NSTISS                         NATIONAL MANAGER
NATIONAL SECURITY                                    5 June 1992
TELECOMMUNICATIONS
AND INFORMATION
SYSTEMS SECURITY

                                   FOREWORD


    l.  National Security Telecommunications and Information
Systems Security Instruction (NSTISSI) No. 4009, "National
Information Systems Security (INFOSEC) Glossary," provides
standard definitions for many of the specialized terms relating
to the disciplines of communications security (COMSEC) and
automated information systems security (AISS), sometimes
referred to as computer security (COMPUSEC).  In general,
communications and data management terms that do not relate
closely to telecommunications and automated information systems
security are outside the scope of this document and are not
included.

    2.  The definitions contained in this glossary are
prescriptive for all elements of the U.S. Government and for its
contractors with respect to national security systems.

    3.  This document is divided into three sections:  Section I
contains terms and definitions, Section II is a list of commonly
used abbreviations and acronym expansions, and Section III
contains applicable references.  In the definitions section,
explanatory information is presented in notes following the
definitions with which they are associated.  Such notes are not
part of the definitions to which they relate.

    4.  This document supersedes NCSC-9, "National
Communications Security (COMSEC) Glossary," dated l September
1982.

    5.  Representatives of the National Security
Telecommunications and Information Systems Security Committee
may obtain additional copies of this instruction from:

        Executive Secretariat
        National Security Telecommunications and
        Information Systems Security Committee (NSTISSC)
        National Security Agency
        Fort George G. Meade, MD  20755-6000

    6.  U.S. Government contractors are to contact their appropriate
government agency or Contracting Officer Representative regarding 
distribution of this document.

    7.  Readers are encuraged to review this glossary and suggest
additions, deletions, or changes at any time.  Recommendations for
revising the document may be sent to the Executive Secretariat at the
above address, via the appropriate NSTISSC representative.



                              J. M. McConnell
			Vice Admiral, U.S. Navy

                                              NSTISSI No. 4009




                                   SECTION I
                             TERMS AND DEFINITIONS



                                       A

access                      (COMSEC) Capability and opportunity to
                            gain knowledge of or to alter information
                            or material.

                            (AIS)  Ability and means to communicate
                            with (i.e. input to or receive output
                            from), or otherwise make use of any
                            information, resource, or component in an
                            AIS.

                            NOTE:  An individual does not have
                            "access~ if the proper authority or a
                            physical, technical, or procedural
                            measure prevents them from obtaining
                            knowledge or having an opportunity to
                            alter information, material, resources,
                            or components.

access control              Process of limiting access to the
                            resources of an AIS only to authorized
                            users, programs, processes, or other
                            systems.

access control list         Mechanism implementing discretionary
                            access control in an AIS that identifies
                            the users who may access an object and
                            the type of access to the object that a
                            user is permitted.

access control mechanism    Security safeguards designed to detect
                            and prevent unauthorized access, and to
                            permit authorized access in an AIS.
        
                                        NSTISSI No. 4009




access level                Hierarchical portion of the security
                            level used to identify the sensitivity of
                            AIS data and the clearance or
                            authorization of users.

                            NOTE:  Access level, in conjunction with
                            the non-hierarchical categories, forms
                            the sensitivity label of an object.  See
                            category.

access list                 (COMSEC) Roster of persons authorized
                            admittance to a controlled area.

                            (AIS)  Compilation of users, programs,
                            and/or processes and the access levels
                            and types to which each is authorized.

access period               Segment of time, generally expressed in
                            days or weeks, during which access rights
                            prevail.

access port                 Logical or physical identifier a computer
                            uses to distinguish different terminal
                            input/output data streams or the physical
                            connection for attaching an external
                            device.

access type                 Privilege to perform an action on a
                            program or file.

                            NOTE:  Read, write, execute, append,
                            modify, delete, and create are examples
                            of access types.

accessible space            Area within which the user is aware of
                            all persons entering and leaving, which
                            denies the opportunity for concealed
                            TEMPEST surveillance, and which
                            delineates the closest point of potential
                            tempest intercept from a vehicle.

accountability              (COMSEC)  Principle that an individual is
                            responsible for safeguarding and
                            controlling of COMSEC equipment, keying
                            material, and information entrusted to
                            his/her care and is answerable to proper
                            authority for the loss or misuse of that
                            equipment or information.



                                       2

                                                    NSTISSI No. 4009




accountability              (AIS)  Property that allows auditing of
                            activities on an AIS to be traced to
                            persons who may then be held responsible
                            for their actions.

accounting legend           Numeric code used to indicate the
  code                      minimum accounting controls required for
                            items of accountable COMSEC material
                            within the COMSEC Material Control
                            System.

                            NOTE:  National-level accounting legend
                            codes are:

                            ALC-l - continuously accountable by
                            serial number.

                            ALC-2 - continuously accountable by
                            quantity.

                            ALC-4 - report of initial receipt
                            required.  After acknowledging receipt,
                            users may control in accordance with
                            Service, department, or agency
                            directives.

accounting number           Number assigned to an item of COMSEC
                            material to facilitate its control.

accreditation               Formal declaration by a designated
                            approving authority that an AIS is
                            approved to operate in a particular
                            security mode using a prescribed set of
                            safeguards.

accreditation authority     Synonymous with designated approving
                            authority.

add-on security             Incorporation of new hardware, software,
                            or firmware safeguards in an operational
                            AIS.

adversary                   Person or organization that must be
                            denied access to critical information.







                                       3

                                              NSTISSI No. 4009




alternate COMSEC            Person designated by proper authority to
  custodian                 perform the duties of the COMSEC
                            custodian during the temporary absence of
                            the COMSEC custodian.

anti-jam                    Measures to ensure that intended
                            transmitted information can be received
                            despite deliberate jamming attempts.

anti-spoof                  Measures to prevent an opponent's
                            participation in a telecommunications
                            network or operation/control of a
                            cryptographic or COMSEC system.

assembly                    Group of parts, elements, subassemblies,
                            or circuits that are removable items of
                            COMSEC equipment.

assurance                   Measure of confidence that the security
                            features and architecture of an AIS
                            accurately mediate and enforce the
                            security policy.

attack                      Act of trying to defeat AIS safeguards.

audit                       Independent review and examination of
                            records and activities to assess the
                            adequacy of system controls, to ensure
                            compliance with established policies and
                            operational procedures, and to recommend
                            necessary changes in controls, policies,
                            or procedures.

audit trail                 Chronological record of system activities
                            to enable the reconstruction and
                            examination of the sequence of events
                            and/or changes in an event.

                            NOTE:  Audit trail may apple to
                            information in an AIS, to message routing
                            in a communications system, or to the
                            transfer of COMSEC material.










                                       4

                                              NSTISSI No. 4009




authenticate                Verify the identity of a user, user
                            device, or other entity, or the integrity
                            of data stored, transmitted, or otherwise
                            exposed to unauthorized modification in
                            an automated information system, or
                            establish the validity of a transmitted
                            message.

authentication              Security measure designed to establish
                            the validity of a transmission, message,
                            or originator, or a means of verifying an
                            individual's eligibility to receive
                            specific categories of information.

authentication system       Cryptosystem or process used for
                            authentication.

authenticator               Means used to confirm the identity or
                            eligibility of a station, originator, or
                            individual.

authorization               Access rights granted to a user, program,
                            or process.

authorized vendor           Manufacturer of existing COMSEC equipment
                            who is authorized to produce quantities
                            in excess of contractual requirements for
                            direct sale to eligible buyers.

Authorized Vendor           Program in which a vendor, producing a
  Program                   COMSEC product under contract to the
                            National Security Agency, is authorized
                            to produce that product in numbers
                            exceeding the contracted requirements for
                            direct marketing and sale to eligible
                            buyers.

                            NOTE:  Eligible buyers are typically U.S.
                            Government organizations or U.S.
                            Government contractors.  Products
                            approved for marketing and sale through
                            the Authorized Vendor Program are placed
                            on the Endorsed Cryptographic Products
                            List.







                                       5

                                              NSTISSI No. 4009




auto-manual system          Programmable, hand-held crypto-equipment
                            used to perform encoding and decoding
                            functions.


automated information       Any equipment or interconnected system
  systems                   or subsystems of equipment that is used
                            in the automatic acquisition, storage,
                            manipulation, management, movement,
                            control, display, switching, interchange,
                            transmission or reception of data and
                            includes computer software, firmware, and
                            hardware.

                            NOTE:  Included are computers, word
                            processing systems, networks, or other
                            electronic information handling systems,
                            and associated equipment.

automated information       Synonymous with computer security.
  systems security

automated security          Use of automated procedures to ensure
  monitoring                security controls for an AIS are not
                            circumvented.

automatic remote            Procedure to rekey a distant crypto-
  rekeying                  equipment electronically without specific
                            actions by the receiving terminal
                            operator.

availability of data        Data that is in the place, at the time,
                            and in the form needed by the user.


















                                       6

                                              NSTISSI No. 4009




                                       B


backdoor                    Synonymous with trap door.

Bell-La Padula              Formal-state transition model of a
security model              computer security policy that describes a
                            formal set of access controls based on
                            information sensitivity and subject
                            authorizations.  (See star (*) property
                            and simple security property.)

benign                      Condition of cryptographic data such that
                            it cannot be compromised by human access
                            to the data.

                            NOTE:  The term benign may be used to
                            modify a variety of COMSEC-related terms,
                            (e.g., key, data, storage, fill, and key
                            distribution techniques).

benign environment          Nonhostile environment that may be
                            protected from external hostile elements
                            by physical, personnel, and procedural
                            security countermeasures.

beyond Al                   Level of trust employed by the DoD
                            Trusted Computer System Evaluation
                            Criteria that was beyond the state-of-
                            the-art technology at the time the
                            criteria was developed.

                            NOTE:  As defined in the "Orange Book,"
                            beyond Al includes all the Al-level
                            features, plus others not required at the
                            Al level.

binding                     Process of associating a specific
                            communications terminal with a specific
                            cryptographic key or associating two
                            related elements of information.

bit error rate              Ratio between the number of bits
                            incorrectly received and the total number
                            of bits transmitted in a
                            telecommunications system.





                                       7

                                              NSTISSI No. 4009



BLACK                       Designation applied to telecommunications
                            and automated information systems, and to
                            associated areas, circuits, components,
                            and equipment, in which only unclassified
                            signals are processed.

                            NOTE:  Encrypted signals are
                            unclassified.

BLACK key                   Encrypted key.  (See RED key.)

brevity list                List containing words and phrases used to
                            shorten messages.

browsing                    Act of searching through AIS storage to
                            locate or acquire information, without
                            necessarily knowing the existence or
                            format of information being sought.

bulk encryption             Simultaneous encryption of all channels
                            of a multichannel telecommunications
                            trunk.





























                                       8

                                               NSTISSI No. 4009



                                       C


call back                   Procedure for identifying a remote AIS
                            terminal, whereby the host system
                            disconnects the caller and then dials the
                            authorized telephone number of the remote
                            terminal to re-establish the connection.

call sign cipher            Cryptosystem used to encipher/decipher
                            call signs, address groups, and address
                            indicating groups.

canister                    Type of protective package used to
                            contain and dispense key in punched or
                            printed tape form.

capability                  Unforgeable ticket that provides
                            incontestable proof that the presenter is
                            authorized access to the object named in
                            the ticket.

capability-based            AIS in which access to protected objects
  system                    is granted if the subject possesses a
                            capability for the object.

category                    Restrictive label that has been applied
                            to both classified and unclassified data,
                            thereby increasing the requirement for
                            protection of, and restricting the access
                            to, the data.

                            NOTE:  Examples include sensitive
                            compartmented information, proprietary
                            information, and North Atlantic Treaty
                            Organization information.  Individuals
                            are granted access to special category
                            information only after being granted
                            formal access authorization.

CCI assembly                Device embodying a cryptographic logic or
                            other COMSEC design that the National
                            Security Agency has approved as a
                            controlled cryptographic item and
                            performs the entire COMSEC function, but
                            is dependent upon the host equipment to
                            operate.







                                       9

                                              NSTISSI No. 4009





CCI component               Device embodying a cryptographic logic or
                            other COMSEC design, which the National
                            Security Agency has approved as a
                            controlled cryptographic item, that does
                            not perform the entire COMSEC function
                            and is dependent upon the host equipment
                            or assembly to complete and operate the
                            COMSEC function.

CCI equipment               Telecommunications or information
                            handling equipment that embodies a
                            controlled cryptographic item component
                            or controlled cryptographic item assembly
                            and performs the entire COMSEC function
                            without dependence on a host equipment to
                            operate.

central office of           Office of a federal department or agency
  record                    that keeps records of accountable COMSEC
                            material held by elements subject to its
                            oversight.

certificate of action       Statement attached to a COMSEC audit
  statement                 report by which a COMSEC custodian
                            certifies that all actions have been
                            completed.

certification               Comprehensive evaluation of the technical
                            and nontechnical security features of an
                            AIS and other safeguards, made in support
                            of the accreditation process, to
                            establish the extent to which a
                            particular design and implementation
                            meets a set of specified security
                            requirements.

certified TEMPEST           U.S. Government or U.S. Government
  technical authority       contractor employee designated to review
                            the TEMPEST countermeasures programs of a
                            federal department or agency.

challenge and reply         Prearranged procedure in which
  authentication            one communicator requests authentication
                            of another and the latter establishes
                            his/her validity with a correct reply.




                                      10

                                               NSTISSI No. 4009




checksum                    Value computed, via some parity or
                            hashing algorithm, on information
                            requiring protection against error or
                            manipulation.

                            NOTE:  Checksums are stored or
                            transmitted with data and are intended to
                            detect data integrity problems.

check word                  Cipher text generated by a cryptographic
                            logic to detect failures in the
                            cryptography.

cipher                      Cryptographic system in which units of
                            plain text are substituted according to a
                            predetermined key.

cipher text                 Enciphered information.

cipher text auto-key        Cryptographic logic which uses previous
                            cipher text to generate a key stream.

ciphony                     Process of enciphering audio information,
                            resulting in encrypted speech.

classified information      National security information that has
                            been classified pursuant to Executive
                            Order 12356.

clearing                    Removal of data from an AIS, its storage
                            devices, and other peripheral devices
                            with storage capacity, in such a way that
                            the data may not be reconstructed using
                            normal system capabilities (i.e., through
                            the keyboard).

                            NOTE:  An AIS need not be disconnected
                            from any external network before clearing
                            takes place.  Clearing enables a product
                            to be reused within, but not outside of,
                            a secure facility.  It does not produce a
                            declassified product by itself, but may
                            be the first step in the declassification
                            process.  See purge.








                                      Il

                                              NSTISSI No. 4009




closed security             Environment that provides sufficient
  environment               assurance that applications and equipment
                            are protected against the introduction of
                            malicious logic prior to or during the
                            operation of a system.

                            NOTE:  Closed security is predicated upon
                            a system's developers, operators, and
                            maintenance personnel having sufficient
                            clearances, authorization, and
                            configuration control.

code                        System of communication in which
                            arbitrary groups of letters, numbers, or
                            symbols represent units of plain text of
                            varying length.

                            NOTE:  Codes may or may not provide
                            security.  Common uses include:  (a)
                            converting information into a form
                            suitable for communications or
                            encryption, (b) reducing the length of
                            time required to transmit information,
                            (c) describing the instructions which
                            control the operation of a computer, and
                            (d) converting plain text to meaningless
                            combinations of letters or numbers and
                            vice versa.

code book                   Book or other document containing plain
                            text and code equivalents in a systematic
                            arrangement, or a technique of machine
                            encryption using a word substitution
                            technique.

code group                  Group of letters, numbers, or both in a
                            code system used to represent a plain
                            text word, phrase, or sentence.

code vocabulary             Set of plain text words, numerals,
                            phrases, or sentences for which code
                            equivalents are assigned in a code
                            system.

cold start                  Procedure for initially keying crypto-
                            equipment.





                                      12

                                              NSTISSI No. 4009




command authority           Individual responsible for the
                            appointment of user representatives for a
                            department, agency, or organization and
                            their key ordering privileges.

Commercial COMSEC           Relationship between the National
  Endorsement Program       Security Agency and industry, in which
                            the National Security Agency provides the
                            COMSEC expertise (i.e., standards,
                            algorithms, evaluations, and guidance)
                            and industry provides design,
                            development, and production capabilities
                            to produce a type l or type 2 product.

                            NOTE:  Products developed under the
                            Commercial COMSEC Endorsement Program may
                            include modules, subsystems, equipment,
                            systems, and ancillary devices.

common fill device          One of a family of devices developed to
                            read-in, transfer, or store key.
                            NOTE:  KYK-l3 Electronic Transfer Device,
                            KYX-l5 Net Control Device, and KOI-l8
                            General Purpose Tape Reader are examples
                            of common fill devices.

communications cover        Concealing or altering of characteristic
                            communications patterns to hide
                            information that could be of value to an
                            adversary.

communications              Deliberate transmission, retransmission,
  deception                 or alteration of communications to
                            mislead an adversary's interpretation of
                            the communications.  (See imitative
                            communications deception and manipulative
                            communications deception.)














                                      13

                                              NSTISSI No. 4009




communications              Analytic model of communications
 profile                    associated with an organization or
                            activity.

                            NOTE:  The model is prepared from a
                            systematic examination of communications
                            content and patterns, the functions they
                            reflect, and the communications security
                            measures applied.

communications              Measures and controls taken to deny
  security                  unauthorized persons information derived
                            from telecommunications and ensure the
                            authenticity of such telecommunications.

                            NOTE:  Communications security includes
                            cryptosecurity, transmission security,
                            emission security, and physical security
                            of COMSEC material.

compartmented mode          AIS security mode of operation wherein
                            each user with direct or indirect access
                            to the system, its peripherals, remote
                            terminals, or remote hosts has all of the
                            following:

                            a.  Valid security clearance for the most
                            restricted information processed in the
                            system.

                            b.  Formal access approval and signed
                            non-disclosure agreements for that
                            information to which a user is to have
                            access.

                            c.  Valid need-to-know for information to
                            which a user is to have access.













                                      14

                                              NSTISSI No. 4009




compromise                  Disclosure of information or data to
                            unauthorized persons, or a violation of
                            the security policy of a system in which
                            unauthorized intentional or unintentional
                            disclosure, modification, destruction, or
                            loss of an object may have occurred.

compromising                Unintentional signals that, if
  emanations                intercepted and analyzed, would disclose
                            the information transmitted, received,
                            handled, or otherwise processed by
                            telecommunications or automated
                            information systems equipment.  (See
                            TEMPEST.)

computer abuse              Intentional or reckless misuse,
                            alteration, disruption, or destruction of
                            data processing resources.

computer                    Use of a crypto-algorithm program
  cryptography              stored in software or firmware, by a
                            general purpose computer to authenticate
                            or encrypt/decrypt data for storage or
                            transmission.

computer security           Measures and controls that ensure
                            confidentiality, integrity, and
                            availability of the information processed
                            and stored by a computer.

computer security           Any event in which a computer system is
  incident                  attacked, intruded into, or threatened
                            with an attack or intrusion.

computer security           Device designed to provide limited
  subsystem                 computer security features in a larger
                            system environment.

Computer Security           Program that focuses on technical
  Technical                 vulnerabilities in commercially
  Vulnerability             available hardware, firmware and
  Reporting Program         software products acquired by DoD.

                            NOTE:  The Computer Security Technical
                            Vulnerability Reporting Program provides
                            for reporting, cataloging, and discrete
                            dissemination of technical vulnerability
                            and corrective-measure information on a
                            need-to-know basis.




                                      15

                                              NSTISSI No. 4009



COMSEC account              Administrative entity, identified by an
                            account number, used to maintain
                            accountability, custody and control of
                            COMSEC material.

COMSEC account audit        Examination of the holdings, records, and
                            procedures of a COMSEC account to ensure
                            that all accountable COMSEC material is
                            properly handled and safeguarded.

COMSEC aid                  COMSEC material, other than an equipment
                            or device, that assists in securing
                            telecommunications and which is required
                            in the production, operation, or
                            maintenance of COMSEC systems and their
                            components.

                            NOTE:  COMSEC keying material, callsign/
                            frequency systems, and supporting
                            documentation, such as operating and
                            maintenance manuals, are examples of
                            COMSEC aids.

COMSEC boundary             Definable perimeter within a
                            telecommunications equipment or system
                            within which all hardware, firmware, and
                            software components that perform critical
                            COMSEC functions are located.

                            NOTE:  Key generation and key handling
                            and storage are critical COMSEC
                            functions.

COMSEC chip set             Collection of National Security Agency
                            approved microchips furnished to a
                            manufacturer to secure or protect
                            telecommunications equipment.  (See
                            secure communications and protected
                            communications.)












                                      16

                                              NSTISSI No. 4009




COMSEC control              Set of instructions or routines for
  program                   a computer that controls or affects the
                            externally performed functions of key
                            generation, key distribution, message
                            encryption/decryption, or authentication.

COMSEC custodian            Person designated by proper authority to
                            be responsible for the receipt, transfer,
                            accounting, safeguarding and destruction
                            of COMSEC material assigned to a COMSEC
                            account.

                            NOTE:  The term COMSEC manager is
                            replacing the term COMSEC custodian.
                            These terms are not synonymous, since the
                            responsibilities of the COMSEC manager
                            extend beyond the functions required for
                            effective operation of a COMSEC account.

COMSEC end item             Equipment or combination of components
                            ready for its intended use in a COMSEC
                            application.

COMSEC equipment            Equipment designed to provide security to
                            telecommunications by converting
                            information to a form unintelligible to
                            an unauthorized interceptor and,
                            subsequently, by reconverting such
                            information to its original form for
                            authorized recipients; also, equipment
                            designed specifically to aid in, or as an
                            essential element of, the conversion
                            process.

                            NOTE:  COMSEC equipment includes crypto-
                            equipment, crypto-ancillary equipment,
                            cryptoproduction equipment, and
                            authentication equipment.

COMSEC facility             Space employed primarily for the purpose
                            of generating, storing, repairing, or
                            using COMSEC material.

COMSEC incident             Occurrence that potentially jeopardizes
                            the security of COMSEC material or the
                            secure electrical transmission of
                            national security information.




                                      17

                                              NSTISSI No. 4009




COMSEC insecurity           COMSEC incident that has been
                            investigated, evaluated, and determined
                            to jeopardize the security of COMSEC
                            material or the secure transmission of
                            information.

COMSEC manager              Person who manages the COMSEC resources
                            of a command or activity.  (See the note
                            following the definition for COMSEC
                            custodian.)

COMSEC material             Item designed to secure or authenticate
                            telecommunications.

                            NOTE:  COMSEC material includes, but is
                            not limited to, key, equipment, devices,
                            documents, firmware or software that
                            embodies or describes cryptographic logic
                            and other items that perform COMSEC
                            functions.

COMSEC Material             Logistics and accounting system
  Control System            through which COMSEC material
                            marked "CRYPTO" is distributed,
                            controlled, and safeguarded.

                            NOTE:  Included are the COMSEC central
                            offices of record, cryptologistic depots,
                            and COMSEC accounts.  COMSEC material
                            other than key may be handled through the
                            COMSEC Material Control System.

COMSEC modification         Electrical, mechanical, or software
                            change to a National Security Agency
                            approved COMSEC end item.

                            NOTE:  Categories of COMSEC modifications
                            are: mandatory, optional, special
                            mission mandatory, special mission
                            optional, human safety mandatory, and
                            repair actions.

COMSEC module               Removable component that performs COMSEC
                            functions in a telecommunications
                            equipment or system.








                                      18

                                              NSTISSI No. 4009




COMSEC monitoring           Act of listening to, copying, or
                            recording transmissions of one's own
                            official telecommunications to provide
                            material for analysis, so that the degree
                            of security being provided to those
                            transmissions may be determined.

COMSEC profile              Statement of the COMSEC measures and
                            materials used to protect a given
                            operation, system, or organization.

COMSEC survey               Organized collection of COMSEC and
                            communications data relative to a given
                            operation, system, or organization.

COMSEC system data          Information required by a COMSEC
                            equipment or system to enable it to
                            properly handle and control key.

COMSEC training             Teaching of hands-on skills relating to
                            COMSEC accounting, the use of COMSEC
                            aids, or the installation, use,
                            maintenance, and repair of COMSEC
                            equipment.

confidentiality             Assurance that information is not
                            disclosed to unauthorized entities or
                            processes.

configuration control       Process of controlling modifications to a
                            telecommunications or automated
                            information systems hardware, firmware,
                            software, and documentation to ensure the
                            system is protected against improper
                            modifications prior to, during, and after
                            system implementation.

configuration management    Management of security features and
                            assurances through control of changes
                            made to hardware, software, firmware,
                            documentation, test, test fixtures and
                            test documentation of an automated
                            information system, throughout the
                            development and operational life of a
                            system.

confinement property        Synonymous with star (*) property.





                                      19

                                              NSTISSI No. 4009




contingency key             Key held for use under specific
                            operational conditions or in support of
                            specific contingency plans.

contingency plan            Plan maintained for emergency response,
                            backup operations, and post-disaster
                            recovery for an AIS, as a part of its
                            security program, that will ensure the
                            availability of critical resources and
                            facilitate the continuity of operations
                            in an emergency situation.

controlled access           Log-in procedures, audit of security
  protection                relevant events, and resource isolation
                            as prescribed for class C2 in the Orange
                            Book.

controlled                  Secure telecommunications or information
  cryptographic item        handling equipment, or associated
                            cryptographic component, that is
                            unclassified but governed by a special
                            set of control requirements.

                            NOTE:  Such items are marked "CONTROLLED
                            CRYPT0GRAPHIC ITEM" or, where space is
                            limited, "CCI."

controlled sharing          Condition which exists when access
                            control is applied to all users and
                            components of an AIS.

controlled space            Three-dimensional space surrounding
                            telecommunications and automated
                            information systems equipment, within
                            which unauthorized persons are denied
                            unrestricted access and are either
                            escorted by authorized persons or are
                            under continuous physical or electronic
                            surveillance.

controlling                 Official responsible for directing
  authority                 the operation of a cryptonet and for
                            managing the operational use and control
                            of keying material assigned to the
                            cryptonet.






                                      20

                                              NSTISSI No. 4009




cooperative key             Electronically exchanging functions of
  generation                locally generated, random components,
                            from which both terminals of a secure
                            circuit construct traffic encryption key
                            or key encryption key for use on that
                            circuit.

cooperative remote          Synonymous with manual remote
  rekeying                  rekeying.

cost-benefit analysis       Assessment of the costs of providing
                            protection or security to a
                            telecommunications or AIS versus risk and
                            cost associated with asset loss or
                            damage.

countermeasure              Action, device, procedure, technique, or
                            other measure that reduces the
                            vulnerability of an AIS.

covert channel              Unintended and/or unauthorized
                            communications path that can be used to
                            transfer information in a manner that
                            violates an AIS security policy.  (See
                            overt channel and exploitable channel.)

covert storage              Covert channel that involves the
  channel                   direct or indirect writing to a storage
                            location by one process and the direct or
                            indirect reading of the storage location
                            by another process.

                            NOTE:  Covert storage channels typically
                            involve a finite resource (e.g., sectors
                            on a disk) that is shared by two subjects
                            at different security levels.

covert timing               Covert channel in which one
  channel                   process signals information to another
                            process by modulating its own use of
                            system resources (e.g., central
                            processing unit time) in such a way that
                            this manipulation affects the real
                            response time observed by the second
                            process.







                                      21

                                              NSTISSI No. 4009




credentials                 Information passed from one entity to
                            another, that is used to establish the
                            sending entity's access rights.

cryptanalysis               Operations performed in converting
                            encryped messages to plain text without
                            initial knowledge of the crypto-algorithm
                            and/or key employed in the encryption.

CRYPTO                      Marking or designator identifying COMSEC
                            keying material used to secure or 
                            authenticate telecommunication carrying 
                            classified or sensitive U.S. Government
                            or U.S. Government-derived information.

                            NOTE: When written in all upper case
                            letters, CRYPTO has the meaning stated
                            above. When written in lower case as a 
                            prefix, crypto and crypt are
                            abreviations for cryptographic.

crypto-alarm                Circuit or device which detects failures
                            or aberrations in the logic or operation
                            of crypto-equipment.


                            NOTE:  Crypto-alarm may inhibit
                            transmission or may provide a visible
                            and/or audible alarm.

crypto-algorithm            well-defined procedure or sequence of
                            rules or steps used to produce cipher
                            text from plain text and vice versa.

crypto-ancillary            Equipment designed specifically to
  equipment                 facilitate efficient or reliable
                            operation of crypto-equipment, but that
                            does not perform cryptographic functions

crypto-equipment            Equipment that embodies a cryptographic
                            logic.

cryptographic               Pertaining to, or concerned with,
                            cryptography.






                                      22

                                              NSTISSI No. 4009




cryptographic               Hardware or firmware embodiment of the
  component                 cryptographic logic.

                            NOTE:  Cryptographic component may be a
                            modular assembly, a printed wiring
                            assembly, a microcircuit, or a
                            combination of these items.

cryptographic               Function used to set the state of
  initialization            a cryptographic logic prior to key
                            generation, encryption, or other
                            operating mode.

cryptographic logic         Well-defined procedure or sequence of
                            rules or steps used to produce cipher
                            text from plain text, and vice versa, or
                            to produce a key stream, plus delays,
                            alarms, and checks which are essential to
                            effective performance of the
                            cryptographic process.  (See crypto-
                            algorithm.)

cryptographic               Function which randomly determines the
  randomization             transmit state of a cryptographic logic.

cryptography                Principles, means, and methods for
                            rendering plain information
                            unintelligible and for restoring
                            encrypted information to intelligible
                            form.

crypto-ignition key         Device or electronic key used to unlock
                            the secure mode of crypto-equipment.

cryptonet                   Stations that hold a specific key for
                            use.

                            NOTE:  Activities that hold key for other
                            than use, such as cryptologistic depots,
                            are not cryptonet members for that key.
                            Controlling authorities are defacto
                            members of the cryptonets they control.








                                      23

                                              NSTISSI No. 4009




cryptoperiod                Time span during which each key setting
                            remains in effect.

cryptosecurity              Component of communications security that
                            results from the provision of technically
                            sound cryptosystems and their proper use.

cryptosynchronization       Process by which a receiving decrypting
                            cryptographic logic attains the same
                            internal state as the transmitting
                            encrypting logic.

cryptosystem                Associated COMSEC items interacting to
                            provide a single means of encryption or
                            decryption.

cryptosystem                Process of establishing the
  assessment                exploitability of a cryptosystem,
                            normally by reviewing transmitted traffic
                            protected or secured by the system under
                            study.

cryptosystem                Process of determining vulnerabilities
  evaluation                of a cryptosystem.

cryptosystem review         Examination of a cryptosystem by the
                            controlling authority to ensure its
                            adequacy of design and content, continued
                            need, and proper distribution.

cryptosystem survey         Management technique in which actual
                            holders of a cryptosystem express
                            opinions on the system's suitability and
                            provide usage information for technical
                            evaluations.
















                                      24

                                              NSTISSI No. 4009



                                       D


data encryption             Cryptographic algorithm, designed for
  standard                  the protection of unclassified data and
                            published by the National Institute of
                            Standards and Technology in Federal
                            Information Processing Standard
                            Publication 46.

data flow control           Synonymous with information flow control.

data integrity              Condition that exists when data is
                            unchanged from its source and has not
                            been accidentally or maliciously
                            modified, altered, or destroyed.

data origin                 Corroboration that the source of data is
  authentication            as claimed.

data security               Protection of data from unauthorized
                            (accidental or intentional) modification,
                            destruction, or disclosure.

decertification             Revocation of the certification of an AIS
                            item or equipment for cause.

decipher                    Convert enciphered text to the equivalent
                            plain text by means of a cipher system.

decode                      Convert encoded text to its equivalent
                            plain text by means of a code.

decrypt                     Generic term encompassing decode and
                            decipher.

dedicated mode              AIS security mode of operation wherein
                            each user, with direct or indirect access
                            to the system, its peripherals, remote
                            terminals, or remote hosts, has all of
                            the following:

                            a.  Valid security clearance for all
                            information within the system.







                                      25

                                              NSTISSI No. 4009




                            b.  Formal access approval and signed
                            non-disclosure agreements for all the
                            information stored and/or processed
                            (including all compartments,
                            subcompartments, and/or special access
                            programs).

                            c.  Valid need-to-know for all
                            information contained within the AIS.

                            NOTE:  When in the dedicated security
                            mode, a system is specifically and
                            exclusively dedicated to and controlled
                            for the processing of one particular type
                            or classification of information, either
                            for full-time operation or for a
                            specified period of time.

default classification      Temporary classification reflecting the
                            highest classification being processed in
                            an AIS.

                            NOTE:  Default classification is included
                            in the caution statement affixed to the
                            object.

degauss                     Destroy information contained in magnetic
                            media by subjecting that media to high-
                            intensity alternating magnetic fields,
                            following which the magnetic fields
                            slowly decrease.

delegated development       Information systems security program
  program                   in which the Director, National Security
                            Agency, delegates the development and/or
                            production of the entire telecommunica-
                            tions product, including the information
                            systems security portion, to a lead
                            department or agency.

denial of service           Result of any action or series of actions
                            that prevents any part of a
                            telecommunications or AIS from
                            functioning.







                                      26

                                              NSTISSI No. 4009




descriptive top-level       Top-level specification that is
  specification             written in a natural language (e.g.,
                            English), an informal design notation, or
                            a combination of the two.
                           
                            NOTE:  Descriptive top-level
                            specification, required for a class B2
                            and B3 AIS, completely and accurately
                            describes a trusted computing base.
                            See formal top-level specification.

designated approving        Official with the authority to formally
  authority                 assume responsibility for operating an
                            AIS or network at an acceptable level of
                            risk.

design controlled           Part or subassembly for a COMSEC
  spare part                equipment or device with a National
                            Security Agency controlled design.

dial back                   Synonymous with call back.

digital signature           Synonymous with electronic signature.

direct shipment             Shipment of COMSEC material directly from
                            the National Security Agency to user
                            COMSEC accounts.

discretionary access        Means of restricting access to
  control                   objects based on the identity and need-
                            to-know of users and/or groups to which
                            the object belongs.

                            NOTE:  Controls are discretionary in the
                            sense that a subject with a certain
                            access permission is capable of passing
                            that permission (directly or indirectly)
                            to any other subject.  See mandatory
                            access control.













                                      27

                                              NSTISSI No. 4009




DoD Trusted Computer        Document containing basic requirements
  System Evaluation         and evaluation classes for assessing
  Criteria                  degrees of effectiveness of hardware and
                            software security controls built into
                            AIS.

                            NOTE:  This document, DoD 5200.28 STD,
                            is frequently referred to as the Orange
                            Book.

domain                      Unique context (e.g., access control
                            parameters) in which a program is
                            operating; in effect, the set of objects
                            that a subject has the ability to access.

dominate                    Term used to compare AIS security levels.

                            NOTE:  Security level S1 is said to
                            dominate security level S2 if the
                            hierarchical classification of S1 is
                            greater than, or equal to, that of S2 and
                            the non-hierarchical categories of S1
                            include all those of S2 as a subset.

drop accountability         Procedure under which a COMSEC account
                            custodian initially receipts for COMSEC
                            material, and then provides no further
                            accounting for it to its central office
                            of record.

                            NOTE:  Local accountability of the COMSEC
                            material may continue to be required.
                            See also accounting legend code, ALC-3
                            and ALC-4.

dummy group                 Textual group having the appearance of a
                            valid code or cipher group which has no
                            plain text significance.













                                      28

                                              NSTISSI No. 4009



                                       E



electronically              Key produced only in non-physical
  generated key             form.

                            NOTE:  Electronically generated key
                            stored magnetically (e.g., on a floppy
                            disc) is not considered hard copy key.

electronic signature        Process that operates on a message to
                            assure message source authenticity and
                            integrity, and source non-repudiation.

electronic security         Protection resulting from all measures
                            designed to deny unauthorized persons
                            information of value which might be
                            derived from the interception and
                            analysis of non-communications
                            electromagnetic radiations, such as
                            radar.

element                     Removable item of COMSEC equipment,
                            assembly, or subassembly which normally
                            consists of a single piece or group of
                            replaceable parts.

embedded computer           Computer system that is an integral part
                            of a larger system or subsystem that
                            performs or controls a function, either
                            in whole or in part.

embedded cryptography       Cryptography which is engineered into an
                            equipment or system the basic function of
                            which is not cryptographic.

                            NOTE:  Components comprising the
                            cryptographic module are inside the
                            equipment or system add share host device
                            power and housing.  The cryptographic
                            function may be dispersed or identifiable
                            as a separate module within the host.










                                      29

                                              NSTISSI No. 4009




embedded cryptographic      Cryptosystem that performs or controls
  system                    a function, either in whole or in part,
                            as an integral element of a larger system
                            or subsystem.

emission security           Protection resulting from all measures
                            taken to deny unauthorized persons
                            information of value which might be
                            derived from intercept and analysis of
                            compromising emanations from crypto-
                            equipment, AIS, and telecommunications
                            systems.

encipher                    Convert plain text to equivalent cipher
                            text by means of a cipher.

encode                      Convert plain text to equivalent cipher
                            text by means of a code.

encrypt                     Generic term encompassing encipher and
                            encode.

end-item accounting         Accounting for all the accountable
                            components of a COMSEC equipment
                            configuration by a single short title.

endorsed DES                Unclassified equipment that embodies
  equipment                 unclassified data encryption standard
                            cryptographic logic and has been endorsed
                            by the National Security Agency for the
                            protection of national security
                            information.

endorsed for unclassified   Unclassified cryptographic equipment
  cryptographic item        that embodies a U.S. Government
                            classified cryptographic logic and is
                            endorsed by the National Security Agency
                            for the protection of national security
                            information.  (See type 2 product.)












                                      30

                                              NSTISSI No. 4009




endorsement                 National Security Agency approval of a
                            commercially-developed telecommunications
                            or automated information systems
                            protection equipment or system for
                            safeguarding national security
                            information.

end-to-end encryption       Encryption of information at its origin,
                            and decryption at its intended
                            destination, without any intermediate
                            decryption.

end-to-end security         Safeguarding information in a secure
                            telecommunications system by
                            cryptographic or protected distribution
                            system means from point of origin to
                            point of destination.

entrapment                  Deliberate planting of apparent flaws in
                            an AIS for the purpose of detecting
                            attempted penetrations.

environment                 Procedures, conditions, and objects that
                            affect the development, operation, and
                            maintenance of an AIS.

erasure                     Process intended to render stored data
                            irretrievable by normal means.

executive state             One of several states in which an AIS may
                            operate, and the only one in which
                            certain privileged instructions may be
                            executed.

                            NOTE:  Such privileged instructions
                            cannot be executed when the system is
                            operating in other (e.g., user) states.

exercise key                Key intended to safeguard transmissions
                            associated with exercises.

exploitable channel         Covert channel that is intended to
                            violate the security policy governing an
                            AIS and is useable or detectable by
                            subjects external to the trusted
                            computing base.  (See covert channel.)





                                      31

                                              NSTISSI No. 4009




exploratory development     Assembly of preliminary circuits or parts
  model                     in line with commercial practice to
                            investigate, test, or evaluate the
                            soundness of a concept, device, circuit,
                            equipment, or system in a "breadboard" or
                            rough experimental form, without regard
                            to eventual overall physical form or
                            layout.

extraction resistance       Capability of a crypto-equipment or a
                            secure telecommunications system or
                            equipment to resist efforts to extract
                            key.






































                                      32

                                              NSTISSI No. 4009



                                       F



fail safe                   Pertaining to the automatic protection of
                            programs and/or processing systems to
                            maintain safety when a hardware or
                            software failure is detected in a system.

fail soft                   Pertaining to the selective termination
                            of affected nonessential processing when
                            a hardware or software failure is
                            determined to be imminent in an AIS.

failure access              Unauthorized and usually inadvertent
                            access to data resulting from a hardware
                            or software failure in an AIS.

failure control             Methodology used to detect and provide
                            fail safe or fail soft recovery from
                            hardware and software failures in an AIS.

fetch protection            AIS-provided restriction to prevent a
                            program from accessing data in another
                            user's segment of storage.

fielded equipment           COMSEC end-item shipped to the user
                            subsequent to first article testing on
                            the initial production contract.

file protection             Aggregate of all processes and procedures
                            established in an AIS designed to inhibit
                            unauthorized access, contamination,
                            elimination, modification, or destruction
                            of a file or any of its contents.

file security               Means by which access to computer files
                            is limited to authorized users only.

fill device                 COMSEC item used to transfer or store key
                            in electronic form or to insert key into
                            a crypto-equipment.

FIREFLY                     Key management protocol based on public
                            key cryptography.







                                      33

                                              NSTISSI No. 4009




fixed COMSEC facility       COMSEC facility that is located in an
                            immobile structure or aboard a ship.

flaw                        Error of commission, omission, or
                            oversight in an AIS that may allow
                            protection mechanisms to be bypassed.

flaw hypothesis             System analysis and penetration
  methodology               technique in which the specification and
                            documentation for an AIS are analyzed and
                            then flaws in the system are
                            hypothesized.

                            NOTE:  List of hypothesized flaws is
                            prioritized on the basis of the estimated
                            probability that a flaw exists and,
                            assuming a flaw does exist, on the ease
                            of exploiting it, and on the extent of
                            control or compromise it would provide.
                            The prioritized list is used to perform
                            penetration testing of a system.

formal access               Documented approval by a data
  approval                  owner to allow access to a particular
                            category of information.

formal proof                Complete and convincing mathematical
                            argument, presenting the full logical
                            justification for each proof step, for
                            the truth of a theorem or set of
                            theorems.

                            NOTE:  In computer security, these formal
                            proofs provide A1, and beyond A1
                            assurance under the DoD Trusted Computer
                            System Evaluation Criteria.

formal security policy      Mathematically precise statement of a
  model                     security policy.

                            NOTE:  Such a model must define a secure
                            state, an initial state, and how the
                            model represents changes in state.  The
                            model must be shown to be secure by
                            proving that the initial state is secure
                            and that all possible subsequent states
                            remain secure.





                                      34

                                              NSTISSI No. 4009




formal top-level            Top-level specification that is written
  specification             in a formal mathematical language to
                            allow theorems, showing the correspon-
                            dence of the system specification to its
                            formal requirements, to be hypothesized
                            and formally proven.

                            NOTE:  Formal top-level specification,
                            required for a class A1 AIS, completely
                            and accurately describes the trusted
                            computing base.  See descriptive top-
                            level specification.

formal verification         Process of using formal proofs to
                            demonstrate the consistency between
                            formal specification of a system and
                            formal security policy model (design
                            verification) or between formal
                            specification and its high-level program
                            implementation (implementation
                            verification).

frequency hopping           Repeated switching of frequencies during
                            radio transmission according to a
                            specified algorithm, to minimize
                            unauthorized interception or jamming of
                            telecommunications.

front-end security          Security filter, which could be
  filter                    implemented in hardware or software, that
                            is logically separated from the remainder
                            of an AIS to protect the integrity of the
                            system.

full maintenance            Complete diagnostic repair, modification,
                            and overhaul of information systems
                            security equipment, including repair of
                            defective assemblies by piece part
                            replacement.  (See limited maintenance.)

functional testing          Segment of security tasting in which
                            advertised security mechanisms of an AIS
                            are tested under operational conditions.










                                      35

                                              NSTISSI No. 4009



                                       G



granularity                 Relative fineness or coarseness to which
                            an access control mechanism can be
                            adjusted.

                            NOTE:  Protection at the file level is
                            considered coarse granularity, whereas
                            protection at the field level is
                            considered to be a finer granularity.

guard                       Processor that provides a filter between
                            two disparate systems operating at
                            different security levels or between a
                            user terminal and a data base to remove
                            data for which the user is not authorized
                            access.


































                                      36

                                              NSTISSI No. 4009



                                       H



handshaking procedures      Dialogue between two entities (e.g., a
                            user and a computer, a computer and
                            another computer, or a program and
                            another program) for the purpose of
                            identifying and authenticating these
                            entities to one another.

hard copy key               Physical keying material, such as printed
                            key lists, punched or printed key tapes,
                            or programmable, read-only memories.

hardwired key               Key that is permanently installed.

hashing                     Iterative process that computes a value
                            (referred to as a hashword) from a
                            particular data unit in a manner that,
                            when a hashword is protected,
                            manipulation of the data is detectable.

hashword                    Synonymous with checksum.

high risk environment       Specific location or geographic area
                            where there are insufficient friendly
                            security forces to ensure the
                            safeguarding of information systems
                            security equipment.

hostile cognizant agent     Person, authorized access to national
                            security information, who intentionally
                            makes that information available to an
                            intelligence service or other group, the
                            goals of which are inimical to the
                            interests of the United States Government
                            or its allies.

host to front-end           Set of conventions governing the
  protocol                  format and control of data that is passed
                            from a host to a front-end machine.











                                      37

                                              NSTISSI No. 4009


                                       I




identification              Process that enables recognition of an
                            entity by an AIS.

                            NOTE:  This is generally accomplished by
                            the use of unique machine-readable user
                            names.

imitative communications    Introduction of deceptive messages or
  deception                 signals into an adversary's
                            telecommunications signals.  See
                            communications deception and manipulative
                            communications deception.

impersonation               Synonymous with spoofing.

implant                     Electronic device or component
                            modification to electronic equipment that
                            is designed to gain unauthorized
                            interception of information-bearing
                            energy via technical means.

inadvertent                 Accidental exposure of information
  disclosure                to a person not authorized access.

incomplete parameter        AIS design flaw that results when
  checking                  all parameters have not been fully
                            anticipated for accuracy and consistency,
                            thus making the system vulnerable to
                            penetration.

individual accountability   Ability to associate positively the
                            identity of a user with the time, method,
                            and degree of access to an AIS.

information flow            Procedure to ensure that information
  control                   transfers within an AIS are not made from
                            a higher security level object to an
                            object of a lower security level.










                                      38

                                              NSTISSI No. 4009




information label           Piece of information that accurately and
                            completely represents the sensitivity of
                            the data in a subject or object.

                            NOTE:  Information label consists of a
                            security label as well as other required
                            security markings (e.g., codewords,
                            dissemination control markings, and
                            handling caveats), to be used for data
                            information security labeling purposes.

information system          Any telecommunications and/or computer
                            related equipment or interconnected
                            system or subsystems of equipment that is
                            used in the acquisition, storage,
                            manipulation, management, movement,
                            control, display, switching, interchange,
                            transmission, or reception of voice
                            and/or data, and includes software,
                            firmware, and hardware.

information systems         The protection of information systems
  security (INFOSEC)        against unauthorized access to or
                            modification of information, whether in
                            storage, processing or transit, and
                            against the denial of service to
                            authorized users or the provision of
                            service to unauthorized users, including
                            those measures necessary to detect,
                            document, and counter such threats.

information system          Person responsible to the designated
  security officer          approving authority who ensures that
                            security of an information system is
                            implemented through its design,
                            development, operation, maintenance, and
                            secure disposal stages.

information systems         Item (chip, module, assembly, or
  security product          equipment), technique, or service that
                            performs or relates to information
                            systems security.

initialize                  Setting the state of a cryptographic
                            logic prior to key generation,
                            encryption, or other operating mode.

integrity check value       Checksum that is capable of detecting
                            malicious modification of an AIS.


                                      39

                                              NSTISSI No. 4009




interim approval            Temporary authorization granted by a
                            designated approving authority for an AIS
                            to process classified information and
                            information governed by 10 U.S.C. Section
                            2315 or 44 U.S.C. 3502(2) in its
                            operational environment based on
                            preliminary results of a security
                            evaluation of the system.

internet private line       Network cryptographic unit that
  interface                 provides secure connections, singularly
                            or in simultaneous multiple connections,
                            between a host and a predetermined set of
                            corresponding hosts.

internet protocol           Standard protocol for transmission of
                            data from source to destinations in
                            packet-switched communications networks
                            and interconnected systems of such
                            networks.































                                      40

                                              NSTISSI No. 4009




                                       K


key                         Information (usually a sequence of random
                            or pseudorandom binary digits) used
                            initially to set up and periodically
                            change the operations performed in
                            crypto-equipment for the purpose of
                            encrypting or decrypting electronic
                            signals, for determining electronic
                            counter-countermeasures patterns (e.g.,
                            frequency hopping or spread spectrum), or
                            for producing other key.

                            NOTE:  "Key" has replaced the terms
                            "variable," "key(ing) variable," and
                            "cryptovariable.'

key-auto-key                Cryptographic logic which uses previous
                            key to produce key.

key card                    Paper card, containing a pattern of
                            punched holes, which establishes the key
                            for a specific cryptonet at a specific
                            time.

key encryption key          Key that encrypts or decrypts other key
                            for transmission or storage.

key list                    Printed series of key settings for a
                            specific cryptonet.

                            NOTE:  Key lists may be produced in list,
                            pad, or printed tape format.

key management              Process by which key is generated,
                            stored, protected, transferred, loaded,
                            used, and destroyed.

key production key          Key that is used to initialize a
                            keystream generator for the production of
                            other electronically generated key.









                                      41

                                              NSTISSI No. 4009


key stream                  Sequence of symbols (or their electrical
                            or mechanical equivalents) produced in a
                            machine or auto-manual cryptosystem to
                            combine with plain text to produce cipher
                            text, control transmission security
                            processes, or produce key.

key tag                     Identification information associated
                            with certain types of electronic key.

key tape                    Punched or magnetic tape containing key.

                            NOTE:  Printed key in tape form is
                            referred to as a key list.

key updating                Irreversible cryptographic process for
                            modifying key automatically or manually.

keying material             Key, code, or authentication information
                            in physical or magnetic form.

































                                      42

                                              NSTISSI No. 4009




                                       L



least privilege             Principle that requires that each subject
                            be granted the most restrictive set of
                            privileges needed for the performance of
                            authorized tasks.

                            NOTE:  Application of this principle
                            limits the damage that can result from
                            accident, error, or unauthorized use of
                            an AIS.

limited access              Synonymous with access control.

limited maintenance         COMSEC maintenance restricted to fault
                            isolation, removal, and replacement of
                            plug-in assemblies.

                            NOTE:  Soldering or unsoldering usually
                            is prohibited in limited maintenance.
                            See full maintenance.

line conduction             Unintentional signals or noise induced or
                            conducted on a telecommunications or
                            automated information system signal,
                            power, control, indicator, or other
                            external interface line.

link encryption             Encryption of data in individual links of
                            a telecommunications system.

list-oriented               Computer protection in which each
                            protected object has a list of all
                            subjects authorized to access it.  (See
                            also ticket-oriented.);

lock and key                Protection system that involves
 protection system          matching a key or password with a
                            specific access requirement.

logic bomb                  Resident computer program that triggers
                            an unauthorized act when particular
                            states of an AIS are realized.





                                      43

                                              NSTISSI No. 4009




logical completeness        Means for assessing the effectiveness
  measure                   and degree to which a set of security and
                            access control mechanisms meets the
                            requirements of security specifications.

long title                  Descriptive title of a COMSEC item.

low probability of          Result of measures used to hide or
  detection                 disguise intentional electromagnetic
                            transmissions.

low probability of          Result of measures to prevent the
  intercept                 intercept of intentional electromagnetic
                            transmissions.






































                                      44

                                              NSTISSI No. 4009




                                       M



machine cryptosystem        Cryptosystem in which cryptographic
                            processes are performed by crypto-
                            equipment.

magnetic remanence          Magnetic representation of residual
                            information that remains on a magnetic
                            medium after the medium has been erased
                            or overwritten.

                            NOTE:  Magnetic remanence refers to data
                            remaining on magnetic storage media after
                            removal of the power or after degaussing.

maintenance hook            Special instructions in software to allow
                            easy maintenance and additional feature
                            development.

                            NOTE:  Maintenance hooks are not clearly
                            defined during access for design
                            specification.  Since maintenance hooks
                            frequently allow entry into the code at
                            unusual points or without the usual
                            checks, they are a serious security risk
                            if they are not removed prior to live
                            implementation.  Maintenance hooks are
                            special types of trap doors.

maintenance key             Key intended only for off-the-air in-shop
                            use.

malicious logic             Hardware, software, or firmware that is
                            intentionally included in an AIS for an
                            unauthorized purpose.

                            NOTE:  Trojan horse is a form of
                            malicious logic.












                                      45

                                               NSTISSI No. 4009




mandatory access            Means of restricting access to objects
  control                   based on the sensitivity (as represented
                            by a label) of the information contained
                            in the objects and the formal
                            authorization (i.e., clearance) of
                            subjects to access information of such
                            sensitivity.  (See discretionary access
                            control.)

mandatory                   Change to a COMSEC end item that the
  modification              National Security Agency requires to be
                            completed and reported by a specified
                            date.

                            NOTE:  This type of modification should
                            not be confused with modifications that
                            are optional to the National Security
                            Agency, but have been adjudged mandatory
                            by a given department or agency.  The
                            latter modification may have an
                            installation deadline established and
                            controlled solely by the user's
                            headquarters.

manipulative                Alteration or simulation of friendly
  communications            telecommunications for the purpose
  deception                 of deception.

                            NOTE:  Manipulative communications
                            deception may involve establishment of
                            bogus communications structures,
                            transmission of deception messages, and
                            expansion or creation of communications
                            schedules on existing structures to
                            display an artificial volume of messages.
                            See communications deception and
                            imitative communications deception.

manual cryptosystem         Cryptosystem in which the cryptographic
                            processes are performed manually without
                            the use of crypto-equipment or auto-
                            manual devices.

manual remote               Procedure by which a distant crypto-
  rekeying                  equipment is rekeyed electrically, with
                            specific actions required by the
                            receiving terminal operator.




                                      46

                                              NSTISSI No. 4009




masquerading                Synonymous with spoofing.

master crypto-ignition      Crypto-ignition key that is able to
  key                       initialize crypto-ignition key, when
                            interacting with its associated crypto-
                            equipment.

material symbol             Communications circuit identifier used
                            for key card resupply purposes.

memory bounds               Limits in the range of storage addresses
                            for a protected region in the memory of
                            an AIS.

message authentication      Data element associated with an
  code                      authenticated message which allows a
                            receiver to verify the integrity of the
                            message.

message externals           Non-textual (outside the message text)
                            characteristics of transmitted messages.

message indicator           Sequence of bits transmitted over a
                            telecommunications system for the purpose
                            of crypto-equipment synchronization.

                            NOTE:  Some off-line cryptosystems, such
                            as the KL-5l and one-time pad systems,
                            employ message indicators to establish
                            decryption starting points.

mimicking                   Synonymous with spoof ing.

mobile COMSEC facility      COMSEC facility that can be readily moved
                            from one location to another.

mode of operation           Description of the conditions under which
                            an AIS operates, based on the sensitivity
                            of data processed and the clearance
                            levels and authorizations of the users.

                            NOTE:  Five modes of operation are
                            authorized for an AIS processing
                            information and for networks transmitting
                            information.  See compartmented mode,
                            dedicated mode, multilevel mode,
                            partitioned security mode, and system-
                            high mode.



                                      47

                                              NSTISSI No. 4009




multilevel device           Device that is trusted to properly
                            maintain and separate data of different
                            security levels.

multilevel mode             AIS security mode of operation wherein
                            all the following statements are
                            satisfied concerning the users who have
                            direct or indirect access to the system,
                            its peripherals, remote terminals, or
                            remote hosts:

                            a.  Some users do not have a valid
                            security clearance for all the
                            information processed in the AIS.

                            b.  All users have the proper security
                            clearance and appropriate formal access
                            approval for that information to which
                            they have access.

                            c.  All users have a valid need-to-know
                            only for information to which they have
                            access.

multilevel security         Concept of processing information with
                            different classifications and categories
                            that simultaneously permits access by
                            users with different security clearances,
                            but prevents users from obtaining access
                            to information for which they lack
                            authorization.

mutual suspicion            Condition in which two entities need to
                            rely upon each other to perform a
                            service, yet neither entity trusts the
                            other to properly protect shared data.















                                      48

                                              NSTISSI No. 4009




                                       N



national security           Information that has been determined,
  information               pursuant to Executive Order 12356 or any
                            predecessor order, to require protection
                            against unauthorized disclosure, and that
                            is so designated.

national security           Telecommunications and automated infor-
  systems                   mation systems operated by the U.S.
                            Government, its contractors, or its
                            agents, that contain classified
                            information or, as set forth in 10 U.S.C.
                            Section 2315, that involves intelligence
                            activities, involves cryptologic
                            activities related to national security,
                            involves command and control of military
                            forces, involves equipment that is an
                            integral part of a weapon or weapon
                            system, or involves equipment that is
                            critical to the direct fulfillment of
                            military or intelligence missions.

need-to-know                Access to, or knowledge or possession of,
                            specific information required to carry
                            out official duties.

net control station         Terminal in a secure telecommunications
                            net responsible for distributing key in
                            electronic form to the members of the
                            net.

network front end           Device that implements the needed
                            security-related protocols to allow a
                            computer system to be attached to a
                            network.

network reference           Access control concept that refers to
  monitor                   an abstract machine that mediates all
                            access to objects within a network by
                            subjects within the network.  See
                            reference monitor.







                                      49

                                              NSTISSI No. 4009




network security            Protection of networks and their services
                            from unauthorized modification,
                            destruction, or disclosure, and
                            provision of assurance that the network
                            performs its critical functions correctly
                            and there are no harmful side-effects.

                            NOTE:  Network security includes
                            providing for data integrity.

network security            Individual formally appointed by a
  officer                   designated approving authority to ensure
                            that the provisions of all applicable
                            directives are implemented throughout the
                            life cycle of an automated information
                            system network.  See information system
                            security officer.

network system              System that is implemented with a
                            collection of interconnected network
                            components.

                            NOTE:  A network system is based on a
                            coherent security architecture and
                            design.

network trusted             Totality of protection mechanisms
  computing base            within a network system, including
                            hardware, firmware, and software, the
                            combination of which is responsible for
                            enforcing a security policy.  See trusted
                            computing base.

no-lone zone                Area, room, or space which, when manned,
                            must be occupied by two or more
                            appropriately cleared individuals who
                            remain within sight of each other.  (See
                            two person integrity.)

noncooperative              Synonymous with automatic remote
  remote rekeying           rekeying.










                                      50

                                              NSTISSI No. 4009




non-repudiation             Method by which the sender of data is
                            provided with proof of delivery and the
                            recipient is assured of the sender's
                            identity, so that neither can later deny
                            having processed the data.

non-secret encryption       Synonymous with public key cryptography.

null                        Dummy letter, letter symbol, or code
                            group inserted in an encrypted message to
                            delay or prevent its decryption or to
                            complete encrypted groups for transmis-
                            sion or transmission security purposes.






































                                      51

                                              NSTISSI No. 4009



                                       O



object                      Passive entity that contains or receives
                            information.

                            NOTE:  Access to an object implies access
                            to the information it contains.  Examples
                            of objects are:  records, blocks, pages,
                            segments, files, directories, directory
                            trees and programs, as well as bits,
                            bytes, words, fields, processors, video
                            displays, keyboards, clocks, printers,
                            and network nodes.

object reuse                Reassignment of a storage medium (e.g.,
                            page frame, disk sector, magnetic tape)
                            that contained one or more objects, after
                            ensuring that no residual data remained
                            on the storage medium.

off-line cryptosystem       Cryptosystem in which encryption and
                            decryption are performed independently of
                            the transmission and reception functions.

one-part code               Code in which plain text elements and
                            their accompanying code groups are
                            arranged in alphabetical, numerical, or
                            other systematic order, so that one
                            listing serves for both encoding and
                            decoding.

                            NOTE:  One-part codes are normally small
                            codes that are used to pass small volumes
                            of low-sensitivity information.

one-time                    Cryptosystem employing key which is
  cryptosystem              used only once.

one-time pad                Manual one-time cryptosystem produced in
                            pad form.

one-time tape               Punched paper tape used to provide key
                            streams on a one-time basis in certain
                            machine cryptosystems.






                                      52

                                              NSTISSI No. 4009




on-line cryptosystem        Cryptosystem in which encryption and
                            decryption are performed in association
                            with the transmitting and receiving
                            functions.

open security               Environment that does not provide
  environment               sufficient assurance that applications
                            and equipment are protected against the
                            introduction of malicious logic prior to
                            or during the operation of a system.

open storage                Storage of classified information within
                            an accredited facility, but not in
                            General Services Adminstration approved
                            secure containers, while the facility is
                            unoccupied by authorized personnel.

operational data            Protection of data from either
  security                  accidental or unauthorized intentional
                            modification, destruction, or disclosure
                            during input, processing, or output
                            operations.

operational key             Key intended for use on-the-air for
                            protection of operational information or
                            for the production or secure electrical
                            transmission of key streams.

operational waiver          Authority for continued use of unmodified
                            COMSEC end-items, pending the completion
                            of a mandatory modification.

operations code             Code composed largely of words and
                            phrases which are suitable for general
                            communications use.

operations security         Process denying to potential adversaries
                            information about capabilities and/or
                            intentions by identifying, controlling
                            and protecting generally unclassified
                            evidence of the planning and execution of
                            sensitive activities.









                                      53

                                              NSTISSI No. 4009




optional modification       National Security Agency approved
                            modification that is not required for
                            universal implementation by all holders
                            of a COMSEC end-item.

                            NOTE:  This class of modification
                            requires all of the engineering/
                            doctrinal control of mandatory
                            modification, but is usually not related
                            to security, safety, TEMPEST, or
                            reliability.

Orange Book                 Synonymous with DoD Trusted Computer
                            System Evaluation Criteria.

organizational              Limited maintenance performed by a
  maintenance               user organization.

overt channel               Communications path within a computer
                            system or network that is designed for
                            the authorized transfer of data.  (See
                            covert channel.)

over-the-air key            Providing electronic key via
  distribution              over-the-air rekeying, over-the-air key
                            transfer, or cooperative key generation.

over-the-air key transfer   Electronically distributing key without
                            changing traffic encryption key used on
                            the secured communications path over
                            which the transfer is accomplished.

over-the-air rekeying       Changing traffic encryption key or
                            transmission security key in remote
                            crypto-equipment by sending new key
                            directly to the remote crypto-equipment
                            over the communications path it secures.

overwrite procedure         Process which removes or destroys data
                            recorded on an AIS storage medium by
                            writing patterns of data over, or on top
                            of, the data stored on the medium.









                                      54

                                              NSTISSI No. 4009




                                       P



parity                      Set of bits used to determine whether a
                            block of data (key or data stored in
                            computers) has been intentionally or
                            unintentionally altered.

partitioned security mode   AIS security mode of operation wherein
                            all personnel have the clearance, but not
                            necessarily formal access approval and
                            need-to-know, for all information handled
                            by an AIS.

                            NOTE:  This security mode encompasses the
                            compartmented mode and applies to non-
                            intelligence DoD organizations and DoD
                            contractors.

passphrase                  Sequence of characters, longer than the
                            acceptable length of a password, that is
                            transformed by a password system into a
                            virtual password of acceptable length.

password                    Protected/private character string used
                            to authenticate an identity or to
                            authorize access to data.

penetration                 Unauthorized act of bypassing the
                            security mechanisms of a cryptographic
                            system or AIS.

penetration testing         Security testing in which evaluators
                            attempt to circumvent the security
                            features of an AIS based on their
                            understanding of the system design and
                            implementation.

per-call key                Unique traffic encryption key generated
                            automatically by certain secure
                            telecommunications systems to secure
                            single voice or data transmissions.
                            (See cooperative key generation.)







                                      55

                                              NSTISSI No. 4009




periods processing          Processing of various levels of
                            classified and unclassified information
                            at distinctly different times.

                            NOTE:  Under periods processing, the
                            system must be purged of all information
                            from one processing period before
                            transitioning to the next when there are
                            different users with differing
                            authorizations.

permuter                    Device used in a crypto-equipment to
                            change the order in which the contents of
                            a shift register are used in various
                            nonlinear combining circuits.

plain text                  Unencrypted information.

positive control            Generic term referring to a sealed
  material                  authenticator system, permissive action
                            link, coded switch system, positive
                            enable system, or nuclear command and
                            control documents, material or devices.

preproduction model         Version of a crypto-equipment that
                            employs standard parts and is in final
                            mechanical and electrical form suitable
                            for complete evaluation of form, design,
                            and performance.

                            NOTE:  Preproduction models are often
                            referred to as E-model equipment.

print suppression           Eliminating the display of characters in
                            order to preserve their secrecy.

                            NOTE:  An example of print suppression is
                            not displaying the characters of a
                            password as it is keyed at she input
                            terminal.

privacy system              Commercial encryption system that affords
                            telecommunications limited protection to
                            deter a casual listener, but cannot
                            withstand a technically competent
                            cryptanalytic attack.





                                      56

                                              NSTISSI No. 4009




production model            Crypto-equipment in its final mechanical
                            and electrical form of production design
                            made by use of production tools, jigs,
                            fixtures, and methods using standard
                            parts.

profile                     Detailed security description of the
                            physical structure, equipment component,
                            location, relationships, and general
                            operating environment of an AIS.

proprietary information     Material and information relating to or
                            associated with a company's products,
                            business or activities, including but not
                            limited to:  financial information; data
                            or statements; trade secrets; product
                            research and development; existing and
                            future product designs and performance
                            specifications; marketing plans or
                            techniques; schematics; client lists;
                            computer programs; processes; and know-
                            how that have been clearly identified and
                            properly marked as proprietary
                            information, trade secrets or company
                            confidential information.

                            NOTE:  Trade secrets constitute the whole
                            or any portion or phase of any technical
                            information, design process, procedure,
                            formula or improvement that is not
                            generally available to the public, that a
                            company considers company confidential
                            and that could give or gives an advantage
                            over competitors who do not know or use
                            the trade secret.

protected                   Telecommunications deriving their
  communications            protection through use of type 2 products
                            or data encryption standard equipment.
                            (See secure communications.)

protected distribution      Wireline or fiber-optic telecommuni-
    system                  cations system that includes terminals
                            and adequate acoustic, electrical,
                            electromagnetic, and physical safeguards
                            to permit its use for the unencrypted
                            transmission of classified information.




                                      57

                                              NSTISSI No. 4009




protection equipment        Type 2 product or data encryption
                            standard equipment that the National
                            Security Agency has endorsed to meet
                            applicable standards for the protection
                            of telecommunications or automated
                            information systems containing national
                            security information.

protection philosophy       Informal description of the overall
                            design of an AIS that delineates each of
                            the protection mechanisms employed.

                            NOTE:  Combination, appropriate to the
                            evaluation class, of formal and informal
                            techniques used to show the mechanisms
                            are adequate to enforce the security
                            policy.

protection ring             One of a hierarchy of privileged modes of
                            an AIS that gives certain access rights
                            to user programs and processes authorized
                            to operate in a given mode.

protective packaging        Packaging techniques for COMSEC material
                            which discourage penetration, reveal that
                            a penetration has occurred or was
                            attempted, or inhibit viewing or copying
                            of keying material prior to the time it
                            is exposed for use.

protective technologies     Special tamper-evident features and
                            materials employed for the purpose of
                            detecting tampering and deterring
                            attempts to compromise, modify,
                            penetrate, extract, or substitute
                            information processing equipment and
                            keying material.














                                      58