Computer Security Terms
A specific type of interaction between a subject and an object that results in the flow of information
from one to the other.
The process of limiting access to the resources of a system only to authorized programs, processes,
or other systems (in a network). Synonymous with controlled access and limited access.
A formal declaration by the designated approving authority (DAA) that the automated information
system (AIS) is approved to operate in a particular security mode using a prescribed sete of
safeguards. Accreditation is the official management authorization for operation of an AIS and is
based on the certification process as well as other management considerations. The accreditation
statement affixes security responsibility with the DAA and shows that due care has been taken for
A measure of confidence that the security features and architecture of an AIS accurately mediate
and enforce the security policy. Compare with trusted computer system.
A chronological record of system activities that is sufficient to enable the reconstruction, reviewing,
and examination of the sequence of environments and activities surrounding or leading to an
operation, a procedure, or an event in a transaction from its inception to final results.
1.To verify the identity of a user, device, or other entity in a computer system, often as a
prerequisite to allowing access to resources in a system.
2.To verify the integrity of data that have been stored, transmitted, or otherwise exposed to
possible unauthorized modification.
The granting of acccess rights to a user, program, or process.
Automated Information System
An assembly of computer hardware, software, and/or firmware configured to collect, create,
communicate, compute, disseminate, process, store, and/or control data or information.
The state when data is in the place needed by [or accessible to] the user, at the time the user needs
them, and in the form needed by the user.
Procedure for identifying a remote AIS terminal, wherebythe host system disconnects the caller and then dials the authorizedtelephone number of the remote terminal to re-establish the connection.
Call Sign Cipher
Cryptosystem used to encipher/decipher call signs, addressgroups, and address indicating groups.
Type of protective package used to contain and dispensekey in punched or printed tape form.
Unforgeable ticket that provides incontestable proofthat the presenter is authorized access to the object named inthe ticket.
AIS in which access to protected objects is granted ifthe subject possesses a capability for the object.
Restrictive label that has been applied to both classifiedand unclassified data, thereby increasing the requirement forprotection of, and restricting the access to, the data. NOTE:Examples include sensitive compartmented information, proprietaryinformation, and North Atlantic Treaty Organization information.Individuals are granted access to special category informationonly after being granted formal access authorization.
Device embodying a cryptographic logic or other COMSECdesign that the National Security Agency has approved as a controlledcryptographic item and performs the entire COMSEC function, butis dependent upon the host equipment to operate.
Device embodying a cryptographic logic or other COMSECdesign, which the National Security Agency has approved as a controlledcryptographic item, that does not perform the entire COMSEC functionand is dependent upon the host equipment or assembly to completeand operate the COMSEC function.
Telecommunications or information handling equipmentthat embodies a controlled cryptographic item component or controlledcryptographic item assembly and performs the entire COMSEC functionwithout dependence on a host equipment to operate.
Comprehensive evaluation of the technical and nontechnicalsecurity features of an AIS and other safeguards, made in supportof the accreditation process, to establish the extent to whicha particular design and implementation meets a set of specifiedsecurity requirements.
Certified TEMPEST Technical Authority
U.S. Government or U.S. Government contractor employeedesignated to review the TEMPEST countermeasures programs of afederal department or agency.
Challenge and Reply Authentication
Prearranged procedure in which one communicator requestsauthentication of another and the latter establishes his/her validitywith a correct reply.
Value computed, via some parity or hashing algorithm,on information requiring protection against error or manipulation.NOTE: Checksums are stored or transmitted with data and are intendedto detect data integrity problems.
Cipher text generated by a cryptographic logic to detectfailures in the cryptography.
Cryptographic system in which units of plain text aresubstituted according to a predetermined key.
Cipher Text Auto-Key
Cryptographic logic which uses previous cipher text togenerate a key stream.
Process of enciphering audio information, resulting inencrypted speech.
National security information that has been classifiedpursuant to Executive Order 12356.
Removal of data from an AIS, its storage devices, andother peripheral devices with storage capacity, in such a waythat the data may not be reconstructed using normal system capabilities(i.e., through the keyboard). NOTE: An AIS need not be disconnectedfrom any external network before clearing takes place. Clearingenables a product to be reused within, but not outside of, a securefacility. It does not produce a declassified product by itself,but may be the first step in the declassification process.
Closed Security Environment
Environment that provides sufficient assurance that applicationsand equipment are protected against the introduction of maliciouslogic prior to or during the operation of a system. NOTE: Closedsecurity is predicated upon a system's developers, operators,and maintenance personnel having sufficient clearances, authorization,and configuration control.
System of communication in which arbitrary groups ofletters, numbers, or symbols represent units of plain text ofvarying length. NOTE: Codes may or may not provide security. Commonuses include: (a) converting information into a form suitablefor communications or encryption, (b) reducing the length of timerequired to transmit information, c) describing the instructionswhich control the operation of a computer, and (d) convertingplain text to meaningless combinations of letters or numbers andvice versa.
Book or other document containing plain text and codeequivalents in a systematic arrangement, or a technique of machineencryption using a word substitution technique.
Group of letters, numbers, or both in a code system usedto represent a plain text word, phrase, or sentence.
Set of plain text words, numerals, phrases, or sentencesfor which code equivalents are assigned in a code system.
Procedure for initially keying crypto-equipment.
Individual responsible for the appointment of user representativesfor a department, agency, or organization and their key orderingprivileges.
Commercial COMSEC Endorsement Program
Relationship between the National Security Agency andindustry, in which the National Security Agency provides the COMSECexpertise (i.e., standards, algorithms, evaluations, and guidance)and industry provides design, development, and production capabilitiesto produce a type l or type 2 product. NOTE: Products developedunder the Commercial COMSEC Endorsement Program may include modules,subsystems, equipment, systems, and ancillary devices.
Common Fill Device
One of a family of devices developed to read-in, transfer,or store key. NOTE: KYK-l3 Electronic Transfer Device, KYX-l5Net Control Device, and KOI-l8 General Purpose Tape Reader areexamples of common fill devices.
Concealing or altering of characteristic communicationspatterns to hide information that could be of value to an adversary.
Deliberate transmission, retransmission, or alterationof communications to mislead an adversary's interpretation ofthe communications.
Analytic model of communications associated with an organizationor activity. NOTE: The model is prepared from a systematic examinationof communications content and patterns, the functions they reflect,and the communications security measures applied.
Measures and controls taken to deny unauthorized personsinformation derived from telecommunications and ensure the authenticityof such telecommunications.
Compartmented Mode of Operation
AIS security mode of operation wherein each user withdirect or indirect access to the system, its peripherals, remoteterminals, or remote hosts has all of the following: a. Validsecurity clearance for the most restricted information processedin the system. b. Formal access approval and signed non-disclosureagreements for that information to which a user is to have access.c. Valid need-to-know for information to which a user is to haveaccess.
Disclosure of information or data to unauthorized persons,or a violation of the security policy of a system in which unauthorizedintentional or unintentional disclosure, modification, destruction,or loss of an object may have occurred.
Unintentional signals that, if intercepted and analyzed,would disclose the information transmitted, received, handled,or otherwise processed by telecommunications or automated informationsystems equipment.
Intentional or reckless misuse, alteration, disruption,or destruction of data processing resources.
Use of a crypto-algorithm program stored in softwareor firmware, by a general purpose computer to authenticate orencrypt/decrypt data for storage or transmission.
Measures and controls that ensure confidentiality, integrity,and availability of the information processed and stored by acomputer.
Computer Security Incident
Any event in which a computer system is attacked, intrudedinto, or threatened with an attack or intrusion.
Computer Security Subsystem
Device designed to provide limited computer securityfeatures in a larger system environment.
Computer Security Vulnerability Report Program
Program that focuses on technical vulnerabilities incommercially available hardware, firmware and software products.NOTE: The Computer Security Vulnerability Report Program provides
for reporting, cataloging, and discrete dissemination of technical
vulnerability and corrective-measure information.
Administrative entity, identified by an account number,used to maintain accountability, custody and control of COMSECmaterial.
COMSEC Account Audit
Examination of the holdings, records, and proceduresof a COMSEC account to ensure that all accountable COMSEC materialis properly handled and safeguarded.
COMSEC material, other than an equipment or device, thatassists in securing telecommunications and which is required inthe production, operation, or maintenance of COMSEC systems andtheir components. NOTE: COMSEC keying material, callsign/frequencysystems, and supporting documentation, such as operating and maintenancemanuals, are examples of COMSEC aids.
Definable perimeter within a telecommunications equipmentor system within which all hardware, firmware, and software componentsthat perform critical COMSEC functions are located. NOTE: Keygeneration and key handling and storage are critical COMSEC functions.
COMSEC Chip Set
Collection of National Security Agency approved microchipsfurnished to a manufacturer to secure or protect telecommunicationsequipment.
COMSEC Control Program
Set of instructions or routines for a computer that controlsor affects the externally performed functions of key generation,key distribution, message encryption/decryption, or authentication.
Person designated by proper authority to be responsiblefor the receipt, transfer, accounting, safeguarding and destructionof COMSEC material assigned to a COMSEC account. NOTE: The termCOMSEC manager is replacing the term COMSEC custodian. These termsare not synonymous, since the responsibilities of the COMSEC managerextend beyond the functions required for effective operation ofa COMSEC account.
COMSEC End Item
Equipment or combination of components ready for itsintended use in a COMSEC application.
Equipment designed to provide security to telecommunicationsby converting information to a form unintelligible to an unauthorizedinterceptor and, subsequently, by reconverting such informationto its original form for authorized recipients; also, equipmentdesigned specifically to aid in, or as an essential element of,the conversion process. NOTE: COMSEC equipment includes crypto-equipment,crypto-ancillary equipment, cryptoproduction equipment, and authenticationequipment.
Space employed primarily for the purpose of generating,storing, repairing, or using COMSEC material.
Occurrence that potentially jeopardizes the securityof COMSEC material or the secure electrical transmission of nationalsecurity information.
COMSEC incident that has been investigated, evaluated,and determined to jeopardize the security of COMSEC material orthe secure transmission of information.
Person who manages the COMSEC resources of a commandor activity.
Item designed to secure or authenticate telecommunications.NOTE: COMSEC material includes, but is not limited to, key, equipment,devices, documents, firmware or software that embodies or describescryptographic logic and other items that perform COMSEC functions.
COMSEC Material Control System
Logistics and accounting system through which COMSECmaterial marked "CRYPTO" is distributed, controlled,and safeguarded. NOTE: Included are the COMSEC central officesof record, cryptologistic depots, and COMSEC accounts. COMSECmaterial other than key may be handled through the COMSEC MaterialControl System.
Electrical, mechanical, or software change to a NationalSecurity Agency approved COMSEC end item. NOTE: Categories ofCOMSEC modifications are: mandatory, optional, special missionmandatory, special mission optional, human safety mandatory, andrepair actions.
Removable component that performs COMSEC functions ina telecommunications equipment or system.
Act of listening to, copying, or recording transmissionsof one's own official telecommunications to provide material foranalysis, so that the degree of security being provided to thosetransmissions may be determined.
Statement of the COMSEC measures and materials used toprotect a given operation, system, or organization.
Organized collection of COMSEC and communications datarelative to a given operation, system, or organization.
COMSEC System Data
Information required by a COMSEC equipment or systemto enable it to properly handle and control key.
Teaching of hands-on skills relating to COMSEC accounting,the use of COMSEC aids, or the installation, use, maintenance,and repair of COMSEC equipment.
Assurance that information is not disclosed to unauthorizedentities or processes.
Process of controlling modifications to a telecommunicationsor automated information systems hardware, firmware, software,and documentation to ensure the system is protected against impropermodifications prior to, during, and after system implementation.
Management of security features and assurances throughcontrol of changes made to hardware, software, firmware, documentation,test, test fixtures and test documentation of an automated informationsystem, throughout the development and operational life of a system.
Synonymous with star (*) property.
Key held for use under specific operational conditionsor in support of specific contingency plans.
Plan maintained for emergency response, backup operations,and post-disaster recovery for an AIS, as a part of its securityprogram, that will ensure the availability of critical resourcesand facilitate the continuity of operations in an emergency situation.
Controlled Access Protection
Log-in procedures, audit of security relevant events,and resource isolation as prescribed for class C2 in the OrangeBook.
Controlled Cryptographic Item
Secure telecommunications or information handling equipment,or associated cryptographic component, that is unclassified butgoverned by a special set of control requirements. NOTE: Suchitems are marked "CONTROLLED CRYPT0GRAPHIC ITEM" or,where space is limited, "CCI."
Condition which exists when access control is appliedto all users and components of an AIS.
Three-dimensional space surrounding telecommunicationsand automated information systems equipment, within which unauthorizedpersons are denied unrestricted access and are either escortedby authorized persons or are under continuous physical or electronicsurveillance.
Official responsible for directing the operation of acryptonet and for managing the operational use and control ofkeying material assigned to the cryptonet.
Cooperative Key Generation
Electronically exchanging functions of locally generated,random components, from which both terminals of a secure circuitconstruct traffic encryption key or key encryption key for useon that circuit.
Cooperative Remote Re-Keying
Synonymous with manual remote rekeying.
Assessment of the costs of providing protection or securityto a telecommunications or AIS versus risk and cost associatedwith asset loss or damage.
Action, device, procedure, technique, or other measurethat reduces the vulnerability of an AIS.
Unintended and/or unauthorized communications path thatcan be used to transfer information in a manner that violatesan AIS security policy.
Covert Storage Channel
Covert channel that involves the direct or indirect writingto a storage location by one process and the direct or indirectreading of the storage location by another process. NOTE: Covertstorage channels typically involve a finite resource (e.g., sectorson a disk) that is shared by two subjects at different securitylevels.
Covert Timing Channel
Covert channel in which one process signals informationto another process by modulating its own use of system resources(e.g., central processing unit time) in such a way that this manipulationaffects the real response time observed by the second process.
Information passed from one entity to another, that isused to establish the sending entity's access rights.
Operations performed in converting encrypted messagesto plain text without initial knowledge of the crypto-algorithmand/or key employed in the encryption.
Marking or designator identifying COMSEC keying materialused to secure or authenticate telecommunication carrying classifiedor sensitive U.S. Government or U.S. Government-derived information.NOTE: When written in all upper case letters, CRYPTO has the meaningstated above. When written in lower case as a prefix, crypto andcrypt are abbreviations for cryptographic.
Circuit or device which detects failures or aberrationsin the logic or operation of crypto-equipment. NOTE: Crypto-alarmmay inhibit transmission or may provide a visible and/or audiblealarm.
Well-defined procedure or sequence of rules or stepsused to produce cipher text from plain text and vice versa.
Equipment designed specifically to facilitate efficientor reliable operation of crypto-equipment, but that does not performcryptographic functions.
Equipment that embodies a cryptographic logic.
Pertaining to, or concerned with, cryptography.
Hardware or firmware embodiment of the cryptographiclogic. NOTE: Cryptographic component may be a modular assembly,a printed wiring assembly, a microcircuit, or a combination ofthese items.
Function used to set the state of a cryptographic logicprior to key generation, encryption, or other operating mode.
Well-defined procedure or sequence of rules or stepsused to produce cipher text from plain text, and vice versa, orto produce a key stream, plus delays, alarms, and checks whichare essential to effective performance of the cryptographic process.
Function which randomly determines the transmit stateof a cryptographic logic.
Principles, means, and methods for rendering plain informationunintelligible and for restoring encrypted information to intelligibleform.
Device or electronic key used to unlock the secure modeof crypto-equipment.
Stations that hold a specific key for use. NOTE: Activitiesthat hold key for other than use, such as cryptologistic depots,are not cryptonet members for that key. Controlling authoritiesare defacto members of the cryptonets they control.
Time span during which each key setting remains in effect.
Component of communications security that results fromthe provision of technically sound cryptosystems and their properuse.
Process by which a receiving decrypting cryptographiclogic attains the same internal state as the transmitting encryptinglogic.
Associated COMSEC items interacting to provide a singlemeans of encryption or decryption.
Process of establishing the exploitability of a cryptosystem,normally by reviewing transmitted traffic protected or securedby the system under study.
Process of determining vulnerabilities of a cryptosystem.
Examination of a cryptosystem by the controlling authorityto ensure its adequacy of design and content, continued need,and proper distribution.
Management technique in which actual holders of a cryptosystemexpress opinions on the system's suitability and provide usageinformation for technical evaluations.
Dedicated Mode of Operation
An AIS is operating in the dedicated mode when each user with direct or indirect individual access
to the AIS, its peripherals, remote terminals, or remote hosts, has all of the following:
Denial of Service
A valid personnel clearance for all information on the system.
Formal access approval for, and has signed nondisclosure agreements for, all the information
stored and/or processed (including all compartments, subcompartments, and/or special
A valid need-to-know for all information contained within the system.
Any action or series of actions that prevent any part of a system from functioning in accordance with
its intended purpose. This includes any action that causes unauthorized destruction, modification, or
delay of service. Synonymous with interdiction.
Designated Approving Authority (DAA)
The official who has the authority to decide on accepting the security safeguards prescribed for an
AIS, or that official who may be responsible for issuing an accreditation statement that records the
decision to accept those safeguards.
Discretionary Access Control (DAC)
A means of restricting access to objects based on the identity and need-to-know of the user,
process, and/or groups to which they belong. The controls are discretionary in the sense that a
subject with a certain access permission is capable of passing that permission (perhaps indirectly) on
to any other subject. Compare mandatory access control.
An assessment of a product agains the Trusted Computer System Evaluation Criteria (The Orange
Information warfare is the activity by a hacker, terrorist, or other adversary to disrupt an information
system. Traditional security addresses the protection of information. Information warfare is aimed at
protecting the systems that collect, store, manipulate, and transport information so that they are not
accessed by unauthorized persons and are available as needed.
Mandatory Access Control (MAC)
A means of restricting access to objects based on the sensitivity (as represented by a label) of the
information contained in the objects and the formal authorization (i.e., clearance) of subjects to
access information of such sensitivity. Compare discretionary access control.
Multilevel Mode of Operation
An AIS is operating in the multilevel mode when all of the following statements are satisfied
concerning the users with direct or indirect access to the AIS, its peripherals, remote terminals, or
Multilevel Security (MLS)
Some do not have a valid personnel clearance for all of the information processed in the
All have the proper clearance and have the appropriate formal access approval for that
information to which they are to have access.
All have a valid need-to-know for that information to which they are to have access.
An MLS system is a system containing information with different security classifications that
simultaneously permits access by users with different security clearances and needs to know. This
system prevents users from obtaining access to information for which they lack authorization.
The probability that a particular threat will exploit a particular vulnerability of the system.
The process of identifying security risks, determining their magnitude, and identifying areas needing
safeguards. Risk analysis is a part of risk management. Synonymous with risk assessment.
The total process of identifying, controlling, and eliminating or minimizing uncertain events that may
affect system resources. It includes risk analysis, cost/benefit analysis, selection, implementation and
test, security evaluation of safeguards, and overall security review.
Sensitive Compartmented Information
Information restricted to people who have been given formal access to the security program, called a
The set of laws, rules, and practices that regulate how an organization manages, protects, and
distributes sensitive information.
System-High Mode of Operation
An AIS is operating in the system-high mode when each user with direct or indirect access to the
AIS, its peripherals, remote terminals, or remote hosts, has all of the following:
Trusted Computer System
A valid personnel clearance for all information on the system.
Formal access approval for, and has signed nondisclosure agreements for, all the information
stored and/or processed (including all compartments, subcompartments, and/or special
A valid need-to-know for some of the information contained within the system.
A system that employs sufficient hardware and software assurance measures to allow its use for
simultaneous processing of a range of sensitive or classified information.