AJP: M. Abrams, S. Jajodia, and H. Podell, eds, Information Security - An Integrated Collection of Essays, IEEE Computer Society Press, January 1995.
CC 0.9 : Common Criteria Editoriasl Board, Common Criteria for Information Technology Security Evaluation, Preliminary DRAFT Version 0.9, 94/10/31
FC v.1 : Nat'l Inst. of Standards and Technology (NIST) and Nat'l Security Agency (NSA), Federal Criteria for Information Technology Security: Vol. I, Protection Profile Development; Vol. II, Registry of Protection Profiles, Version 1.0, Dec. 1992.
ITSEC : Commission of the European Communities, Information Technology Security Evaluation Criteria (ITSEC), Provisional Harmonized Criteria: Version 1.2, Office for Official Publications of the European Communities, Luxembourg, June 1991.
NCSC TG-004 : Nat'l Computer Security Center, Trusted Network, Glossary of Computer Security Terms, NCSC-TG-004, Oct. 1988.
TCSEC : Dept. of Defense Standard, Department of Defense Trusted Computer System Evaluation Criteria, DOD 5200.28-STD, GPO 1986-623-963, 643 0, Dec. 26, 1985.
TNI : Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria, NCSC-TG-005, National Computer Security Center, July 1987.
____________________________
*-Property (Star Property) - A Bell-LaPadula security model rule allowing a subject write access to an object only if the security level of the subject is dominated by the security level of the object. Also known as the Confinement Property. [TCSEC]
*-property (or star property) - A Bell-La Padula security model rule allowing a subject write access to an object only if the security level of the object dominates the security level of the subject. Also called confinement property. [NCSC TG-004]
*-property (star property) - a Bell-LaPadula security model rule allowing a subject write access to an object only if the security level of the subject is dominated by the security level of the object. Also known as the Confinement Property. [TNI]
*-property (star property): A Bell-LaPadula security model rule allowing a subject write access to an object only if the security level of the subject is dominated by the security level of the object. Also known as the confinement property. [AJP]
Acceptance Procedure - a procedure which takes objects produced during the development, production and maintenance processes for a Target of Evaluation and, as a positive act, places them under the controls of a Configuration Control system. [ITSEC]
acceptance inspection - The final inspection to determine whether or not a facility or system meets the specified technical and performance standards. Note: This inspection is held immediately after facility and software testing and is the basis for commissioning or accepting the information system. [NCSC TG-004]
acceptance inspection: The final inspection to determine whether a facility or system meets the specified technical and performance standards. Note: This inspection is held immediately after facility and software testing and is the basis for commissioning or accepting the information system. [AJP]
acceptance procedure: A procedure which takes objects produced during the development, production, and maintenance processes for a target of evaluation and, as a positive act, places them under the controls of a configuration control system. [AJP]
Access - (1) A specific type of interaction between a subject and an object that results in the flow of information from one to the other. (2) The ability and the means necessary to approach, to store or retrieve data, to communicate with, or to make use of any resource of an ADP system. [TNI]
Access - A specific type of interaction between a subject and an object that results in the flow of information from one to the other. [TCSEC]
Access - Ability and means to communicate with (i.e., input to or
receive output from), or otherwise make use of any information, resource, or
component in an Information Technology (IT) Product.
Note: An individual
does not have "access" if the proper authority or a physical, technical, or
procedural measure prevents them from obtaining knowledge or having an
opportunity to alter information, material, resources, or components.[FC v.1]
Access Control - Process of limiting access to the resources of an IT product only to authorized users, programs, processes, systems, or other IT products. [FC v.1]
Access Control List - Mechanism implementing discretionary access control in an IT product that identifies the users who may access an object and the type of access to the object that a user is permitted.[FC v.1]
Access Control Mechanism - Security safeguards designed to detect and prevent unauthorized access, and to permit authorized access in an IT product. [FC v.1]
Access control - (1) The limiting of rights or capabilities of a subject to communicate with other subjects, or to use functions or services in a computer system or network. (2) Restrictions controlling a subject's access to an object. [TNI]
Access control list - (1) A list of subjects authorized for specific access to an object. (2) A list of entities, together with their access rights, which are authorized to have access to a resource. [TNI]
Access Mediation - Process of monitoring and controlling access to the resources of an IT product, including but not limited to the monitoring and updating of policy attributes during accesses as well as the protection of unauthorized or inappropriate accesses (see Access Control).[FC v.1]
Access right - A granted permission for a User or Subject to carry out an Access Type. [CC 0.9]
Access type - A specific type of interaction which can be carried out on an Object. [CC 0.9]
access - A specific type of interaction between a subject and an object that results in the flow of information from one to the other. [NCSC TG-004]
access control - The process of limiting access to the resources of a system only to authorized programs, processes, or other systems (in a network). Synonymous with controlled access and limited access. [NCSC TG-004]
access control list: (1) A mechanism implementing discretionary access control in an IT (information technology) product that identifies the users who may access an object and the type of access to the object that a user is permitted. (2) A list of subjects authorized for specific access to an object. (3) A list of entities, together with their access rights, which are authorized to have access to a resource. [AJP]
access control mechanism - Hardware or software features, operating procedures, management procedures, and various combinations of these designed to detect and prevent unauthorized access and to permit authorized access in an automated system. [NCSC TG-004]
access control mechanism: (1) Security safeguards designed to detect and prevent unauthorized access, and to permit authorized access in an IT (information technology) product. (2) Hardware or software features, operating procedures, management procedures, and various combinations of these designed to detect and prevent unauthorized access and to permit authorized access in an automated system. [AJP]
access control: (1) The process of limiting access to the resources of an information technology (IT) product only to authorized users, programs, processes, systems (in a network), or other IT products. (Synonymous with controlled access and limited access.) (2) The limiting of rights or capabilities of a subject to communicate with other subjects, or to use functions or services in a computer system or network. (3) Restrictions controlling a subject's access to an object. [AJP]
access level - The hierarchical portion of the security level used to identify the sensitivity of data and the clearance or authorization of users. Note: The access level, in conjunction with the nonhierarchical categories, forms the sensitivity label of an object. See category, security level, and sensitivity label. [NCSC TG-004]
access level: The hierarchical portion of the security level used to identify the sensitivity of data and the clearance or authorization of users. Note: The access level, in conjunction with the nonhierarchical categories, forms the sensitivity label of an object. (See category, security level, and sensitivity label.) [AJP]
access list - A list of users, programs, and/or processes and the specifications of access categories to which each is assigned. [NCSC TG-004]
access list: Synonymous with access control list. [AJP]
access mediation: Process of monitoring and controlling access to the resources of an IT (information technology) product, including but not limited to the monitoring and updating of policy attributes during accesses as well as the protection of unauthorized or inappropriate accesses (see access control). [AJP]
access period - A segment of time, generally expressed on a daily or weekly basis, during which access rights prevail. [NCSC TG-004]
access period: A segment of time, generally expressed on a daily or weekly basis, during which access rights prevail. [AJP]
access port - A logical or physical identifier that a computer uses to distinguish different terminal input/output data streams. [NCSC TG-004]
access port: A logical or physical identifier that a computer uses to distinguish different terminal input/output data streams. [AJP]
access type - The nature of an access right to a particular device, program, or file (e.g., read, write, execute, append, modify, delete, or create). [NCSC TG-004]
access type: The nature of an access right to a particular device, program, or file (for example, read, write, execute, append, modify, delete, or create). [AJP]
access: (1) The ability and means to communicate with (that is, input to or receive output from) or otherwise make use of any information, resource, or component in an information technology (IT) product. (2) A specific type of interaction between a subject and an object that results in the flow of information from one to the other. Note: An individual does not have "access" if the proper authority or a physical, technical, or procedural measure prevents him or her from obtaining knowledge or having an opportunity to alter information, material, resources, or components. [AJP]
Accountability - Means of linking individuals to their interactions with an IT product, thereby supporting identification of and recovery from unexpected or unavoidable failures of the control objectives.[FC v.1]
Accountability - The property that responsibility for events can be determined. [CC 0.9]
Accountability - the quality or state which enables actions on an ADP system to be traced to individuals who may then be held responsible. These actions include violations and attempted violations of the security policy, as well as allowed actions. [TNI]
accountability - The property that enables activities on a system to be traced to individuals who may then be held responsible for their actions. [NCSC TG-004]
accountability: (1) Means of linking individuals to their interactions with an IT (information technology) product, thereby supporting identification of and recovery from unexpected or unavoidable failures of the control objectives. (2) The quality or state that enables actions on an ADP (automated data processing) system to be traced to individuals who may then be held responsible. These actions include violations and attempted violations of the security policy, as well as allowed actions. (3) The property that enables activities on a system to be traced to individuals who may then be held responsible for their actions. [AJP]
Accreditation - Formal declaration by a designated approving authority that an Automated Information System (AIS) is approved to operate in a particular security configuration using a prescribed set of safeguards. [FC v.1]
Accreditation - has two definitions according to
circumstances:
a)the procedure for accepting an IT system for use within
a particular environment;
b)the procedure for recognising both the
technical competence and the impartiality of a test laboratory to carry out its
associated tasks. [ITSEC]
Accreditation - The administrative process of granting authority. [CC 0.9]
Accreditation - the managerial authorization and approval, granted to an ADP system or network to process sensitive data in an operational environment, made on the basis of a certification by designated technical personnel of the extent to which design and implementation of the system meet pre-specified technical requirements, e.g., TCSEC, for achieving adequate data security. Management can accredit a system to operate at a higher/lower level than the risk level recommended (e.g., by the Requirements Guideline-) for the certification level of the system. If management accredits the system to operate at a higher level than is appropriate for the certification level, management is accepting the additional risk incurred. [TNI]
Accreditation - Two definitions according to circumstances:
1) Operational system accreditation - The authorisation that
is granted for use of an IT system to process sensitive information in its
operational environment. (ANSI modified)
2) Laboratory
accreditation - The formal recognition that a testing laboratory is
technically competent to carry out its specified tasks.[JTC1/SC27/N734]
Accreditation range - of a host with respect to a particular network, is a set of mandatory access control levels - Security Requirements: Guidance for Applying the Department of Defense Trusted Computer System Evaluation Criteria in Specific Environments,CSC-STD-003-85 for data storage, processing, and transmission. The accreditation range will generally reflect the sensitivity levels of data that the accreditation authority believes the host can reliably keep segregated with an acceptable level of risk in the context of the particular network for which the accreditation range is given. Thus, although a host system might be accredited to employ the mandatory access control levels CONFIDENTIAL, SECRET, and TOP SECRET in stand-alone operation, it might have an accreditation range consisting of the single value TOP SECRET for attachment to some network. [TNI]
accreditation - A formal declaration by the DAA that the AIS is approved to operate in a particular security mode using a perscribed set of safeguards. Accreditation is the official management authorization for operation of an AIS and is based on the certification process as well as other management considerations. The accreditation statement affixes security responsibility with the DAA and shows that due care has been taken for security. [NCSC TG-004]
accreditation authority - Synonymous with Designated Approving Authority. [NCSC TG-004]
accreditation authority: Synonymous with designated approving authority. [AJP]
accreditation range: The accreditation range of a host with respect to a particular network is a set of mandatory access control levels (according to "Computer Security Requirements: Guidance for Applying the Department of Defense Trusted Computer System Evaluation Criteria in Specific Environments," CSC-STD-003-85) for data storage, processing, and transmission. The accreditation range will generally reflect the sensitivity levels of data that the accreditation authority believes the host can reliably keep segregated with an acceptable level of risk in the context of the particular network for which the accreditation range is given. Thus, although a host system might be accredited to use the mandatory access control levels Confidential, Secret, and Top Secret in stand-alone operation, it might have an accreditation range consisting of the single value Top Secret for attachment to some network. [AJP]
accreditation: (1) The procedure for accepting an IT (information technology) system to process sensitive information within a particular operational environment. (2) The formal procedure for recognizing both the technical competence and the impartiality of an IT test laboratory (evaluation body) to carry out its associated tasks. (3) Formal declaration by a designated approving authority that an automated information system (AIS) is approved to operate in a particular security configuration using a prescribed set of safeguards. (4) The managerial authorization and approval granted to an ADP (automated data processing) system or network to process sensitive data in an operational environment, made on the basis of a certification by designated technical personnel of the extent to which design and implementation of the system meet pre-specified technical requirements, for example, TCSEC (Trusted Computer System Evaluation Criteria), for achieving adequate data security. Management can accredit a system to operate at a higher or lower level than the risk level recommended (for example, by the requirements guideline) for the certification level of the system. If management accredits the system to operate at a higher level than is appropriate for the certification level, management is accepting the additional risk incurred. (5) A formal declaration by the DAA (designated approving authority) that the AIS (automated information system) is approved to operate in a particular security mode using a prescribed set of safeguards. Accreditation is the official management authorization for operation of an AIS and is based on the certification process as well as other management considerations. The accreditation statement affixes security responsibility with the DAA and shows that due care has been taken for security. [AJP]
add-on security - The retrofitting of protection mechanisms, implemented by hardware or software. [NCSC TG-004]
add-on security: The retrofitting of protection mechanisms, implemented by hardware or software. [AJP]
Administration Documentation - the information about a Target of Evaluation supplied by the developer for use by an administrator. [ITSEC]
administration documentation: The information about a target of evaluation supplied by the developer for use by an administrator. [AJP]
administrative security - The management constraints and supplemental controls established to provide an acceptable level of protection for data. Synonymous with procedural security. [NCSC TG-004]
administrative security: The management constraints and supplemental controls established to provide an acceptable level of protection for data. (Synonymous with procedural security.) [AJP]
Administrator - a person in contact with the Target of Evaluation who is responsible for maintaining its operational capability. [ITSEC]
administrator: A person in contact with the target of evaluation who is responsible for maintaining its operational capability. [AJP]
algorithm: A mathematical procedure that can usually be explicitly encoded in a set of computer language instructions that manipulate data. Cryptographic algorithms are mathematical procedures used for such purposes as encrypting and decrypting messages and signing documents digitally. [AJP]
An AIS is operating in the compartmented mode when each user with direct or
indirect access to the AIS, its peripherals, remote terminals, or remote hosts,
has all of the following:
a. A valid personnel clearance for the most
restricted information processed in the AIS.
b. Formal access approval for,
and has signed nondisclosure agreements for that information to which he/she is
to have access.
c. A valid need-to-know for that information to which
he/she is to have access.
4) Multilevel Mode
An AIS is operating in the dedicated mode when each user with direct or
indirect individual access to the AIS, its peripherals, remote terminals, or
remote hosts, has all of the following:
a. A valid personnel clearance for
all information on the system.
b. Formal access approval for, and has
signed nondisclosure agreements for all the information stored and/or processed
(including all compartments, subcompartments and/or special access
programs).
c. A valid need-to-know for all information contained within the
system.
(2) System-High Mode
An AIS is operating in the multilevel mode when all the following statements
are satisfied concerning the users with direct or indirect access to the AIS,
its peripherals, remote terminals, or remote hosts:
a. Some do not have a
valid personnel clearance for all the information processed in the AIS.
.
All have the proper clearance and have the appropriate formal access approval
for that information to which he/she is to have access.
c. All have a valid
need-to-know for that information to which they are to have access. [NCSC
TG-004]
An AIS is operating in the system-high mode when each user with direct or
indirect access to the AIS, its peripherals, remote terminals, or remote hosts
has all of the following:
a. A valid personnel clearance for all
information on the AIS.
b. Formal access approval for, and has signed
nondisclosure agreements for all the information stored and/or processed
(including all compartments, subcompartments, and/or special access
programs).
c. A valid need-to-know for some of the information contained
within the AIS.
(3) Compartmented Mode
Application Program Interface - System access point or library function that has a welldefined syntax and is accessible from application programs or user code to provide well-defined functionality.[FC v.1]
application program interface: System access point or library function that has a well-defined syntax and is accessible from application programs or user code to provide well-defined functionality. [AJP]
Approval/Accreditation - The official authorization that is granted to an ADP system to process sensitive information in its operational environment, based upon comprehensive security evaluation of the system's hardware, firmware, and software security design, configuration, and implementation and of the other system procedural, administrative, physical, TEMPEST, personnel, and communications security controls. [TCSEC]
approval/accreditation: The official authorization that is granted to an ADP (automated data processing) system to process sensitive information in its operational environment, based upon comprehensive security evaluation of the system's hardware, firmware, and software security design, configuration, and implementation, and of the other system procedural, administrative, physical, TEMPEST, personnel, and communications security controls. [AJP]
Architectural Design - a phase of the Development Process wherein the top level definition and design of a Target of Evaluation is specified. [ITSEC]
architectural design: A phase of the development process wherein the top-level definition and design of a target of evaluation are specified. [AJP]
Assignment - Requirement in a protection profile taken directly as
stated, without change, from the list of components or derived by placing a
bound on a threshold definition.
Note: The assignment of
environment-specific requirements to generic component requirements is
performed when a component requirement corresponds to an environment-specific
requirement. [FC v.1]
assignment: Requirement in a protection profile taken directly as stated, without change, from the list of components or derived by placing a bound on a threshold definition. Note: The assignment of environment-specific requirements to generic component requirements is performed when a component requirement corresponds to an environment-specific requirement. [AJP]
Assurance - (See Profile Assurance and IT Product Assurance). [FC v.1]
Assurance - Property of a TOE giving grounds for confidence that the TOE is secure. [CC 0.9]
Assurance - The degree of confidence that a TOE adequately fulfills the security requirements. Note: The two main aspects of assurance are effectiveness and correctness. (WG3 N102) Editor's Note: See also development assurance and evaluation assurance.[JTC1/SC27/N734]
Assurance - the confidence that may be held in the security provided by a Target of Evaluation. [ITSEC]
Assurance level - A predefined set of assurance components that assigns a measure to the inherent security quality of the TOE. An indication of the totality of assurance measures applied to a TOE. [CC 0.9]
Assurance level - In evaluation criteria, a specific level on a hierarchical scale representing successively increased confidence that a TOE adequately fulfills the security requirements. (WG3 N102)[JTC1/SC27/N734]
Assurance Profile - an assurance requirement for a TOE whereby different levels of confidence are required in different security enforcing functions. [ITSEC]
assurance - A measure of confidence that the security features and architecture of an AIS accurately mediate and enforce the security policy. [NCSC TG-004]
assurance level: In evaluation criteria, a specific level on a hierarchical scale representing successively increased confidence that a target of evaluation adequately fulfills the security requirements. [AJP]
assurance profile: An assurance requirement for a TOE (target of evaluation) whereby different levels of confidence are required in different security-enforcing functions. [AJP]
assurance: See profile assurance and development and evaluation assurance. (1) The degree of confidence that a target of evaluation adequately fulfills the security requirements. (2) A measure of confidence that the security features and architecture of an AIS accurately mediate and enforce the security policy. Note: The two main aspects of assurance are effectiveness and correctness (ITSEC - Information Technology Security Evaluation Criteria) or development and evaluation assurance (Federal Criteria). [AJP]
attack - The act of trying to bypass security controls on a system. An attack may be active, resulting in the alteration of data; or passive, resulting in the release of data. Note: The fact that an attack is made does not necessarily mean that it will succeed. The degree of success depends on the vulnerability of the system or activity and the effectiveness of existing countermeasures. [NCSC TG-004]
attack: The act of trying to bypass security controls on a system. An attack may be active, resulting in the alteration of data; or passive, resulting in the release of data. Note: The fact that an attack is made does not necessarily mean that it will succeed. The degree of success depends on the vulnerability of the system or activity and the effectiveness of existing countermeasures. [AJP]
Audit - Independent review and examination of records and activities to determine compliance with established usage policies and to detect possible inadequacies in product technical security policies of their enforcement. [FC v.1]
Audit Trail - A set of records that collectively provide documentary evidence of processing used to aid in tracing from original transactions forward to related records and reports, and/or backwards from records and reports to their component source transactions. [TCSEC]
Audit Trail - Chronological record of system activities to enable the
reconstruction and examination of the sequence of events and/or changes in an
event. [NSTISSI 4009]
Note: Audit trail may apply to information in an
IT product or an AIS or to the transfer of COMSEC material.[FC v.1]
Audit trail - (1) A set of records that collectively provide documentary evidence of processing used to aid in tracing from original transactions forward to related records and reports, and/or backwards from records and reports to their component source transactions. (2) Information collected or used to facilitate a Security Audit. [TNI]
audit trail - A chronological record of system activities that is sufficient to enable the reconstruction, reviewing, and examination of the sequence of environments and activities surrounding or leading to an operation, a procedure, or an event in a transaction from its inception to final results. [NCSC TG-004]
audit trail: (1) A set of records that collectively provide documentary evidence of processing used to aid in tracing from original transactions forward to related records and reports, and/or backward from records and reports to their component source transactions. (2) A chronological record of system activities that is sufficient to enable the reconstruction, reviewing, and examination of the sequence of environments and activities surrounding or leading to an operation, a procedure, or an event in a transaction from its inception to final results. (3) Information collected or used to facilitate a security audit. Note: Audit trail may apply to information in an IT (information technology) product or an AIS (automated information system) or to the transfer of COMSEC (communications security) material. [AJP]
audit: Independent review and examination of records and activities to determine compliance with established usage policies and to detect possible inadequacies in product technical security policies of their enforcement. [AJP]
Augmentation - The addition of one or more assurance component(s) to an assurance
Authenticate - To establish the validity of a claimed identity. [TCSEC]
Authenticate - Verify the identity of a user, user device, or other entity, or the integrity of data stored, transmitted, or otherwise exposed to unauthorized modification in an IT product.[FC v.1]
authenticate - (1) To verify the identity of a user, device, or other
entity in a computer system, often as a prerequisite to allowing access to
resources in a system.
(2) To verify the integrity of data that have
been stored, transmitted, or otherwise exposed to possible unauthorized
modification. [NCSC TG-004]
authenticate: (1) To verify the identity of a user, user device, or other entity, or the integrity of data stored, transmitted, or otherwise exposed to unauthorized modification in an IT (information technology) product. (2) To verify the validity of a claimed identity of a user, device, or other entity in a computer system, often as a prerequisite to allowing access to resources in a system. (3) To verify the integrity of data that have been stored, transmitted, or otherwise exposed to possible unauthorized modification. [AJP]
Authentication - (1) To establish the validity of a claimed identity. (2) To provide protection against fraudulent transactions by establishing the validity of message, station, individual, or originator. [TNI]
Authentication - Means of verifying an entity's (e.g., individual user, machine, software component) eligibility to receive specific categories of information. [FC v.1]
authentication: (1) To establish the validity of a claimed identity. (2) To provide protection against fraudulent transactions by establishing the validity of a message, station, individual, or originator. (3) Means of verifying an entity's (for example, individual user's, machine's, or software component's) eligibility to receive specific categories of information. [AJP]
authenticator - The means used to confirm the identity or to verify the eligibility of a station, originator, or individual. [NCSC TG-004]
authenticator: The means used to confirm the identity or to verify the eligibility of a station, originator, or individual. [AJP]
Authorised user - A user who has a specific right or permission to do something described in the TSP. [CC 0.9]
Authorization - Access rights granted to a user, program, or process. [NSTISSI 4009] [FC v.1]
authorization - The granting of access rights to a user, program, or process. [NCSC TG-004]
authorization: Access rights granted to a user, program, or process. [AJP]
Authorized - Entitled to a specific mode of access. [FC v.1]
authorized: Entitled to a specific mode of access. [AJP]
Automated Information System (AIS) - Any equipment or interconnected
systems or subsystems of equipment that is used in the automatic acquisition,
storage, manipulation, management, movement, control, display, switching,
interchange, transmission or reception of data and includes computer software,
firmware, and hardware. [NSTISSI 4009]
Note: Included are computers,
word processing systems, networks, or other electronic information handling
systems, and associated equipment. [FC v.1]
automated data processing (ADP) security: Synonymous with automated information systems security. [AJP]
automated data processing (ADP) system: An assembly of computer hardware, firmware, and software configured for the purpose of classifying, sorting, calculating, computing, summarizing, transmitting and receiving, storing, and retrieving data, with a minimum of human intervention. [AJP]
automated data processing security - Synonymous with automated information systems security. [NCSC TG-004]
automated information system (AIS) - An assembly of computer hardware, software and/or firmware configured to collect, create, communicate, compute, disseminate, process, store, and/or control data or information. [NCSC TG-004]
automated information system (AIS): (1) Any equipment or interconnected systems or subsystems of equipment that are used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data and include computer software, firmware, and hardware. (2) An assembly of computer hardware, software, and/or automated information system (AIS) firmware configured to collect, create, communicate, compute, disseminate, process, store, and/or control data or information. Note: Included are computers, word processing systems, networks or other electronic information handling systems, and associated equipment. [AJP]
automated information system security - Measures and controls that protect an AIS against denial of service and unauthorized (accidental or intentional) disclosure, modification, or destruction of AISs and data. AIS security includes consideration of all hardware and/or software functions, characteristics and/or features; operational procedures, accountability procedures, and access controls at the central computer facility, remote computer, and terminal facilities; management constraints; physical structures and devices; and personnel and communication controls needed to provide an acceptable level of risk for the AIS and for the data and information contained in the AIS. It includes the totality of security safeguards needed to provide an acceptable protection level for an AIS and for data handled by an AIS. [NCSC TG-004]
automated information systems (AIS) security: Measures and controls that protect an AIS against denial of service and unauthorized (accidental or intentional) disclosure, modification, or destruction of AISs and data. AIS security includes consideration of all hardware and/or software functions, characteristics, and/or features; operational procedures, accountability procedures, and access controls at the central computer, remote computer, and terminal facilities; management constraints; physical structures and devices; and personnel and communication controls needed to provide an acceptable level of risk for the AIS and for the data and information contained in the AIS. It includes the totality of security safeguards needed to provide an acceptable protection level for an AIS and for data handled by an AIS. [AJP]
automated security monitoring - The use of automated procedures to ensure that security controls are not circumvented. [NCSC TG-004]
automated security monitoring: The use of automated procedures to ensure that security controls are not circumvented. [AJP]
Automatic Data Processing (ADP) System - An assembly of computer hardware, firmware, and software configured for the purpose of classifying, sorting, calculating, computing, summarizing, transmitting and receiving, storing, and retrieving data with a minimum of human intervention. [TCSEC]
Availability - Ability to access a specific resource within a specific time frame as defined within the IT product specification.[FC v.1]
Availability - The ability to use or access objects and resources as required. The property relates to the concern that information objects and other system resources are accessible when needed and without undue delay. (WG3 N102) [JTC1/SC27/N734]
Availability - The property that information and/or services are not being withheld in an unauthorised manner - and thus are accessible when needed without undue delay. [CC 0.9]
Availability - the prevention of the unauthorised withholding of information or resources. [ITSEC]
availability of data [NCSC TG-004]
availability: (1) The ability to access a specific resource within a specific time frame as defined within the IT (information technology) product specification. (2) The ability to use or access objects and resources as required. The property relates to the concern that information objects and other system resources are accessible when needed and without undue delay. (3) The prevention of the unauthorized withholding of information or resources. [AJP]
back door - Synonymous with trap door. [NCSC TG-004]
back door: Synonymous with trap door. [AJP]
backup plan - Synonymous with contingency plan. [NCSC TG-004]
backup plan: Synonymous with contingency plan. [AJP]
Bandwidth - A characteristic of a communication channel that is the amount of information that can be passed through it in a given amount of time, usually expressed in bits per second. [TCSEC]
Bandwidth - Rate at which information is transmitted through a
channel. (See channel capacity)
Note: Bandwidth is originally a term
used in analog communication, measured in Hertz, and related to information
rate by the "sampling theorem" (generally attributed to H. Nyquist although the
theorem was in fact known before Nyquist used it in communication theory).
Nyquist's sampling theorem says that the information rate in bits (samples) per
second is at most twice the bandwidth in Hertz of an analog signal created from
a square wave. In a covert-channel context "bandwidth" is given in bits/ second
rather than Hertz and is commonly used, in an abuse of terminology, as a
synonym for information rate.[FC v.1]
bandwidth: (1) A characteristic of a communication channel that is the amount of information that can be passed through it in a given amount of time, usually expressed in bits per second. (2) Rate at which information is transmitted through a channel. (See channel capacity.) Note: Bandwidth was originally a term used in analog communication, measured in hertz, and related to the information rate by the "sampling theorem" (generally attributed to H. Nyquist, although the theorem was in fact known before Nyquist used it in communication theory). Nyquist's sampling theorem says that the information rate in bits (samples) per second is at most twice the bandwidth in hertz of an analog signal created from a square wave. In a covert-channel context, "bandwidth" is given in bits per second rather than hertz and is commonly used, in a nonstandard use of terminology, as a synonym for information rate. [AJP]
Basic Component - a component that is identifiable at the lowest hierarchical level of specification produced during Detailed Design. [ITSEC]
basic component: A component that is identifiable at the lowest hierarchical level of a specification produced during detailed design. [AJP]
Behaviour - A description of a response to postulated interactions. [CC 0.9]
Bell-La Padula model - A formal state transition model of computer security policy that describes a set of access control rules. In this formal model, the entities in a computer system are divided into abstract sets of subjects and objects. The notion of a secure state is defined, and it is proven that each state transition preserves security by moving from secure state to secure state, thereby inductively proving that the system is secure. A system state is defined to be "secure" if the only permitted access modes of subjects to objects are in accordance with a specific security policy. In order to determine whether or not a specific access mode is allowed, the clearance of a subject is compared to the classification of the object, and a determination is made as to whether the subject is authorized for the specific access mode. See star property (*-property) and simple security property. [NCSC TG-004]
Bell-La Padula Security Model - Any formal state-transition model of a technical security policy for an AIS that presents (a) Access Constraints (including initial-state constraints and variants or the simple security and star properties), (b) allowed state transitions (called "rules of operation"), and (c) a proof that the allowed state transitions guarantee satisfaction of the constraints. [FC v.1]
Bell-LaPadula Model - A formal state transition model of computer security policy that describes a set of access control rules. In this formal model, the entities in a computer system are divided into abstract sets of subjects and objects. The notion of a secure state is defined and it is proven that each state transition preserves security by moving from secure state to secure state; thus, inductively proving that the system is secure. A system state is defined to be "secure" if the only permitted access modes of subjects to objects are in accordance with a specific security policy. In order to determine whether or not a specific access mode is allowed, the clearance of a subject is compared to the classification of the object and a determination is made as to whether the subject is authorized for the specific access mode. The clearance/classification scheme is expressed in terms of a lattice. See also: Lattice, Simple Security Property, *Property. [TCSEC]
Bell-LaPadula Model - a formal state transition model of computer security policy that describes a set of access control rules. In this formal model, the entities in a computer system are divided into abstract sets of subjects and objects. The notion of a secure state is defined and it is proven that each state transition preserves security by moving from secure state to secure state; thus, inductively proving that the system is secure. A system state is defined to be "secure" if the only permitted access modes of subjects to objects are in accordance with a specific security policy. In order to determine whether or not a specific access mode is allowed, the clearance of a subject is compared to the classification of the object and a determination is made as to whether the subject is authorized for the specific access mode. The clearance/classifications scheme is expressed in terms of a lattice. See also: Lattice, Simple Security Property, *-Property. For further information see Bell, D. Elliott and LaPadula, Leonard J., Secure Computer Systems: Unified Exposition and MULTICS Interpretation, MTR 2997, The MITRE Corporation, April 1974. (AD/A 020 445) [TNI]
Bell-LaPadula model: (1) A formal state-transition model of computer security policy that describes a set of access control rules. In this formal model, the entities in a computer system are divided into abstract sets of subjects and objects. The notion of a secure state is defined, and it is proven that each state transition preserves security by moving from secure state to secure state, thereby inductively proving that the system is secure. A system state is defined to be "secure" if the only permitted access modes of subjects to objects are in accordance with a specific security policy. To determine whether a specific access mode is allowed, the clearance of a subject is compared with the classification of the object, and a determination is made as to whether the subject is authorized for the specific access mode. The clearance/classifications scheme is expressed in terms of a lattice. (See *-property (star property), simple security property, and lattice). (2) A formal state-transition model of a technical security policy for an AIS (automated information system) that presents: (a) access constraints (including initial-state constraints and variants or the simple security and star properties), (b) allowed state transitions (called "rules of operation"), and (c) a proof that the allowed state transitions guarantee satisfaction of the constraints. [AJP]
benign environment - A nonhostile environment that may be protected from external hostile elements by physical, personnel, and procedural security countermeasures. [NCSC TG-004]
benign environment: A nonhostile environment that may be protected from external hostile elements by physical, personnel, and procedural security countermeasures. [AJP]
between-the-lines entry - Unauthorized access obtained by tapping the temporarily inactive terminal of a legitimate user. See piggyback. [NCSC TG-004]
between-the-lines entry: Unauthorized access obtained by tapping the temporarily inactive terminal of a legitimate user. (See piggyback.) [AJP]
beyond A1 - A level of trust defined by the DoD Trusted Computer System Evaluation Criteria (TCSEC) that is beyond the state-of-the-art technology available at the time the criteria were developed. It includes all the A1-level features plus additional ones not required at the A1 level. [NCSC TG-004]
beyond A1: A level of trust defined by the US DoD (Department of Defense) Trusted Computer System Evaluation Criteria (TCSEC) that is beyond the state-of-the-art technology available at the time the criteria were developed. It includes all the A1-level features plus additional ones not required at the A1 level. [AJP]
Binding of Functionality - an aspect of the assessment of the effectiveness of a Target of Evaluation, namely the ability of its security enforcing functions and mechanisms to work together in a way which is mutually supportive and provides an integrated and effective whole. [ITSEC]
Binding of Security Functionality - The ability of security enforcing functions and mechanisms to work together in a way which is mutually supportive and provides an integrated and effective whole. (ITSEC-modified)[JTC1/SC27/N734]
binding of security functionality: The ability of security-enforcing functions and mechanisms to work together in a way that is mutually supportive and provides an integrated and effective whole. [AJP]
bit: Short for binary digit - 0 or 1. Keys are strings of bits. [AJP]
browsing - The act of searching through storage to locate or acquire information without necessarily knowing of the existence or the format of the information being sought. [NCSC TG-004]
browsing: The act of searching through storage to locate or acquire information without necessarily knowing of the existence or the format of the information being sought. [AJP]
call back - A procedure for identifying a remote terminal. In a call back, the host system disconnects the caller and then dials the authorized telephone number of the remote terminal to reestablish the connection. Synonymous with dial back. [NCSC TG-004]
call back: A procedure for identifying a remote terminal. In a call back, the host system disconnects the caller and then dials the authorized telephone number of the remote terminal to reestablish the connection. (Synonymous with dial back.) [AJP]
Canadian Trusted Computer Product Evaluation Criteria (CTCPEC): Canadian secure products criteria. [AJP]
candidate TCB (trusted computing base) subset: The identification of the hardware, firmware, and software that make up the proposed TCB subset, along with the identification of its subjects and objects - one of the conditions for evaluation by parts. [AJP]
candidate TCB subset - The identification of the hardware, firmware, and software that make up the proposed TCB subset, along with the identification of its subjects and objects; one of the conditions for evaluation by parts. [TDI]
capability - A protected identifier that both identifies the object and specifies the access rights to be allowed to the accessor who possesses the capability. In a capability-based system, access to protected objects such as files is granted if the would-be accessor possesses a capability for the object. [NCSC TG-004]
capability: A protected identifier that both identifies the object and specifies the access rights to be allowed to the accessor who possesses the capability. In a capability-based system, access to protected objects such as files is granted if the would-be accessor possesses a capability for the object. [AJP]
Category - a grouping of objects to which an nonhierarchical restrictive label is applied (e.g., proprietary, compartmented information). Subjects must be privileged to access a category. [TNI]
Category - Restrictive label that has been applied to both classified
and unclassified data, thereby increasing the requirement for protection of,
and restricting the access to, the data. [NSTISSI 4009]
Note: Examples
include sensitive compartmented information and proprietary information.
Individuals are granted access to special category information only after being
granted formal access authorization. [FC v.1]
category - A restrictive label that has been applied to classified or unclassified data as a means of increasing the protection of the data and further restricting access to the data. [NCSC TG-004]
category: (1) A grouping of objects to which a nonhierarchical restrictive label is applied (for example, proprietary, compartmented information). Subjects must be privileged to access a category. (2) Restrictive label that has been applied to both classified and unclassified data, thereby increasing the requirement for protection of, and restricting the access to, the data. Note: Examples include sensitive compartmented information and proprietary information. Individuals are granted access to a special category of information only after being granted formal access authorization. [AJP]
cellular transmission: Data transmission via interchangeable wireless (radio) communications in a network of numerous small geographic cells. Most current technology is analog - represented as electrical levels, not bits. However, the trend is toward digital cellular data transmission. [AJP]
Certification - Comprehensive evaluation of the technical and nontechnical security features of an AIS and other safeguards, made in support of the accreditation process, to establish the extent to which a particular design and implementation meets a set of specified security requirements. [NSTISSI 4009] [FC v.1]
Certification - Editor's Note: There remain two definitions in active common usage that differ according to circumstances. See "IT security certification" and "site certification". [JTC1/SC27/N734]
Certification - The technical evaluation of a system's security features, made as part of and in support of the approval/accreditation process, that establishes the extent to which a particular computer system's design and implementation meet a set of specified security requirements. [TCSEC]
Certification - the issue of a formal statement confirming the results of an evaluation, and that the evaluation criteria used were correctly applied. [ITSEC]
Certification - the technical evaluation of a system's security features, made as part of and in support of the approval/accreditation process, that establishes the extent to which a particular system's design and implementation meet a set of specified security requirements. [TNI]
Certification Body - an independent and impartial national organisation that performs certification. [ITSEC]
certification - The comprehensive evaluation of the technical and nontechnical security features of an AIS and other safeguards, made in support of the accreditation process, that establishes the extent to which a particular design and implementation meet a specified set of security requirements. [NCSC TG-004]
certification body: An independent and impartial national organization that performs certification. Also referred to as an evaluation body or entity. [AJP]
certification: (1) Comprehensive evaluation of the technical and nontechnical security features of an AIS (automated information system) and other safeguards, made in support of the approval/accreditation process, to establish the extent to which a particular design and implementation meet a set of specified security requirements. Note: There remain two other definitions in active common usage that differ according to circumstances. (See IT (information technology) security certification and site certification.) (2) The issue of a formal statement confirming the results of an evaluation, and that the evaluation criteria used were correctly applied. Synonym for IT (information technology) security certification. [AJP]
Channel - An information transfer path within a system. May also refer to the mechanism by which the path is effected. [TCSEC]
Channel Capacity - Maximum possible error-free rate, measured in bits per second, at which information can be sent along a communications path. [FC v.1]
channel capacity: Maximum possible error-free rate, measured in bits per second, at which information can be sent along a communications path. [AJP]
channel: An information transfer path within a system - may also refer to the mechanism by which the path is effected. [AJP]
Class - A group of related Families which reflects a specific set of security
Clear-text - Intelligible data, the semantic content of which is available. [ISO] [FC v.1]
cleartext: Intelligible data, the semantic content of which is available. Also referred to as plaintext. [AJP]
Closed user group - a closed user group permits users belonging to a group to communicate with each other, but precludes communications with other users who are not members of the group. [TNI]
closed security environment - An environment in which both of the following conditions hold true: (1) Application developers (including maintainers) have sufficient clearances and authorizations to provide an acceptable presumption that they have not introduced malicious logic. (2) Configuration control provides sufficient assurance that applications and the equipment are protected against the introduction of malicious logic prior to and during the operation of system applications. [NCSC TG-004]
closed security environment: An environment in which both of the following conditions hold true: (1) Application developers (including maintainers) have sufficient clearances and authorizations to provide an acceptable presumption that they have not introduced malicious logic and (2) configuration control provides sufficient assurance that applications and the equipment are protected against the introduction of malicious logic prior to and during the operation of system applications. [AJP]
closed user group: A closed user group permits users belonging to a group to communicate with each other, but precludes communications with other users who are not members of the group. [AJP]
Common Criteria for Information Technology Security (CC): Evolving international security evaluation criteria being developed by the US, Canada, the UK, Germany, and France. [AJP]
Communication channel - the physical media and devices which provide the means for transmitting information from one component of a network to (one or more) other components. [TNI]
Communication link - the physical means of connecting one location to another for the purpose of transmitting and/or receiving data. [TNI]
communication channel: The physical media and devices that provide the means for transmitting information from one component of a network to (one or more) other components. [AJP]
communication link: The physical means of connecting one location to another for the purpose of transmitting and/or receiving data. [AJP]
communications security (COMSEC) - Measures taken to deny unauthorized persons information derived from telecommunications of the U.S. Government concerning national security, and to ensure the authenticity of such telecommunicatons. Communications security includes cryptosecurity, transmission security, emission security, and physical security of communications security material and information. [NCSC TG-004]
communications security (COMSEC): Measures taken to deny unauthorized persons information derived from telecommunications of an entity concerning national or organizational security, and to ensure the authenticity of such telecommunications. Communications security includes cryptosecurity, transmission security, emission security, and physical security of communications security material and information. [AJP]
Compartment - a designation applied to a type of sensitive information, indicating the special handling procedures to be used for the information and the general class of people who may have access to the information. It can refer to the designation of information belonging to one or more categories. [TNI]
compartment - A class of information that has need-to-know access controls beyond those normally provided for access to Confidential, Secret or Top Secret information. [NCSC TG-004]
compartment: (1) A designation applied to a type of sensitive information, indicating the special handling procedures to be used for the information and the general class of people who may have access to the information. It can refer to the designation of information belonging to one or more categories. (2) A class of information in the US government that has need-to-know access controls beyond those normally provided for access to Confidential, Secret, or Top Secret information. [AJP]
compartmented mode or compartmented security mode: See modes of operation. [AJP]
compartmented security mode - See modes of operation. [NCSC TG-004]
Component - a device or set of devices, consisting of hardware, along with its firmware, and/or software that performs a specific function on a computer communications network. A component is a part of the larger system, and may itself consist of other components. Examples include modems, telecommunications controllers, message switches, technical control devices, host computers, gateways, communications subnets, etc. [TNI]
Component - An identifiable and self-contained portion of a TOE which is subjected to security evaluation. (WG3 N102) [JTC1/SC27/N734]
Component - an identifiable and self-contained portion of a Target of Evaluation. [ITSEC]
Component - The smallest selectable set of requirements that may be included in a Protection Profile, a Security Target, or a Package. [CC 0.9]
Component Reference Monitor - an access control concept that refers to an abstract machine that mediates all access to objects within a component by subjects within the component. [TNI]
component reference monitor: An access control concept that refers to an abstract machine that mediates all access to objects within a component by subjects within the component. [AJP]
component: (1) A device or set of devices consisting of hardware, along with its firmware and/or software, that performs a specific function on a computer communications network. A component is a part of the larger system and may itself consist of other components. Examples include modems, telecommunications controllers, message switches, technical control devices, host computers, gateways, communications subnets, and so on. (2) An identifiable and self-contained portion of a target of evaluation which is subjected to security evaluation. (3) An organization that is part of a larger organization, for example, a US Defense Component. (4) A requirement that is part of a larger set of requirements that may be called a package. For example, protection profiles are assembled from components. Groups of components can be assembled into predefined packages. [AJP]
Compromise - a violation of the security system such that an unauthorized disclosure of sensitive information may have occurred. [TNI]
compromise - A violation of the security policy of a system such that unauthorized disclosure of sensitive information may have occurred. [NCSC TG-004]
compromise: A violation of the security system such that an unauthorized disclosure of sensitive information may have occurred. [AJP]
compromising emanations - Unintentional data-related or intelligence-bearing signals that, if intercepted and analyzed, disclose the information transmission received, handled, or otherwise processed by any information processing equipment. See TEMPEST. [NCSC TG-004]
compromising emanations: Unintentional data-related or intelligence-bearing signals that, if intercepted and analyzed, disclose the information transmission received, handled, or otherwise processed by any information processing equipment. (See TEMPEST.) [AJP]
Computer Security Technical Vulnerability Reporting Program (CSTVRP) - A program that focuses on technical vulnerabilities in commercially available hardware, firmware and software products acquired by DoD. CSTVRP provides for the reporting, cataloging, and discreet dissemination of technical vulnerability and corrective measure information to DoD components on a need-to-know basis. [NCSC TG-004]
Computer Security Technical Vulnerability Reporting Program (CSTVRP): A program that focuses on technical vulnerabilities in commercially available hardware, firmware, and software products acquired by the US Department of Defense. CSTVRP provides for the reporting, cataloging, and discreet dissemination of technical vulnerability and corrective measure information to Defense Components on a need-to-know basis. [AJP]
computer abuse - The misuse, alteration, disruption or destruction of data processing resources. The key aspect is that it is intentional and improper. [NCSC TG-004]
computer abuse: The misuse, alteration, disruption, or destruction of data processing resources. The key aspect is that it is intentional and improper. [AJP]
computer architecture: The set of layers and protocols (including formats and standards that different hardware/software must comply with to achieve stated objectives) which define a computer system. Computer architecture features can be available to application programs and system programmers in several modes, including a protected mode. For example, the system-level features of computer architecture may include: (1) memory management, (2) protection, (3) multitasking, (4) input/output, (5) exceptions and multiprocessing, (6) initialization, (7) coprocessing and multiprocessing, (8) debugging, and (9) cache management. [AJP]
computer cryptography - The use of a crypto-algorithm in a computer, microprocessor, or microcomputer to perform encryption or decryption in order to protect information or to authenticate users, sources, or information. [NCSC TG-004]
computer cryptography: The use of a cryptoalgorithm in a computer, microprocessor, or microcomputer to perform encryption or decryption in order to protect information or to authenticate users, sources, or information. [AJP]
computer fraud - Computer-related crimes involving deliberate misrepresentation, alteration or disclosure of data in order to obtain something of value (usually for monetary gain). A computer system must have been involved in the perpetration or coverup of the act or series of acts. A computer system might have been involved through improper manipulation of input data; output or results; applications programs; data files; computer operations; communications; or computer hardware, systems software, or firmware. [NCSC TG-004]
computer fraud: Computer-related crimes involving deliberate misrepresentation, alteration, or disclosure of data to obtain something of value (usually for monetary gain). A computer system must have been involved in the perpetration or cover-up of the act or series of acts. A computer system might have been involved through improper manipulation of input data, output or results, applications programs, data files, computer operations, communications, or computer hardware, systems software, or firmware. [AJP]
computer security (COMPUSEC) - Synonymous with automated information systems security. [NCSC TG-004]
computer security (COMPUSEC) : Synonymous with automated information systems (AIS) security. [AJP]
computer security subsystem - A device designed to provide limited computer security features in a larger system environment. [NCSC TG-004]
computer security subsystem: A device designed to provide limited computer security features in a larger system environment. [AJP]
concealment system - A method of achieving confidentiality in which sensitive information is hidden by embedding it in irrelevant data. [NCSC TG-004]
concealment system: A method of achieving confidentiality in which sensitive information is hidden by embedding it in irrelevant data. [AJP]
Confidentiality - Assurance that information is not disclosed to inappropriate entities or processes.[FC v.1]
Confidentiality - The property that information is not disclosed in an unauthorised manner. [CC 0.9]
Confidentiality - The property that information is not made available or disclosed to unauthorised entities. (ISO 7498-2-modified)[JTC1/SC27/N734]
Confidentiality - the prevention of the unauthorised disclosure of information. [ITSEC]
Confidentiality - the property that information is not made available or disclosed to unauthorized individuals, entities, or processes. [TNI]
confidentiality - The concept of holding sensitive data in confidence, limited to an appropriate set of individuals or organizations. [NCSC TG-004]
confidentiality: (1) The assurance that information is not disclosed to inappropriate entities or processes. (2) The property that information is not made available or disclosed to unauthorized entities. (3) The prevention of the unauthorized disclosure of information. (4) The concept of holding sensitive data in confidence, limited to an appropriate set of individuals or organizations. [AJP]
Configuration - Selection of one of the sets of possible combinations of features of a system. [ITSEC] [FC v.1]
Configuration - the selection of one of the sets of possible combinations of features of a Target of Evaluation. [ITSEC]
Configuration Control - a system of controls imposed on changing controlled objects produced during the development, production and maintenance processes for a Target of Evaluation. [ITSEC]
Configuration control - management of changes made to a system's hardware, software, firmware, and documentation throughout the development and operational life of the system. [TNI]
configuration control - The process of controlling modifications to the system's hardware, firmware, software, and documentation that provides sufficient assurance that the system is protected against the introduction of improper modifications prior to, during, and after system implementation. Compare configuration management. [NCSC TG-004]
configuration control: (1) A system of controls imposed on changing controlled objects produced during the development, production and maintenance processes for a target of evaluation. (2) Management of changes made to a system's hardware, software, firmware, and documentation throughout the development and operational life of the system. (3) The process of controlling modifications to the system's hardware, firmware, software, and documentation that provides sufficient assurance that the system is protected against the introduction of improper modifications prior to, during, and after system implementation. (Compare configuration management.) [AJP]
configuration management - The management of security features and assurances through control of changes made to a system's hardware, software, firmware, documentation, test, test fixtures and test documentation throughout the development and operational life of the system. Compare configuration control. [NCSC TG-004]
configuration management: The management of security features and assurances through control of changes made to a system's hardware, software, firmware, documentation, test, test fixtures, and test documentation throughout the development and operational life of the system. (Compare configuration control.) [AJP]
configuration: Selection of one of the sets of possible combinations of features of a system or target of evaluation. [AJP]
confinement - The prevention of the leaking of sensitive data from a program. [NCSC TG-004]
confinement channel - Synonymous with covert channel. [NCSC TG-004]
confinement channel: Synonymous with covert channel. [AJP]
confinement property - Synonymous with star property (*-property). [NCSC TG-004]
confinement property: Synonymous with *-property (star property). [AJP]
confinement: The prevention of the leaking of sensitive data from a program. [AJP]
Connection - a liaison, in the sense of a network interrelationship, between two hosts for a period of time. The liaison is established (by an initiating host) for the purpose of information transfer (with the associated host); the period of time is the time required to carry out the intent of the liaison (e.g., transfer of a file, a chatter session, delivery of mail). In many cases, a connection (in the sense of this glossary) will coincide with a host-host connection (in a special technical sense) established via TCP or equivalent protocol. However a connection (liaison) can also exist when only a protocol such as IP is in use (IP has no concept of a connection that persists for a period of time). Hence, the notion of connection as used here is independent of the particular protocols in use during a liaison of two hosts. [TNI]
connection: A liaison, in the sense of a network interrelationship, between two hosts for a period of time. The liaison is established (by an initiating host) for the purpose of information transfer (with the associated host). The period of time is the time required to carry out the intent of the liaison (for example, transfer of a file, a chatter session, or delivery of mail). In many cases, a connection (in the sense of this glossary) will coincide with a host-host connection (in a special technical sense) that is established via TCP (Transmission Control Protocol) or an equivalent protocol. However, a connection (liaison) can also exist when only a protocol such as IP (Internet Protocol) is in use. (IP has no concept of a connection that persists for a period of time.) Hence, the notion of connection can be independent of the particular protocols in use during a liaison of two hosts. [AJP]
Constrained - A qualifier implying: within the TSF Scope of Control (TSC). [CC 0.9]
Construction - the process of creating a Target of Evaluation. [ITSEC]
construction: The process of creating a target of evaluation. [AJP]
Consumers - Individuals or groups responsible for specifying requirements for IT product security (e.g., policy makers and regulatory officials, system architects, integrators, acquisition managers, product purchasers, and end users. [FC v.1]
consumers: Individuals or groups responsible for specifying requirements for IT (information technology) product security (for example, policy makers and regulatory officials, system architects, integrators, acquisition managers, product purchasers, and end users). [AJP]
contamination - The intermixing of data at different sensitivity and need-to-know levels. The lower level data is said to be contaminated by the higher level data; thus, the contaminating (higher level) data may not receive the required level of protection. [NCSC TG-004]
contamination: The intermixing of data at different sensitivity and need-to-know levels. The lower level data is said to be contaminated by the higher level data; thus, the contaminating (higher level) data may not receive the required level of protection. [AJP]
content-dependent access control - Access control in which access is determined by the value of the data to be accessed. [TDI]
content-dependent access control: Access control in which access is determined by the value of the data to be accessed. [AJP]
context-dependent access control - Access control in which access is determined by the specific circumstances under which the data is being accessed. [TDI]
context-dependent access control: Access control in which access is determined by the specific circumstances under which the data is being accessed. [AJP]
contingency plan - A plan for emergency response, backup operations, and post-disaster recovery maintained by an activity as a part of its security program that will ensure the availability of critical resources and facilitate the continuity of operations in an emergency situation. Synonymous with disaster plan and emergency plan. [NCSC TG-004]
contingency plan: A plan for emergency response, backup operations, and postdisaster recovery maintained by an activity as a part of its security program that will ensure the availability of critical resources and facilitate the continuity of operations in an emergency situation. Synonymous with disaster plan and emergency plan. [AJP]
Control Objective - Required result of protecting information within an IT product and its immediate environment.[FC v.1]
control objective: Required result of protecting information within an IT (information technology) product and its immediate environment. [AJP]
control zone - The space, expressed in feet of radius, surrounding equipment processing sensitive information, that is under sufficient physical and technical control to preclude an unauthorized entry or compromise. [NCSC TG-004]
control zone: The space, expressed in feet of radius, surrounding equipment processing sensitive information, that is under sufficient physical and technical control to preclude an unauthorized entry or compromise. [AJP]
controlled access - See access control. [NCSC TG-004]
controlled access: See access control. [AJP]
controlled sharing - The condition that exists when access control is applied to all users and components of a system. [NCSC TG-004]
controlled sharing: The condition that exists when access control is applied to all users and components of a system. [AJP]
Corporate Security Policy - the set of laws, rules and practices that regulate how assets including sensitive information are managed, protected and distributed within a user organisation. [ITSEC]
corporate security policy: The set of laws, rules, and practices that regulate how assets including sensitive information are managed, protected, and distributed within a user organization. [AJP]
Correctness - a property of a representation of a Target of Evaluation such that it accurately reflects the stated security target for that system or product. [ITSEC]
Correctness - In security evaluation, the preservation of relevant properties between successive levels of representations. Examples of representations could be: top-level functional specification, detailed design specification, actual implementation. An aspect of assurance. (WG3 N102) [JTC1/SC27/N734]
Correctness - The preservation of relevant properties between levels of
Correctness - the extent to which a program satisfies its specifications. [TNI]
correctness: (1) A property of a representation of a target of evaluation such that it accurately reflects the stated security target for that system or product. Correctness consists of determining if the description and implementation are consistent. There are levels of correctness that depend on the evidence requirements and the intensity of verification and analysis. (2) In security evaluation, the preservation of relevant properties between successive levels of representations. Examples of representations could be top-level functional specification, detailed design specification, and actual implementation. This is an aspect of assurance. (3) Correctness in the draft Federal Criteria equates to assurance in the Information Technology Security Evaluation Criteria. Development and evaluation assurance constitute correctness criteria. Effectiveness is addressed in vetting of protection profiles. (4) The extent to which a program satisfies its specifications. [AJP]
cost-risk analysis - The assessment of the costs of providing data protection for a system versus the cost of losing or compromising the data. [NCSC TG-004]
cost-risk analysis: The assessment of the costs of providing data protection for a system versus the cost of losing or compromising the data. [AJP]
Countermeasure - Action, device, procedure, technique, or other measure that reduces the vulnerability of an AIS. [NSTISSI 4009] [FC v.1]
countermeasure - Any action, device, procedure, technique, or other measure that reduces the vulnerability of or threat to a system. [NCSC TG-004]
countermeasure: Action, device, procedure, technique, or other measure that reduces the vulnerability of a system, such as an AIS (automated information system). [AJP]
Covert Channel - A communication channel that allows a process to transfer information in a manner that violates the system's security policy. See also: Covert Storage Channel, Covert Timing Channel. [TCSEC]
Covert Channel - the use of a mechanism not intended for communication to transfer information in a way which violates security. [ITSEC]
Covert Channel - Unintended and/or unauthorized communications path that can be used to transfer information in a manner that violates an AIS security policy. (See overt channel and exploitable channel.) [NSTISSI 4009] [FC v.1]
Covert channel - a communications channel that allows a process to transfer information in a manner that violates the system's security policy. A covert channel typically communicates by exploiting a mechanism not intended to be used for communication. See Covert storage channel and Covert timing channel. Compare Overt channel. [TNI]
Covert Storage Channel - A covert channel that involves the direct or indirect writing of a storage location by one process and the direct or indirect reading of the storage location by another process. Covert storage channels typically involve a finite resource (e.g., sectors on a disk) that is shared by two subjects at different security levels. [TCSEC]
Covert Storage Channel - Covert channel that involves the direct or
indirect writing to a storage location by one process and the direct or
indirect reading of the storage location by another process. [NSTISSI 4009]
Note: Covert storage channels typically involve a finite resource
(e.g., sectors on a disk) that is shared by two subjects at different security
levels. [FC v.1]
Covert storage channel - a covert channel that involves the direct or indirect writing of a storage location by one process and the direct or indirect reading of the storage location by another process. Covert storage channels typically involve a finite resource (e.g., sectors on a disk) that is shared by two subjects at different security levels. [TNI]
Covert Timing Channel - A covert channel in which one process signals information to another by modulating its own use of system resources (e.g., CPU time) in such a way that this manipulation affects the real response time observed by the second process. [TCSEC]
Covert Timing Channel - Covert channel in which one process signals information to another process by modulating its own use of system resources (e.g., central processing unit time) in such a way that this manipulation affects the real response time observed by the second process. [NSTISSI 4009] [FC v.1]
Covert timing channel - a covert channel in which one process signals information to another by modulating its own use of system resources (e.g., CPU time) in such a way that this manipulation affects the real response time observed by the second process. [TNI]
covert channel - A communications channel that allows two cooperating processes to transfer information in a manner that violates the system's security policy. Synonymous with confinement channel. [NCSC TG-004]
covert channel: (1) A communication channel that allows a process to transfer information in a manner that violates the system's security policy. A covert channel typically communicates by exploiting a mechanism not intended to be used for communication. (See covert storage channel and covert timing channel.) (2) The use of a mechanism not intended for communication to transfer information in a way that violates security. (3) Unintended and/or unauthorized communications path that can be used to transfer information in a manner that violates an AIS (automated information system) security policy. (See overt channel and exploitable channel.) [AJP]
covert storage channel - A covert channel that involves the direct or indirect writing of a storage location by one process and the direct or indirect reading of the storage location by another process. Covert storage channels typically involve a finite resource (e.g., sectors on a disk) that is shared by two subjects at different security levels. [NCSC TG-004]
covert storage channel: A covert channel that involves the direct or indirect writing of a storage location by one process and the direct or indirect reading of the storage location by another process. Covert storage channels typically involve a finite resource (for example, sectors on a disk) that is shared by two subjects at different security levels. [AJP]
covert timing channel - A covert channel in which one process signals information to another by modulating its own use of system resources (e.g., CPU time) in such a way that this manipulation affects the real response time observed by the second process. [NCSC TG-004]
covert timing channel: (1) A covert channel by which a process signals information to another process by modulating its own use of system resources (for example, CPU time) in such a way that this manipulation affects the real response time observed by the second process. (2) A communications channel that allows two cooperating processes to transfer information in a manner that violates the system's security policy. Synonymous with confinement channel. [AJP]
Criteria - See DoD Trusted Computer System Evaluation Criteria. [NCSC TG-004]
criteria: See DoD Trusted Computer System Evaluation Criteria. Examples of other criteria are the Information Technology Security Evaluation Criteria (Europe), Canadian Trusted Computer Product Evaluation Criteria, Federal Criteria for Information Technology Security: Draft (US), and the forthcoming Common Criteria for Information Technology Security (international). [AJP]
Critical Mechanism - a mechanism within a Target of Evaluation whose failure would create a security weakness. Customer - the person or organisation that purchases a Target of Evaluation. [ITSEC]
critical mechanism: A mechanism within a target of evaluation whose failure would create a security weakness. [AJP]
crypto-algorithm - A well-defined procedure or sequence of rules or steps used to produce a key stream or cipher text from plain text and vice versa. [NCSC TG-004]
cryptoalgorithm: A well-defined procedure or sequence of rules or steps used to produce a key stream or ciphertext from plaintext and vice versa. [AJP]
cryptography - The principles, means and methods for rendering information unintelligible, and for restoring encrypted information to intelligible form. [NCSC TG-004]
cryptography: (1) The principles, means, and methods for rendering information unintelligible, and for restoring encrypted information to intelligible form. (2) The transformation of ordinary text, or "plaintext," into coded form by encryption and the transformation of coded text into plaintext by decryption. Cryptography can be used to support digital signature, key management or exchange, and communications privacy. [AJP]
cryptosecurity - The security or protection resulting from the proper use of technically sound cryptosystems. [NCSC TG-004]
cryptosecurity: The security or protection resulting from the proper use of technically sound cryptosystems. [AJP]
Data - Information with a specific physical representation. [TCSEC]
Data confidentiality - the state that exists when data is held in confidence and is protected from unauthorized disclosure. [TNI]
Data Encryption Standard (DES) - A cryptographic algorithm for the protection of unclassified data, published in Federal Information Processing Standard (FIPS) 46. The DES, which was approved by the National Institute of Standards and Technology, is intended for public and government use. [NCSC TG-004]
Data Encryption Standard (DES): (1) A cryptographic algorithm for the protection of unclassified data, published in US Federal Information Processing Standard (FIPS) 46. The DES, which was approved by the US National Institute of Standards and Technology (NIST), is intended for public and government use. (2) A NIST Federal Information Processing Standard and commonly used secret key cryptographic algorithm for encrypting and decrypting data and performing other functions. For example, DES can be used to check message integrity. DES specifies a key length of 56 bits. [AJP]
Data Integrity - The property that data has not been altered or destroyed in an unauthorised manner. (see ISO 7498-2) [JTC1/SC27/N734]
Data Integrity - The state that exists when computerized data is the same as that in the source documents and has not been exposed to accidental or malicious alteration or destruction. [TCSEC]
Data integrity - (1) The state that exists when computerized data is the same as that in the source documents and has not been exposed to accidental or malicious alteration or destruction. (2) The property that data has not been exposed to accidental or malicious alteration or destruction. [TNI]
data confidentiality: The state that exists when data is held in confidence and is protected from unauthorized disclosure. [AJP]
data flow control - Synonymous with information flow control. [NCSC TG-004]
data flow control: Synonymous with information flow control. [AJP]
data integrity - The property that data meet an a priori expectation of quality. [NCSC TG-004]
data integrity: (1) The property that data has not been altered or destroyed in an unauthorized manner. (2) The state that exists when computerized data is the same as that in the source documents and has not been exposed to accidental or malicious alteration or destruction. [AJP]
data security - The protection of data from unauthorized (accidental or intentional) modification, destruction, or disclosure. [NCSC TG-004]
data security: The protection of data from unauthorized (accidental or intentional) modification, destruction, or disclosure. [AJP]
data: Information with a specific physical representation. [AJP]
database management system - A computer system whose main function is to facilitate the sharing of a common set of data among many different users. It may or may not maintain semantic relationships among the data items. [TDI]
database management system: A computer system whose main function is to facilitate the sharing of a common set of data among many different users. It may or may not maintain semantic relationships among the data items. [AJP]
DBMS - Abbreviation for "database management system." [TDI]
DBMS: Abbreviation for database management system. [AJP]
declassification of AIS storage media - An administrative decision or procedure to remove or reduce the security classification of the subject media. [NCSC TG-004]
declassification of AIS storage media: An administrative decision or procedure to remove or reduce the security classification of the subject media. [AJP]
Decomposition - Requirement in a protection profile that spans
several components.
Note: The decomposition of a specific requirement
becomes necessary when that requirement must be assigned to multiple components
of the generic product requirements during the interpretation process. [FC
v.1]
decomposition: Requirement in a protection profile that spans several components. Note: The decomposition of a specific requirement becomes necessary when that requirement must be assigned to multiple components of the generic product requirements during the interpretation process. [AJP]
Dedicated Security Mode - the mode of operation in which the system is specifically and exclusively dedicated to and controlled for the processing of one particular type or classification of information, either for full-time operation or for a specific period of time. Compare Multilevel Security Mode, System High Security Mode. [TNI]
dedicated security mode - See modes of operation. [NCSC TG-004]
dedicated security mode: See modes of operation. [AJP]
default classification - A temporary classification reflecting the highest classification being processed in a system. The default classification is included in the caution statement affixed to the object. [NCSC TG-004]
default classification: A temporary classification reflecting the highest classification being processed in a system. The default classification is included in the caution statement affixed to the object. [AJP]
degauss - To reduce magnetic flux density to zero by applying a reverse magnetizing field. [NCSC TG-004]
degauss: To reduce magnetic flux density to zero by applying a reverse magnetizing field. [AJP]
Degausser Products List (DPL): A list of commercially produced degaussers that meet US National Security Agency (NSA) specifications. This list is included in NSA's "Information Systems Security Products and Services Catalogue," available through the US Government Printing Office. [AJP]
degausser - An electrical device that can generate a magnetic field
for the purpose of degaussing magnetic storage media. Degausser Products List
(DPL)
A list of commercially produced degaussers that meet National
Security Agency specifications. This list is included in the NSA Information
Systems Security Products and Services Catalogue, and is available through the
Government Printing Office. [NCSC TG-004]
degausser: An electrical device that can generate a magnetic field for the purpose of degaussing magnetic storage media. [AJP]
Delivery - the process whereby a copy of the Target of Evaluation is transferred from the developer to a customer. [ITSEC]
delivery: The process whereby a copy of the target of evaluation is transferred from the developer to a customer. [AJP]
Denial of service - the prevention of authorized access to system assets or services, or the delaying of time critical operations. [TNI]
denial of service - Any action or series of actions that prevent any part of a system from functioning in accordance with its intended purpose. This includes any action that causes unauthorized destruction, modification, or delay of service. Synonymous with interdiction. [NCSC TG-004]
denial of service: (1) The prevention of authorized access to system assets or services or the delaying of time-critical operations. (2) Any action or series of actions that prevents any part of a system from functioning in accordance with its intended purpose. This includes any action that causes unauthorized destruction, modification, or delay of service. (Synonymous with interdiction.) [AJP]
Dependency - Condition in which the correctness of one TCB subset is
contingent (depends for its correctness) on the correctness of another TCB
subset. [NCSC-TG-021]
Note: A TCB subset A depends for its correctness
on TCB subset B if and only if the (engineering) arguments of the correct
implementation of A with respect to its specification assume, wholly or in
part, that the specification of B has been implemented correctly.[FC v.1]
dependency: Condition in which the correctness of one TCB (trusted computing base) subset is contingent (depends for its correctness) on the correctness of another TCB subset. Note: A TCB subset A depends for its correctness on TCB subset B if and only if the (engineering) arguments of the correct implementation of A with respect to its specification assume, wholly or in part, that the specification of B has been implemented correctly. [AJP]
depends - A TCB subset A depends (for its correctness) on TCB subset B if and only if the (engineering) arguments of the correct implementation of A with respect to its specification assume, wholly or in part, that the specification of B has been implemented correctly. [TDI]
Descriptive Top-Level Specification (DTLS) - A top-level specification that is written in a natural language (e.g., English), an informal design notation, or a combination of the two. [NCSC TG-004]
Descriptive Top-Level Specification (DTLS) - A top-level specification that is written in a natural language (e.g., English), an informal program design notation, or a combination of the two. [TCSEC]
Descriptive top-level specification (DTLS) - a toplevel specification that is written in a natural language (e.g., English), an informal program design notation, or a combination of the two. [TNI]
descriptive top level specification (DTLS): A top-level specification that is written in a natural language (for example, English), an informal design notation, or a combination of the two. [AJP]
Designated Approving Authority (DAA) - Official with the authority to formally assume responsibility for operating an IT product, an AIS, or network at an acceptable level of risk.[FC v.1]
Designated Approving Authority (DAA) - The official who has the authority to decide on accepting the security safeguards prescribed for an AIS or that official who may be responsible for issuing an accreditation statement that records the decision to accept those safeguards. [NCSC TG-004]
designated approving authority (DAA): (1) Official with the authority to formally assume responsibility for operating an IT (information technology) product, an AIS (automated information system), or network at an acceptable level of risk. (2) The official who has the authority to decide on accepting the security safeguards prescribed for an AIS or that official who may be responsible for issuing an accreditation statement that records the decision to accept those safeguards. [AJP]
Detailed Design - a phase of the Development Process wherein the top level definition and design of a Target of Evaluation is refined and expanded to a level of detail that can be used as a basis for implementation. [ITSEC]
detailed design: A phase of the development process wherein the top-level definition and design of a target of evaluation are refined and expanded to a level of detail that can be used as a basis for implementation. [AJP]
Developer - the person or organisation that manufactures a Target of Evaluation. [ITSEC]
Developer Security - the physical, procedural and personnel security controls imposed by a developer on his Development Environment. [ITSEC]
developer security: The physical, procedural, and personnel security controls imposed by a developer on its development environment. [AJP]
developer: The person or organization that manufactures a target of evaluation. [AJP]
Development Assurance - Establishes specific requirements to document appropriate aspects of the development process, the development environment, and operational support of the product. Development assurance specifies the manner in which products should be developed and/or details the amount and kind of evidence to be produced and retained during development. (WG3 N105 modified)[JTC1/SC27/N734]
Development Assurance - Sources of IT product assurance ranging from how a product was designed and implemented to how it is tested, operated and maintained. [FC v.1]
Development Assurance Component - Fundamental building block, specifying how an IT product is developed, from which development assurance requirements are assembled.[FC v.1]
Development Assurance Package - Grouping of development assurance components assembled to ease specification and common understanding of how an IT product is developed.[FC v.1]
Development Assurance Requirements - Requirements in a protection profile which address how each conforming IT product is developed including the production of appropriate supporting developmental process evidence and how that product will be maintained.[FC v.1]
Development Environment - the organisational measures, procedures and standards used whilst constructing a Target of Evaluation. [ITSEC]
Development Process - The set of phases and tasks whereby a Target of Evaluation is constructed, translating requirements into actual hardware and software. [ITSEC]
development assurance component: Fundamental building block, specifying how an IT (information technology) product is developed, from which development assurance requirements are assembled. [AJP]
development assurance package: Grouping of development assurance components assembled to ease specification and common understanding of how an IT (information technology) product is developed. [AJP]
development assurance requirements: Requirements in a protection profile that address how each conforming IT (information technology) product is developed, including the production of appropriate supporting developmental process evidence and how that product will be maintained. [AJP]
development assurance: (1) Establishes specific requirements to document appropriate aspects of the development process, the development environment, and operational support of the product. Development assurance specifies the manner in which products should be developed and/or details the amount and kind of evidence to be produced and retained during development. (2) Sources of IT (information technology) product assurance ranging from how a product was designed and implemented to how it is tested, operated, and maintained. [AJP]
development environment: The organizational measures, procedures, and standards used while constructing a target of evaluation. [AJP]
development process: The set of phases and tasks whereby a target of evaluation is constructed, translating requirements into actual hardware and software. [AJP]
dial back - Synonymous with call back. [NCSC TG-004]
dial back: Synonymous with call back. [AJP]
dial-up - The service whereby a computer terminal can use the telephone to initiate and effect communication with a computer. [NCSC TG-004]
dial-up: The service whereby a computer terminal can use the telephone to initiate and effect communication with a computer. [AJP]
Digital Signature Standard (DSS): A US Federal Information Processing Standard proposed by NIST (National Institute of Standards and Technology) to support digital signature. [AJP]
digital signature: A cryptographic method, provided by public key cryptography, used by a message's recipient and any third party to verify the identity of the message's sender. It can also be used to verify the authenticity of the message. A sender creates a digital signature or a message by transforming the message with his or her private key. A recipient, using the sender's public key, verifies the digital signature by applying a corresponding transformation to the message and the signature. [AJP]
digital telephony: Telephone systems that use digital communications technology. [AJP]
disaster plan - Synonymous with contingency plan. [NCSC TG-004]
disaster plan: Synonymous with contingency plan. [AJP]
Discretionary Access Control - A means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control). [TCSEC]
Discretionary Access Control - Methods of restricting access to objects or other resources based primarily on the instructions of arbitrary unprivileged users. [FC v.1]
Discretionary access control (DAC) - a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that: (a) A subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject; (b) DAC is often employed to enforce need-to-know; (c) Access control may be changed by an authorized individual. Compare to Mandatory Access Control. [TNI]
discretionary access control (DAC) - A means of restricting access to objects based on the identity and need-to-know of the user, process and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject. Compare mandatory access control. [NCSC TG-004]
discretionary access control (DAC): (1) A means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control). (2) Methods of restricting access to objects or other resources based primarily on the instructions of arbitrary unprivileged users. Note: DAC is often used to enforce need-to-know. [AJP]
Documentation - the written (or otherwise recorded) information about a Target of Evaluation required for an evaluation. This information may, but need not, be contained within a single document produced for the specified purpose. [ITSEC]
documentation: The written (or otherwise recorded) information about a target of evaluation required for an evaluation. This information may, but need not, be contained within a single document produced for the specified purpose. [AJP]
DoD Trusted Computer System Evaluation Criteria (TCSEC) - A document published by the National Computer Security Center containing a uniform set of basic requirements and evaluation classes for assessing degrees of assurance in the effectiveness of hardware and software security controls built into systems. These criteria are intended for use in the design and evaluation of systems that will process and/or store sensitive or classified data. This document is Government Standard DoD 5200.28-STD and is frequently referred to as "The Criteria" or "The Orange Book." [NCSC TG-004]
DoD Trusted Computer System Evaluation Criteria (TCSEC): A document published by the US National Computer Security Center containing a uniform set of basic requirements and evaluation classes for assessing degrees of assurance in the effectiveness of hardware and software security controls built into systems. These criteria are intended for use in the design and evaluation of systems that will process and/or store sensitive or classified data. This document is government standard DoD 5200.28-STD and is frequently referred to as "The Criteria" or "The Orange Book." [AJP]
Domain - The set of objects that a subject has the ability to access. [TCSEC]
Domain - the set of objects that a subject has the ability to access. [TNI]
Domain - Unique context (e.g., access control parameters) in which a
program is operating.
Note: A subject's domain determines which
access-control attributes an object must have for a subject operating in that
domain to have a designated form of access.[FC v.1]
domain - The set of objects that a subject has the ability to access. [TDI]
domain - The unique context (e.g., access control parameters) in which a program is operating; in effect, the set of objects that a subject has the ability to access. See process and subject. [NCSC TG-004]
domain: The unique context (for example, access control parameters) in which a program is operating - in effect, the set of objects that a subject has the ability to access. Note: A subject's domain determines which access control attributes an object must have for a subject operating in that domain to have a designated form of access. (See process and subject.) [AJP]
Dominate - Security level S1 is said to dominate security level S2 if the hierarchical classification of S1 is greater than or equal to that of S2 and the non-hierarchical categories of S1 include all those of S2 as a subset. [TCSEC]
dominate - Security level S1 is said to dominate security level S2 if the hierarchical classification of S1 is greater than or equal to that of S2 and the nonhierarchical categories of S1 include all those of S2 as a subset. [NCSC TG-004]
dominate: Security level S1 is said to dominate security level S2 if the hierarchical classification of S1 is greater than or equal to that of S2 and the nonhierarchical categories of S1 include all those of S2 as a subset. [AJP]
Dominated by (the relation) - a security level A is dominated by security level B if the clearance/classification in A is less than or equal to the clearance/classification in B and the set of access approvals (e.g., compartment designators) in A is contained in (the set relation) the set of access approvals in B (i.e., each access approval appearing in A also appears in B). Depending upon the policy enforced (e.g., non-disclosure, integrity) the definition of "less than or equal to" and "contained in" may vary. For example, the level of an object of high integrity (i.e., an object which should be modifiable by very trustworthy individuals) may be defined to be "less than" the level of an object of low integrity (i.e., an object which is modifiable by everyone). [TNI]
dominated by (the relation): (1) A security level A is dominated by security level B if the clearance/classification in A is less than or equal to the clearance/classification in B and the set of access approvals (for example, compartment designators) in A is contained in (the set relation) the set of access approvals in B (that is, each access approval appearing in A also appears in B). Depending on the policy enforced (for example, nondisclosure or integrity), the definition of "less than or equal to" and "contained in" may vary. For example, the level of an object of high integrity (that is, an object which should be modifiable only by very trustworthy individuals) may be defined to be "less than" the level of an object of low integrity (that is, an object which is modifiable by everyone). (2) Security level A is dominated by security level B if (a) the clearance/classification in A is less than or equal to the clearance/classification in B, and (b) the set of access approvals (for example, compartment designators) in A is contained in the set of access approvals in B (that is, each access approval appearing in A also appears in B). This dominance relation is a special case of a partial order. [AJP]
dominated by - Security level A is dominated by security level B if (1) the clearance/classification in A is less than or equal to the clearance/classification in B, and (2) the set of access approvals (e.g., compartment designators) in A is contained in the set of access approvals in B (i.e., each access approval appearing in A also appears in B). This dominance relation is a special case of a partial order. [TDI]
Dominates (the relation) - security level B dominates security level A if A is dominated by B. [TNI]
dominates (the relation): "Security level B dominates security level A" is synonymous with "security level A is dominated by security level B." (See dominated by.) [AJP]
dominates - "Security level B dominates security level A" is synonymous with "security level A is dominated by security level B." See "dominated by." [TDI]
Ease of Use - an aspect of the assessment of the effectiveness of a Target of Evaluation, namely that it cannot be configured or used in a manner which is insecure but which an administrator or end-user would reasonably believe to be secure. [ITSEC]
ease of use: An aspect of the assessment of the effectiveness of a target of evaluation, namely, that it cannot be configured or used in a manner which is insecure but which an administrator or end user would reasonably believe to be secure. Note: This term can be used as a reference for each type of item to be evaluated or under evaluation. [AJP]
Editor's Note: This term is to be used as a reference for each type of item to be evaluated or under evaluation. [JTC1/SC27/N734]
Effectiveness - A judgment that the TOE has the security behaviour desired and counters the threats postulated. [CC 0.9]
Effectiveness - a property of a Target of Evaluation representing how well it provides security in the context of its actual or proposed operational use. [ITSEC]
Effectiveness - In security evaluations, an aspect of assurance assessing how well the applied security functions and mechanisms working together will actually satisfy the security requirements. (WG3 N102)[JTC1/SC27/N734]
effectiveness: (1) A property of a target of evaluation representing how well it provides security in the context of its actual or proposed operational use. (2) In security evaluations, an aspect of assurance assessing how well the applied security functions and mechanisms working together will actually satisfy the security requirements. (3) Effectiveness is established by evaluation (vetting) of a protection profile (or security target, if there is no protection profile) description of anticipated threats, intended method of use, and residual risk. Effectiveness includes establishing suitability for use in the specified environment. [AJP]
Element - An indivisible security requirement which is to be satisfied during an evaluation. [CC 0.9]
emanations - See compromising emanations. [NCSC TG-004]
emanations: See compromising emanations. [AJP]
embedded system - A system that performs or controls a function, either in whole or in part, as an integral element of a larger system or subsystem. [NCSC TG-004]
embedded system: A system that performs or controls a function, either in whole or in part, as an integral element of a larger system or subsystem. [AJP]
emergency plan - Synonymous with contingency plan. [NCSC TG-004]
emergency plan: Synonymous with contingency plan. [AJP]
emission security - The protection resulting from all measures taken to deny unauthorized persons information of value that might be derived from intercept and from an analysis of compromising emanations from systems. [NCSC TG-004]
emission security: The protection resulting from all measures taken to deny unauthorized persons information of value that might be derived from interception and from an analysis of compromising emanations from systems. [AJP]
Encapsulation - Enveloping a user or resource in a defined set of attributes and
encryption: The process of making information indecipherable to protect it from unauthorized viewing or use, especially during transmission or storage. Encryption is based on an algorithm and at least one key. Even if the algorithm is known, the information cannot be decrypted without the key(s). [AJP]
end user: A person in contact with a target of evaluation who makes use only of its operational capability. [AJP]
end-to-end encryption - The protection of information passed in a telecommunications system by cryptographic means, from point of origin to point of destination. [NCSC TG-004]
end-to-end encryption: The protection of information passed in a telecommunications system by cryptographic means, from point of origin to point of destination. [AJP]
End-user - a person in contact with a Target of Evaluation who makes use only of its operational capability. [ITSEC]
Endorsed Tools List (ETL) - The list of formal verification tools endorsed by the NCSC for the development of systems with high levels of trust. [NCSC TG-004]
Endorsed Tools List (ETL): The list of formal verification tools endorsed by the US NCSC (National Computer Security Center) for the development of systems with high levels of trust. [AJP]
Enhanced Hierarchical Development Methodology - An integrated set of tools designed to aid in creating, analyzing, modifying, managing, and documenting program specifications and proofs. This methology includes a specification parser and typechecker, a theorem prover, and a multi-level security checker. Note: This methodology is not based upon the Hierarchical Development Methodology. [NCSC TG-004]
enhanced hierarchical development methodology: An integrated set of tools designed to aid in creating, analyzing, modifying, managing, and documenting program specifications and proofs. This methodology includes a specification parser and type checker, a theorem prover, and a multilevel security checker. Note: This methodology is not based on the hierarchical development methodology. [AJP]
entrapment - The deliberate planting of apparent flaws in a system for the purpose of detecting attempted penetrations. [NCSC TG-004]
entrapment: The deliberate planting of apparent flaws in a system for the purpose of detecting attempted penetrations. [AJP]
Environment - All entities (users, procedures, conditions, objects, AISs, other IT products) that interact with (affect the development, operation and maintenance of) that IT product.[FC v.1]
environment - The aggregate of external procedures, conditions, and objects that affect the development, operation, and maintenance of a system. [NCSC TG-004]
environment: (1) All entities - users, procedures, conditions, objects, AISs (automated information systems), and other IT (information technology) products - that interact with (affect the development, operation, and maintenance of) an IT product. (2) The aggregate of external procedures, conditions, and objects that affect the development, operation, and maintenance of a system. [AJP]
erasure - A process by which a signal recorded on magnetic media is removed. Erasure is accomplished in two ways: (1) by alternating current erasure, by which the information is destroyed by applying an alternating high and low magnetic field to the media; or (2) by direct current erasure, by which the media are saturated by applying a unidirectional magnetic field. [NCSC TG-004]
erasure: A process by which a signal recorded on magnetic media is removed. Erasure is accomplished in two ways: (1) by alternating-current erasure, by which the information is destroyed by applying an alternating high and low magnetic field to the media; or (2) by direct-current erasure, by which the media are saturated by applying a unidirectional magnetic field. [AJP]
Evaluated Products List (EPL) - A list of equipments, hardware, software, and/or firmware that have been evaluated against, and found to be technically compliant, at a particular level of trust, with the DoD TCSEC by the NCSC. The EPL is included in the National Security Agency Information Systems Security Products and Services Catalogue, which is available through the Government Printing Office. [NCSC TG-004]
Evaluated Products List (EPL): A list of equipment, hardware, software, and firmware that have been evaluated against, and found to be technically compliant, at a particular level of trust, with the DoD (US Department of Defense) TCSEC (Trusted Computer System Security Evaluation Criteria) by the NCSC (National Computer Security Center). The EPL is included in NSA's "Information Systems Security Products and Services Catalogue," which is available through the Government Printing Office. [AJP]
Evaluation - Technical assessment of a component's, product's,
subsystem's, or system's security properties that establishes whether or not
the component, product, subsystem, or system meets a specific set of
requirements.
Note: Evaluation is a term that causes much confusion in
the security community, because it is used in many different ways. It is
sometimes used in the general English sense (judgement or determination of
worth or quality). Based on common usage of the term in the security community,
one can distinguish between two types of evaluation: (1) evaluations that
exclude the environment, and (2) evaluations that include the environment. This
second type of evaluation, an assessment of a system's security properties with
respect to a specific operational mission, is termed certification within this
document. Evaluations that exclude the environment, the type of evaluations
considered herein, are assessments of the security properties against a defined
criteria. [FC v.1]
Evaluation - The process -given a security policy, a consistent description of required security functions and a targeted assurance level -of achieving assurance. Evaluation also includes the checking for security vulnerabilities (in relation to the security policy). (WG3 N102) [JTC1/SC27/N734]
Evaluation - the assessment of an IT system or product against defined evaluation criteria. [ITSEC]
Evaluation Assurance - Source of IT product assurance based on the kind and intensity of the evaluation analysis performed on the product. [FC v.1]
Evaluation Assurance - Specifies the nature and intensity of evaluation activities to be performed on a TOE, based on the expected threat and the intended environments. (WG3 N105 modified)[JTC1/SC27/N734]
Evaluation Assurance Component - Fundamental building block, specifying the type and the rigor of required evaluation activities, from which evaluation assurance requirements are assembled.[FC v.1]
Evaluation Assurance Package - Grouping of evaluation assurance components assembled to ease specification and common understanding of the type and the rigor of required evaluation activities.[FC v.1]
Evaluation Assurance Requirements - Requirements in a protection profile which address both the type and the rigor of activities that must occur during product evaluation. [FC v.1]
Evaluation criteria - A set of requirements defining the conditions under which an evaluation is performed. These requirements can also be used in specification and development of systems and products. (WG3 N62)[JTC1/SC27/N734]
evaluation assurance component: Fundamental building block, specifying the type and the rigor of required evaluation activities, from which evaluation assurance requirements are assembled. [AJP]
evaluation assurance package: Grouping of evaluation assurance components assembled to ease specification and common understanding of the type and the rigor of required evaluation activities. [AJP]
evaluation assurance requirements: Requirements in a protection profile which address both the type and the rigor of activities that must occur during product evaluation. [AJP]
evaluation assurance: (1) Source of IT (information technology) product assurance based on the kind and intensity of the evaluation analysis performed on the product. (2) Specifies the nature and intensity of evaluation activities to be performed on a TOE (target of evaluation), based on the expected threat and the intended environments. [AJP]
evaluation body or entity: See certification body. [AJP]
evaluation criteria: A set of requirements defining the conditions under which an evaluation is performed. These requirements can also be used in specification and development of systems and products. [AJP]
evaluation: (1) Technical assessment of a component's, product's, subsystem's, or system's security properties that establishes whether the component, product, subsystem, or system meets a specific set of requirements, for example, defined evaluation criteria. Note: Evaluation is a term that causes much confusion in the security community, because it is used in many different ways. It is sometimes used in the general English sense (judgment or determination of worth or quality). Based on common usage of the term in the security community, one can distinguish between two types of evaluation: (a) evaluations that exclude the environment, and (b) evaluations that include the environment. This second type of evaluation, an assessment of a system's security properties with respect to a specific operational mission, is termed certification. Evaluations that exclude the environment are assessments of the security properties against a defined criterion. (2) The process - given a security policy, a consistent description of required security functions, and a targeted assurance level - of achieving assurance. Evaluation also includes the checking for security vulnerabilities (in relation to the security policy). (3) The assessment of an IT (information technology) system or product against defined evaluation criteria. [AJP]
Evaluator - the independent person or organisation that performs an evaluation. [ITSEC]
Evaluator Actions - a component of the evaluation criteria for a particular phase or aspect of evaluation, identifying what the evaluator must do to check the information supplied by the sponsor of the evaluator, and the additional activities he must perform. [ITSEC]
evaluator actions: A component of the evaluation criteria for a particular phase or aspect of evaluation, identifying what the evaluator must do to check the information supplied by the sponsor of the evaluator, and the additional activities he must perform. [AJP]
evaluator: (1) The independent person or organization that performs an evaluation. (2) Individual or group responsible for the independent assessment of IT (information technology) product security (for example, product evaluators, system security officers, system certifiers, and system accreditors). [AJP]
Evaluators - Individuals or groups responsible for the independent assessment of IT product security (e.g., product evaluators, system security officers, system certifiers, and system accreditors).[FC v.1]
executive state - One of several states in which a system may operate and the only one in which certain privileged instructions may be executed. Such instructions cannot be executed when the system is operating in other (e.g., user) states. Synonymous with supervisor state. [NCSC TG-004]
executive state: (1) One of several states in which a system may operate and the only one in which certain privileged instructions may be executed. Such instructions cannot be executed when the system is operating in other (for example, user) states. Synonymous with supervisor state. (2) A privileged state that can be used by supervisory software for multitasking operations. Reliable multitasking requires protection, such as segment-level protection. For example, segment-level protection can have the following protection checks: (a) type check, (b) limit check, (c) restriction of addressable domain, (d) restriction of procedure entry points, and (e) restriction of instruction set. [AJP]
Explain - Give required information and show that it satisfies all relevant requirements. [FC v.1]
explain: Give required information and show that it satisfies all relevant requirements. [AJP]
Exploitable Channel - Any channel that is useable or detectable by subjects external to the Trusted Computing Base. [TCSEC]
Exploitable Channel - Covert channel that is usable or detectable by subjects external to the AIS's trusted computing base and can be used to violate the AIS's technical security policy. (See covert channel.)[FC v.1]
Exploitable channel - any channel that is usable or detectable by subjects external to the Trusted Computing Base. [TNI]
exploitable channel - Any information channel that is usable or detectable by subjects external to the trusted computing base whose purpose is to violate the security policy of the system. See covert channel. [NCSC TG-004]
exploitable channel: (1) Any channel that is usable or detectable by subjects external to the trusted computing base. (2) A covert channel that is usable or detectable by subjects external to the AIS's (automated information system's) trusted computing base and can be used to violate the AIS's technical security policy. (See covert channel.) (3) Any information channel that is usable or detectable by subjects external to the trusted computing base whose purpose is to violate the security policy of the system. (See covert channel.) [AJP]
External Security Controls - Measures which include physical,
personnel, procedural, and administrative security requirements and a separate
certification and accreditation process that govern physical access to an IT
product.
Note: These measures constitute assumptions and boundary
conditions that are part of the environment described in a protection profile.
[FC v.1]
external security controls: Measures that include physical, personnel, procedural, and administrative security requiremen