuals, organizations, or systems that collect, process, or disseminate information, also included is the information itself.(CNSSI 4009)&
&item179=Information flow control#Procedure to ensure that information transfers within an IS are not made from a higher security level object to an object of a lower security level.(CNSSI 4009)&
&item180=Information operations(IO)#Actions taken to affect adversary information and ISs while defending oneÆs own information and ISs.(CNSSI 4009)&
&item181=Information system(IS)#The entire infrastructure, organization, personnel, and components for the collection, processing, storage, transmission, display, dissemination, and disposition of information.(CNSSI 4009)&
&item182=Information systems security(INFOSECand/orISS)#Protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats.(CNSSI 4009)&
&item183=Information systems security engineering(ISSE)#Effort to achieve and maintain optimal security and survivability of a system throughout its life cycle.(CNSSI 4009)&
&item184=Information systems security manager (ISSM)#Principal advisor on computer security matters.(CNSSI 4009)&
&item185=Information systems security officer (ISSO)#Person responsible to the designated approving authority for ensuring the security of an information system throughout its life cycle, from design through disposal. Synonymous with system security officer.(CNSSI 4009)&
&item186=Information systems security product#Item (chip, module, assembly, or equipment), technique, or service that performs or relates to information systems security.(CNSSI 4009)&
&item187=Inspectable space#Three dimensional space surrounding equipment that process classified and/or sensitive information within which TEMPEST exploitation is not considered practical or where legal authority to identify and/or remove a potential TEMPEST exploitation exists. Synonymous with zone of control.(CNSSI 4009)&
&item188=Integrity#Quality of an IS reflecting the logical correctness and reliability of the operating system; the logical completeness of the hardware and software implementing the protection mechanisms; and the consistency of the data structures and occurrence of the stored data. Note that, in a formal security mode, integrity is interpreted more narrowly to mean protection against unauthorized modification or destruction of information.(CNSSI 4009)&
&item189=Integrity check value#Checksum capable of detecting modification of an IS.(CNSSI 4009)&
&item190=Interface#Common boundary between independent systems or modules where interactions take place.(CNSSI 4009)&
&item191=Interface control document#Technical document describing interface controls and identifying the authorities and responsibilities for ensuring the operation of such controls. This document is baselined during the preliminary design review and is maintained throughout the IS lifecycle.(CNSSI 4009)&
&item192=Interim approval#Temporary authorization granted by a DAA for an IS to process information based on preliminary results of a security evaluation of the system.(CNSSI 4009)&
&item193=Internal security controls#Hardware, firmware, or software features within an IS that restrict access to resources only to authorized subjects.(CNSSI 4009)&
&item194=Internetwork private line interface#Network cryptographic unit that provides secure connections, singularly or in simultaneous multiple connections, between a host and a predetermined set of corresponding hosts.(CNSSI 4009)&
&item195=Internet protocol(IP)#Standard protocol for transmission of data from source to destinations in packet-switched communications networks and interconnected systems of such networks.(CNSSI 4009)&
&item196=Internet Protocol address#An Internet Protocol, or IP, address is a unique 32-bit number that includes both a network number and a host number. Routers use the network number to determine which network the packet is trying to reach. Once a packet arrives at the correct network, the router that receives it forwards it to the network host as identified by the host number in the IP address.&
&item197=Intrusion#Unauthorized act of bypassing the security mechanisms of a system.(CNSSI 4009)&
&item198=Key#Usually a sequence of random or pseudorandom bits used initially to set up and periodically change the operations performed in cryptoequipment for the purpose of encrypting or decrypting electronic signals, or for determining electronic counter-countermeasures patterns, or for producing other key.(CNSSI 4009)&
&item199=Key distribution center(KDC)#COMSEC facility generating and distributing key in electrical form.(CNSSI 4009)&
&item200=Key stream#Sequence of symbols (or their electrical or mechanical equivalents) produced in a machine or auto-manual cryptosystem to combine with plain text to produce cipher text, control transmission security processes, or produce key.(CNSSI 4009)&
&item201=Label#See security label.(CNSSI 4009)&
&item202=Labeled security protections#Elementary-level mandatory access control protection features and intermediate-level discretionary access control features in a TCB that uses sensitivity labels to make access control decisions.(CNSSI 4009)&
&item203=Laboratory attack#Use of sophisticated signal recovery equipment in a laboratory environment to recover information from data storage media.(CNSSI 4009)&
&item204=Least privilege#Principle requiring that each subject be granted the most restrictive set of privileges needed for the performance of authorized tasks. Application of this principle limits the damage that can result from accident, error, or unauthorized use of an IS.(CNSSI 4009)&
&item205=Level of protection#Extent to which protective measures, techniques, and procedures must be applied to ISs and networks based on risk, threat, vulnerability, system interconnectivity considerations, and information assurance needs. Levels of protection are: 1. Basic: IS and networks requiring implementation of standard minimum security countermeasures. 2. Medium: IS and networks requiring layering of additional safeguards above the standard minimum security countermeasures. 3. High: IS and networks requiring the most stringent protection and rigorous security countermeasures.(CNSSI 4009)&
&item206=Line conditioning#Elimination of unintentional signals or noise induced or conducted on a telecommunications or IS signal, power, control, indicator, or other external interface line.(CNSSI 4009)&
&item207=Line conduction#Unintentional signals or noise induced or conducted on a telecommunications or IS signal, power, control, indicator, or other external interface line.(CNSSI 4009)&
&item208=Link State Advertisement#A Link State Advertisement, or LSA, is created when a router uses a link state protocol. The LSA is used to establish a metric that specifies the optimal path for traversing the network. The LSA indicates a neighboring link, describes the status of the link, and indicates the link's "cost."&
&item209=Link State Routing#Link state routing protocols provide more information about the overall network topology. Link state routers only communicate with those routers with which they have a direct link, but they provide a broader range of information than what is provided with distance vector routing.&
&item210=List-oriented#IS protection in which each protected object has a list of all subjects authorized to access it. See also ticket-oriented.(CNSSI 4009)&
&item211=Local Area Network#A Local Area Network, or LAN, consists of a series of computers that share resources within a local geographic area, such as a building or company complex. In addition to computers, the LAN may include other devices, such as servers and printers.&
&item212=Local authority#Organization responsible for generating and signing user certificates.(CNSSI 4009)&
&item213=Lock and key protection system#Protection system that involves matching a key or password with a specific access requirement.(CNSSI 4009)&
&item214=Logic bomb#Resident computer program triggering anunauthorized act when particular states of an IS are realized.(CNSSI 4009)&
&item215=Logical completeness measure#Means for assessing the effectiveness and degree to which a set of security and access control mechanisms meets security specifications.(CNSSI 4009)&
&item216=Low probability of detection#Result of measures used to hide or disguise intentional electromagnetic transmissions.(CNSSI 4009)&
&item217=Low probability of intercept#Result of measures to prevent the intercept of intentional electromagnetic transmissions.(CNSSI 4009)&
&item218=Magnetic remanence#Magnetic representation of residual information remaining on a magnetic medium after the medium has been cleared. See clearing.(CNSSI 4009)&
&item219=Maintenance hook#Special instructions (trapdoors) in software allowing easy maintenance and additional feature development. Since maintenance hooks frequently allow entry into the code without the usual checks, they are a serious security risk if they are not removed prior to live implementation.(CNSSI 4009)&
&item220=Malicious applets#Small application programs automatically downloaded and executed that perform an unauthorized function on an IS.(CNSSI 4009)&
&item221=Malicious code#Software or firmware capable of performing an unauthorized process on an IS.(CNSSI 4009)&
&item222=Malicious logic#Hardware, software, or firmware capable of performing an unauthorized function on an IS.(CNSSI 4009)&
&item223=Mandatory access control(MAC)#Means of restricting access to objects based on the sensitivity of the information contained in the objects and the formal authorization (i.e., clearance, formal access approvals, and need-to-know) of subjects to access information of such sensitivity. See discretionary access control.(CNSSI 4009)&
&item224=Manipulative communications deception#Alteration or simulation of friendly telecommunications for the purpose of deception. See communications deception and imitative communications deception.(CNSSI 4009)&
&item225=Masquerading#Form of spoofing.(CNSSI 4009)&
&item226=Media Access Control address#A Media Access Control, or MAC, address is a unique 48-bit number that is assigned to every device on the network. The destination address in the header of the frame correlates with the MAC address assigned to a device. Frames identify their target within a LAN according to the MAC address.&
&item227=Memory scavenging#The collection of residual information from data storage.(CNSSI 4009)&
&item228=Message authentication code#Data associated with an authenticated message allowing a receiver to verify the integrity of the message.(CNSSI 4009)&
&item229=Message externals#Information outside of the message text, such as the header, trailer, etc.(CNSSI 4009)&
&item230=Metropolitan Area Network#A Metropolitan Area Network, or MAN, is like a Local Area Network, except it connects users within a larger geographic area. A MAN can be formed in one of two ways. Networks within an area such as a city can be linked together to form a single, large network. A MAN can also be created by joining several LANs together. This second type of MAN is called a campus network.&
&item231=Mimicking#Form of spoofing.(CNSSI 4009)&
&item232=Mode of operation#Description of the conditions under which an IS operates based on the sensitivity of information processed and the clearance levels, formal access approvals, and need-to-know of its users. Four modes of operation are authorized for processing or transmitting information: dedicated mode, systemhigh mode, compartmented/partitioned mode, and multilevel mode.(CNSSI 4009)&
&item233=Multilevel device#Equipment trusted to properly maintain and separate data of different security categories.(CNSSI 4009)&
&item234=Multilevel mode#INFOSEC mode of operation wherein all the following statements are satisfied concerning the users who have direct or indirect access to the system, its peripherals, remote terminals, or remote hosts: a. some users do not have a valid security clearance for all the information processed in the IS; b. all users have the proper security clearance and appropriate formal access approval for that information to which they have access; and c. all users have a valid need-to-know only for information to which they have access.(CNSSI 4009)&
&item235=Multilevel security(MLS)#Concept of processing information with different classifications and categories that simultaneously permits access by users with different security clearances and denies access to users who lack authorization.(CNSSI 4009)&
&item236=Mutual suspicion#Condition in which two ISÆs need to rely upon each other to perform a service, yet neither trusts the other to properly protect shared data.(CNSSI 4009)&
&item237=National security information(NSI)#Information that has been determined, pursuant to Executive Order 12958 or any predecessor order, to require protection against unauthorized disclosure.(CNSSI 4009)&
&item238=National security system#Any telecommunications or information system operated by the United States Government, the function, operation, or use of which: 1. involves intelligence activities; 2. involves cryptologic activities related to national security; 3. involves command and control of military forces; 4. involves equipment that is an integral part of a weapon or weapon system; or 5. is critical to the direct fulfillment of military or intelligence missions and does not include a system that is to be used for routine administrative and business applications (including payroll, finance, logistics, and personnel management applications). (Title 40 U.S.C. Section1452, Information Technology Management Reform Act of 1996.)(CNSSI 4009)&
&item239=Natural Threat#A network threat that includes hazards inherent in a networkÆs physical environment, such as poor wiring or insufficient cooling. Natural threats also consist of dangers in the natural environment, such as lightning, fire, hurricanes, and tornados.&
&item240=Need-to-know#The necessity for access to, or knowledge or possession of, specific information required to carry out official duties.(CNSSI 4009)&
&item241=Network#A network is a collection of interconnected computers and their components that works together to exchange information.&
&item242=Network Address Translation#Network Address Translation, or NAT, is a software application that allows a single IP address to represent a group of computers. When NAT receives a data packet from the internal network, it is repackaged and a new IP address is added before it is sent out to the external network.&
&item243=Network front-end#Device implementing protocols that allow attachment of a computer system to a network.(CNSSI 4009)&
&item247=Network security officer#See information systems security officer.(CNSSI 4009)&
&item248=Network Security Policy#A network security policy is a key component to an all-encompassing program for ensuring network security and protecting against attacks. The network security policy documents an organizationÆs approach to maintaining security and provides procedures for handling incidents and violations.&
&item249=Network sponsor#Individual or organization responsible for stating the security policy enforced by the network, designing the network security architecture to properly enforce that policy, and ensuring the network is implemented in such a way that the policy is enforced.(CNSSI 4009)&
&item250=Network system#System implemented with a collection of interconnected components. A network system is based on a coherent security architecture and design.(CNSSI 4009)&
&item251=Network trusted computing base(NTCB)#Totality of protection mechanisms within a network, including hardware, firmware, and software, the combination of which is responsible for enforcing a security policy. See trusted computing base.(CNSSI 4009)&
&item252=Network trusted computing base (NTCB) partition#Totality of mechanisms within a single network component for enforcing the network policy, as allocated to that component; the part of the NTCB within a single network component.(CNSSI 4009)&
&item253=Network weaving#Penetration technique in which different communication networks are linked to access an IS to avoid detection and trace-back.(CNSSI 4009)&
&item254=Nonrepudiation#Assurance the sender of data is provided with proof of delivery and the recipient is provided with proof of the senderÆs identity, so neither can later deny having processed the data.(CNSSI 4009)&
&item255=Null#Dummy letter, letter symbol, or code group inserted into an encrypted message to delay or prevent its decryption or to complete encrypted groups for transmission or transmission security purposes.(CNSSI 4009)&
&item256=Object#Passive entity containing or receiving information. Access to an object implies access to the information it contains.(CNSSI 4009)&
&item257=Object reuse#Reassignment and re-use of a storage medium containing one or more objects after ensuring noresidual data remains on the storage medium.(CNSSI 4009)&
&item258=Open storage#Storage of classified information within an accredited facility, but not in General Services Administration approved secure containers, while the facility is unoccupied by authorized personnel.(CNSSI 4009)&
&item259=Open Systems Interconnection model#The Open Systems Interconnection, or OSI, model describes how data passes from a software application in one computer through network media to a software application in another computer. Central to the OSI model is the idea that the process of communication between two endpoints in a network is divided into seven layers. Each layer contributes its own special but related functions. The International Organization for Standardization, or ISO, recognizes the OSI model as the standard for allowing communications among various operating systems.&
&item260=Operational data security(C.F.D)#Protection of data from either accidental or unauthorized intentional modification, destruction, or disclosure during input, processing, storage, transmission, or output operations.(CNSSI 4009)&
&item261=Operations code#Code composed largely of words and phrases suitable for general communications use.(CNSSI 4009)&
&item262=Operations security (OPSEC)#Process denying information to potential adversaries about capabilities and/or intentions by identifying, controlling, and protecting unclassified generic activities.(CNSSI 4009)&
&item263=Orange Book(C.F.D)#The DoD Trusted Computer System Evaluation Criteria (DoD 5200.28-STD).(CNSSI 4009)&
&item264=Organizational maintenance#Limited maintenance performed by a user organization.(CNSSI 4009)&
&item265=Organizational registration authority(ORA)#Entity within the PKI that authenticates the identity and the organizational affiliation of the users.(CNSSI 4009)&
&item266=Overt channel#Communications path within a computer system or network designed for the authorized transfer of data. See covert channel.(CNSSI 4009)&
&item267=Overwrite procedure#Process of writing patterns of data on top of the data stored on a magnetic medium.(CNSSI 4009)&
&item268=Packet#Packets are similar to frames, except packets travel outside the LAN between devices that do not necessarily share a common configuration.
&item269=Packet Fragment Attack#Packet fragment attacks occur when an intruder alters packets by removing header information or hiding system commands within multiple packet fragments. Without correct header information, the destination computer is unable to assemble the packets correctly. Unauthorized system commands can be transmitted through a firewall by splitting one command into multiple packet fragments.&
&item270=Packet Filtering Firewall#A packet filtering firewall, also known as a screening router, is the most basic firewall to implement. This type of firewall examines the header of every packet as it travels within the network or between networks to determine which packets should be blocked.&
&item271=Packet Switched Routing#Packet switching relies on the information contained in packet headers to direct packets to their destination. Instead of connecting directly to a specific network to deliver packets, routers can send packets for multiple destinations over a single connection to a network or to the Internet.&
&item272=Parity#Bit(s) used to determine whether a block of data has been altered.(CNSSI 4009)&
&item273=Partitioned security mode#IS security mode of operation wherein all personnel have the clearance, but not necessarily formal access approval and need-to-know, for all information handled by an IS.(CNSSI 4009)&
&item274=Password#Protected/private alphanumeric string used to authenticate an identity or to authorize access to data.(CNSSI 4009)&
&item275=Penetration#See intrusion.(CNSSI 4009)&
&item276=Penetration testing#Security testing in which evaluators attempt to circumvent the security features of a system based on their understanding of the system design and implementation.(CNSSI 4009)&
&item277=Periods processing#Processing of various levels of classified and unclassified information at distinctly different times. Under the concept of periods processing, the system must be purged of all information from one processing period before transitioning to the next.(CNSSI 4009)&
&item278=Plug-ins#Plug-ins are programs that can be installed to enhance web functionality. However, they can pose a security risk. Once installed, plug-ins have full access to the data on any machine that connects to the Internet.&
&item279=Policy approving authority(PAA)#First level of the PKI Certification Management Authority that approves the security policy of each PCA.(CNSSI 4009)&
&item280=Policy certification authority(PCA)#Second level of the PKI Certification Management Authority that formulates the security policy under which it and its subordinate CAs will issue public key certificates.(CNSSI 4009)&
&item281=Preproduction model#Version of INFOSEC equipment employing standard parts and suitable for complete evaluation of form, design, and performance. Preproduction models are often referred to as beta models.(CNSSI 4009)&
&item282=Print suppression#Eliminating the display of characters in order to preserve their secrecy.(CNSSI 4009)&
&item283=Privacy system#Commercial encryption system that affords telecommunications limited protection to deter a casual listener, but cannot withstand a technically competent cryptanalytic attack.(CNSSI 4009)&
&item284=Privileged access#Explicitly authorized access of a specific user, process, or computer to a computer resource(s).(CNSSI 4009)&
&item285=Probe#Type of incident involving an attempt to gather information about an IS for the apparent purpose of circumventing its security controls.(CNSSI 4009)&
&item286=Production model#INFOSEC equipment in its final mechanical and electrical form.(CNSSI 4009)&
&item287=Proprietary information#Material and information relating to or associated with a companyÆs products, business, or activities, including but not limited to financial information; data or statements; trade secrets; product research and development; existing and future product designs and performance specifications; marketing plans or techniques; schematics; client lists; computer programs; processes; and know-how that have been clearly identified and properly marked by the company as proprietary information, trade secrets, or company confidential information. The information must have been developed by the company and not be available to the Government or to the public without restriction from another source.(CNSSI 4009)&
&item288=Protection philosophy#Informal description of the overall design of an IS delineating each of the protection mechanisms employed. Combination of formal and informal techniques, appropriate to the evaluation class, used to show the mechanisms are adequate to enforce the security policy.(CNSSI 4009)&
&item289=Protection ring#One of a hierarchy of privileged modes of an IS that gives certain access rights to user programs and processes that are authorized to operate in a given mode.(CNSSI 4009)&
&item290=Protective packaging#Packaging techniques for COMSEC material that discourage penetration, reveal a penetration has occurred or was attempted, or inhibit viewing or copying of keying material prior to the time it is exposed for use.(CNSSI 4009)&
&item291=Protective technologies#Special tamper-evident features and materials employed for the purpose of detecting tampering and deterring attempts to compromise, modify, penetrate, extract, or substitute information processing equipment and keying material.(CNSSI 4009)&
&item292=Protocol#Routing tasks are handled by protocols. A protocol is a set of guidelines that determine how devices communicate.&
&item293=Proxy#Software agent that performs a function or operation on behalf of another application or system while hiding the details involved.(CNSSI 4009)&
&item294=proxy firewall#A proxy firewall acts as a middleman between two networks, the originator and the destination. When the user sends a packet, it is intercepted by the proxy firewall. The proxy firewall impersonates the destination computer and accepts the request on behalf of the computer it is protecting. If the proxy decides the packet is safe, it sends it on to the destination computer. When the destination computer receives the data, it sends a reply packet back to the proxy firewall. This packet is repackaged by the proxy firewall using its own source address. The reply packet is sent back to the originator to acknowledge the receipt of the data.&
&item295=Public cryptography(C.F.D.)#Body of cryptographic and related knowledge, study, techniques, and applications that is, or is intended to be, in the public domain.&
&item296=Public key cryptography(PKC)#Encryption system using a linked pair of keys. What one key encrypts, the other key decrypts.(CNSSI 4009)&
&item297=Public key infrastructure(PKI)#Framework established to issue, maintain, and revoke public key certificates accommodating a variety of security technologies, including the use of software.(CNSSI 4009)&
&item298=Purging#Rendering stored information unrecoverable. See sanitize.(CNSSI 4009)&
&item299=Rainbow series(C.F.D.)#Set of publications that interpret Orange Book requirements for trusted systems.(CNSSI 4009)&
&item300=Read#Fundamental operation in an IS that results only in the flow of information from an object to a subject.(CNSSI 4009)&
&item301=Read access#Permission to read information in an IS.(CNSSI 4009)&
&item302=Real time reaction#Immediate response to a penetration attempt that is detected and diagnosed in time to prevent access.(CNSSI 4009)&
&item303=Recovery procedures#Actions necessary to restore data files of an IS and computational capability after a system failure.(CNSSI 4009)&
&item304=RED#Designation applied to an IS, and associated areas, circuits, components, and equipment in which unencrypted national security information is being processed.(CNSSI 4009)&
&item305=RED/BLACK concept#Separation of electrical and electronic circuits, components, equipment, and systems that handle national security information (RED), in electrical form, from those that handle non-national security information (BLACK) in the same form.(CNSSI 4009)&
&item306=Red team#Independent and focused threat-based effort by an interdisciplinary, simulated adversary to expose and exploit vulnerabilities as a means to improve the security posture of ISs.(CNSSI 4009)&
&item307=RED signal#Any electronic emission (e.g., plain text, key, key stream, subkey stream, initial fill, or control signal) that would divulge national security information if recovered.(CNSSI 4009)&
&item308=Reference monitor#Access control concept referring to an abstract machine that mediates all accesses to objects by subjects.(CNSSI 4009)&
&item309=Reference validation mechanism#Portion of a trusted computing base whose normal function is to control access between subjects and objects and whose correct operation is essential to the protection of data in the system.(CNSSI 4009)&
&item310=Remanence#Residual information remaining on storage media after clearing. See magnetic remanence and clearing.(CNSSI 4009)&
&item311=Repeater#Repeaters regenerate data to preserve its integrity as it moves through the LAN. This helps prevent data from being lost or degraded and can extend the size of a LAN.&
&item312=Residual risk#Portion of risk remaining after security measures have been applied.(CNSSI 4009)&
&item313=Residue#Data left in storage after information processing operations are complete, but before degaussing or overwriting has taken place.(CNSSI 4009)&
&item314=Resource encapsulation#Method by which the reference monitor mediates accesses to an IS resource. Resource is protected and not directly accessible by a subject. Satisfies requirement for accurate auditing of resource usage.(CNSSI 4009)&
&item315=Risk#Possibility that a particular threat will adversely impact an IS by exploiting a particular vulnerability.(CNSSI 4009)&
&item316=Risk analysis#Examination of information to identify the risk to an IS.(CNSSI 4009)&
&item317=Risk assessment#Formal description and evaluation of risk to an IS.(CNSSI 4009)&
&item318=Risk index#Difference between the minimum clearance or authorization of IS users and the maximum sensitivity (e.g., classification and categories) of data processed by the system.(CNSSI 4009)&
&item319=Risk management#Process of identifying and applying countermeasures commensurate with the value of the assets protected based on a risk assessment.(CNSSI 4009)&
&item320=Robustness#Robustness is the level of protective measures, techniques, and procedures that must be applied to information systems and networks based on risk, threat, vulnerability, system interconnectivity considerations, and information assurance needs.&
&item321=Router#The router operates at the Network layer of the OSI model and is the essential communications link between independent networks. The router packages data so it can travel between networks and maps out a path to get the data to its destination. A router also receives incoming traffic and directs it to the hosts on the internal network.&
&item322=Routed Protocol#Routed protocols interpret the logical network and prepare, exchange, and forward packets from network to network.&
&item323=Routing#Routing is the process of establishing the best paths between networks and then transferring information between destinations along these paths.&
&item324=Routing Protocol#Routing protocols use algorithms to determine the best path to take to reach the target destination.&
&item325=Routing Table#As routers exchange information with each other and other networks, routing tables are developed. Routers record network addresses and use this information to determine the best path to reach another network.&
&item326=Safeguarding statement#Statement affixed to a computer output or printout that states the highest classification being processed at the time the product was produced and requires control of the product, at that level, until determination of the true classification by an authorized person. Synonymous with banner.(CNSSI 4009)&
&item327=Sanitize#Process to remove information from media such that data recovery is not possible. It includes removing all classified labels, markings, and activity logs. See purging.(CNSSI 4009)&
&item328=Scavenging#Searching through object residue to acquire data.(CNSSI 4009)&
&item329=Screened Subnet (DMZ) Architecture#The Screened Subnet (DMZ) Architecture consists of a host that is set up as a gateway with three NICs. One is connected to the external network through a router, one is connected to the internal network, and one is connected to a demilitarized zone, or DMZ.&
&item330=Script Kiddy#A novice hacker who uses preprogrammed routines, called scripts, and tools obtained from other hackers or the Internet to take advantage of weaknesses and vulnerabilities in operating systems or software.&
&item331=Secure operating system(C.F.D.)#Resident software controlling hardware and other software functions in an IS to provide a level of protection or security appropriate to the classification, sensitivity, and/or criticality of the data and resources it manages.(CNSSI 4009)&
&item332=Secure state#Condition in which no subject can access any object in an unauthorized manner.(CNSSI 4009)&
&item333=Secure subsystem#Subsystem containing its own implementation of the reference monitor concept for those resources it controls. Secure subsystem must depend on other controls and the base operating system for the control of subjects and the more primitive system objects.(CNSSI 4009)&
&item334=Security fault analysis(SFA)#Assessment, usually performed on IS hardware, to determine the security properties of a device when hardware fault is encountered.(CNSSI 4009)&
&item335=Security features users guide(SFUG)#Guide or manual explaining how the security mechanisms in a specific system work.(CNSSI 4009)&
&item336=Security filter#IS trusted subsystem that enforces security policy on the data passing through it.(CNSSI 4009)&
&item337=Security flaw(C.F.D.)#Error of commission or omission in an IS that may allow protection mechanisms to be bypassed. See vulnerability.(CNSSI 4009)&
&item338=Security inspection#Examination of an IS to determine compliance with security policy, procedures, and practices.(CNSSI 4009)&
&item339=Security label#Information representing the sensitivity of a subject or object, such as its hierarchical classification (CONFIDENTIAL, SECRET, TOP SECRET) together with any applicable nonhierarchical security categories (e.g., sensitive compartmented information, critical nuclear weapon design information).(CNSSI 4009)&
&item340=Security net control station#Management system overseeing and controlling implementation of network security policy.(CNSSI 4009)&
&item341=Security perimeter#All components/devices of an IS to be accredited. Separately accredited components generally are not included within the perimeter.(CNSSI 4009)&
&item342=Security policy#See information systems security policy.(CNSSI 4009)&
&item343=Security range#Highest and lowest security levels that are permitted in or on an IS, system component, subsystem, or network.(CNSSI 4009)&
&item344=Security requirements#Types and levels of protection necessary for equipment, data, information, applications, and facilities to meet IS security policy.(CNSSI 4009)&
&item345=Security requirements baseline#Description of the minimum requirements necessary for an IS to maintain an acceptable level of security.(CNSSI 4009)&
&item346=Security safeguards#Protective measures and controls prescribed to meet the security requirements specified for an IS. Safeguards may include security features, management constraints, personnel security, and security of physical structures, areas, and devices. See accreditation.(CNSSI 4009)&
&item347=Security specification#Detailed description of the safeguards required to protect an IS.(CNSSI 4009)&
&item348=Security test and evaluation(ST&E)#Examination and analysis of the safeguards required to protect an IS, as they have been applied in an operational environment, to determine the security posture of that system.(CNSSI 4009)&
&item349=Security testing#Process to determine that an IS protects data and maintains functionality as intended.(CNSSI 4009)&
&item350=Sensitive information#Information the loss, misuse, or unauthorized access to or modification of which could adversely affect the national interest or the conduct of federal programs, or the privacy to which individuals are entitled under 5 U.S.C. Section 552a (the Privacy Act), but that has not been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy. (Systems that are not national security systems, but contain sensitive information, are to be protected in accordance with the requirements of the Computer Security Act of 1987 (P.L.100-235).)(CNSSI 4009)&
&item351=Sensitivity label#Information representing elements of the security label(s) of a subject and an object. Sensitivity labels are used by the trusted computing base (TCB) as the basis for mandatory access control decisions.(CNSSI 4009)&
&item352=Shielded enclosure#Room or container designed to attenuate electromagnetic radiation.(CNSSI 4009)&
&item353=Single-level device(C.F.D.)#IS device not trusted to properly maintain and separate data to different security levels.(CNSSI 4009)&
&item354=Sniffer#Software tool for auditing and identifying network traffic packets.(CNSSI 4009)&
&item355=Sniffing#Sniffing attacks occur when an intruder uses canned scripts or tools to steal unencrypted data such as e-mail.&
&item356=Social Engineering#Social engineering is an intentional human threat, whereby an individual uses weaknesses in human nature, rather than software, to trick people into revealing passwords and other information that can be used to compromise the security of their systems.&
&item357=Software system test and evaluation process#Process that plans, develops, and documents the quantitative demonstration of the fulfillment of all baseline functional performance, operational, and interface requirements.(CNSSI 4009)&
&item358=Split knowledge#Separation of data or information into two or more parts, each part constantly kept under control of separate authorized individuals or teams so that no one individual or team will know the whole data.(CNSSI 4009)&
&item359=Spoofing#Unauthorized use of legitimate Indentification and Authentication (IA) data, however it was obtained, to mimic a subject different from the attacker. Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing.(CNSSI 4009)&
&item360=Spread spectrum#Telecommunications techniques in which a signal is transmitted in a bandwidth considerably greater than the frequency content of the original information. Frequency hopping, direct sequence spreading, time scrambling, and combinations of these techniques are forms of spread spectrum.(CNSSI 4009)&
&item361=Stateful Inspection Firewall#Stateful inspection firewalls use packet filtering to determine which packets should be blocked. They also examine the contents of a packet through the Application layer of the OSI model. Stateful inspection firewalls also monitor the state of a connection and compile this information into a state table. This adds a level of security by tracking each packet and its destination until the connection is closed.&
&item362=State variable#Variable representing either the state of an IS or the state of some system resource.(CNSSI 4009)&
&item363=Static Routing#With static routing, routing tables are configured manually by entering address information.&
&item364=Storage object#An object supporting both read and write accesses to an IS.(CNSSI 4009)&
&item365=Subassembly#Major subdivision of an assembly consisting of a package of parts, elements, and circuits that perform a specific function.(CNSSI 4009)&
&item366=Subject#Generally a person, process, or device causing information to flow among objects or change to the system state.(CNSSI 4009)&
&item367=Subject security level#Sensitivity label(s) of the objects to which the subject has both read and write access. Security level of a subject must always be dominated by the clearance level of the user associated with the subject.(CNSSI 4009)&
&item368=Supervisor state#Synonymous with executive state of an operating system.(CNSSI 4009)&
&item369=Suppression measure#Action, procedure, modification, or device that reduces the level of, or inhibits the generation of, compromising emanations in an IS.(CNSSI 4009)&
&item371=Switch#Switches connect enclaves within a network and often function as a hub. A hub is a central point where network data converges and is then forwarded to designated hosts. Switches work with routers to forward incoming data by identifying designated network hosts.&
&item372=System administrator(SA)#Individual responsible for the installation and maintenance of an IS, providing effective IS utilization, adequate security parameters, and sound implementation of established INFOSEC policy and procedures.(CNSSI 4009)&
&item373=System assets#Any software, hardware, data, administrative, physical, communications, or personnel resource within an IS.(CNSSI 4009)&
&item374=System methodologies development#Methodologies developed through software engineering to manage the complexity of system development. Development methodologies include software engineering aids and high-level design analysis tools.(CNSSI 4009)&
&item375=System high#Highest security level supported by an IS.(CNSSI 4009)&
&item376=System high mode#IS security mode of operation wherein each user, with direct or indirect access to the IS, its peripherals, remote terminals, or remote hosts, has all of the following: a. valid security clearance for all information within an IS; b. formal access approval and signed nondisclosure agreements for all the information stored and/or processed (including all compartments, subcompartments and/or special access programs); and c. valid need-to-know for some of the information contained within the IS.(CNSSI 4009)&
&item377=System integrity#Attribute of an IS when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.(CNSSI 4009)&
&item378=System low#Lowest security level supported by an IS.(CNSSI 4009)&
&item379=System profile#Detailed security description of the physical structure, equipment component, location, relationships, and general operating environment of an IS.(CNSSI 4009)&
&item380=System security#See information systems security.(CNSSI 4009)&
&item381=System security engineering#See information systems security.(CNSSI 4009)&
&item382=System security evaluation(C.F.D.)#Risk assessment of a system, considering its vulnerabilities and perceived security threat.(CNSSI 4009)&
&item383=System security management plan (C.F.D.)#Formal document fully describing the responsibilities for security tasks planned to meet system security requirements.(CNSSI 4009)&
&item384=System security officer#See information system security officer.(CNSSI 4009)&
&item385=System security plan(C.F.D.)#Formal document fully describing the planned security tasks required to meet system security requirements.(CNSSI 4009)&
&item386=Tampering#Unauthorized modification altering the proper functioning of INFOSEC equipment.(CNSSI 4009)&
&item387=Telecommunications#Preparation, transmission, communication, or related processing of information (writing, images, sounds, or other data) by electrical, electromagnetic, electromechanical, electro-optical, or electronic means.(CNSSI 4009)&
&item388=Telecommunications security(TSEC)#See information systems security.(CNSSI 4009)&
&item389=TEMPEST#Short name referring to investigation, study, and control of compromising emanations from IS equipment.(CNSSI 4009)&
&item390=TEMPEST test#Laboratory or on-site test to determine the nature of compromising emanations associated with an IS.(CNSSI 4009)&
&item391=TEMPEST zone#Designated area within a facility where equipment with appropriate TEMPEST characteristics (TEMPEST zone assignment) may be operated.(CNSSI 4009)&
&item392=Threat#Any circumstance or event with the potential to adversely impact an IS through unauthorized access, destruction, disclosure, modification of data, and/or denial of service.(CNSSI 4009)&
&item393=Threat analysis#Examination of information to identify the elements comprising a threat.(CNSSI 4009)&
&item394=Threat assessment#Formal description and evaluation of threat to an IS.(CNSSI 4009)&
&item395=Threat monitoring#Analysis, assessment, and review of audit trails and other information collected for the purpose of searching out system events that may constitute violations of system security.(CNSSI 4009)&
&item396=Ticket-oriented#IS protection system in which each subject maintains a list of unforgeable bit patterns called tickets, one for each object a subject is authorized to access. See list-oriented(CNSSI 4009)&
&item397=Time bomb#Resident computer program that triggers an unauthorized act at a predefined time.(CNSSI 4009)&
&item398=Time-compliance date#Date by which a mandatory modification to a COMSEC end-item must be incorporated if the item is to remain approved for operational use.(CNSSI 4009)&
&item399=Time-dependent password#Password that is valid only at a certain time of day or during a specified interval of time.(CNSSI 4009)&
&item400=Traditional COMSEC program#Program in which NSA acts as the central procurement agency for the development and, in some cases, the production of INFOSEC items. This includes the Authorized Vendor Program. Modifications to the INFOSEC end-items used in products developed and/or produced under these programs must be approved by NSA.(CNSSI 4009)&
&item401=Traffic analysis(TA)#Study of communications patterns.(CNSSI 4009)&
&item402=Traffic padding#Generation of spurious communications or data units to disguise the amount of real data units being sent.(CNSSI 4009)&
&item403=Tranquility#Property whereby the security level of an object cannot change while the object is being processed by an IS.(CNSSI 4009)&
&item404=Transmission Control Protocol/Internet Protocol#The most commonly used routed protocol is the Transmission Control Protocol/Internet Protocol, known as TCP/IP. The Internet Protocol, or IP, is responsible for routing the data and allowing networks to communicate despite differences in configuration or physical environment. The Transmission Control Protocol, or TCP, is a protocol built on top of IP. TCP breaks the data into packets and recombines them once they reach their destination.&
&item405=Transmission security(TRANSEC)#Component of COMSEC resulting from the application of measures designed to protect transmissions from interception and exploitation by means other than cryptanalysis.(CNSSI 4009)&
&item406=Trap door#Synonymous with back door.(CNSSI 4009)&
&item407=Trojan horse#Program containing hidden code allowing the unauthorized collection, falsification, or destruction of information. See malicious code.(CNSSI 4009)&
&item408=Trusted computer system#IS employing sufficient hardware and software assurance measures to allow simultaneous processing of a range of classified or sensitive information.(CNSSI 4009)&
&item409=Trusted computing base(TCB)#Totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination responsible for enforcing a security policy.(CNSSI 4009)&
&item410=Trusted distribution#Method for distributing trusted computing base (TCB) hardware, software, and firmware components that protects the TCB from modification during distribution.(CNSSI 4009)&
&item411=Trusted identification forwarding#Identification method used in IS networks whereby the sending host can verify an authorized user on its system is attempting a connection to another host. The sending host transmits the required user authentication information to the receiving host.(CNSSI 4009)&
&item412=Trusted path#Mechanism by which a person using a terminal can communicate directly with the trusted computing base (TCB). Trusted path can only be activated by the person or the TCB and cannot be imitated by untrusted software.(CNSSI 4009)&
&item413=Trusted process#Process that has privileges to circumvent the system security policy and has been tested and verified to operate only as intended.(CNSSI 4009)&
&item414=Trusted recovery#Ability to ensure recovery without compromise after a system failure.(CNSSI 4009)&
&item415=Trusted software#Software portion of a trusted computing base(TCB).(CNSSI 4009)&
&item416=Tunneling#Technology enabling one network to send its data via another networkÆs connections. Tunneling works by encapsulating a network protocol within packets carried by the second network.(CNSSI 4009)&
&item417=Unauthorized disclosure#Type of event involving exposure of information to individuals not authorized to receive it.(CNSSI 4009)&
&item418=Unclassified#Information that has not been determined pursuant to E.O. 12958 or any predecessor order to require protection against unauthorized disclosure and that is not designated as classified.(CNSSI 4009)&
&item419=Untrusted process#Process that has not been evaluated or examined for adherence to the security policy. It may include incorrect or malicious code that attempts to circumvent the security mechanisms.(CNSSI 4009)&
&item420=User#Person or process authorized to access an IS.(CNSSI 4009)&
&item421=User ID#Unique symbol or character string used by an IS to identify a specific user.(CNSSI 4009)&
&item422=User profile#Patterns of a user's activity that can show changes from normal behavior.(CNSSI 4009)&
&item423=Validation#Process of applying specialized security test and evaluation procedures, tools, and equipment needed to establish acceptance for joint usage of an IS by one or more departments or agencies and their contractors.(CNSSI 4009)&
&item424=Verification#Process of comparing two levels of an IS specification for proper correspondence (e.g., security policy model with top-level specification, top-level specification with source code, or source code with object code).(CNSSI 4009)&
&item425=Verified design(C.F.D.)#Computer protection class in which formal security verification methods are used to assure mandatory and discretionary security controls can effectively protect classified and sensitive information stored in, or processed by, the system.(CNSSI 4009)&
&item426=Virtual password(C.F.D.)#IS password computed from a passphrase meeting the requirements of password storage (e.g., 64 bits).(CNSSI 4009)&
&item427=Virtual private network(VPN)#Protected IS link utilizing tunneling, security controls (see information assurance), and endpoint address translation giving the impression of a dedicated line.(CNSSI 4009)&
&item428=Virus#Self-replicating, malicious code that attaches itself to an application program or other executable system component and leaves no obvious signs of its presence.(CNSSI 4009)&
&item429=Vulnerability#Weakness in an IS, system security procedures, internal controls, or implementation that could be exploited.(CNSSI 4009)&
&item430=Vulnerability analysis#Examination of information to identify the elements comprising a vulnerability.(CNSSI 4009)&
&item431=Vulnerability assessment#Formal description and evaluation of vulnerabilities of an IS.(CNSSI 4009)&
&item432=Wide Area Network#A Wide Area Network, or WAN, is a network dispersed over a large or global geographic area. WANs often consist of a collection of smaller networks, such as LANs and MANs. WANs may connect public and private shared networks.&
&item433=Work factor#Estimate of the effort or time needed by a potential perpetrator, with specified expertise and resources, to overcome a protective measure.(CNSSI 4009)&
&item434=Worm#See malicious code.(CNSSI 4009)&
&item435=Write#Fundamental operation in an IS that results only in the flow of information from a subject to an object. See access type.(CNSSI 4009)&
&item436=Write access#Permission to write to an object in an IS.(CNSSI 4009)&
&item437=Zero fill#To fill unused storage locations in an IS with the representation of the character denoting "0."(CNSSI 4009)&
&item438=Zone of control#Synonymous with inspectable space.(CNSSI 4009)&
