< draft-shirey-secgloss-v2-07.txt   draft-shirey-secgloss-v2-08.txt >
INTERNET-DRAFT R. W. Shirey INTERNET-DRAFT R. W. Shirey
Obsoletes: RFC 2828, FYI 36 BBN Technologies Corp. Obsoletes: RFC 2828, FYI 36 BBN Technologies Corp.
Expiration Date: 8 March 2007 8 September 2006 Expiration Date: 1 May 2007 1 November 2006
Internet Security Glossary, Version 2 Internet Security Glossary, Version 2
<draft-shirey-secgloss-v2-07.txt> <draft-shirey-secgloss-v2-08.txt>
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
This document may not be modified, and derivative works of it may This document may not be modified, and derivative works of it may
not be created, except to publish it as an RFC and to translate it not be created, except to publish it as an RFC and to translate it
skipping to change at page 1, line 44 skipping to change at page 1, line 44
http://www.ietf.org/shadow.html http://www.ietf.org/shadow.html
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2006). All Rights Reserved. Copyright (C) The Internet Society (2006). All Rights Reserved.
Abstract Abstract
This Glossary provides definitions, abbreviations, and explanations This Glossary provides definitions, abbreviations, and explanations
of terminology for information system security. The 305 pages of of terminology for information system security. The 305 pages of
entries offer recommendations to improve the clarity of Internet entries offer recommendations to improve the comprehensibility of
Standards documents (ISDs) and to make them more easily understood by written material that is generated in the Internet Standards Process
international readers. The recommendations follow the principles that (RFC 2026). The recommendations follow the principles that such
ISDs should (a) use the same term or definition whenever the same writing should (a) use the same term or definition whenever the same
concept is mentioned; (b) use terms in their plainest, dictionary concept is mentioned; (b) use terms in their plainest, dictionary
sense; (c) use terms that are already well-established in open sense; (c) use terms that are already well-established in open
publications; and (d) avoid terms that either favor a particular publications; and (d) avoid terms that either favor a particular
vendor or favor a particular technology or mechanism over other, vendor or favor a particular technology or mechanism over other,
competing techniques that already exist or could be developed. competing techniques that already exist or could be developed.
Table of Contents Table of Contents
Section Page Section Page
------- ---- ------- ----
skipping to change at page 3, line 16 skipping to change at page 3, line 16
This Glossary is *not* an Internet Standard, and its recommendations This Glossary is *not* an Internet Standard, and its recommendations
represent only the opinions of its author. However, this Glossary represent only the opinions of its author. However, this Glossary
gives reasons for its recommendations -- especially for the SHOULD gives reasons for its recommendations -- especially for the SHOULD
NOTs -- so that readers can judge for themselves what to do. NOTs -- so that readers can judge for themselves what to do.
This Glossary provides an internally consistent and self-contained This Glossary provides an internally consistent and self-contained
set of terms, abbreviations, and definitions -- supported by set of terms, abbreviations, and definitions -- supported by
explanations, recommendations, and references -- for terminology that explanations, recommendations, and references -- for terminology that
concerns information system security. The intent of this Glossary is concerns information system security. The intent of this Glossary is
to improve the comprehensibility of Internet Standards documents to improve the comprehensibility of written materials that are
(ISDs) -- i.e., RFCs, Internet-Drafts, and other material produced as generated in the Internet Standards Process (RFC 2026) -- i.e., RFCs,
part of the Internet Standards Process (RFC 2026) -- and other Internet-Drafts, and other items of discourse -- which are referred
Internet-related discourse. A few non-security, networking terms are to here as IDOCs. A few non-security, networking terms are included
included to make the Glossary self-contained, but more complete to make the Glossary self-contained, but more complete glossaries of
glossaries of such terms are available elsewhere [A1523, F1037, such terms are available elsewhere [A1523, F1037, R1208, R1983].
R1208, R1983].
This Glossary supports the goals of the Internet Standards Process: This Glossary supports the goals of the Internet Standards Process:
o Clear, Concise, Easily Understood Documentation o Clear, Concise, Easily Understood Documentation
This Glossary seeks to improve comprehensibility of security- This Glossary seeks to improve comprehensibility of security-
related content of ISDs. That requires wording to be clear and related content of IDOCs. That requires wording to be clear and
understandable, and requires the set of security-related terms and understandable, and requires the set of security-related terms and
definitions to be consistent and self-supporting. Also, definitions to be consistent and self-supporting. Also,
terminology needs to be uniform across all ISDs; i.e., the same terminology needs to be uniform across all IDOCs; i.e., the same
term or definition needs to be used whenever and wherever the same term or definition needs to be used whenever and wherever the same
concept is mentioned. Harmonization of existing ISDs need not be concept is mentioned. Harmonization of existing IDOCs need not be
done immediately, but it is desirable to correct and standardize done immediately, but it is desirable to correct and standardize
terminology when new versions are issued in the normal course of terminology when new versions are issued in the normal course of
standards development and evolution. standards development and evolution.
o Technical Excellence o Technical Excellence
Just as Internet Standard (STD) protocols should operate Just as Internet Standard (STD) protocols should operate
effectively, ISDs should use terminology accurately, precisely, effectively, IDOCs should use terminology accurately, precisely,
and unambiguously to enable standards to be implemented correctly. and unambiguously to enable standards to be implemented correctly.
o Prior Implementation and Testing o Prior Implementation and Testing
Just as STD protocols require demonstrated experience and Just as STD protocols require demonstrated experience and
stability before adoption, ISDs need to use well-established stability before adoption, IDOCs need to use well-established
language; and the robustness principle for protocols -- "be language; and the robustness principle for protocols -- "be
liberal in what you accept, and conservative in what you send" -- liberal in what you accept, and conservative in what you send" --
is also applicable to the language used in ISDs that describe is also applicable to the language used in IDOCs that describe
protocols. Using terms in their plainest, dictionary sense (when protocols. Using terms in their plainest, dictionary sense (when
appropriate) helps to ensure international understanding. ISDs appropriate) helps to make them more easily understood by
need to avoid using private, newly invented terms in place of international readers. IDOCs need to avoid using private, newly
generally accepted terms from open publications. ISDs need to invented terms in place of generally accepted terms from open
avoid substituting new definitions that conflict with established publications. IDOCs need to avoid substituting new definitions
ones. ISDs need to avoid using "cute" synonyms (e.g., "Green that conflict with established ones. IDOCs need to avoid using
Book"), because no matter how popular a nickname may be in one "cute" synonyms (e.g., "Green Book"), because no matter how
community, it is likely to cause confusion in another. popular a nickname may be in one community, it is likely to cause
confusion in another.
o Openness, Fairness, and Timeliness o Openness, Fairness, and Timeliness
ISDs need to avoid using proprietary and trademarked terms for IDOCs need to avoid using proprietary and trademarked terms for
purposes other than referring to those particular systems. ISDs purposes other than referring to those particular systems. IDOCs
also need to avoid terms that either favor a particular vendor or also need to avoid terms that either favor a particular vendor or
favor a particular security technology or mechanism over other, favor a particular security technology or mechanism over other,
competing techniques that already exist or might be developed in competing techniques that already exist or might be developed in
the future. The set of terminology used across the set of ISDs the future. The set of terminology used across the set of IDOCs
needs to be flexible and adaptable as the state of Internet needs to be flexible and adaptable as the state of Internet
security art evolves. security art evolves.
In support of those goals, this Glossary offers guidance by marking In support of those goals, this Glossary offers guidance by marking
terms and definitions as being either endorsed or deprecated for use terms and definitions as being either endorsed or deprecated for use
in ISDs. The key words "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", in IDOCs. The key words "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
and "OPTIONAL" are intended to be interpreted the same way as in an and "OPTIONAL" are intended to be interpreted the same way as in an
Internet Standard (i.e., as specified in RFC 2119). Other glossaries Internet Standard (i.e., as specified in RFC 2119). Other glossaries
(e.g., [Raym]) list additional terms that deal with Internet security (e.g., [Raym]) list additional terms that deal with Internet security
but have not been included in this Glossary because they are not but have not been included in this Glossary because they are not
appropriate for ISDs. appropriate for IDOCs.
2. Format of Entries 2. Format of Entries
Section 4 presents Glossary entries in the following manner: Section 4 presents Glossary entries in the following manner:
2.1 Order of Entries 2.1 Order of Entries
Entries are sorted in lexicographic order, without regard to Entries are sorted in lexicographic order, without regard to
capitalization. Numeric digits are treated as preceding alphabetic capitalization. Numeric digits are treated as preceding alphabetic
characters, and special characters are treated as preceding characters, and special characters are treated as preceding
digits. Blanks are treated as preceding non-blank characters, digits. Blanks are treated as preceding non-blank characters,
except that a hyphen or slash between the parts of a multiword except that a hyphen or slash between the parts of a multiword
entry (e.g., "RED/BLACK separation") is treated like a blank. entry (e.g., "RED/BLACK separation") is treated like a blank.
If an entry has multiple definitions (e.g., "domain"), they are If an entry has multiple definitions (e.g., "domain"), they are
numbered beginning with "1", and any of those multiple definitions numbered beginning with "1", and any of those multiple definitions
that are RECOMMENDED for use in ISDs are presented before other that are RECOMMENDED for use in IDOCs are presented before other
definitions for that entry. If definitions are closely related definitions for that entry. If definitions are closely related
(e.g., "threat"), they are denoted by adding letters to a number, (e.g., "threat"), they are denoted by adding letters to a number,
such as "1a" and "1b". such as "1a" and "1b".
2.2 Capitalization and Abbreviations 2.2 Capitalization and Abbreviations
Entries that are proper nouns are capitalized (e.g., "Data Entries that are proper nouns are capitalized (e.g., "Data
Encryption Algorithm"), as are other words derived from proper Encryption Algorithm"), as are other words derived from proper
nouns (e.g., "Caesar cipher"). All other entries are not nouns (e.g., "Caesar cipher"). All other entries are not
capitalized (e.g., "certification authority"). Each acronym or capitalized (e.g., "certification authority"). Each acronym or
skipping to change at page 5, line 22 skipping to change at page 5, line 22
other entries in which "X" is used in explanations. other entries in which "X" is used in explanations.
2.4 Definition Type and Context 2.4 Definition Type and Context
Each entry is preceded by a character -- I, N, O, or D -- enclosed Each entry is preceded by a character -- I, N, O, or D -- enclosed
in parentheses, to indicate the type of definition (as is in parentheses, to indicate the type of definition (as is
explained further in Section 3): explained further in Section 3):
- "I" for a RECOMMENDED term or definition of Internet origin. - "I" for a RECOMMENDED term or definition of Internet origin.
- "N" if RECOMMENDED but not of Internet origin. - "N" if RECOMMENDED but not of Internet origin.
- "O" for a term or definition that is NOT recommended for use in - "O" for a term or definition that is NOT recommended for use in
ISDs but is something that authors of Internet documents should IDOCs but is something that authors of Internet documents
know about. should know about.
- "D" for a term or definition that is deprecated and SHOULD NOT - "D" for a term or definition that is deprecated and SHOULD NOT
be used in Internet documents. be used in Internet documents.
If a definition is valid only in a specific context (e.g., If a definition is valid only in a specific context (e.g.,
"baggage"), that context is shown immediately following the "baggage"), that context is shown immediately following the
definition type and is enclosed by a pair of slash symbols (/). If definition type and is enclosed by a pair of slash symbols (/). If
the definition is valid only for specific parts of speech, that is the definition is valid only for specific parts of speech, that is
shown in the same way (e.g., "archive"). shown in the same way (e.g., "archive").
2.5 Explanatory Notes 2.5 Explanatory Notes
skipping to change at page 5, line 47 skipping to change at page 5, line 47
- Deprecated Abbreviation (e.g., "AA") - Deprecated Abbreviation (e.g., "AA")
- Deprecated Definition (e.g., "digital certification") - Deprecated Definition (e.g., "digital certification")
- Deprecated Usage (e.g., "authenticate") - Deprecated Usage (e.g., "authenticate")
- Deprecated Term (e.g., "certificate authority") - Deprecated Term (e.g., "certificate authority")
- Pronunciation (e.g., "*-property") - Pronunciation (e.g., "*-property")
- Derivation (e.g., "discretionary access control") - Derivation (e.g., "discretionary access control")
- Tutorial (e.g., "accreditation") - Tutorial (e.g., "accreditation")
- Example (e.g., "back door") - Example (e.g., "back door")
- Usage (e.g., "access") - Usage (e.g., "access")
Explanatory text in this Glossary MAY be reused in other ISDs. Explanatory text in this Glossary MAY be reused in IDOCs. However,
However, such text is not intended to authoritatively supersede this text is not intended to authoritatively supersede text of an
text of an ISD in which the Glossary entry is already used. IDOC in which the Glossary entry is already used.
2.6 Cross-References 2.6 Cross-References
Some entries contain a parenthetical remark of the form "(See: Some entries contain a parenthetical remark of the form "(See:
X.)", where X is a list of other, related terms. Some entries X.)", where X is a list of other, related terms. Some entries
contain a remark of the form "(Compare: X)", where X is a list of contain a remark of the form "(Compare: X)", where X is a list of
terms that either are antonyms of the entry or differ in some terms that either are antonyms of the entry or differ in some
other manner worth noting. other manner worth noting.
2.7 Trademarks 2.7 Trademarks
skipping to change at page 6, line 48 skipping to change at page 6, line 48
to look like this: to look like this:
Then delete one line from the file by typing "dd." Then delete one line from the file by typing "dd."
However, in the vi language, the dot character repeats the last However, in the vi language, the dot character repeats the last
command accepted. So, if a reader entered "dd.", two lines would command accepted. So, if a reader entered "dd.", two lines would
be deleted instead of one. be deleted instead of one.
Similarly, use of standard American punctuation might cause Similarly, use of standard American punctuation might cause
misunderstanding in entries in this Glossary. Thus, the new misunderstanding in entries in this Glossary. Thus, the new
punctuation is used here, and we recommend it for ISDs. punctuation is used here, and we recommend it for IDOCs.
3. Types of Entries 3. Types of Entries
Each entry in this Glossary is marked as type I, N, O, or D: Each entry in this Glossary is marked as type I, N, O, or D:
3.1 Type "I": Recommended Definitions of Internet Origin 3.1 Type "I": Recommended Definitions of Internet Origin
The marking "I" indicates two things: The marking "I" indicates two things:
- Origin: "I" (as opposed to "N") means either that the Internet - Origin: "I" (as opposed to "N") means either that the Internet
Standards Process or Internet community is authoritative for Standards Process or Internet community is authoritative for
the definition *or* that the term is sufficiently generic that the definition *or* that the term is sufficiently generic that
this Glossary can freely state a definition without this Glossary can freely state a definition without
contradicting a non-Internet authority (e.g., "attack"). contradicting a non-Internet authority (e.g., "attack").
- Recommendation: "I" (as opposed to "O") means that the term and - Recommendation: "I" (as opposed to "O") means that the term and
definition are RECOMMENDED for use in ISDs. However, some "I" definition are RECOMMENDED for use in IDOCs. However, some "I"
entries may be accompanied by a "Usage" note that states a entries may be accompanied by a "Usage" note that states a
limitation (e.g., "certification"), and ISDs SHOULD NOT use the limitation (e.g., "certification"), and IDOCs SHOULD NOT use
defined term outside that limited context. the defined term outside that limited context.
Many "I" entries are proper nouns (e.g., "Internet Protocol") for Many "I" entries are proper nouns (e.g., "Internet Protocol") for
which the definition is intended only to provide basic which the definition is intended only to provide basic
information; i.e., the authoritative definition of such terms is information; i.e., the authoritative definition of such terms is
found elsewhere. For a proper noun described as an "Internet found elsewhere. For a proper noun described as an "Internet
protocol", please refer to the current edition of "Internet protocol", please refer to the current edition of "Internet
Official Protocol Standards" (Standard 1) for the standardization Official Protocol Standards" (Standard 1) for the standardization
status of the protocol. status of the protocol.
3.2 Type "N": Recommended Definitions of Non-Internet Origin 3.2 Type "N": Recommended Definitions of Non-Internet Origin
The marking "N" indicates two things: The marking "N" indicates two things:
- Origin: "N" (as opposed to "I") means that the entry has a non- - Origin: "N" (as opposed to "I") means that the entry has a non-
Internet basis or origin. Internet basis or origin.
- Recommendation: "N" (as opposed to "O") means that the term and - Recommendation: "N" (as opposed to "O") means that the term and
definition are RECOMMENDED for use in ISDs, if they are needed definition are RECOMMENDED for use in IDOCs, if they are needed
at all in ISDs. Many of these entries are accompanied by a at all in IDOCs. Many of these entries are accompanied by a
label that states a context (e.g., "package") or a note that label that states a context (e.g., "package") or a note that
states a limitation (e.g., "data integrity"), and ISDs SHOULD states a limitation (e.g., "data integrity"), and IDOCs SHOULD
NOT use the defined term outside that context or limit. Some of NOT use the defined term outside that context or limit. Some of
the contexts are rarely if ever expected to occur in an ISD the contexts are rarely if ever expected to occur in an IDOC
(e.g., "baggage"). In those cases, the listing exists to make (e.g., "baggage"). In those cases, the listing exists to make
Internet authors aware of the non-Internet usage so that they Internet authors aware of the non-Internet usage so that they
can avoid conflicts with non-Internet documents. can avoid conflicts with non-Internet documents.
3.3 Type "O": Other Terms and Definitions To Be Noted 3.3 Type "O": Other Terms and Definitions To Be Noted
The marking "O" means that the definition is of non-Internet The marking "O" means that the definition is of non-Internet
origin and SHOULD NOT be used in ISDs *except* in cases where the origin and SHOULD NOT be used in IDOCs *except* in cases where the
term is specifically identified as non-Internet. term is specifically identified as non-Internet.
For example, an ISD might mention "BCA" (see: brand certification For example, an IDOC might mention "BCA" (see: brand certification
authority) or "baggage" as an example of some concept; in that authority) or "baggage" as an example of some concept; in that
case, the document should specifically say "SET(trademark) BCA" or case, the document should specifically say "SET(trademark) BCA" or
"SET(trademark) baggage" and include the definition of the term. "SET(trademark) baggage" and include the definition of the term.
3.4 Type "D": Deprecated Terms and Definitions 3.4 Type "D": Deprecated Terms and Definitions
If this Glossary recommends that a term or definition SHOULD NOT If this Glossary recommends that a term or definition SHOULD NOT
be used in ISDs, then the entry is marked as type "D", and an be used in IDOCs, then the entry is marked as type "D", and an
explanatory note -- "Deprecated Term", "Deprecated Abbreviation", explanatory note -- "Deprecated Term", "Deprecated Abbreviation",
"Deprecated Definition", or "Deprecated Usage" -- is provided. "Deprecated Definition", or "Deprecated Usage" -- is provided.
3.5 Definition Substitutions 3.5 Definition Substitutions
Some terms have a definition published by a non-Internet authority Some terms have a definition published by a non-Internet authority
-- a government (e.g., "object reuse"), an industry (e.g., "Secure -- a government (e.g., "object reuse"), an industry (e.g., "Secure
Data Exchange"), a national authority (e.g., "Data Encryption Data Exchange"), a national authority (e.g., "Data Encryption
Standard"), or an international body (e.g., "data Standard"), or an international body (e.g., "data
confidentiality") -- that is suitable for use in ISDs. In those confidentiality") -- that is suitable for use in IDOCs. In those
cases, this Glossary marks the definition "N", recommending its cases, this Glossary marks the definition "N", recommending its
use in Internet documents. use in Internet documents.
Other such terms have definitions that are inadequate or Other such terms have definitions that are inadequate or
inappropriate for ISDs. For example, a definition might be inappropriate for IDOCs. For example, a definition might be
outdated or too narrow, or it might need clarification by outdated or too narrow, or it might need clarification by
substituting more careful wording (e.g., "authentication substituting more careful wording (e.g., "authentication
exchange") or explanations, using other terms that are defined in exchange") or explanations, using other terms that are defined in
this Glossary. In those cases, this Glossary marks the entry "O", this Glossary. In those cases, this Glossary marks the entry "O",
and provides an "I" or "N" entry that precedes, and is intended to and provides an "I" or "N" entry that precedes, and is intended to
supersede, the "O" entry. supersede, the "O" entry.
In some cases where this Glossary provides a definition to In some cases where this Glossary provides a definition to
supersede an "O" definition, the substitute is intended to subsume supersede an "O" definition, the substitute is intended to subsume
the meaning of the "O" entry and not conflict with it. For the the meaning of the "O" entry and not conflict with it. For the
term "security service", for example, the "O" definition deals term "security service", for example, the "O" definition deals
narrowly with only communication services provided by layers in narrowly with only communication services provided by layers in
the OSIRM and is inadequate for the full range of ISD usage, while the OSIRM and is inadequate for the full range of IDOC usage,
the new "I" definition provided by this Glossary can be used in while the new "I" definition provided by this Glossary can be used
more situations and for more kinds of service. However, the "O" in more situations and for more kinds of service. However, the "O"
definition is also listed so that ISD authors will be aware of the definition is also listed so that IDOC authors will be aware of
context in which the term is used more narrowly. the context in which the term is used more narrowly.
When making substitutions, this Glossary attempts to avoid When making substitutions, this Glossary attempts to avoid
contradicting any non-Internet authority. Still, terminology contradicting any non-Internet authority. Still, terminology
differs between authorities such as the American Bar Association, differs between authorities such as the American Bar Association,
OSI, SET, the U.S. DoD, and other authorities; and this Glossary OSI, SET, the U.S. DoD, and other authorities; and this Glossary
probably is not exactly aligned with any of them. probably is not exactly aligned with any of them.
4. Definitions 4. Definitions
$ *-property $ *-property
skipping to change at page 9, line 19 skipping to change at page 9, line 19
LaPadula model. Pronunciation: star property. LaPadula model. Pronunciation: star property.
$ 3DES $ 3DES
(N) See: Triple Data Encryption Algorithm. (N) See: Triple Data Encryption Algorithm.
$ A1 computer system $ A1 computer system
(O) /TCSEC/ See: Tutorial under "Trusted Computer System (O) /TCSEC/ See: Tutorial under "Trusted Computer System
Evaluation Criteria". (Compare: beyond A1.) Evaluation Criteria". (Compare: beyond A1.)
$ AA $ AA
(D) See: "Deprecated Abbreviation" under "attribute authority". (D) See: "Deprecated Usage" under "attribute authority".
$ ABA Guidelines $ ABA Guidelines
(N) "American Bar Association (ABA) Digital Signature Guidelines" (N) "American Bar Association (ABA) Digital Signature Guidelines"
[DSG], a framework of legal principles for using digital [DSG], a framework of legal principles for using digital
signatures and digital certificates in electronic commerce. signatures and digital certificates in electronic commerce.
$ Abstract Syntax Notation One (ASN.1) $ Abstract Syntax Notation One (ASN.1)
(N) A standard for describing data objects. [Larm, X680] (See: (N) A standard for describing data objects. [Larm, X680] (See:
CMS.) CMS.)
Usage: ISDs SHOULD use the term "ASN.1" narrowly to Usage: IDOCs SHOULD use the term "ASN.1" narrowly to
describe the notation or language called "Abstract describe the notation or language called "Abstract
Syntax Notation One". ISDs MAY use the term more broadly Syntax Notation One". IDOCs MAY use the term more
to encompass the notation, its associated encoding rules broadly to encompass the notation, its associated
(see: BER), and software tools that assist in its use, encoding rules (see: BER), and software tools that
when the context makes this meaning clear. assist in its use, when the context makes this meaning
clear.
Tutorial: OSIRM defines computer network functionality in layers. Tutorial: OSIRM defines computer network functionality in layers.
Protocols and data objects at higher layers are abstractly defined Protocols and data objects at higher layers are abstractly defined
to be implemented using protocols and data objects from lower to be implemented using protocols and data objects from lower
layers. A higher layer may define transfers of abstract objects layers. A higher layer may define transfers of abstract objects
between computers, and a lower layer may define those transfers between computers, and a lower layer may define those transfers
concretely as strings of bits. Syntax is needed to specify data concretely as strings of bits. Syntax is needed to specify data
formats of abstract objects, and encoding rules are needed to formats of abstract objects, and encoding rules are needed to
transform abstract objects into bit strings at lower layers. OSI transform abstract objects into bit strings at lower layers. OSI
standards use ASN.1 for those specifications and use various standards use ASN.1 for those specifications and use various
skipping to change at page 11, line 50 skipping to change at page 11, line 50
principal) that is authorized to use the resource in some other principal) that is authorized to use the resource in some other
manner. (See: insider.) The two basic mechanisms for implementing manner. (See: insider.) The two basic mechanisms for implementing
this service are ACLs and tickets. this service are ACLs and tickets.
$ access level $ access level
1. (D) Synonym for the hierarchical "classification level" in a 1. (D) Synonym for the hierarchical "classification level" in a
security level. [C4009] (See: security level.) security level. [C4009] (See: security level.)
2. (D) Synonym for "clearance level". 2. (D) Synonym for "clearance level".
Deprecated Definitions: ISDs SHOULD NOT use this term with these Deprecated Definitions: IDOCs SHOULD NOT use this term with these
definitions because they duplicate the meaning of more specific definitions because they duplicate the meaning of more specific
terms. Any ISD that uses this term SHOULD provide a specific terms. Any IDOC that uses this term SHOULD provide a specific
definition for it because access control may be based on many definition for it because access control may be based on many
attributes other than classification level and clearance level. attributes other than classification level and clearance level.
$ access list $ access list
(I) /physical security/ Roster of persons who are authorized to (I) /physical security/ Roster of persons who are authorized to
enter a controlled area. (Compare: access control list.) enter a controlled area. (Compare: access control list.)
$ access mode $ access mode
(I) A distinct type of data processing operation (e.g., read, (I) A distinct type of data processing operation (e.g., read,
write, append, or execute, or a combination of operations) that a write, append, or execute, or a combination of operations) that a
subject can potentially perform on an object in an information subject can potentially perform on an object in an information
system. [Huff] (See: read, write.) system. [Huff] (See: read, write.)
$ access policy $ access policy
(I) A kind of "security policy". (See: access, access control.) (I) A kind of "security policy". (See: access, access control.)
$ access profile $ access profile
(O) Synonym for "capability list". (O) Synonym for "capability list".
Usage: ISDs that use this term SHOULD state a definition for it Usage: IDOCs that use this term SHOULD state a definition for it
because the definition is not widely known. because the definition is not widely known.
$ access right $ access right
(I) Synonym for "authorization"; emphasizes the possession of the (I) Synonym for "authorization"; emphasizes the possession of the
authorization by a system entity. authorization by a system entity.
$ accountability $ accountability
(I) The property of a system or system resource that ensures that (I) The property of a system or system resource that ensures that
the actions of a system entity may be traced uniquely to that the actions of a system entity may be traced uniquely to that
entity, which can then be held responsible for its actions. [Huff] entity, which can then be held responsible for its actions. [Huff]
skipping to change at page 14, line 10 skipping to change at page 14, line 10
Tutorial: Active content can be mobile code when its associated Tutorial: Active content can be mobile code when its associated
file is transferred across a network. file is transferred across a network.
1b. (O) "Electronic documents that can carry out or trigger 1b. (O) "Electronic documents that can carry out or trigger
actions automatically on a computer platform without the actions automatically on a computer platform without the
intervention of a user. [This technology enables] mobile code intervention of a user. [This technology enables] mobile code
associated with a document to execute as the document is associated with a document to execute as the document is
rendered." [SP28] rendered." [SP28]
$ active user $ active user
(I) See: secondary definition under "attack". (I) See: secondary definition under "system user".
$ active wiretapping $ active wiretapping
(I) A wiretapping attack that attempts to alter data being (I) A wiretapping attack that attempts to alter data being
communicated or otherwise affect data flow. (See: wiretapping. communicated or otherwise affect data flow. (See: wiretapping.
Compare: active attack, passive wiretapping.) Compare: active attack, passive wiretapping.)
$ add-on security $ add-on security
(N) The retrofitting of protection mechanisms, implemented by (N) The retrofitting of protection mechanisms, implemented by
hardware or software, in an information system after the system hardware or software, in an information system after the system
has become operational. [FP039] (Compare: baked-in security.) has become operational. [FP039] (Compare: baked-in security.)
skipping to change at page 16, line 21 skipping to change at page 16, line 21
(I) A name that an entity uses in place of its real name, usually (I) A name that an entity uses in place of its real name, usually
for the purpose of either anonymity or masquerade. for the purpose of either anonymity or masquerade.
$ Alice and Bob $ Alice and Bob
(I) The parties that are most often called upon to illustrate the (I) The parties that are most often called upon to illustrate the
operation of bipartite security protocols. These and other operation of bipartite security protocols. These and other
dramatis personae are listed by Schneier [Schn]. dramatis personae are listed by Schneier [Schn].
$ American National Standards Institute (ANSI) $ American National Standards Institute (ANSI)
(N) A private, not-for-profit association that administers U.S. (N) A private, not-for-profit association that administers U.S.
private sector voluntary standards. private-sector voluntary standards.
Tutorial: ANSI has approximately 1,000 member organizations, Tutorial: ANSI has approximately 1,000 member organizations,
including equipment users, manufacturers, and others. These including equipment users, manufacturers, and others. These
include commercial firms, government agencies, and other include commercial firms, government agencies, and other
institutions and international entities. institutions and international entities.
ANSI is the sole U.S. representative to (a) ISO and (b) (via the ANSI is the sole U.S. representative to (a) ISO and (b) (via the
U.S. National Committee) the International Electrotechnical U.S. National Committee) the International Electrotechnical
Commission (IEC), which are the two major, non-treaty, Commission (IEC), which are the two major, non-treaty,
international standards organizations. international standards organizations.
skipping to change at page 18, line 4 skipping to change at page 18, line 4
anyone to gather information about which servers the client anyone to gather information about which servers the client
accesses and (b) without allowing the accessed servers to gather accesses and (b) without allowing the accessed servers to gather
information about the client, such as its IP address. information about the client, such as its IP address.
$ anonymous credential $ anonymous credential
(D) /U.S. Government/ A credential that (a) can be used to (D) /U.S. Government/ A credential that (a) can be used to
authenticate a person as having a specific attribute or being a authenticate a person as having a specific attribute or being a
member of a specific group (e.g., military veterans or U.S. member of a specific group (e.g., military veterans or U.S.
citizens) but (b) does not reveal the individual identity of the citizens) but (b) does not reveal the individual identity of the
person that presents the credential. [M0404] (See: anonymity.) person that presents the credential. [M0404] (See: anonymity.)
Deprecated Term: ISDs SHOULD NOT use this term; it mixes concepts Deprecated Term: IDOCs SHOULD NOT use this term; it mixes concepts
in a potentially misleading way. For example, when the credential in a potentially misleading way. For example, when the credential
is an X.509 certificate, the term could be misunderstood to mean is an X.509 certificate, the term could be misunderstood to mean
that the certificate was signed by a CA that has a persona that the certificate was signed by a CA that has a persona
certificate. Instead, use "attribute certificate", "organizational certificate. Instead, use "attribute certificate", "organizational
certificate", or "persona certificate" depending on what is meant, certificate", or "persona certificate" depending on what is meant,
and provide additional explanations as needed. and provide additional explanations as needed.
$ anonymous login $ anonymous login
(I) An access control feature (actually, an access control (I) An access control feature (actually, an access control
vulnerability) in many Internet hosts that enables users to gain vulnerability) in many Internet hosts that enables users to gain
skipping to change at page 23, line 23 skipping to change at page 23, line 23
the class of information indicated by an attribute type. (See: the class of information indicated by an attribute type. (See:
attribute certificate.) attribute certificate.)
$ attribute authority (AA) $ attribute authority (AA)
1. (N) A CA that issues attribute certificates. 1. (N) A CA that issues attribute certificates.
2. (O) "An authority [that] assigns privileges by issuing 2. (O) "An authority [that] assigns privileges by issuing
attribute certificates." [X509] attribute certificates." [X509]
Deprecated Usage: The abbreviation "AA" SHOULD NOT be used in an Deprecated Usage: The abbreviation "AA" SHOULD NOT be used in an
ISD unless it is first defined in the ISD. IDOC unless it is first defined in the IDOC.
$ attribute certificate $ attribute certificate
1. (I) A digital certificate that binds a set of descriptive data 1. (I) A digital certificate that binds a set of descriptive data
items, other than a public key, either directly to a subject name items, other than a public key, either directly to a subject name
or to the identifier of another certificate that is a public-key or to the identifier of another certificate that is a public-key
certificate. (See: capability token.) certificate. (See: capability token.)
2. (O) "A data structure, digitally signed by an [a]ttribute 2. (O) "A data structure, digitally signed by an [a]ttribute
[a]uthority, that binds some attribute values with identification [a]uthority, that binds some attribute values with identification
information about its holder." [X509] information about its holder." [X509]
skipping to change at page 24, line 9 skipping to change at page 24, line 9
- Different authorities: When the authority responsible for the - Different authorities: When the authority responsible for the
attributes is different than the one that issues the public-key attributes is different than the one that issues the public-key
certificate for the subject. (There is no requirement that an certificate for the subject. (There is no requirement that an
attribute certificate be issued by the same CA that issued the attribute certificate be issued by the same CA that issued the
associated public-key certificate.) associated public-key certificate.)
$ audit $ audit
See: security audit. See: security audit.
$ audit log $ audit log
(I) Synonym for "security audit trail". (I) Synonym for "security audit trail".
$ audit service $ audit service
(I) A security service that records information needed to (I) A security service that records information needed to
establish accountability for system events and for the actions of establish accountability for system events and for the actions of
system entities that cause them. (See: security audit.) system entities that cause them. (See: security audit.)
$ audit trail $ audit trail
(I) See: security audit trail. (I) See: security audit trail.
$ AUTH $ AUTH
skipping to change at page 24, line 31 skipping to change at page 24, line 31
$ authenticate $ authenticate
(I) Verify (i.e., establish the truth of) an attribute value (I) Verify (i.e., establish the truth of) an attribute value
claimed by or for a system entity or system resource. (See: claimed by or for a system entity or system resource. (See:
authentication, validate vs. verify, "relationship between data authentication, validate vs. verify, "relationship between data
integrity service and authentication services" under "data integrity service and authentication services" under "data
integrity service".) integrity service".)
Deprecated Usage: In general English usage, this term is used with Deprecated Usage: In general English usage, this term is used with
the meaning "to prove genuine" (e.g., an art expert authenticates the meaning "to prove genuine" (e.g., an art expert authenticates
a Michelangelo painting); but ISDs should restrict usage as a Michelangelo painting); but IDOCs should restrict usage as
follows: follows:
- ISDs SHOULD NOT use this term to refer to proving or checking - IDOCs SHOULD NOT use this term to refer to proving or checking
that data has not been changed, destroyed or lost in an that data has not been changed, destroyed, or lost in an
unauthorized or accidental manner. Instead use "verify". unauthorized or accidental manner. Instead use "verify".
- ISDs SHOULD NOT use this term to refer to proving the truth or - IDOCs SHOULD NOT use this term to refer to proving the truth or
accuracy of a fact or value such as a digital signature. accuracy of a fact or value such as a digital signature.
Instead, use "verify". Instead, use "verify".
- ISDs SHOULD NOT use this term to refer to establishing the - IDOCs SHOULD NOT use this term to refer to establishing the
soundness or correctness of a construct, such as a digital soundness or correctness of a construct, such as a digital
certificate. Instead, use "validate". certificate. Instead, use "validate".
$ authentication $ authentication
(I) The process of verifying a claim that a system entity or (I) The process of verifying a claim that a system entity or
system resource has a certain attribute value. (See: attribute, system resource has a certain attribute value. (See: attribute,
authenticate, authentication exchange, authentication information, authenticate, authentication exchange, authentication information,
credential, data origin authentication, peer entity credential, data origin authentication, peer entity
authentication, "relationship between data integrity service and authentication, "relationship between data integrity service and
authentication services" under "data integrity service", simple authentication services" under "data integrity service", simple
skipping to change at page 25, line 20 skipping to change at page 25, line 20
(e.g., a user identifier) to the authentication subsystem. (e.g., a user identifier) to the authentication subsystem.
- Verification step: Presenting or generating authentication - Verification step: Presenting or generating authentication
information (e.g., a value signed with a private key) that acts information (e.g., a value signed with a private key) that acts
as evidence to prove the binding between the attribute and that as evidence to prove the binding between the attribute and that
for which it is claimed. (See: verification.) for which it is claimed. (See: verification.)
$ authentication code $ authentication code
(D) Synonym for a checksum based on cryptography. (Compare: Data (D) Synonym for a checksum based on cryptography. (Compare: Data
Authentication Code, Message Authentication Code.) Authentication Code, Message Authentication Code.)
Deprecated Term: ISDs SHOULD NOT use this uncapitalized term as a Deprecated Term: IDOCs SHOULD NOT use this uncapitalized term as a
synonym for any kind of checksum, regardless of whether or not the synonym for any kind of checksum, regardless of whether or not the
checksum is cryptographic. Instead, use "checksum", "Data checksum is cryptographic. Instead, use "checksum", "Data
Authentication Code", "error detection code", "hash", "keyed Authentication Code", "error detection code", "hash", "keyed
hash", "Message Authentication Code", "protected checksum", or hash", "Message Authentication Code", "protected checksum", or
some other recommended term, depending on what is meant. some other recommended term, depending on what is meant.
The term mixes concepts in a potentially misleading way. The word The term mixes concepts in a potentially misleading way. The word
"authentication" is misleading because the checksum may be used to "authentication" is misleading because the checksum may be used to
perform a data integrity function rather than a data origin perform a data integrity function rather than a data origin
authentication function. authentication function.
skipping to change at page 26, line 41 skipping to change at page 26, line 41
peer entity authentication service. peer entity authentication service.
$ authenticity $ authenticity
(I) The property of being genuine and able to be verified and be (I) The property of being genuine and able to be verified and be
trusted. (See: authenticate, authentication, validate vs. verify.) trusted. (See: authenticate, authentication, validate vs. verify.)
$ authority $ authority
(D) /PKI/ "An entity [that is] responsible for the issuance of (D) /PKI/ "An entity [that is] responsible for the issuance of
certificates." [X509] certificates." [X509]
Deprecated Usage: ISDs SHOULD NOT use this term as a synonym for Deprecated Usage: IDOCs SHOULD NOT use this term as a synonym for
attribute authority, certification authority, registration attribute authority, certification authority, registration
authority, or similar terms; the shortened form may cause authority, or similar terms; the shortened form may cause
confusion. Instead, use the full term at the first instance of confusion. Instead, use the full term at the first instance of
usage and then, if it is necessary to shorten text, use AA, CA, usage and then, if it is necessary to shorten text, use AA, CA,
RA, and other abbreviations defined in this Glossary. RA, and other abbreviations defined in this Glossary.
$ authority certificate $ authority certificate
(D) "A certificate issued to an authority (e.g. either to a (D) "A certificate issued to an authority (e.g. either to a
certification authority or to an attribute authority)." [X509] certification authority or to an attribute authority)." [X509]
(See: authority.) (See: authority.)
Deprecated Term: ISDs SHOULD NOT use this term because it is Deprecated Term: IDOCs SHOULD NOT use this term because it is
ambiguous. Instead, use the full term "certification authority ambiguous. Instead, use the full term "certification authority
certificate", "attribute authority certificate", "registration certificate", "attribute authority certificate", "registration
authority certificate", etc. at the first instance of usage and authority certificate", etc. at the first instance of usage and
then, if it is necessary to shorten text, use AA, CA, RA, and then, if it is necessary to shorten text, use AA, CA, RA, and
other abbreviations defined in this Glossary. other abbreviations defined in this Glossary.
$ Authority Information Access extension $ Authority Information Access extension
(I) The private extension defined by PKIX for X.509 certificates (I) The private extension defined by PKIX for X.509 certificates
to indicate "how to access CA information and services for the to indicate "how to access CA information and services for the
issuer of the certificate in which the extension appears. issuer of the certificate in which the extension appears.
skipping to change at page 28, line 7 skipping to change at page 28, line 7
$ authorize $ authorize
(I) Grant an authorization to a system entity. (I) Grant an authorization to a system entity.
$ authorized user $ authorized user
(I) /access control/ A system entity that accesses a system (I) /access control/ A system entity that accesses a system
resource for which the entity has received an authorization. resource for which the entity has received an authorization.
(Compare: insider, outsider, unauthorized user.) (Compare: insider, outsider, unauthorized user.)
Deprecated Usage: ISDs that use this term SHOULD state a Deprecated Usage: IDOCs that use this term SHOULD state a
definition for it because the term is used in many ways and could definition for it because the term is used in many ways and could
easily be misunderstood. easily be misunderstood.
$ automated information system $ automated information system
See: information system. See: information system.
$ availability $ availability
1. (I) The property of a system or a system resource being 1. (I) The property of a system or a system resource being
accessible, or usable or operational upon demand, by an authorized accessible, or usable or operational upon demand, by an authorized
system entity, according to performance specifications for the system entity, according to performance specifications for the
skipping to change at page 28, line 29 skipping to change at page 28, line 29
according to the system design whenever users request them. (See: according to the system design whenever users request them. (See:
critical, denial of service. Compare: precedence, reliability, critical, denial of service. Compare: precedence, reliability,
survivability.) survivability.)
2. (O) "The property of being accessible and usable upon demand by 2. (O) "The property of being accessible and usable upon demand by
an authorized entity." [I7498-2] an authorized entity." [I7498-2]
3. (D) "Timely, reliable access to data and information services 3. (D) "Timely, reliable access to data and information services
for authorized users." [C4009] for authorized users." [C4009]
Deprecated Definition: ISDs SHOULD NOT use the term with Deprecated Definition: IDOCs SHOULD NOT use the term with
definition 3; the definition mixes "availability" with definition 3; the definition mixes "availability" with
"reliability", which is a different property. (See: reliability.) "reliability", which is a different property. (See: reliability.)
Tutorial: Availability requirements can be specified by Tutorial: Availability requirements can be specified by
quantitative metrics, but sometimes are stated qualitatively, such quantitative metrics, but sometimes are stated qualitatively, such
as in the following: as in the following:
- "Flexible tolerance for delay" may mean that brief system - "Flexible tolerance for delay" may mean that brief system
outages do not endanger mission accomplishment, but extended outages do not endanger mission accomplishment, but extended
outages may endanger the mission. outages may endanger the mission.
- "Minimum tolerance for delay" may mean that mission - "Minimum tolerance for delay" may mean that mission
skipping to change at page 29, line 51 skipping to change at page 29, line 51
$ bagbiter $ bagbiter
(D) /slang/ "An entity, such as a program or a computer, that (D) /slang/ "An entity, such as a program or a computer, that
fails to work or that works in a remarkably clumsy manner. A fails to work or that works in a remarkably clumsy manner. A
person who has caused some trouble, inadvertently or otherwise, person who has caused some trouble, inadvertently or otherwise,
typically by failing to program the computer properly." [NCSSG] typically by failing to program the computer properly." [NCSSG]
(See: flaw.) (See: flaw.)
Deprecated Term: It is likely that other cultures use different Deprecated Term: It is likely that other cultures use different
metaphors for these concepts. Therefore, to avoid international metaphors for these concepts. Therefore, to avoid international
misunderstanding, ISDs SHOULD NOT use this term. (See: Deprecated misunderstanding, IDOCs SHOULD NOT use this term. (See: Deprecated
Usage under "Green Book.") Usage under "Green Book.")
$ baggage $ baggage
(O) /SET/ An "opaque encrypted tuple, which is included in a SET (O) /SET/ An "opaque encrypted tuple, which is included in a SET
message but appended as external data to the PKCS encapsulated message but appended as external data to the PKCS encapsulated
data. This avoids superencryption of the previously encrypted data. This avoids superencryption of the previously encrypted
tuple, but guarantees linkage with the PKCS portion of the tuple, but guarantees linkage with the PKCS portion of the
message." [SET2] message." [SET2]
Deprecated Usage: ISDs SHOULD NOT use this term to describe a data Deprecated Usage: IDOCs SHOULD NOT use this term to describe a
element, except in the form "SET(trademark) baggage" with the data element, except in the form "SET(trademark) baggage" with the
meaning given above. meaning given above.
$ baked-in security $ baked-in security
(D) The inclusion of security mechanisms in an information system (D) The inclusion of security mechanisms in an information system
beginning at an early point in the system's life cycle, i.e., beginning at an early point in the system's life cycle, i.e.,
during the design phase, or at least early in the implementation during the design phase, or at least early in the implementation
phase. (Compare: add-on security.) phase. (Compare: add-on security.)
Deprecated Term: It is likely that other cultures use different Deprecated Term: It is likely that other cultures use different
metaphors for this concept. Therefore, to avoid international metaphors for this concept. Therefore, to avoid international
misunderstanding, ISDs SHOULD NOT use this term (unless they also misunderstanding, IDOCs SHOULD NOT use this term (unless they also
provide a definition like this one). (See: Deprecated Usage under provide a definition like this one). (See: Deprecated Usage under
"Green Book".) "Green Book".)
$ bandwidth $ bandwidth
(I) The total width of the frequency band that is available to or (I) The total width of the frequency band that is available to or
used by a communication channel; usually expressed in Hertz (Hz). used by a communication channel; usually expressed in Hertz (Hz).
(RFC 3753) (Compare: channel capacity.) (RFC 3753) (Compare: channel capacity.)
$ bank identification number (BIN) $ bank identification number (BIN)
1. (O) The digits of a credit card number that identify the 1. (O) The digits of a credit card number that identify the
skipping to change at page 31, line 13 skipping to change at page 31, line 13
bastion host, which usually is part of the firewall. Since only bastion host, which usually is part of the firewall. Since only
this one host can be directly attacked, only this one host needs this one host can be directly attacked, only this one host needs
to be very strongly protected, so security can be maintained more to be very strongly protected, so security can be maintained more
easily and less expensively. However, to allow legitimate internal easily and less expensively. However, to allow legitimate internal
and external users to access application resources through the and external users to access application resources through the
firewall, higher layer protocols and services need to be relayed firewall, higher layer protocols and services need to be relayed
and forwarded by the bastion host. Some services (e.g., DNS and and forwarded by the bastion host. Some services (e.g., DNS and
SMTP) have forwarding built in; other services (e.g., TELNET and SMTP) have forwarding built in; other services (e.g., TELNET and
FTP) require a proxy server on the bastion host. FTP) require a proxy server on the bastion host.
$ BBN Technologies $ BBN Technologies Corp. (BBN)
(O) The research-and-development company (originally called Bolt (O) The research-and-development company (originally called Bolt
Baranek and Newman, Inc.) that built the ARPANET. Baranek and Newman, Inc.) that built the ARPANET.
$ BCA $ BCA
(O) See: brand certification authority. (O) See: brand certification authority.
$ BCR $ BCR
(O) See: BLACK/Crypto/RED. (O) See: BLACK/Crypto/RED.
$ BCI $ BCI
skipping to change at page 34, line 5 skipping to change at page 34, line 5
only cipher text. Example: "BLACK key".(See: BCR, color change, only cipher text. Example: "BLACK key".(See: BCR, color change,
RED/BLACK separation. Compare: RED.) RED/BLACK separation. Compare: RED.)
2. (O) /U.S. Government/ "Designation applied to information 2. (O) /U.S. Government/ "Designation applied to information
systems, and to associated areas, circuits, components, and systems, and to associated areas, circuits, components, and
equipment, in which national security information is encrypted or equipment, in which national security information is encrypted or
is not processed." [C4009] is not processed." [C4009]
3. (D) Any data that can be disclosed without harm. 3. (D) Any data that can be disclosed without harm.
Deprecated Definition: ISDs SHOULD NOT use the term with Deprecated Definition: IDOCs SHOULD NOT use the term with
definition 3 because the definition is ambiguous with regard to definition 3 because the definition is ambiguous with regard to
whether the data is protected or not. whether the data is protected or not.
$ BLACK/Crypto/RED (BCR) $ BLACK/Crypto/RED (BCR)
(N) An experimental, end-to-end, network packet encryption system (N) An experimental, end-to-end, network packet encryption system
developed in a working prototype form by BBN and the Collins Radio developed in a working prototype form by BBN and the Collins Radio
division of Rockwell Corporation in the 1975-1980 time frame for division of Rockwell Corporation in the 1975-1980 time frame for
the U.S. DoD. BCR was the first network security system to support the U.S. DoD. BCR was the first network security system to support
TCP/IP traffic, and it incorporated the first DES chips that were TCP/IP traffic, and it incorporated the first DES chips that were
validated by the U.S. National Bureau of Standards (now called validated by the U.S. National Bureau of Standards (now called
skipping to change at page 35, line 56 skipping to change at page 35, line 56
(See: Twofish.) (See: Twofish.)
$ brain-damaged $ brain-damaged
(D) /slang/ "Obviously wrong: extremely poorly designed. Calling (D) /slang/ "Obviously wrong: extremely poorly designed. Calling
something brain-damaged is very extreme. The word implies that the something brain-damaged is very extreme. The word implies that the
thing is completely unusable, and that its failure to work is due thing is completely unusable, and that its failure to work is due
to poor design, not accident." [NCSSG] (See: flaw.) to poor design, not accident." [NCSSG] (See: flaw.)
Deprecated Term: It is likely that other cultures use different Deprecated Term: It is likely that other cultures use different
metaphors for this concept. Therefore, to avoid international metaphors for this concept. Therefore, to avoid international
misunderstanding, ISDs SHOULD NOT use this term. (See: Deprecated misunderstanding, IDOCs SHOULD NOT use this term. (See: Deprecated
Usage under "Green Book.") Usage under "Green Book.")
$ brand $ brand
1. (I) A distinctive mark or name that identifies a product or 1. (I) A distinctive mark or name that identifies a product or
business entity. business entity.
2. (O) /SET/ The name of a payment card. (See: BCA.) 2. (O) /SET/ The name of a payment card. (See: BCA.)
Tutorial: Financial institutions and other companies have founded Tutorial: Financial institutions and other companies have founded
payment card brands, protect and advertise the brands, establish payment card brands, protect and advertise the brands, establish
skipping to change at page 39, line 9 skipping to change at page 39, line 9
(D) In a few published descriptions of hybrid encryption for SSH, (D) In a few published descriptions of hybrid encryption for SSH,
Windows 2000, and other applications, this term refers to a Windows 2000, and other applications, this term refers to a
symmetric key that (a) is used to encrypt a relatively large symmetric key that (a) is used to encrypt a relatively large
amount of data and (b) is itself encrypted with a public key. amount of data and (b) is itself encrypted with a public key.
(Compare: bulk keying material, session key.) (Compare: bulk keying material, session key.)
Example: To send a large file to Bob, Alice (a) generates a Example: To send a large file to Bob, Alice (a) generates a
symmetric key and uses it to encrypt the file (i.e., encrypt the symmetric key and uses it to encrypt the file (i.e., encrypt the
bulk of the information that is to be sent) and then (b) encrypts bulk of the information that is to be sent) and then (b) encrypts
that symmetric key (the "bulk key") with Bob's public key. that symmetric key (the "bulk key") with Bob's public key.
Deprecated Term: ISDs SHOULD NOT use this term or definition; they Deprecated Term: IDOCs SHOULD NOT use this term or definition; the
are not well-established and could be confused with the term is not well-established and could be confused with the
established term "bulk keying material". Instead, use "symmetric established term "bulk keying material". Instead, use "symmetric
key" and carefully explain how the key is applied. key" and carefully explain how the key is applied.
$ bulk keying material $ bulk keying material
(N) Refers to handling keying material in large quantities, e.g., (N) Refers to handling keying material in large quantities, e.g.,
as a dataset that contains many items of keying material. (See: as a dataset that contains many items of keying material. (See:
type 0. Compare: bulk key, bulk encryption.) type 0. Compare: bulk key, bulk encryption.)
$ bump-in-the-stack $ bump-in-the-stack
(I) An implementation approach that places a network security (I) An implementation approach that places a network security
skipping to change at page 40, line 22 skipping to change at page 40, line 22
(O) /TCSEC/ See: Tutorial under "Trusted Computer System (O) /TCSEC/ See: Tutorial under "Trusted Computer System
Evaluation Criteria". Evaluation Criteria".
$ CA $ CA
(I) See: certification authority. (I) See: certification authority.
$ CA certificate $ CA certificate
(D) "A [digital] certificate for one CA issued by another CA." (D) "A [digital] certificate for one CA issued by another CA."
[X509] [X509]
Deprecated Definition: ISDs SHOULD NOT use the term with this Deprecated Definition: IDOCs SHOULD NOT use the term with this
definition; the definition is ambiguous with regard to how the definition; the definition is ambiguous with regard to how the
certificate is constructed and how it is intended to be used. ISDs certificate is constructed and how it is intended to be used.
that use this term SHOULD provide a technical definition for it. IDOCs that use this term SHOULD provide a technical definition for
(See: certificate profile.) it. (See: certificate profile.)
Tutorial: There is no single, obvious choice for a technical Tutorial: There is no single, obvious choice for a technical
definition of this term. Different PKIs can use different definition of this term. Different PKIs can use different
certificate profiles, and X.509 provides several choices of how to certificate profiles, and X.509 provides several choices of how to
issue certificates to CAs. For example, one possible definition is issue certificates to CAs. For example, one possible definition is
the following: A v3 X.509 public-key certificate that has a the following: A v3 X.509 public-key certificate that has a
"basicConstraints" extension containing a "cA" value of "TRUE". "basicConstraints" extension containing a "cA" value of "TRUE".
That would specifically indicate that "the certified public key That would specifically indicate that "the certified public key
may be used to verify certificate signatures", i.e., that the may be used to verify certificate signatures", i.e., that the
private key may be used by a CA. private key may be used by a CA.
skipping to change at page 45, line 8 skipping to change at page 45, line 8
$ Certificate Arbitrator Module (CAM) $ Certificate Arbitrator Module (CAM)
(O) An open-source software module that is designed to be (O) An open-source software module that is designed to be
integrated with an application for routing, replying to, and integrated with an application for routing, replying to, and
otherwise managing and meditating certificate validation requests otherwise managing and meditating certificate validation requests
between that application and the CAs in the ACES PKI. between that application and the CAs in the ACES PKI.
$ certificate authority $ certificate authority
(D) Synonym for "certification authority". (D) Synonym for "certification authority".
Deprecated Term: ISDs SHOULD NOT use this term; it suggests Deprecated Term: IDOCs SHOULD NOT use this term; it suggests
careless use of the term "certification authority", which is careless use of the term "certification authority", which is
preferred in PKI standards (e.g., [X509, R3280]). preferred in PKI standards (e.g., [X509, R3280]).
$ certificate chain $ certificate chain
(D) Synonym for "certification path". (See: trust chain.) (D) Synonym for "certification path". (See: trust chain.)
Deprecated Term: ISDs SHOULD NOT use this term; it duplicates the Deprecated Term: IDOCs SHOULD NOT use this term; it duplicates the
meaning of a standardized term. Instead, use "certification path". meaning of a standardized term. Instead, use "certification path".
$ certificate chain validation $ certificate chain validation
(D) Synonym for "certificate validation" or "path validation". (D) Synonym for "certificate validation" or "path validation".
Deprecated Term: ISDs SHOULD NOT use this term; it duplicates the Deprecated Term: IDOCs SHOULD NOT use this term; it duplicates the
meaning of standardized terms and mixes concepts in a potentially meaning of standardized terms and mixes concepts in a potentially
misleading way. Instead, use "certificate validation" or "path misleading way. Instead, use "certificate validation" or "path
validation", depending on what is meant. (See: validate vs. validation", depending on what is meant. (See: validate vs.
verify.) verify.)
$ certificate creation $ certificate creation
(I) The act or process by which a CA sets the values of a digital (I) The act or process by which a CA sets the values of a digital
certificate's data fields and signs it. (See: issue.) certificate's data fields and signs it. (See: issue.)
$ certificate expiration $ certificate expiration
skipping to change at page 45, line 46 skipping to change at page 45, line 46
Tutorial: The assigned lifetime of an X.509 certificate is stated Tutorial: The assigned lifetime of an X.509 certificate is stated
in the certificate itself. (See: validity period.) in the certificate itself. (See: validity period.)
$ certificate extension $ certificate extension
(I) See: extension. (I) See: extension.
$ certificate holder $ certificate holder
(D) Synonym for the "subject" of a digital certificate. (Compare: (D) Synonym for the "subject" of a digital certificate. (Compare:
certificate owner, certificate user.) certificate owner, certificate user.)
Deprecated Definition: ISDs SHOULD NOT use this term as a synonym Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym
for the subject of a digital certificate; the term is potentially for the subject of a digital certificate; the term is potentially
ambiguous. For example, the term could be misunderstood as ambiguous. For example, the term could be misunderstood as
referring to a system entity or component, such as a repository, referring to a system entity or component, such as a repository,
that simply has possession of a copy of the certificate. that simply has possession of a copy of the certificate.
$ certificate management $ certificate management
(I) The functions that a CA may perform during the life cycle of a (I) The functions that a CA may perform during the life cycle of a
digital certificate, including the following: digital certificate, including the following:
- Acquire and verify data items to bind into the certificate. - Acquire and verify data items to bind into the certificate.
- Encode and sign the certificate. - Encode and sign the certificate.
- Store the certificate in a directory or repository. - Store the certificate in a directory or repository.
- Renew, rekey, and update the certificate. - Renew, rekey, and update the certificate.
- Revoke the certificate and issue a CRL. - Revoke the certificate and issue a CRL.
(See: archive management, certificate management, key management, (See: archive management, certificate management, key management,
security architecture, token management.) security architecture, token management.)
$ certificate management authority (CMA) $ certificate management authority (CMA)
(D) /U.S. DoD/ Used to mean either a CA or an RA. [DoD7, SP32] (D) /U.S. DoD/ Used to mean either a CA or an RA. [DoD7, SP32]
Deprecated Term: ISDs SHOULD NOT use this term because it is Deprecated Term: IDOCs SHOULD NOT use this term because it is
potentially ambiguous, such as in a context involve ICRLs. potentially ambiguous, such as in a context involve ICRLs.
Instead, use CA, RA, or both, depending on what is meant. Instead, use CA, RA, or both, depending on what is meant.
$ certificate owner $ certificate owner
(D) Synonym for the "subject" of a digital certificate. (Compare: (D) Synonym for the "subject" of a digital certificate. (Compare:
certificate holder, certificate user.) certificate holder, certificate user.)
Deprecated Definition: ISDs SHOULD NOT use this term as a synonym Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym
for the subject of a digital certificate; the term is potentially for the subject of a digital certificate; the term is potentially
ambiguous. For example, the term could refer to a system entity, ambiguous. For example, the term could refer to a system entity,
such as a corporation, that has purchased a certificate to operate such as a corporation, that has purchased a certificate to operate
equipment, such as a Web server. equipment, such as a Web server.
$ certificate path $ certificate path
(D) Synonym for "certification path". (D) Synonym for "certification path".
Deprecated Term: ISDs SHOULD NOT use this term; it suggests Deprecated Term: IDOCs SHOULD NOT use this term; it suggests
careless use of "certification path", which is preferred in PKI careless use of "certification path", which is preferred in PKI
standards (e.g., [X509, R3280]). standards (e.g., [X509, R3280]).
$ certificate policy $ certificate policy
(I) "A named set of rules that indicates the applicability of a (I) "A named set of rules that indicates the applicability of a
certificate to a particular community and/or class of application certificate to a particular community and/or class of application
with common security requirements." [X509] (Compare: CPS, security with common security requirements." [X509] (Compare: CPS, security
policy.) policy.)
Example: U.S. DoD's certificate policy [DoD7] defined four classes Example: U.S. DoD's certificate policy [DoD7] defined four classes
skipping to change at page 48, line 16 skipping to change at page 48, line 16
number is assigned) but the binding of the public key to the number is assigned) but the binding of the public key to the
subject and to other data items stays the same. The other data subject and to other data items stays the same. The other data
items are changed, and the old certificate is revoked, only as items are changed, and the old certificate is revoked, only as
required by the PKI and CPS to support the renewal. If changes go required by the PKI and CPS to support the renewal. If changes go
beyond that, the process is a "certificate rekey" or "certificate beyond that, the process is a "certificate rekey" or "certificate
update". update".
$ certificate request $ certificate request
(D) Synonym for "certification request". (D) Synonym for "certification request".
Deprecated Term: ISDs SHOULD NOT use this term; it suggests Deprecated Term: IDOCs SHOULD NOT use this term; it suggests
careless use of the term "certification request", which is careless use of the term "certification request", which is
preferred in PKI standards (e.g., see PKCS #10). preferred in PKI standards (e.g., see PKCS #10).
$ certificate revocation $ certificate revocation
(I) The event that occurs when a CA declares that a previously (I) The event that occurs when a CA declares that a previously
valid digital certificate issued by that CA has become invalid; valid digital certificate issued by that CA has become invalid;
usually stated with a effective date. usually stated with a effective date.
Tutorial: In X.509, a revocation is announced to potential Tutorial: In X.509, a revocation is announced to potential
certificate users by issuing a CRL that mentions the certificate. certificate users by issuing a CRL that mentions the certificate.
skipping to change at page 49, line 14 skipping to change at page 49, line 14
[X509] [X509]
$ certificate status authority $ certificate status authority
(D) /U.S. DoD/ "A trusted entity that provides on-line (D) /U.S. DoD/ "A trusted entity that provides on-line
verification to a Relying Party of a subject certificate's verification to a Relying Party of a subject certificate's
trustworthiness [should instead say 'validity'], and may also trustworthiness [should instead say 'validity'], and may also
provide additional attribute information for the subject provide additional attribute information for the subject
certificate." [DoD7] certificate." [DoD7]
Deprecated Term: ISDs SHOULD NOT use this term because it is not Deprecated Term: IDOCs SHOULD NOT use this term because it is not
widely accepted; instead, use "certificate status responder" or widely accepted; instead, use "certificate status responder" or
"OCSP server", or otherwise explain what is meant. "OCSP server", or otherwise explain what is meant.
$ certificate status responder $ certificate status responder
(N) /FPKI/ A trusted on-line server that acts for a CA to provide (N) /FPKI/ A trusted on-line server that acts for a CA to provide
authenticated certificate status information to certificate users authenticated certificate status information to certificate users
[FPKI]. Offers an alternative to issuing a CR. (See: certificate [FPKI]. Offers an alternative to issuing a CR. (See: certificate
revocation tree, OCSP.) revocation tree, OCSP.)
$ certificate update $ certificate update
skipping to change at page 49, line 51 skipping to change at page 49, line 51
Usage: The depending entity may be a human being or an Usage: The depending entity may be a human being or an
organization, or a device or process controlled by a human or organization, or a device or process controlled by a human or
organization. (See: user.) organization. (See: user.)
2. (O) "An entity that needs to know, with certainty, the public 2. (O) "An entity that needs to know, with certainty, the public
key of another entity." [X509] key of another entity." [X509]
3. (D) Synonym for "subject" of a digital certificate. 3. (D) Synonym for "subject" of a digital certificate.
Deprecated Definition: ISDs SHOULD NOT use this term with Deprecated Definition: IDOCs SHOULD NOT use this term with
definition 3; the term could be confused with one of the other two definition 3; the term could be confused with one of the other two
definitions given above. definitions given above.
$ certificate validation $ certificate validation
1. (I) An act or process by which a certificate user establishes 1. (I) An act or process by which a certificate user establishes
that the assertions made by a digital certificate can be trusted. that the assertions made by a digital certificate can be trusted.
(See: valid certificate, validate vs. verify.) (See: valid certificate, validate vs. verify.)
2. (O) "The process of ensuring that a certificate was valid at a 2. (O) "The process of ensuring that a certificate was valid at a
given time, including possibly the construction and processing of given time, including possibly the construction and processing of
skipping to change at page 53, line 11 skipping to change at page 53, line 11
either the first certificate needs to be a trusted certificate or either the first certificate needs to be a trusted certificate or
the signature on the first certificate needs to be verifiable by a the signature on the first certificate needs to be verifiable by a
trusted key (e.g., a root key), but such trust is established only trusted key (e.g., a root key), but such trust is established only
relative to a "particular" (i.e., specific) user, not absolutely relative to a "particular" (i.e., specific) user, not absolutely
for all users. for all users.
$ certification policy $ certification policy
(D) Synonym for either "certificate policy" or "certification (D) Synonym for either "certificate policy" or "certification
practice statement". practice statement".
Deprecated Term: ISDs SHOULD NOT use this term as a synonym for Deprecated Term: IDOCs SHOULD NOT use this term as a synonym for
either of those terms; that would be duplicative and would mix either of those terms; that would be duplicative and would mix
concepts in a potentially misleading way. Instead, use either concepts in a potentially misleading way. Instead, use either
"certificate policy" or "certification practice statement", "certificate policy" or "certification practice statement",
depending on what is meant. depending on what is meant.
$ certification practice statement (CPS) $ certification practice statement (CPS)
(I) "A statement of the practices which a certification authority (I) "A statement of the practices which a certification authority
employs in issuing certificates." [DSG, R3647] (See: certificate employs in issuing certificates." [DSG, R3647] (See: certificate
policy.) policy.)
skipping to change at page 57, line 9 skipping to change at page 57, line 9
$ ciphertext $ ciphertext
1. (O) /noun/ Synonym for "cipher text" [I7498-2]. 1. (O) /noun/ Synonym for "cipher text" [I7498-2].
2. (I) /adjective/ Referring to cipher text. Usage: Commonly used 2. (I) /adjective/ Referring to cipher text. Usage: Commonly used
instead of "cipher-text". (Compare: cleartext, plaintext.) instead of "cipher-text". (Compare: cleartext, plaintext.)
$ ciphertext auto-key (CTAK) $ ciphertext auto-key (CTAK)
(D) "Cryptographic logic that uses previous cipher text to (D) "Cryptographic logic that uses previous cipher text to
generate a key stream." [C4009, A1523] (See: KAK.) generate a key stream." [C4009, A1523] (See: KAK.)
Deprecated Term: ISDs SHOULD NOT use this term; it is neither Deprecated Term: IDOCs SHOULD NOT use this term; it is neither
well-known nor precisely defined. Instead, use terms associated well-known nor precisely defined. Instead, use terms associated
with modes that are defined in standards, such as CBC, CFB, and with modes that are defined in standards, such as CBC, CFB, and
OFB. OFB.
$ ciphertext-only attack $ ciphertext-only attack
(I) A cryptanalysis technique in which the analyst tries to (I) A cryptanalysis technique in which the analyst tries to
determine the key solely from knowledge of intercepted cipher text determine the key solely from knowledge of intercepted cipher text
(although the analyst may also know other clues, such as the (although the analyst may also know other clues, such as the
cryptographic algorithm, the language in which the plain text was cryptographic algorithm, the language in which the plain text was
written, the subject matter of the plain text, and some probable written, the subject matter of the plain text, and some probable
skipping to change at page 58, line 33 skipping to change at page 58, line 33
hierarchical, restrictive security label is applied to increase hierarchical, restrictive security label is applied to increase
protection of the data from unauthorized disclosure. (See: protection of the data from unauthorized disclosure. (See:
aggregation, classified, data confidentiality service. Compare: aggregation, classified, data confidentiality service. Compare:
category, compartment.) category, compartment.)
2. (I) An authorized process by which information is determined to 2. (I) An authorized process by which information is determined to
be classified and assigned to a security level. (Compare: be classified and assigned to a security level. (Compare:
declassification.) declassification.)
Usage: Usually understood to involve data confidentiality, but Usage: Usually understood to involve data confidentiality, but
ISDs SHOULD make this clear when data also is sensitive in other IDOCs SHOULD make this clear when data also is sensitive in other
ways and SHOULD use other terms for those other sensitivity ways and SHOULD use other terms for those other sensitivity
concepts. (See: sensitive information, data integrity.) concepts. (See: sensitive information, data integrity.)
$ classification label $ classification label
(I) A security label that tells the degree of harm that will (I) A security label that tells the degree of harm that will
result from unauthorized disclosure of the labeled data, and may result from unauthorized disclosure of the labeled data, and may
also tell what countermeasures are required to be applied to also tell what countermeasures are required to be applied to
protect the data from unauthorized disclosure. Example: IPSO. protect the data from unauthorized disclosure. Example: IPSO.
(See: classified, data confidentiality service. Compare: integrity (See: classified, data confidentiality service. Compare: integrity
label.) label.)
Usage: Usually understood to involve data confidentiality, but Usage: Usually understood to involve data confidentiality, but
ISDs SHOULD make this clear when data also is sensitive in other IDOCs SHOULD make this clear when data also is sensitive in other
ways and SHOULD use other terms for those other sensitivity ways and SHOULD use other terms for those other sensitivity
concepts. (See: sensitive information, data integrity.) concepts. (See: sensitive information, data integrity.)
$ classification level $ classification level
(I) A hierarchical level of protection (against unauthorized (I) A hierarchical level of protection (against unauthorized
disclosure) that is required to be applied to certain classified disclosure) that is required to be applied to certain classified
data. (See: classified. Compare: security level.) data. (See: classified. Compare: security level.)
Usage: Usually understood to involve data confidentiality, but Usage: Usually understood to involve data confidentiality, but
ISDs SHOULD make this clear when data also is sensitive in other IDOCs SHOULD make this clear when data also is sensitive in other
ways and SHOULD use other terms for those other sensitivity ways and SHOULD use other terms for those other sensitivity
concepts. (See: sensitive information, data integrity.) concepts. (See: sensitive information, data integrity.)
$ classified $ classified
1. (I) Refers to information (stored or conveyed, in any form) 1. (I) Refers to information (stored or conveyed, in any form)
that is formally required by a security policy to receive data that is formally required by a security policy to receive data
confidentiality service and to be marked with a security label confidentiality service and to be marked with a security label
(which in some cases might be implicit) to indicate its protected (which in some cases might be implicit) to indicate its protected
status. (See: classify, collateral information, SAP, security status. (See: classify, collateral information, SAP, security
level. Compare: unclassified.) level. Compare: unclassified.)
Usage: Usually understood to involve data confidentiality, but Usage: Usually understood to involve data confidentiality, but
ISDs SHOULD make this clear when data also is sensitive in other IDOCs SHOULD make this clear when data also is sensitive in other
ways and SHOULD use other terms for those other sensitivity ways and SHOULD use other terms for those other sensitivity
concepts. (See: sensitive information, data integrity.) concepts. (See: sensitive information, data integrity.)
Mainly used by federal governments, especially by the military, Mainly used by federal governments, especially by the military,
but the underlying concept also applies outside government. but the underlying concept also applies outside government.
2. (O) /U.S. DoD/ Information that has been determined pursuant to 2. (O) /U.S. DoD/ Information that has been determined pursuant to
Executive Order 12958 ("Classified National Security Information", Executive Order 12958 ("Classified National Security Information",
20 April 1995) or any predecessor order to require protection 20 April 1995) or any predecessor order to require protection
against unauthorized disclosure and is marked to indicate its against unauthorized disclosure and is marked to indicate its
skipping to change at page 59, line 43 skipping to change at page 59, line 43
security level. (See: classified, declassify, security level.) security level. (See: classified, declassify, security level.)
$ clean system $ clean system
(I) A computer system in which the operating system and (I) A computer system in which the operating system and
application system software and files have been freshly installed application system software and files have been freshly installed
from trusted software distribution media. (Compare: secure state.) from trusted software distribution media. (Compare: secure state.)
$ clear $ clear
(D) /verb/ Synonym for "erase". [C4009] (D) /verb/ Synonym for "erase". [C4009]
Deprecated Definition: ISDs SHOULD NOT use the term with this Deprecated Definition: IDOCs SHOULD NOT use the term with this
definition; that could be confused with "clear text" in which definition; that could be confused with "clear text" in which
information is directly recoverable. information is directly recoverable.
$ clear text $ clear text
1. (I) /noun/ Data in which the semantic information content 1. (I) /noun/ Data in which the semantic information content
(i.e., the meaning) is intelligible or is directly available, (i.e., the meaning) is intelligible or is directly available,
i.e., not encrypted. (See: cleartext, in the clear. Compare: i.e., not encrypted. (See: cleartext, in the clear. Compare:
cipher text, plain text.) cipher text, plain text.)
2. (O) /noun/ "Intelligible data, the semantic content of which is 2. (O) /noun/ "Intelligible data, the semantic content of which is
available." [I7498-2] available." [I7498-2]
3. (D) /noun/ Synonym for "plain text". 3. (D) /noun/ Synonym for "plain text".
Deprecated Definition: ISDs SHOULD NOT use this term as a synonym Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym
for "plain text", because the plain text that is input to an for "plain text", because the plain text that is input to an
encryption operation may itself be cipher text that was output encryption operation may itself be cipher text that was output
from a previous encryption operation. (See: superencryption.) from a previous encryption operation. (See: superencryption.)
$ clearance $ clearance
See: security clearance. See: security clearance.
$ clearance level $ clearance level
(I) The security level of information to which a security (I) The security level of information to which a security
clearance authorizes a person to have access. clearance authorizes a person to have access.
$ cleartext $ cleartext
1. (O) /noun/ Synonym for "clear text" [I7498-2]. 1. (O) /noun/ Synonym for "clear text" [I7498-2].
2. (I) /adjective/ Referring to clear text. Usage: Commonly used 2. (I) /adjective/ Referring to clear text. Usage: Commonly used
instead of "clear-text". (Compare: ciphertext, plaintext.) instead of "clear-text". (Compare: ciphertext, plaintext.)
3. (D) /adjective/ Synonym for "plaintext". 3. (D) /adjective/ Synonym for "plaintext".
Deprecated Definition: ISDs SHOULD NOT use this term as a synonym Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym
for "plaintext", because the plaintext data that is input to an for "plaintext", because the plaintext data that is input to an
encryption operation may itself be ciphertext data that was output encryption operation may itself be ciphertext data that was output
from a previous encryption operation. (See: superencryption.) from a previous encryption operation. (See: superencryption.)
$ CLEF $ CLEF
(N) See: commercially licensed evaluation facility. (N) See: commercially licensed evaluation facility.
$ client $ client
(I) A system entity that requests and uses a service provided by (I) A system entity that requests and uses a service provided by
another system entity, called a "server". (See: server.) another system entity, called a "server". (See: server.)
skipping to change at page 61, line 55 skipping to change at page 61, line 55
$ CMS $ CMS
(I) See: Cryptographic Message Syntax. (I) See: Cryptographic Message Syntax.
$ code $ code
1. (I) A system of symbols used to represent information, which 1. (I) A system of symbols used to represent information, which
might originally have some other representation. Examples: ASCII, might originally have some other representation. Examples: ASCII,
BER, country code, Morse code. (See: encode, object code, source BER, country code, Morse code. (See: encode, object code, source
code.) code.)
Deprecated Abbreviation: To avoid confusion with definition 1, Deprecated Abbreviation: To avoid confusion with definition 1,
ISDs SHOULD NOT use "code" as an abbreviation of "country code", IDOCs SHOULD NOT use "code" as an abbreviation of "country code",
"cyclic redundancy code", "Data Authentication Code", "error "cyclic redundancy code", "Data Authentication Code", "error
detection code", or "Message Authentication Code". To avoid detection code", or "Message Authentication Code". To avoid
misunderstanding, use the fully qualified term in these other misunderstanding, use the fully qualified term in these other
cases, at least at the point of first usage. cases, at least at the point of first usage.
2. (I) /cryptography/ An encryption algorithm based on 2. (I) /cryptography/ An encryption algorithm based on
substitution; i.e., a system for providing data confidentiality by substitution; i.e., a system for providing data confidentiality by
using arbitrary groups (called "code groups") of letters, numbers, using arbitrary groups (called "code groups") of letters, numbers,
or symbols to represent units of plain text of varying length. or symbols to represent units of plain text of varying length.
(See: codebook, cryptography.) (See: codebook, cryptography.)
Deprecated Usage: To avoid confusion with definition 1, ISDs Deprecated Usage: To avoid confusion with definition 1, IDOCs
SHOULD NOT use "code" as synonym for any of the following terms: SHOULD NOT use "code" as synonym for any of the following terms:
(a) "cipher", "hash", or other words that mean "a cryptographic (a) "cipher", "hash", or other words that mean "a cryptographic
algorithm"; (b) "cipher text"; or (c) "encrypt", "hash", or other algorithm"; (b) "cipher text"; or (c) "encrypt", "hash", or other
words that refer to applying a cryptographic algorithm. words that refer to applying a cryptographic algorithm.
3. (I) An algorithm based on substitution, but used to shorten 3. (I) An algorithm based on substitution, but used to shorten
messages rather than to conceal their content. messages rather than to conceal their content.
4. (I) /computer programming/ To write computer software. (See: 4. (I) /computer programming/ To write computer software. (See:
object code, source code.) object code, source code.)
Deprecated Abbreviation: To avoid confusion with definition 1, Deprecated Abbreviation: To avoid confusion with definition 1,
ISDs SHOULD NOT use "code" as an abbreviation of "object code" or IDOCs SHOULD NOT use "code" as an abbreviation of "object code" or
"source code". To avoid misunderstanding, use the fully qualified "source code". To avoid misunderstanding, use the fully qualified
term in these other cases, at least at the point of first usage. term in these other cases, at least at the point of first usage.
$ code book $ code book
1. (I) Document containing a systematically arranged list of 1. (I) Document containing a systematically arranged list of
plaintext units and their ciphertext equivalents. [C4009] plaintext units and their ciphertext equivalents. [C4009]
2. (I) An encryption algorithm that uses a word substitution 2. (I) An encryption algorithm that uses a word substitution
technique. [C4009] (See: code, ECB.) technique. [C4009] (See: code, ECB.)
skipping to change at page 66, line 36 skipping to change at page 66, line 36
mode a system may hand (a) a single hierarchical classification mode a system may hand (a) a single hierarchical classification
level and (b) multiple non-hierarchical categories within that level and (b) multiple non-hierarchical categories within that
level. level.
$ Compartments field $ Compartments field
(I) A 16-bit field (the "C field") that specifies compartment (I) A 16-bit field (the "C field") that specifies compartment
values in the security option (option type 130) of version 4 IP's values in the security option (option type 130) of version 4 IP's
datagram header format. The valid field values are assigned by the datagram header format. The valid field values are assigned by the
U.S. Government, as specified in RFC 791. U.S. Government, as specified in RFC 791.
Deprecated Abbreviation: ISDs SHOULD NOT use the abbreviation "C Deprecated Abbreviation: IDOCs SHOULD NOT use the abbreviation "C
field"; the abbreviation is potentially ambiguous. Instead, use field"; the abbreviation is potentially ambiguous. Instead, use
"Compartments field". "Compartments field".
$ component $ component
See: system component. See: system component.
$ compression $ compression
(I) A process that encodes information in a way that minimizes the (I) A process that encodes information in a way that minimizes the
number of resulting code symbols and thus reduces storage space or number of resulting code symbols and thus reduces storage space or
transmission time. transmission time.
skipping to change at page 72, line 41 skipping to change at page 72, line 41
(D) /U.S. DoD/ A mode of system operation wherein (a) two or more (D) /U.S. DoD/ A mode of system operation wherein (a) two or more
security levels of information are allowed to be handled security levels of information are allowed to be handled
concurrently within the same system when some users having access concurrently within the same system when some users having access
to the system have neither a security clearance nor need-to-know to the system have neither a security clearance nor need-to-know
for some of the data handled by the system, but (b) separation of for some of the data handled by the system, but (b) separation of
the users and the classified material on the basis, respectively, the users and the classified material on the basis, respectively,
of clearance and classification level are not dependent only on of clearance and classification level are not dependent only on
operating system control (like they are in multilevel security operating system control (like they are in multilevel security
mode). (See: /system operation/ under "mode", protection level.) mode). (See: /system operation/ under "mode", protection level.)
Deprecated Term: ISDs SHOULD NOT use this term. It was defined in Deprecated Term: IDOCs SHOULD NOT use this term. It was defined in
a Government policy regarding system accreditation and was a Government policy regarding system accreditation and was
subsumed by "partitioned security mode" in a later policy. Both subsumed by "partitioned security mode" in a later policy. Both
terms were dropped in still later policies. terms were dropped in still later policies.
Tutorial: Controlled mode was intended to encourage ingenuity in Tutorial: Controlled mode was intended to encourage ingenuity in
meeting data confidentiality requirements in ways less restrictive meeting data confidentiality requirements in ways less restrictive
than "dedicated security mode" and "system-high security mode", than "dedicated security mode" and "system-high security mode",
but at a level of risk lower than that generally associated with but at a level of risk lower than that generally associated with
true "multilevel security mode". This was intended to be true "multilevel security mode". This was intended to be
accomplished by implementation of explicit augmenting measures to accomplished by implementation of explicit augmenting measures to
skipping to change at page 73, line 34 skipping to change at page 73, line 34
can be used to generate profiles of web usage habits, and thus may can be used to generate profiles of web usage habits, and thus may
infringe on personal privacy. infringe on personal privacy.
2. (I) /IPsec/ Data objects exchanged by ISAKMP to prevent certain 2. (I) /IPsec/ Data objects exchanged by ISAKMP to prevent certain
denial-of-service attacks during the establishment of a security denial-of-service attacks during the establishment of a security
association. association.
3. (D) /access control/ Synonym for "capability token" or 3. (D) /access control/ Synonym for "capability token" or
"ticket". "ticket".
Deprecated Definition: ISDs SHOULD NOT use this term with Deprecated Definition: IDOCs SHOULD NOT use this term with
definition 3; that would duplicate the meaning of better- definition 3; that would duplicate the meaning of better-
established terms and mix concepts in a potentially misleading established terms and mix concepts in a potentially misleading
way. way.
$ Coordinated Universal Time (UTC) $ Coordinated Universal Time (UTC)
(N) UTC is derived from International Atomic Time (TAI) by adding (N) UTC is derived from International Atomic Time (TAI) by adding
a number of leap seconds. The International Bureau of Weights and a number of leap seconds. The International Bureau of Weights and
Measures computes TAI once each month by averaging data from many Measures computes TAI once each month by averaging data from many
laboratories. (See: GeneralizedTime, UTCTime.) laboratories. (See: GeneralizedTime, UTCTime.)
skipping to change at page 74, line 7 skipping to change at page 74, line 7
$ correctness $ correctness
(I) "The property of a system that is guaranteed as the result of (I) "The property of a system that is guaranteed as the result of
formal verification activities." [Huff] (See: correctness proof, formal verification activities." [Huff] (See: correctness proof,
verification.) verification.)
$ correctness integrity $ correctness integrity
(I) The property that the information represented by data is (I) The property that the information represented by data is
accurate and consistent. (Compare: data integrity, source accurate and consistent. (Compare: data integrity, source
integrity.) integrity.)
Tutorial: ISDs SHOULD NOT use this term without providing a Tutorial: IDOCs SHOULD NOT use this term without providing a
definition; the term is neither well-known nor precisely defined. definition; the term is neither well-known nor precisely defined.
Data integrity refers to the constancy of data values, and source Data integrity refers to the constancy of data values, and source
integrity refers to confidence in data values. However, integrity refers to confidence in data values. However,
correctness integrity refers to confidence in the underlying correctness integrity refers to confidence in the underlying
information that data values represent, and this property is information that data values represent, and this property is
closely related to issues of accountability and error handling. closely related to issues of accountability and error handling.
$ correctness proof $ correctness proof
(I) A mathematical proof of consistency between a specification (I) A mathematical proof of consistency between a specification
for system security and the implementation of that specification. for system security and the implementation of that specification.
skipping to change at page 77, line 29 skipping to change at page 77, line 29
2. (I) /access control/ "authorization credential": A data object 2. (I) /access control/ "authorization credential": A data object
that is a portable representation of the association between an that is a portable representation of the association between an
identifier and one or more access authorizations, and that can be identifier and one or more access authorizations, and that can be
presented for use in verifying those authorizations for an entity presented for use in verifying those authorizations for an entity
that attempts such access. Example: X.509 attribute certificate. that attempts such access. Example: X.509 attribute certificate.
(See: capability token, ticket.) (See: capability token, ticket.)
3. (D) /OSIRM/ "Data that is transferred to establish the claimed 3. (D) /OSIRM/ "Data that is transferred to establish the claimed
identity of an entity." [I7498-2] identity of an entity." [I7498-2]
Deprecated Definition: ISDs SHOULD NOT use the term with Deprecated Definition: IDOCs SHOULD NOT use the term with
definition 3. As explained in the tutorial below, an definition 3. As explained in the tutorial below, an
authentication process can involve the transfer of multiple data authentication process can involve the transfer of multiple data
objects, and not all of those are credentials. objects, and not all of those are credentials.
4. (D) /U.S. Government/ "An object that is verified when 4. (D) /U.S. Government/ "An object that is verified when
presented to the verifier in an authentication transaction." presented to the verifier in an authentication transaction."
[M0404] [M0404]
Deprecated Definition: ISDs SHOULD NOT use the term with Deprecated Definition: IDOCs SHOULD NOT use the term with
definition 4; it mixes concepts in a potentially misleading way. definition 4; it mixes concepts in a potentially misleading way.
For example, in an authentication process, it is the identity that For example, in an authentication process, it is the identity that
is "verified", not the credential; the credential is "validated". is "verified", not the credential; the credential is "validated".
(See: validate vs. verify.) (See: validate vs. verify.)
Tutorial: In general English, "credentials" are evidence or Tutorial: In general English, "credentials" are evidence or
testimonials that (a) support a claim of identity or authorization testimonials that (a) support a claim of identity or authorization
and (b) usually are intended to be used more than once (i.e., a and (b) usually are intended to be used more than once (i.e., a
credential's life is long compared to the time needed for one credential's life is long compared to the time needed for one
use). Some examples are a policeman's badge, an automobile use). Some examples are a policeman's badge, an automobile
skipping to change at page 80, line 12 skipping to change at page 80, line 12
Second, X.509 says that two CAs in some complex, multi-CA PKI can Second, X.509 says that two CAs in some complex, multi-CA PKI can
cross-certify one another to shorten the certification paths cross-certify one another to shorten the certification paths
constructed by end entities. Whether or not a CA may perform this constructed by end entities. Whether or not a CA may perform this
or any other form of cross-certification, and how such or any other form of cross-certification, and how such
certificates may be used by end entities, should be addressed by certificates may be used by end entities, should be addressed by
the local certificate policy and CPS. the local certificate policy and CPS.
$ cross-domain solution $ cross-domain solution
1. (D) Synonym for "guard". 1. (D) Synonym for "guard".
Deprecated Term: ISDs SHOULD NOT use this term as a synonym for Deprecated Term: IDOCs SHOULD NOT use this term as a synonym for
"guard"; this term unnecessarily (and verbosely) duplicates the "guard"; this term unnecessarily (and verbosely) duplicates the
meaning of the long-established "guard". meaning of the long-established "guard".
2. (O) /U.S. Government/ A process or subsystem that provides a 2. (O) /U.S. Government/ A process or subsystem that provides a
capability (which could be either manual or automated) to access capability (which could be either manual or automated) to access
two or more differing security domains in a system, or to transfer two or more differing security domains in a system, or to transfer
information between such domains. (See: domain, guard.) information between such domains. (See: domain, guard.)
$ cryptanalysis $ cryptanalysis
1. (I) The mathematical science that deals with analysis of a 1. (I) The mathematical science that deals with analysis of a
skipping to change at page 80, line 47 skipping to change at page 80, line 47
however, a cryptanalyst tries to uncover or reproduce someone however, a cryptanalyst tries to uncover or reproduce someone
else's sensitive data, such as clear text, a key, or an algorithm. else's sensitive data, such as clear text, a key, or an algorithm.
The basic cryptanalytic attacks on encryption systems are The basic cryptanalytic attacks on encryption systems are
ciphertext-only, known-plaintext, chosen-plaintext, and chosen- ciphertext-only, known-plaintext, chosen-plaintext, and chosen-
ciphertext; and these generalize to the other kinds of ciphertext; and these generalize to the other kinds of
cryptography. cryptography.
$ crypto, CRYPTO $ crypto, CRYPTO
1. (N) A prefix ("crypto-") that means "cryptographic". 1. (N) A prefix ("crypto-") that means "cryptographic".
Usage: ISDs MAY use this prefix when it is part of a term listed Usage: IDOCs MAY use this prefix when it is part of a term listed
in this Glossary. Otherwise, ISDs SHOULD NOT use this prefix; in this Glossary. Otherwise, IDOCs SHOULD NOT use this prefix;
instead, use the unabbreviated adjective, "cryptographic". instead, use the unabbreviated adjective, "cryptographic".
2. (D) In lower case, "crypto" is an abbreviation for the 2. (D) In lower case, "crypto" is an abbreviation for the
adjective "cryptographic", or for the nouns "cryptography" or adjective "cryptographic", or for the nouns "cryptography" or
"cryptographic component". "cryptographic component".
Deprecated Abbreviation: ISDs SHOULD NOT use this abbreviation Deprecated Abbreviation: IDOCs SHOULD NOT use this abbreviation
because it could easily be misunderstood in some technical sense. because it could easily be misunderstood in some technical sense.
3. (O) /U.S. Government/ In upper case, "CRYPTO" is a marking or 3. (O) /U.S. Government/ In upper case, "CRYPTO" is a marking or
designator that identifies "COMSEC keying material used to secure designator that identifies "COMSEC keying material used to secure
or authenticate telecommunications carrying classified or or authenticate telecommunications carrying classified or
sensitive U.S. Government or U.S. Government-derived information." sensitive U.S. Government or U.S. Government-derived information."
[C4009] [C4009]
$ cryptographic $ cryptographic
(I) An adjective that refers to cryptography. (I) An adjective that refers to cryptography.
skipping to change at page 82, line 34 skipping to change at page 82, line 34
including cryptographic algorithms, and is contained within the including cryptographic algorithms, and is contained within the
module's "cryptographic boundary", which is an explicitly defined module's "cryptographic boundary", which is an explicitly defined
contiguous perimeter that establishes the physical bounds of the contiguous perimeter that establishes the physical bounds of the
module. [FP140] module. [FP140]
$ cryptographic system $ cryptographic system
1. (I) A set of cryptographic algorithms together with the key 1. (I) A set of cryptographic algorithms together with the key
management processes that support use of the algorithms in some management processes that support use of the algorithms in some
application context. application context.
Usage: ISDs SHOULD use definition 1 because it covers a wider Usage: IDOCs SHOULD use definition 1 because it covers a wider
range of algorithms than definition 2. range of algorithms than definition 2.
2. (O) "A collection of transformations from plain text into 2. (O) "A collection of transformations from plain text into
cipher text and vice versa [which would exclude digital signature, cipher text and vice versa [which would exclude digital signature,
cryptographic hash, and key-agreement algorithms], the particular cryptographic hash, and key-agreement algorithms], the particular
transformation(s) to be used being selected by keys. The transformation(s) to be used being selected by keys. The
transformations are normally defined by a mathematical algorithm." transformations are normally defined by a mathematical algorithm."
[X509] [X509]
$ cryptographic token $ cryptographic token
skipping to change at page 84, line 46 skipping to change at page 84, line 46
$ cyclic redundancy check (CRC) $ cyclic redundancy check (CRC)
(I) A type of checksum algorithm that is not a cryptographic hash (I) A type of checksum algorithm that is not a cryptographic hash
but is used to implement data integrity service where accidental but is used to implement data integrity service where accidental
changes to data are expected. Sometimes called "cyclic redundancy changes to data are expected. Sometimes called "cyclic redundancy
code". code".
$ DAC $ DAC
(N) See: Data Authentication Code, discretionary access control. (N) See: Data Authentication Code, discretionary access control.
Deprecated Usage: ISDs that use this term SHOULD state a Deprecated Usage: IDOCs that use this term SHOULD state a
definition for it because this abbreviation is ambiguous. definition for it because this abbreviation is ambiguous.
$ daemon $ daemon
(I) A computer program that is not invoked explicitly but waits (I) A computer program that is not invoked explicitly but waits
until a specified condition occurs, and then runs with no until a specified condition occurs, and then runs with no
associated user (principal), usually for an administrative associated user (principal), usually for an administrative
purpose. (See: zombie.) purpose. (See: zombie.)
$ dangling threat $ dangling threat
(O) A threat to a system for which there is no corresponding (O) A threat to a system for which there is no corresponding
skipping to change at page 85, line 31 skipping to change at page 85, line 31
processed, or produced by a computer or other type of machine, and processed, or produced by a computer or other type of machine, and
(b) representations that can be handled by a human. (b) representations that can be handled by a human.
$ Data Authentication Algorithm, data authentication algorithm $ Data Authentication Algorithm, data authentication algorithm
1. (N) /capitalized/ The ANSI standard for a keyed hash function 1. (N) /capitalized/ The ANSI standard for a keyed hash function
that is equivalent to DES cipher block chaining with IV = 0. that is equivalent to DES cipher block chaining with IV = 0.
[A9009] [A9009]
2. (D) /not capitalized/ Synonym for some kind of "checksum". 2. (D) /not capitalized/ Synonym for some kind of "checksum".
Deprecated Term: ISDs SHOULD NOT use the uncapitalized form "data Deprecated Term: IDOCs SHOULD NOT use the uncapitalized form "data
authentication algorithm" as a synonym for any kind of checksum, authentication algorithm" as a synonym for any kind of checksum,
regardless of whether or not the checksum is based on a hash. regardless of whether or not the checksum is based on a hash.
Instead, use "checksum", "Data Authentication Code", "error Instead, use "checksum", "Data Authentication Code", "error
detection code", "hash", "keyed hash", "Message Authentication detection code", "hash", "keyed hash", "Message Authentication
Code", "protected checksum", or some other specific term, Code", "protected checksum", or some other specific term,
depending on what is meant. depending on what is meant.
The uncapitalized term can be confused with the Data The uncapitalized term can be confused with the Data
Authentication Code and also mixes concepts in a potentially Authentication Code and also mixes concepts in a potentially
misleading way. The word "authentication" is misleading because misleading way. The word "authentication" is misleading because
skipping to change at page 85, line 53 skipping to change at page 85, line 53
rather than a data origin authentication function. rather than a data origin authentication function.
$ Data Authentication Code, data authentication code $ Data Authentication Code, data authentication code
1. (N) /capitalized/ A specific U.S. Government standard [FP113] 1. (N) /capitalized/ A specific U.S. Government standard [FP113]
for a checksum that is computed by the Data Authentication for a checksum that is computed by the Data Authentication
Algorithm. Usage: a.k.a. Message Authentication Code [A9009].) Algorithm. Usage: a.k.a. Message Authentication Code [A9009].)
(See: DAC.) (See: DAC.)
2. (D) /not capitalized/ Synonym for some kind of "checksum". 2. (D) /not capitalized/ Synonym for some kind of "checksum".
Deprecated Term: ISDs SHOULD NOT use the uncapitalized form "data Deprecated Term: IDOCs SHOULD NOT use the uncapitalized form "data
authentication code" as a synonym for any kind of checksum, authentication code" as a synonym for any kind of checksum,
regardless of whether or not the checksum is based on the Data regardless of whether or not the checksum is based on the Data
Authentication Algorithm. The uncapitalized term can be confused Authentication Algorithm. The uncapitalized term can be confused
with the Data Authentication Code and also mixes concepts in a with the Data Authentication Code and also mixes concepts in a
potentially misleading way (see: authentication code). potentially misleading way (see: authentication code).
$ data compromise $ data compromise
1. (I) A security incident in which information is exposed to 1. (I) A security incident in which information is exposed to
potential unauthorized access, such that unauthorized disclosure, potential unauthorized access, such that unauthorized disclosure,
alteration, or use of the information might have occurred. alteration, or use of the information might have occurred.
skipping to change at page 86, line 38 skipping to change at page 86, line 38
Deprecated Definition: The phrase "made available" might be Deprecated Definition: The phrase "made available" might be
interpreted to mean that the data could be altered, and that would interpreted to mean that the data could be altered, and that would
confuse this term with the concept of "data integrity". confuse this term with the concept of "data integrity".
$ data confidentiality service $ data confidentiality service
(I) A security service that protects data against unauthorized (I) A security service that protects data against unauthorized
disclosure. (See: access control, data confidentiality, datagram disclosure. (See: access control, data confidentiality, datagram
confidentiality service, flow control, inference control.) confidentiality service, flow control, inference control.)
Deprecated Usage: ISDs SHOULD NOT use this term as a synonym for Deprecated Usage: IDOCs SHOULD NOT use this term as a synonym for
"privacy", which is a different concept. "privacy", which is a different concept.
$ Data Encryption Algorithm (DEA) $ Data Encryption Algorithm (DEA)
(N) A symmetric block cipher, defined in the U.S. Government's (N) A symmetric block cipher, defined in the U.S. Government's
DES. DEA uses a 64-bit key, of which 56 bits are independently DES. DEA uses a 64-bit key, of which 56 bits are independently
chosen and 8 are parity bits, and maps a 64-bit block into another chosen and 8 are parity bits, and maps a 64-bit block into another
64-bit block. [FP046] (See: AES, symmetric cryptography.) 64-bit block. [FP046] (See: AES, symmetric cryptography.)
Usage: This algorithm is usually referred to as "DES". The Usage: This algorithm is usually referred to as "DES". The
algorithm has also been adopted in standards outside the algorithm has also been adopted in standards outside the
skipping to change at page 88, line 36 skipping to change at page 88, line 36
service. (See: "relationship between data integrity service and service. (See: "relationship between data integrity service and
authentication services" under "data integrity service". authentication services" under "data integrity service".
$ data owner $ data owner
(N) The organization that has the final statutory and operational (N) The organization that has the final statutory and operational
authority for specified information. authority for specified information.
$ data privacy $ data privacy
(D) Synonym for "data confidentiality". (D) Synonym for "data confidentiality".
Deprecated Term: ISDs SHOULD NOT use this term; it mixes concepts Deprecated Term: IDOCs SHOULD NOT use this term; it mixes concepts
in a potentially misleading way. Instead, use either "data in a potentially misleading way. Instead, use either "data
confidentiality" or "privacy" or both, depending on what is meant. confidentiality" or "privacy" or both, depending on what is meant.
$ data recovery $ data recovery
1. (I) /cryptanalysis/ A process for learning, from some cipher 1. (I) /cryptanalysis/ A process for learning, from some cipher
text, the plain text that was previously encrypted to produce the text, the plain text that was previously encrypted to produce the
cipher text. (See: recovery.) cipher text. (See: recovery.)
2. (I) /system integrity/ The process of restoring information 2. (I) /system integrity/ The process of restoring information
following damage or destruction. following damage or destruction.
skipping to change at page 89, line 20 skipping to change at page 89, line 20
transporting network." [R1983] Example: A PDU of IP. transporting network." [R1983] Example: A PDU of IP.
$ datagram confidentiality service $ datagram confidentiality service
(I) A data confidentiality service that preserves the (I) A data confidentiality service that preserves the
confidentiality of data in a single, independent, packet; i.e., confidentiality of data in a single, independent, packet; i.e.,
the service applies to datagrams one-at-a-time. Example: ESP. the service applies to datagrams one-at-a-time. Example: ESP.
(See: data confidentiality.) (See: data confidentiality.)
Usage: When a protocol is said to provide data confidentiality Usage: When a protocol is said to provide data confidentiality
service, this is usually understood to mean that only the SDU is service, this is usually understood to mean that only the SDU is
protected in each packet. ISDs that use the term to mean that the protected in each packet. IDOCs that use the term to mean that the
entire PDU is protected should include a highlighted definition. entire PDU is protected should include a highlighted definition.
Tutorial: This basic form of network confidentiality service Tutorial: This basic form of network confidentiality service
suffices for protecting the data in a stream of packets in both suffices for protecting the data in a stream of packets in both
connectionless and connection-oriented protocols. Except perhaps connectionless and connection-oriented protocols. Except perhaps
for traffic flow confidentiality, nothing further is needed to for traffic flow confidentiality, nothing further is needed to
protect the confidentiality of data carried by a packet stream. protect the confidentiality of data carried by a packet stream.
The OSIRM distinguishes between connection confidentiality and The OSIRM distinguishes between connection confidentiality and
connectionless confidentiality. The IPS need not make that connectionless confidentiality. The IPS need not make that
distinction, because those services are just instances of the same distinction, because those services are just instances of the same
skipping to change at page 90, line 20 skipping to change at page 90, line 20
entity receiving false data and believing it to be true. (See: entity receiving false data and believing it to be true. (See:
authentication.) authentication.)
Tutorial: This is a type of threat consequence, and it can be Tutorial: This is a type of threat consequence, and it can be
caused by the following types of threat actions: masquerade, caused by the following types of threat actions: masquerade,
falsification, and repudiation. falsification, and repudiation.
$ decipher $ decipher
(D) Synonym for "decrypt". (D) Synonym for "decrypt".
Deprecated Definition: ISDs SHOULD NOT use this term as a synonym Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym
for "decrypt". However, see usage note under "encryption". for "decrypt". However, see usage note under "encryption".
$ decipherment $ decipherment
(D) Synonym for "decryption". (D) Synonym for "decryption".
Deprecated Definition: ISDs SHOULD NOT use this term as a synonym Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym
for "decryption". However, see the Usage note under "encryption". for "decryption". However, see the Usage note under "encryption".
$ declassification $ declassification
(I) An authorized process by which information is declassified. (I) An authorized process by which information is declassified.
(Compare: classification.) (Compare: classification.)
$ declassify $ declassify
(I) To officially remove the security level designation of a (I) To officially remove the security level designation of a
classified information item or information type, such that the classified information item or information type, such that the
information is no longer classified (i.e., becomes unclassified). information is no longer classified (i.e., becomes unclassified).
(See: classified, classify, security level. Compare: downgrade.) (See: classified, classify, security level. Compare: downgrade.)
$ decode $ decode
1. (I) Convert encoded data back to its original form of 1. (I) Convert encoded data back to its original form of
representation. (Compare: decrypt.) representation. (Compare: decrypt.)
2. (D) Synonym for "decrypt". 2. (D) Synonym for "decrypt".
Deprecated Definition: Encoding is not usually meant to conceal Deprecated Definition: Encoding is not usually meant to conceal
meaning. Therefore, ISDs SHOULD NOT use this term as a synonym for meaning. Therefore, IDOCs SHOULD NOT use this term as a synonym
"decrypt", because that would mix concepts in a potentially for "decrypt", because that would mix concepts in a potentially
misleading way. misleading way.
$ decrypt $ decrypt
(I) Cryptographically restore cipher text to the plaintext form it (I) Cryptographically restore cipher text to the plaintext form it
had before encryption. had before encryption.
$ decryption $ decryption
(I) See: secondary definition under "encryption". (I) See: secondary definition under "encryption".
$ dedicated security mode $ dedicated security mode
skipping to change at page 93, line 8 skipping to change at page 93, line 8
$ delta CRL $ delta CRL
(I) A partial CRL that only contains entries for certificates that (I) A partial CRL that only contains entries for certificates that
have been revoked since the issuance of a prior, base CRL [X509]. have been revoked since the issuance of a prior, base CRL [X509].
This method can be used to partition CRLs that become too large This method can be used to partition CRLs that become too large
and unwieldy. (Compare: CRL distribution point.) and unwieldy. (Compare: CRL distribution point.)
$ demilitarized zone (DMZ) $ demilitarized zone (DMZ)
(D) Synonym for "buffer zone". (D) Synonym for "buffer zone".
Deprecated Term: ISDs SHOULD NOT use this term because it mixes Deprecated Term: IDOCs SHOULD NOT use this term because it mixes
concepts in a potentially misleading way. (See: Deprecated Usage concepts in a potentially misleading way. (See: Deprecated Usage
under "Green Book".) under "Green Book".)
$ denial of service $ denial of service
(I) The prevention of authorized access to a system resource or (I) The prevention of authorized access to a system resource or
the delaying of system operations and functions. (See: the delaying of system operations and functions. (See:
availability, critical, flooding.) availability, critical, flooding.)
Tutorial: A denial-of-service attack can prevent the normal Tutorial: A denial-of-service attack can prevent the normal
conduct of business on the Internet. There are four types of conduct of business on the Internet. There are four types of
skipping to change at page 94, line 9 skipping to change at page 94, line 9
$ Diffie-Hellman $ Diffie-Hellman
$ Diffie-Hellman-Merkle $ Diffie-Hellman-Merkle
(N) A key-agreement algorithm published in 1976 by Whitfield (N) A key-agreement algorithm published in 1976 by Whitfield
Diffie and Martin Hellman [DH76, R2631]. Diffie and Martin Hellman [DH76, R2631].
Usage: The algorithm is most often called "Diffie-Hellman". Usage: The algorithm is most often called "Diffie-Hellman".
However, in the November 1978 issue of "IEEE Communications However, in the November 1978 issue of "IEEE Communications
Magazine", Hellman wrote that the algorithm "is a public key Magazine", Hellman wrote that the algorithm "is a public key
distribution system, a concept developed by [Ralph C.] Merkle, and distribution system, a concept developed by [Ralph C.] Merkle, and
hence should be called 'Diffie-Hellman-Merkle' . . . to recognize hence should be called 'Diffie-Hellman-Merkle' ... to recognize
Merkle's equal contribution to the invention of public key Merkle's equal contribution to the invention of public key
cryptography." cryptography."
Tutorial: Diffie-Hellman-Merkle does key establishment, not Tutorial: Diffie-Hellman-Merkle does key establishment, not
encryption. However, the key that it produces may be used for encryption. However, the key that it produces may be used for
encryption, for further key management operations, or for any encryption, for further key management operations, or for any
other cryptography. other cryptography.
The algorithm is described in [R2631] and [Schn]. In brief, Alice The algorithm is described in [R2631] and [Schn]. In brief, Alice
and Bob together pick large integers that satisfy certain and Bob together pick large integers that satisfy certain
skipping to change at page 94, line 43 skipping to change at page 94, line 43
$ digest $ digest
See: message digest. See: message digest.
$ digital certificate $ digital certificate
(I) A certificate document in the form of a digital data object (a (I) A certificate document in the form of a digital data object (a
data object used by a computer) to which is appended a computed data object used by a computer) to which is appended a computed
digital signature value that depends on the data object. (See: digital signature value that depends on the data object. (See:
attribute certificate, public-key certificate.) attribute certificate, public-key certificate.)
Deprecated Usage: ISDs SHOULD NOT use this term to refer to a Deprecated Usage: IDOCs SHOULD NOT use this term to refer to a
signed CRL or CKL. Although the recommended definition can be signed CRL or CKL. Although the recommended definition can be
interpreted to include other signed items, the security community interpreted to include other signed items, the security community
does not use the term with those meanings. does not use the term with those meanings.
$ digital certification $ digital certification
(D) Synonym for "certification". (D) Synonym for "certification".
Deprecated Definition: ISDs SHOULD NOT use this definition unless Deprecated Definition: IDOCs SHOULD NOT use this definition unless
the context is not sufficient to distinguish between digital the context is not sufficient to distinguish between digital
certification and another kind of certification, in which case it certification and another kind of certification, in which case it
would be better to use "public-key certification" or another would be better to use "public-key certification" or another
phrase that indicates what is being certified. phrase that indicates what is being certified.
$ digital document $ digital document
(I) An electronic data object that represents information (I) An electronic data object that represents information
originally written in a non-electronic, non-magnetic medium originally written in a non-electronic, non-magnetic medium
(usually ink on paper) or is an analogue of a document of that (usually ink on paper) or is an analogue of a document of that
type. type.
$ digital envelope $ digital envelope
(I) A combination of (a) encrypted content data (of any kind) (I) A combination of (a) encrypted content data (of any kind)
intended for a recipient and (b) the content encryption key in an intended for a recipient and (b) the content encryption key in an
encrypted form that has been prepared for the use of the encrypted form that has been prepared for the use of the
recipient. recipient.
Usage: In ISDs, the term SHOULD be defined at the point of first Usage: In IDOCs, the term SHOULD be defined at the point of first
use because, although the term is defined in PKCS #7 and used in use because, although the term is defined in PKCS #7 and used in
S/MIME, it is not widely known. S/MIME, it is not widely known.
Tutorial: Digital enveloping is not simply a synonym for Tutorial: Digital enveloping is not simply a synonym for
implementing data confidentiality with encryption; digital implementing data confidentiality with encryption; digital
enveloping is a hybrid encryption scheme to "seal" a message or enveloping is a hybrid encryption scheme to "seal" a message or
other data, by encrypting the data and sending both it and a other data, by encrypting the data and sending both it and a
protected form of the key to the intended recipient, so that no protected form of the key to the intended recipient, so that no
one other than the intended recipient can "open" the message. In one other than the intended recipient can "open" the message. In
PKCS #7, it means first encrypting the data using a symmetric PKCS #7, it means first encrypting the data using a symmetric
encryption algorithm and a secret key, and then encrypting the encryption algorithm and a secret key, and then encrypting the
secret key using an asymmetric encryption algorithm and the public secret key using an asymmetric encryption algorithm and the public
key of the intended recipient. In S/MIME, additional methods are key of the intended recipient. In S/MIME, additional methods are
defined for encrypting the content encryption key. defined for encrypting the content encryption key.
$ Digital ID(service mark) $ Digital ID(service mark)
(D) Synonym for "digital certificate". (D) Synonym for "digital certificate".
Deprecated Term: ISDs SHOULD NOT use this term. It is a service Deprecated Term: IDOCs SHOULD NOT use this term. It is a service
mark of a commercial firm, and it unnecessarily duplicates the mark of a commercial firm, and it unnecessarily duplicates the
meaning of a better-established term. (See: credential.) meaning of a better-established term. (See: credential.)
$ digital key $ digital key
(D) Synonym for an input parameter of a cryptographic algorithm or (D) Synonym for an input parameter of a cryptographic algorithm or
other process. (See: key.) other process. (See: key.)
Deprecated Usage: The adjective "digital" need not be used with Deprecated Usage: The adjective "digital" need not be used with
"key" or "cryptographic key", unless the context is insufficient "key" or "cryptographic key", unless the context is insufficient
to distinguish the digital key from another kind of key, such as a to distinguish the digital key from another kind of key, such as a
skipping to change at page 97, line 39 skipping to change at page 97, line 39
be unobtrusive. Depending on the particular technique that is be unobtrusive. Depending on the particular technique that is
used, digital watermarking can assist in proving ownership, used, digital watermarking can assist in proving ownership,
controlling duplication, tracing distribution, ensuring data controlling duplication, tracing distribution, ensuring data
integrity, and performing other functions to protect intellectual integrity, and performing other functions to protect intellectual
property rights. [ACM] property rights. [ACM]
$ digitized signature $ digitized signature
(D) Denotes various forms of digitized images of handwritten (D) Denotes various forms of digitized images of handwritten
signatures. (Compare: digital signature). signatures. (Compare: digital signature).
Deprecated Term: ISDs SHOULD NOT use this term without including Deprecated Term: IDOCs SHOULD NOT use this term without including
this definition. This term suggests careless use of "digital this definition. This term suggests careless use of "digital
signature", which is the term standardized by [I7498-2]. (See: signature", which is the term standardized by [I7498-2]. (See:
electronic signature.) electronic signature.)
$ DII $ DII
(O) See: Defense Information Infrastructure. (O) See: Defense Information Infrastructure.
$ direct attack $ direct attack
(I) See: secondary definition under "attack". (Compare: indirect (I) See: secondary definition under "attack". (Compare: indirect
attack.) attack.)
skipping to change at page 98, line 15 skipping to change at page 98, line 15
(See: DN, X.500.) (See: DN, X.500.)
$ Directory Access Protocol (DAP) $ Directory Access Protocol (DAP)
(N) An OSI protocol [X519] for communication between a Directory (N) An OSI protocol [X519] for communication between a Directory
User Agent (a type of X.500 client) and a Directory System Agent User Agent (a type of X.500 client) and a Directory System Agent
(a type of X.500 server). (See: LDAP.) (a type of X.500 server). (See: LDAP.)
$ disaster plan $ disaster plan
(O) Synonym for "contingency plan". (O) Synonym for "contingency plan".
Deprecated Term: ISDs SHOULD NOT use this term; instead, for Deprecated Term: IDOCs SHOULD NOT use this term; instead, for
consistency and neutrality of language, ISDs SHOULD use consistency and neutrality of language, IDOCs SHOULD use
"contingency plan". "contingency plan".
$ disclosure $ disclosure
See: unauthorized disclosure. Compare: exposure. See: unauthorized disclosure. Compare: exposure.
$ discretionary access control $ discretionary access control
1a. (I) An access control service that (a) enforces a security 1a. (I) An access control service that (a) enforces a security
policy based on the identity of system entities and the policy based on the identity of system entities and the
authorizations associated with the identities and (b) incorporates authorizations associated with the identities and (b) incorporates
a concept of ownership in which access rights for a system a concept of ownership in which access rights for a system
skipping to change at page 100, line 26 skipping to change at page 100, line 26
$ DNS $ DNS
(I) See: Domain Name System. (I) See: Domain Name System.
$ doctrine $ doctrine
See: security doctrine. See: security doctrine.
$ DoD $ DoD
(N) Department of Defense. (N) Department of Defense.
Usage: To avoid international misunderstanding, ISDs SHOULD use Usage: To avoid international misunderstanding, IDOCs SHOULD use
this abbreviation only with a national qualifier (e.g., U.S. DoD). this abbreviation only with a national qualifier (e.g., U.S. DoD).
$ DOI $ DOI
(I) See: Domain of Interpretation. (I) See: Domain of Interpretation.
$ domain $ domain
1a. (I) /general security/ An environment or context that (a) 1a. (I) /general security/ An environment or context that (a)
includes a set of system resources and a set of system entities includes a set of system resources and a set of system entities
that have the right to access the resources and (b) usually is that have the right to access the resources and (b) usually is
defined by a security policy, security model, or security defined by a security policy, security model, or security
architecture. (See: CA domain, domain of interpretation, security architecture. (See: CA domain, domain of interpretation, security
perimeter. Compare: COI, enclave.) perimeter. Compare: COI, enclave.)
Tutorial: A "controlled interface" or "guard" is required to Tutorial: A "controlled interface" or "guard" is required to
transfer information between network domains that operate under transfer information between network domains that operate under
different security policies. different security policies.
1b. (O) /security policy/ A set of users, their information 1b. (O) /security policy/ A set of users, their information
objects, and a common security policy. [DGSA, SP33] objects, and a common security policy. [DoD6, SP33]
1c. (O) /security policy/ A system or collection of systems that 1c. (O) /security policy/ A system or collection of systems that
(a) belongs to a community of interest that implements a (a) belongs to a community of interest that implements a
consistent security policy and (b) is administered by a single consistent security policy and (b) is administered by a single
authority. authority.
2. (O) /COMPUSEC/ A operating state or mode of a set of computer 2. (O) /COMPUSEC/ A operating state or mode of a set of computer
hardware. hardware.
Tutorial: Most computers have at least two hardware operating Tutorial: Most computers have at least two hardware operating
skipping to change at page 103, line 28 skipping to change at page 103, line 28
$ downgrade attack $ downgrade attack
(I) A type of man-in-the-middle attack in which the attacker can (I) A type of man-in-the-middle attack in which the attacker can
cause two parties, that are negotiating a security association, to cause two parties, that are negotiating a security association, to
agree on a lower level of protection than the highest level that agree on a lower level of protection than the highest level that
could have been supported by both of them. (Compare: downgrade.) could have been supported by both of them. (Compare: downgrade.)
$ draft RFC $ draft RFC
(D) A preliminary, temporary version of a document that is (D) A preliminary, temporary version of a document that is
intended to become an RFC. (Compare: Internet-Draft.) intended to become an RFC. (Compare: Internet-Draft.)
Deprecated Term: ISDs SHOULD NOT use this term. The RFC series is Deprecated Term: IDOCs SHOULD NOT use this term. The RFC series is
archival in nature and consists only of documents in permanent archival in nature and consists only of documents in permanent
form. A document that is intended to become an RFC usually needs form. A document that is intended to become an RFC usually needs
to be published first as an Internet-Draft (RFC 2026). (See: to be published first as an Internet-Draft (RFC 2026). (See:
"Draft Standard" under "Internet Standard".) "Draft Standard" under "Internet Standard".)
$ Draft Standard $ Draft Standard
(I) See: secondary definition under "Internet Standard". (I) See: secondary definition under "Internet Standard".
$ DSA $ DSA
(N) See: Digital Signature Algorithm. (N) See: Digital Signature Algorithm.
skipping to change at page 103, line 54 skipping to change at page 103, line 54
(I) A procedure that uses two or more entities (usually persons) (I) A procedure that uses two or more entities (usually persons)
operating in concert to protect a system resource, such that no operating in concert to protect a system resource, such that no
single entity acting alone can access that resource. (See: no-lone single entity acting alone can access that resource. (See: no-lone
zone, separation of duties, split knowledge.) zone, separation of duties, split knowledge.)
$ dual signature $ dual signature
(O) /SET/ A single digital signature that protects two separate (O) /SET/ A single digital signature that protects two separate
messages by including the hash results for both sets in a single messages by including the hash results for both sets in a single
encrypted value. [SET2] encrypted value. [SET2]
Deprecated Usage: ISDs SHOULD NOT use this term except when Deprecated Usage: IDOCs SHOULD NOT use this term except when
qualified as "SET(trademark) dual signature" with this definition. qualified as "SET(trademark) dual signature" with this definition.
Tutorial: Generated by hashing each message separately, Tutorial: Generated by hashing each message separately,
concatenating the two hash results, and then hashing that value concatenating the two hash results, and then hashing that value
and encrypting the result with the signer's private key. Done to and encrypting the result with the signer's private key. Done to
reduce the number of encryption operations and to enable reduce the number of encryption operations and to enable
verification of data integrity without complete disclosure of the verification of data integrity without complete disclosure of the
data. data.
$ dual-use certificate $ dual-use certificate
(O) A certificate that is intended for use with both digital (O) A certificate that is intended for use with both digital
signature and data encryption services. [SP32] signature and data encryption services. [SP32]
Usage: ISDs that use this term SHOULD state a definition for it by Usage: IDOCs that use this term SHOULD state a definition for it
identifying the intended uses of the certificate, because there by identifying the intended uses of the certificate, because there
are more than just these two uses mentioned in the NIST are more than just these two uses mentioned in the NIST
publication. A v3 X.509 public-key certificate may have a "key publication. A v3 X.509 public-key certificate may have a "key
Usage" extension, which indicates the purposes for which the Usage" extension, which indicates the purposes for which the
public key may be used. (See: certificate profile.) public key may be used. (See: certificate profile.)
$ duty $ duty
(I) An attribute of a role that obligates an entity playing the (I) An attribute of a role that obligates an entity playing the
role to perform one or more tasks, which usually are essential for role to perform one or more tasks, which usually are essential for
the functioning of the system. [Sand] (Compare authorization, the functioning of the system. [Sand] (Compare authorization,
privilege. See: role, billet.) privilege. See: role, billet.)
$ e-cash $ e-cash
(O) Electronic cash; money that is in the form of data and can be (O) Electronic cash; money that is in the form of data and can be
used as a payment mechanism on the Internet. (See: IOTP.) used as a payment mechanism on the Internet. (See: IOTP.)
Usage: ISDs that use this term SHOULD state a definition for it Usage: IDOCs that use this term SHOULD state a definition for it
because many different types of electronic cash have been devised because many different types of electronic cash have been devised
with a variety of security mechanisms. with a variety of security mechanisms.
$ EAP $ EAP
(I) See: Extensible Authentication Protocol. (I) See: Extensible Authentication Protocol.
$ EAL $ EAL
(O) See: evaluation assurance level. (O) See: evaluation assurance level.
$ Easter egg $ Easter egg
(O) "Hidden functionality within an application program, which (O) "Hidden functionality within an application program, which
becomes activated when an undocumented, and often convoluted, set becomes activated when an undocumented, and often convoluted, set
of commands and keystrokes is entered. Easter eggs are typically of commands and keystrokes is entered. Easter eggs are typically
used to display the credits for the development team and [are] used to display the credits for the development team and [are]
intended to be non-threatening" [SP28], but Easter eggs have the intended to be non-threatening" [SP28], but Easter eggs have the
potential to contain malicious code. potential to contain malicious code.
Deprecated Usage: It is likely that other cultures use different Deprecated Usage: It is likely that other cultures use different
metaphors for this concept. Therefore, to avoid international metaphors for this concept. Therefore, to avoid international
misunderstanding, ISDs SHOULD NOT use this term. (See: Deprecated misunderstanding, IDOCs SHOULD NOT use this term. (See: Deprecated
Usage under "Green Book".) Usage under "Green Book".)
$ eavesdropping $ eavesdropping
(I) Passive wiretapping done secretly, i.e., without the knowledge (I) Passive wiretapping done secretly, i.e., without the knowledge
of the originator or the intended recipients of the communication. of the originator or the intended recipients of the communication.
$ ECB $ ECB
(N) See: electronic codebook. (N) See: electronic codebook.
$ ECDSA $ ECDSA
skipping to change at page 105, line 39 skipping to change at page 105, line 39
$ EDI $ EDI
(I) See: electronic data interchange. (I) See: electronic data interchange.
$ EDIFACT $ EDIFACT
(N) See: secondary definition under "electronic data interchange". (N) See: secondary definition under "electronic data interchange".
$ EE $ EE
(D) Abbreviation of "end entity" and other terms. (D) Abbreviation of "end entity" and other terms.
Deprecated Abbreviation: ISDs SHOULD NOT use this abbreviation; Deprecated Abbreviation: IDOCs SHOULD NOT use this abbreviation;
there could be confusion among "end entity", "end-to-end there could be confusion among "end entity", "end-to-end
encryption", "escrowed encryption standard", and other terms. encryption", "escrowed encryption standard", and other terms.
$ EES $ EES
(O) See: Escrowed Encryption Standard. (O) See: Escrowed Encryption Standard.
$ effective key length $ effective key length
(O) "A measure of strength of a cryptographic algorithm, (O) "A measure of strength of a cryptographic algorithm,
regardless of actual key length." [IATF] (See: work factor.) regardless of actual key length." [IATF] (See: work factor.)
$ effectiveness $ effectiveness
(O) /ITSEC/ A property of a TOE representing how well it provides (O) /ITSEC/ A property of a TOE representing how well it provides
security in the context of its actual or proposed operational use. security in the context of its actual or proposed operational use.
$ El Gamal algorithm $ El Gamal algorithm
(N) An algorithm for asymmetric cryptography, invented in 1985 by (N) An algorithm for asymmetric cryptography, invented in 1985 by
Taher El Gamal, that is based on the difficulty of calculating Taher El Gamal, that is based on the difficulty of calculating
discrete logarithms and can be used for both encryption and discrete logarithms and can be used for both encryption and
digital signatures. digital signatures. [ElGa]
$ electronic codebook (ECB) $ electronic codebook (ECB)
(N) An block cipher mode in which a plaintext block is used (N) An block cipher mode in which a plaintext block is used
directly as input to the encryption algorithm and the resultant directly as input to the encryption algorithm and the resultant
output block is used directly as cipher text [FP081]. (See: block output block is used directly as cipher text [FP081]. (See: block
cipher, [SP38A].) cipher, [SP38A].)
$ electronic commerce $ electronic commerce
1. (I) Business conducted through paperless exchanges of 1. (I) Business conducted through paperless exchanges of
information, using electronic data interchange, electronic funds information, using electronic data interchange, electronic funds
skipping to change at page 106, line 44 skipping to change at page 106, line 44
$ Electronic Key Management System (EKMS) $ Electronic Key Management System (EKMS)
(O) "Interoperable collection of systems developed by ... the U.S. (O) "Interoperable collection of systems developed by ... the U.S.
Government to automate the planning, ordering, generating, Government to automate the planning, ordering, generating,
distributing, storing, filling, using, and destroying of distributing, storing, filling, using, and destroying of
electronic keying material and the management of other types of electronic keying material and the management of other types of
COMSEC material." [C4009] COMSEC material." [C4009]
$ electronic signature $ electronic signature
(D) Synonym for "digital signature" or "digitized signature". (D) Synonym for "digital signature" or "digitized signature".
Deprecated Term: ISDs SHOULD NOT use this term; there is no Deprecated Term: IDOCs SHOULD NOT use this term; there is no
current consensus on its definition. Instead, use "digital current consensus on its definition. Instead, use "digital
signature", if that is what was intended signature", if that is what was intended
$ electronic wallet $ electronic wallet
(D) A secure container to hold, in digitized form, some sensitive (D) A secure container to hold, in digitized form, some sensitive
data objects that belong to the owner, such as electronic money, data objects that belong to the owner, such as electronic money,
authentication material, and various types of personal authentication material, and various types of personal
information. (See: IOTP.) information. (See: IOTP.)
Deprecated Term: ISDs SHOULD NOT use this term. There is no Deprecated Term: IDOCs SHOULD NOT use this term. There is no
current consensus on its definition; and some uses and definitions current consensus on its definition; and some uses and definitions
may be proprietary. Meanings range from virtual wallets may be proprietary. Meanings range from virtual wallets
implemented by data structures to physical wallets implemented by implemented by data structures to physical wallets implemented by
cryptographic tokens. (See: Deprecated Usage under "Green Book".) cryptographic tokens. (See: Deprecated Usage under "Green Book".)
$ elliptic curve cryptography (ECC) $ elliptic curve cryptography (ECC)
(I) A type of asymmetric cryptography based on mathematics of (I) A type of asymmetric cryptography based on mathematics of
groups that are defined by the points on a curve, where the curve groups that are defined by the points on a curve, where the curve
is defined by a quadratic equation in a finite field. [Schn] is defined by a quadratic equation in a finite field. [Schn]
skipping to change at page 107, line 53 skipping to change at page 107, line 53
system and to preventing or limiting the ability of unauthorized system and to preventing or limiting the ability of unauthorized
parties to receive the emissions. parties to receive the emissions.
$ embedded cryptography $ embedded cryptography
(N) "Cryptography engineered into an equipment or system whose (N) "Cryptography engineered into an equipment or system whose
basic function is not cryptographic." [C4009] basic function is not cryptographic." [C4009]
$ emergency plan $ emergency plan
(D) Synonym for "contingency plan". (D) Synonym for "contingency plan".
Deprecated Term: ISDs SHOULD NOT use this term. Instead, for Deprecated Term: IDOCs SHOULD NOT use this term. Instead, for
neutrality and consistency of language, use "contingency plan". neutrality and consistency of language, use "contingency plan".
$ emergency response $ emergency response
(O) An urgent response to a fire, flood, civil commotion, natural (O) An urgent response to a fire, flood, civil commotion, natural
disaster, bomb threat, or other serious situation, with the intent disaster, bomb threat, or other serious situation, with the intent
of protecting lives, limiting damage to property, and minimizing of protecting lives, limiting damage to property, and minimizing
disruption of system operations. [FP087] (See: availability, CERT, disruption of system operations. [FP087] (See: availability, CERT,
emergency plan.) emergency plan.)
$ EMSEC $ EMSEC
skipping to change at page 108, line 41 skipping to change at page 108, line 41
(transport mode) or an IP header (tunnel mode). ESP can provide (transport mode) or an IP header (tunnel mode). ESP can provide
data confidentiality service, data origin authentication service, data confidentiality service, data origin authentication service,
connectionless data integrity service, an anti-replay service, and connectionless data integrity service, an anti-replay service, and
limited traffic-flow confidentiality. The set of services depends limited traffic-flow confidentiality. The set of services depends
on the placement of the implementation and on options selected on the placement of the implementation and on options selected
when the security association is established. when the security association is established.
$ encipher $ encipher
(D) Synonym for "encrypt". (D) Synonym for "encrypt".
Deprecated Definition: ISDs SHOULD NOT use this term as a synonym Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym
for "encrypt". However, see Usage note under "encryption". for "encrypt". However, see Usage note under "encryption".
$ encipherment $ encipherment
(D) Synonym for "encryption". (D) Synonym for "encryption".
Deprecated Definition: ISDs SHOULD NOT use this term as a synonym Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym
for "encryption". However, see Usage note under "encryption". for "encryption". However, see Usage note under "encryption".
$ enclave $ enclave
1. (I) A set of system resources that operate in the same security 1. (I) A set of system resources that operate in the same security
domain and that share the protection of a single, common, domain and that share the protection of a single, common,
continuous security perimeter. (Compare: domain.) continuous security perimeter. (Compare: domain.)
2. (D) /U.S. Government/ "Collection of computing environments 2. (D) /U.S. Government/ "Collection of computing environments
connected by one or more internal networks under the control of a connected by one or more internal networks under the control of a
single authority and security policy, including personnel and single authority and security policy, including personnel and
physical security." [C4009] physical security." [C4009]
Deprecated Definition: ISDs SHOULD NOT use this term with Deprecated Definition: IDOCs SHOULD NOT use this term with
definition 2 because the definition applies to what is usually definition 2 because the definition applies to what is usually
called a "security domain". That is, a security domain is a set of called a "security domain". That is, a security domain is a set of
one or more security enclaves. one or more security enclaves.
$ encode $ encode
1. (I) Use a system of symbols to represent information, which 1. (I) Use a system of symbols to represent information, which
might originally have some other representation. Example: Morse might originally have some other representation. Example: Morse
code. (See: ASCII, BER.) (See: code, decode.) code. (See: ASCII, BER.) (See: code, decode.)
2. (D) Synonym for "encrypt". 2. (D) Synonym for "encrypt".
Deprecated Definition: ISDs SHOULD NOT use this term as a synonym Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym
for "encrypt"; encoding is not always meant to conceal meaning. for "encrypt"; encoding is not always meant to conceal meaning.
$ encrypt $ encrypt
(I) Cryptographically transform data to produce cipher text. (See: (I) Cryptographically transform data to produce cipher text. (See:
encryption. Compare: seal.) encryption. Compare: seal.)
$ encryption $ encryption
1. (I) Cryptographic transformation of data (called "plain text") 1. (I) Cryptographic transformation of data (called "plain text")
into a different form (called "cipher text") that conceals the into a different form (called "cipher text") that conceals the
data's original meaning and prevents the original form from being data's original meaning and prevents the original form from being
used. The corresponding reverse process is "decryption", a used. The corresponding reverse process is "decryption", a
transformation that restores encrypted data to its original form. transformation that restores encrypted data to its original form.
(See: cryptography.) (See: cryptography.)
2. (O) "The cryptographic transformation of data to produce 2. (O) "The cryptographic transformation of data to produce
ciphertext." [I7498-2] ciphertext." [I7498-2]
Usage: For this concept, ISDs SHOULD use the verb "to encrypt" Usage: For this concept, IDOCs SHOULD use the verb "to encrypt"
(and related variations: encryption, decrypt, and decryption). (and related variations: encryption, decrypt, and decryption).
However, because of cultural biases involving human burial, some However, because of cultural biases involving human burial, some
international documents (particularly ISO and CCITT standards) international documents (particularly ISO and CCITT standards)
avoid "to encrypt" and instead use the verb "to encipher" (and avoid "to encrypt" and instead use the verb "to encipher" (and
related variations: encipherment, decipher, decipherment). related variations: encipherment, decipher, decipherment).
Tutorial: Usually, the plaintext input to an encryption operation Tutorial: Usually, the plaintext input to an encryption operation
is clear text. But in some cases, the plain text may be cipher is clear text. But in some cases, the plain text may be cipher
text that was output from another encryption operation. (See: text that was output from another encryption operation. (See:
superencryption.) superencryption.)
skipping to change at page 110, line 34 skipping to change at page 110, line 34
$ end entity $ end entity
1. (I) A system entity that is the subject of a public-key 1. (I) A system entity that is the subject of a public-key
certificate and that is using, or is permitted and able to use, certificate and that is using, or is permitted and able to use,
the matching private key only for purposes other than signing a the matching private key only for purposes other than signing a
digital certificate; i.e., an entity that is not a CA. digital certificate; i.e., an entity that is not a CA.
2. (O) "A certificate subject [that] uses its public [sic] key for 2. (O) "A certificate subject [that] uses its public [sic] key for
purposes other than signing certificates." [X509] purposes other than signing certificates." [X509]
Deprecated Definition: ISDs SHOULD NOT use definition 2, which is Deprecated Definition: IDOCs SHOULD NOT use definition 2, which is
misleading and incomplete. First, that definition should have said misleading and incomplete. First, that definition should have said
"private key" rather than "public key" because certificates are "private key" rather than "public key" because certificates are
not usefully signed with a public key. Second, the X.509 not usefully signed with a public key. Second, the X.509
definition is ambiguous regarding whether an end entity may or may definition is ambiguous regarding whether an end entity may or may
not use the private key to sign a certificate, i.e., whether the not use the private key to sign a certificate, i.e., whether the
subject may be a CA. The intent of X.509's authors was that an end subject may be a CA. The intent of X.509's authors was that an end
entity certificate is not valid for use in verifying a signature entity certificate is not valid for use in verifying a signature
on an X.509 certificate or X.509 CRL. Thus, it would have been on an X.509 certificate or X.509 CRL. Thus, it would have been
better for the X.509 definition to have said "only for purposes better for the X.509 definition to have said "only for purposes
other than signing certificates". other than signing certificates".
skipping to change at page 111, line 37 skipping to change at page 111, line 37
protect their communications without depending on the intermediate protect their communications without depending on the intermediate
systems to provide the protection. systems to provide the protection.
$ end user $ end user
1. (I) /information system/ A system entity, usually a human 1. (I) /information system/ A system entity, usually a human
individual, that makes use of system resources, primarily for individual, that makes use of system resources, primarily for
application purposes as opposed to system management purposes. application purposes as opposed to system management purposes.
2. (D) /PKI/ Synonym for "end entity". 2. (D) /PKI/ Synonym for "end entity".
Deprecated Definition: ISDs SHOULD NOT use "end user" as a synonym Deprecated Definition: IDOCs SHOULD NOT use "end user" as a
for "end entity", because that would mix concepts in a potentially synonym for "end entity", because that would mix concepts in a
misleading way. potentially misleading way.
$ endorsed-for-unclassified cryptographic item (EUCI) $ endorsed-for-unclassified cryptographic item (EUCI)
(O) /U.S. Government/ "Unclassified cryptographic equipment that (O) /U.S. Government/ "Unclassified cryptographic equipment that
embodies a U.S. Government classified cryptographic logic and is embodies a U.S. Government classified cryptographic logic and is
endorsed by NSA for the protection of national security endorsed by NSA for the protection of national security
information." [C4009] (Compare: CCI, type 2 product.) information." [C4009] (Compare: CCI, type 2 product.)
$ entity $ entity
See: system entity. See: system entity.
skipping to change at page 116, line 23 skipping to change at page 116, line 23
$ fail-safe $ fail-safe
1. (I) Synonym for "fail-secure". 1. (I) Synonym for "fail-secure".
2. (I) A mode of termination of system functions that prevents 2. (I) A mode of termination of system functions that prevents
damage to specified system resources and system entities (i.e., damage to specified system resources and system entities (i.e.,
specified data, property, and life) when a failure occurs or is specified data, property, and life) when a failure occurs or is
detected in the system (but the failure still might cause a detected in the system (but the failure still might cause a
security compromise). (See: failure control.) security compromise). (See: failure control.)
Tutorial: Definitions 1 and 2 are opposing design alternatives. Tutorial: Definitions 1 and 2 are opposing design alternatives.
Therefore, ISDs SHOULD NOT use this term without providing a Therefore, IDOCs SHOULD NOT use this term without providing a
definition for it. If definition 1 is intended, ISDs can avoid definition for it. If definition 1 is intended, IDOCs can avoid
ambiguity by using "fail-secure" instead. ambiguity by using "fail-secure" instead.
$ fail-secure $ fail-secure
(I) A mode of termination of system functions that prevents loss (I) A mode of termination of system functions that prevents loss
of secure state when a failure occurs or is detected in the system of secure state when a failure occurs or is detected in the system
(but the failure still might cause damage to some system resource (but the failure still might cause damage to some system resource
or system entity). (See: failure control. Compare: fail-safe.) or system entity). (See: failure control. Compare: fail-safe.)
$ fail-soft $ fail-soft
(I) Selective termination of affected, non-essential system (I) Selective termination of affected, non-essential system
skipping to change at page 119, line 7 skipping to change at page 119, line 7
initiated transactions or transmission of funds for the extension initiated transactions or transmission of funds for the extension
of credit or the custody, loan, exchange, or issuance of money." of credit or the custody, loan, exchange, or issuance of money."
[SET2] [SET2]
$ fingerprint $ fingerprint
1. (I) A pattern of curves formed by the ridges on a fingertip. 1. (I) A pattern of curves formed by the ridges on a fingertip.
(See: biometric authentication. Compare: thumbprint.) (See: biometric authentication. Compare: thumbprint.)
2. (D) /PGP/ A hash result ("key fingerprint") used to 2. (D) /PGP/ A hash result ("key fingerprint") used to
authenticate a public key or other data. [PGP] authenticate a public key or other data. [PGP]
Deprecated Definition: ISDs SHOULD NOT use this term with Deprecated Definition: IDOCs SHOULD NOT use this term with
definition 2, and SHOULD NOT use this term as a synonym for "hash definition 2, and SHOULD NOT use this term as a synonym for "hash
result" of *any* kind. Either use would mix concepts in a result" of *any* kind. Either use would mix concepts in a
potentially misleading way. potentially misleading way.
$ FIPS $ FIPS
(N) See: Federal Information Processing Standards. (N) See: Federal Information Processing Standards.
$ FIPS PUB 140 $ FIPS PUB 140
(N) The U.S. Government standard [FP140] for security requirements (N) The U.S. Government standard [FP140] for security requirements
to be met by a cryptographic module when the module is used to to be met by a cryptographic module when the module is used to
skipping to change at page 120, line 35 skipping to change at page 120, line 35
$ flaw $ flaw
1. (I) An error in the design, implementation, or operation of an 1. (I) An error in the design, implementation, or operation of an
information system. A flaw may result in a vulnerability. information system. A flaw may result in a vulnerability.
(Compare: vulnerability.) (Compare: vulnerability.)
2. (D) "An error of commission, omission, or oversight in a system 2. (D) "An error of commission, omission, or oversight in a system
that allows protection mechanisms to be bypassed." [NCSSG] that allows protection mechanisms to be bypassed." [NCSSG]
(Compare: vulnerability. See: brain-damaged.) (Compare: vulnerability. See: brain-damaged.)
Deprecated Definition: ISDs SHOULD NOT use this term with Deprecated Definition: IDOCs SHOULD NOT use this term with
definition 2; not every flaw is a vulnerability. definition 2; not every flaw is a vulnerability.
$ flaw hypothesis methodology $ flaw hypothesis methodology
(I) An evaluation or attack technique in which specifications and (I) An evaluation or attack technique in which specifications and
documentation for a system are analyzed to hypothesize flaws in documentation for a system are analyzed to hypothesize flaws in
the system. The list of hypothetical flaws is prioritized on the the system. The list of hypothetical flaws is prioritized on the
basis of the estimated probability that a flaw exists and, basis of the estimated probability that a flaw exists and,
assuming it does, on the ease of exploiting it and the extent of assuming it does, on the ease of exploiting it and the extent of
control or compromise it would provide. The prioritized list is control or compromise it would provide. The prioritized list is
used to direct a penetration test or attack against the system. used to direct a penetration test or attack against the system.
skipping to change at page 123, line 13 skipping to change at page 123, line 13
(O) See: For Official Use Only. (O) See: For Official Use Only.
$ FPKI $ FPKI
(O) See: Federal Public-Key Infrastructure. (O) See: Federal Public-Key Infrastructure.
$ fraggle attack $ fraggle attack
(D) /slang/ A synonym for "smurf attack". (D) /slang/ A synonym for "smurf attack".
Deprecated Term: It is likely that other cultures use different Deprecated Term: It is likely that other cultures use different
metaphors for this concept. Therefore, to avoid international metaphors for this concept. Therefore, to avoid international
misunderstanding, ISDs SHOULD NOT use this term. misunderstanding, IDOCs SHOULD NOT use this term.
Derivation: The Fraggles are a fictional race of small humanoids Derivation: The Fraggles are a fictional race of small humanoids
(represented as hand puppets in a children's television series, (represented as hand puppets in a children's television series,
"Fraggle Rock") that live underground. "Fraggle Rock") that live underground.
$ frequency hopping $ frequency hopping
(N) "Repeated switching of frequencies during radio transmission (N) "Repeated switching of frequencies during radio transmission
according to a specified algorithm." [C4009] (See: spread according to a specified algorithm." [C4009] (See: spread
spectrum.) spectrum.)
skipping to change at page 125, line 24 skipping to change at page 125, line 24
1. (N) "Relative fineness to which an access control mechanism can 1. (N) "Relative fineness to which an access control mechanism can
be adjusted." [C4009] be adjusted." [C4009]
2. (O) "The size of the smallest protectable unit of information" 2. (O) "The size of the smallest protectable unit of information"
in a trusted system. [Huff] in a trusted system. [Huff]
$ Green Book $ Green Book
(D) /slang/ Synonym for "Defense Password Management Guideline" (D) /slang/ Synonym for "Defense Password Management Guideline"
[CSC2]. [CSC2].
Deprecated Term: Except as an explanatory appositive, ISDs SHOULD Deprecated Term: Except as an explanatory appositive, IDOCs SHOULD
NOT use this term, regardless of the associated definition. NOT use this term, regardless of the associated definition.
Instead, use the full proper name of the document or, in Instead, use the full proper name of the document or, in
subsequent references, a conventional abbreviation. (See: Rainbow subsequent references, a conventional abbreviation. (See: Rainbow
Series.) Series.)
Deprecated Usage: To improve international comprehensibility of Deprecated Usage: To improve international comprehensibility of
Internet Standards and the Internet Standards Process, ISDs SHOULD Internet Standards and the Internet Standards Process, IDOCs
NOT use "cute" synonyms. No matter how clearly understood or SHOULD NOT use "cute" synonyms. No matter how clearly understood
popular a nickname may be in one community, it is likely to cause or popular a nickname may be in one community, it is likely to
confusion or offense in others. For example, several other cause confusion or offense in others. For example, several other
information system standards also are called "the Green Book"; the information system standards also are called "the Green Book"; the
following are some examples: following are some examples:
- Each volume of 1992 ITU-T (known at that time as CCITT) - Each volume of 1992 ITU-T (known at that time as CCITT)
standards. standards.
- "PostScript Language Program Design", Adobe Systems, Addison- - "PostScript Language Program Design", Adobe Systems, Addison-
Wesley, 1988. Wesley, 1988.
- IEEE 1003.1 POSIX Operating Systems Interface. - IEEE 1003.1 POSIX Operating Systems Interface.
- "Smalltalk-80: Bits of History, Words of Advice", Glenn - "Smalltalk-80: Bits of History, Words of Advice", Glenn
Krasner, Addison-Wesley, 1983. Krasner, Addison-Wesley, 1983.
- "X/Open Compatibility Guide". - "X/Open Compatibility Guide".
skipping to change at page 128, line 12 skipping to change at page 128, line 12
protections of mandatory access control and (b) the identity-based protections of mandatory access control and (b) the identity-based
protections of discretionary access control; usually involves protections of discretionary access control; usually involves
administrative security. administrative security.
$ Handling Restrictions field $ Handling Restrictions field
(I) A 16-bit field that specifies a control and release marking in (I) A 16-bit field that specifies a control and release marking in
the security option (option type 130) of IP's datagram header the security option (option type 130) of IP's datagram header
format. The valid field values are alphanumeric digraphs assigned format. The valid field values are alphanumeric digraphs assigned
by the U.S. Government, as specified in RFC 791. by the U.S. Government, as specified in RFC 791.
Deprecated Abbreviation: ISDs SHOULD NOT use the abbreviation "H Deprecated Abbreviation: IDOCs SHOULD NOT use the abbreviation "H
field" because it is potentially ambiguous. Instead, use "Handling field" because it is potentially ambiguous. Instead, use "Handling
Restrictions field". Restrictions field".
$ handshake $ handshake
(I) Protocol dialogue between two systems for identifying and (I) Protocol dialogue between two systems for identifying and
authenticating themselves to each other, or for synchronizing authenticating themselves to each other, or for synchronizing
their operations with each other. their operations with each other.
$ Handshake Protocol $ Handshake Protocol
(I) /TLS/ The TLS Handshake Protocol consists of three parts (I) /TLS/ The TLS Handshake Protocol consists of three parts
(i.e., subprotocols) that enable peer entities to agree upon (i.e., subprotocols) that enable peer entities to agree upon
security parameters for the record layer, authenticate themselves security parameters for the record layer, authenticate themselves
to each other, instantiate negotiated security parameters, and to each other, instantiate negotiated security parameters, and
report error conditions to each other. [R2246] report error conditions to each other. [R4346]
$ harden $ harden
(I) To protect a system by configuring it to operate in a way that (I) To protect a system by configuring it to operate in a way that
eliminates or mitigates known vulnerabilities. Example: [RSCG]. eliminates or mitigates known vulnerabilities. Example: [RSCG].
(See: default account.) (See: default account.)
$ hardware $ hardware
(I) The material physical components of an information system. (I) The material physical components of an information system.
(See: firmware, software.) (See: firmware, software.)
$ hardware error $ hardware error
(I) /threat action/ See: secondary definitions under "corruption", (I) /threat action/ See: secondary definitions under "corruption",
"exposure", and "incapacitation". "exposure", and "incapacitation".
$ hardware token $ hardware token
See: token. See: token.
$ hash code $ hash code
(D) Synonym for "hash result" or "hash function". (D) Synonym for "hash result" or "hash function".
Deprecated Term: ISDs SHOULD NOT use this term; it mixes concepts Deprecated Term: IDOCs SHOULD NOT use this term; it mixes concepts
in a potentially misleading way. A hash result is not a "code", in a potentially misleading way. A hash result is not a "code",
and a hash function does not "encode" in any sense defined by this and a hash function does not "encode" in any sense defined by this
glossary. (See: hash value, message digest.) glossary. (See: hash value, message digest.)
$ hash function $ hash function
1. (I) A function H that maps an arbitrary, variable-length bit 1. (I) A function H that maps an arbitrary, variable-length bit
string, s, into a fixed-length string, h = H(s) (called the "hash string, s, into a fixed-length string, h = H(s) (called the "hash
result"). For most computing applications, it is desirable that result"). For most computing applications, it is desirable that
given a string s with H(s) = h, any change to s that creates a given a string s with H(s) = h, any change to s that creates a
different string s' will result in an unpredictable hash result different string s' will result in an unpredictable hash result
skipping to change at page 129, line 55 skipping to change at page 129, line 55
the same hash result. (See: birthday attack.) the same hash result. (See: birthday attack.)
$ hash result $ hash result
1. (I) The output of a hash function. (See: hash code, hash value. 1. (I) The output of a hash function. (See: hash code, hash value.
Compare: hash value.) Compare: hash value.)
2. (O) "The output produced by a hash function upon processing a 2. (O) "The output produced by a hash function upon processing a
message" (where "message" is broadly defined as "a digital message" (where "message" is broadly defined as "a digital
representation of data"). [DSG] representation of data"). [DSG]
Usage: ISDs SHOULD avoid the unusual usage of "message" that is Usage: IDOCs SHOULD avoid the unusual usage of "message" that is
seen in the "O" definition. seen in the "O" definition.
$ hash value $ hash value
(D) Synonym for "hash result". (D) Synonym for "hash result".
Deprecated Term: ISDs SHOULD NOT use this term for the output of a Deprecated Term: IDOCs SHOULD NOT use this term for the output of
hash function; the term could easily be confused with "hashed a hash function; the term could easily be confused with "hashed
value", which means the input to a hash function. (See: hash code, value", which means the input to a hash function. (See: hash code,
hash result, message digest.) hash result, message digest.)
$ HDM $ HDM
(O) See: Hierarchical Development Methodology. (O) See: Hierarchical Development Methodology.
$ Hierarchical Development Methodology (HDM) $ Hierarchical Development Methodology (HDM)
(O) A methodology, language, and integrated set of software tools (O) A methodology, language, and integrated set of software tools
developed at SRI International for specifying, coding, and developed at SRI International for specifying, coding, and
verifying software to produce correct and reliable programs. verifying software to produce correct and reliable programs.
skipping to change at page 130, line 35 skipping to change at page 130, line 35
(Compare: mesh PKI, trust-file PKI.) (Compare: mesh PKI, trust-file PKI.)
$ hierarchy management $ hierarchy management
(I) The process of generating configuration data and issuing (I) The process of generating configuration data and issuing
public-key certificates to build and operate a certification public-key certificates to build and operate a certification
hierarchy. (See: certificate management.) hierarchy. (See: certificate management.)
$ hierarchy of trust $ hierarchy of trust
(D) Synonym for "certification hierarchy". (D) Synonym for "certification hierarchy".
Deprecated Term: ISDs SHOULD NOT use this term; it mixes concepts Deprecated Term: IDOCs SHOULD NOT use this term; it mixes concepts
in a potentially misleading way. (See: certification hierarchy, in a potentially misleading way. (See: certification hierarchy,
trust, web of trust.) trust, web of trust.)
$ high-assurance guard $ high-assurance guard
(O) "An oxymoron," said Lt. Gen. William H. Campbell, former U.S. (O) "An oxymoron," said Lt. Gen. William H. Campbell, former U.S.
Army chief information officer, speaking at an Armed Forces Army chief information officer, speaking at an Armed Forces
Communications and Electronics Association conference. Communications and Electronics Association conference.
Usage: ISDs that use this term SHOULD state a definition for it Usage: IDOCs that use this term SHOULD state a definition for it
because the term mixes concepts and could easily be misunderstood. because the term mixes concepts and could easily be misunderstood.
$ hijack attack $ hijack attack
(I) A form of active wiretapping in which the attacker seizes (I) A form of active wiretapping in which the attacker seizes
control of a previously established communication association. control of a previously established communication association.
(See: man-in-the-middle attack, pagejacking, piggyback attack.) (See: man-in-the-middle attack, pagejacking, piggyback attack.)
$ HIPAA $ HIPAA
(N) Health Information Portability and Accountability Act of 1996, (N) Health Information Portability and Accountability Act of 1996,
a U.S. law (Public Law 104-191) that is intended to protect the a U.S. law (Public Law 104-191) that is intended to protect the
skipping to change at page 131, line 44 skipping to change at page 131, line 44
faster or stronger hash is found or required. faster or stronger hash is found or required.
$ honey pot $ honey pot
(N) A system (e.g., a web server) or system resource (e.g., a file (N) A system (e.g., a web server) or system resource (e.g., a file
on a server) that is designed to be attractive to potential on a server) that is designed to be attractive to potential
crackers and intruders, like honey is attractive to bears. (See: crackers and intruders, like honey is attractive to bears. (See:
entrapment.) entrapment.)
Usage: It is likely that other cultures use different metaphors Usage: It is likely that other cultures use different metaphors
for this concept. Therefore, to avoid international for this concept. Therefore, to avoid international
misunderstanding, an ISD SHOULD NOT use this term without misunderstanding, an IDOC SHOULD NOT use this term without
providing a definition for it. (See: Deprecated Usage under "Green providing a definition for it. (See: Deprecated Usage under "Green
Book.") Book.")
$ host $ host
1. (I) /general/ A computer that is attached to a communication 1. (I) /general/ A computer that is attached to a communication
subnetwork or internetwork and can use services provided by the subnetwork or internetwork and can use services provided by the
network to exchange data with other attached systems. (See: end network to exchange data with other attached systems. (See: end
system. Compare: server.) system. Compare: server.)
2. (I) /IPS/ A networked computer that does not forward IP packets 2. (I) /IPS/ A networked computer that does not forward IP packets
skipping to change at page 133, line 52 skipping to change at page 133, line 52
$ IDEA $ IDEA
(N) See: International Data Encryption Algorithm. (N) See: International Data Encryption Algorithm.
$ identification $ identification
(I) An act or process that presents an identifier to a system so (I) An act or process that presents an identifier to a system so
that the system can recognize a system entity and distinguish it that the system can recognize a system entity and distinguish it
from other entities. (See: authentication.) from other entities. (See: authentication.)
$ identification information $ identification information
(D) Synonym for either "identifier" or "authentication (D) Synonym for "identifier"; synonynm for "authentication
information". (See: authentication.) information". (See: authentication, identifying information.)
Deprecated Definition: ISDs SHOULD NOT use this term as a synonym Deprecated Term: IDOCs SHOULD NOT use this term as a synonym for
for either of those terms; that would be duplicative and would mix either of those terms; this term (a) is not as precise as they are
concepts in a potentially misleading way. Instead, use and (b) mixes concepts in a potentially misleading way. Instead,
"identifier" or "authentication information ", depending on what use "identifier" or "authentication information", depending on
is meant. what is meant.
$ Identification Protocol $ Identification Protocol
(I) An client-server Internet protocol [R1413] for learning the (I) An client-server Internet protocol [R1413] for learning the
identity of a user of a particular TCP connection. identity of a user of a particular TCP connection.
Tutorial: Given a TCP port number pair, the server returns a Tutorial: Given a TCP port number pair, the server returns a
character string that identifies the owner of that connection on character string that identifies the owner of that connection on
the server's system. The protocol does not provide an the server's system. The protocol does not provide an
authentication service and is not intended for authorization or authentication service and is not intended for authorization or
access control. At best, it provides additional auditing access control. At best, it provides additional auditing
skipping to change at page 134, line 35 skipping to change at page 134, line 35
Tutorial: Identifiers for system entities must be assigned very Tutorial: Identifiers for system entities must be assigned very
carefully, because authenticated identities are the basis for carefully, because authenticated identities are the basis for
other security services, such as access control service. other security services, such as access control service.
$ identifier credential $ identifier credential
1. (I) See: /authentication/ under "credential". 1. (I) See: /authentication/ under "credential".
2. (D) Synonym for "signature certificate". 2. (D) Synonym for "signature certificate".
Usage: ISDs that use this term SHOULD state a definition for it Usage: IDOCs that use this term SHOULD state a definition for it
because the term is used in many ways and could easily be because the term is used in many ways and could easily be
misunderstood. misunderstood.
$ identifying information
(D) Synonym for "identifier"; synonynm for "authentication
information". (See: authentication, identification information.)
Deprecated Term: IDOCs SHOULD NOT use this term as a synonym for
either of those terms; this term (a) is not as precise as they are
and (b) mixes concepts in a potentially misleading way. Instead,
use "identifier" or "authentication information", depending on
what is meant.
$ identity $ identity
(I) The collective aspect of a set of attribute values (i.e., a (I) The collective aspect of a set of attribute values (i.e., a
set of characteristics) by which a system user or other system set of characteristics) by which a system user or other system
entity is recognizable or known. (See: authenticate, registration. entity is recognizable or known. (See: authenticate, registration.
Compare: identifier.) Compare: identifier.)
Usage: An ISD MAY apply this term to either a single entity or a Usage: An IDOC MAY apply this term to either a single entity or a
set of entities. If an ISD involves both meanings, the ISD SHOULD set of entities. If an IDOC involves both meanings, the IDOC
use the following terms and definitions to avoid ambiguity: SHOULD use the following terms and definitions to avoid ambiguity:
- "Singular identity": An identity that is registered for an - "Singular identity": An identity that is registered for an
entity that is one person or one process. entity that is one person or one process.
- "Shared identity": An identity that is registered for an entity - "Shared identity": An identity that is registered for an entity
that is a set of singular entities (1) in which each member is that is a set of singular entities (1) in which each member is
authorized to assume the identity individually and (2) for authorized to assume the identity individually and (2) for
which the registering system maintains a record of the singular which the registering system maintains a record of the singular
entities that comprise the set. In this case, we would expect entities that comprise the set. In this case, we would expect
each member entity to be registered with a singular identity each member entity to be registered with a singular identity
before becoming associated with the shared identity. before becoming associated with the shared identity.
- "Group identity": An identity that is registered for an entity - "Group identity": An identity that is registered for an entity
skipping to change at page 136, line 43 skipping to change at page 136, line 43
$ identity-based security policy $ identity-based security policy
(I) "A security policy based on the identities and/or attributes (I) "A security policy based on the identities and/or attributes
of users, a group of users, or entities acting on behalf of the of users, a group of users, or entities acting on behalf of the
users and the resources/objects being accessed." [I7498-2] (See: users and the resources/objects being accessed." [I7498-2] (See:
rule-based security policy.) rule-based security policy.)
$ identity proofing $ identity proofing
(I) A process that vets and verifies the information that is used (I) A process that vets and verifies the information that is used
to establish the identity of a system entity. (See: registration.) to establish the identity of a system entity. (See: registration.)
$ IDOC
(I) An abbreviation used in this Glossary to refer to a document
or other item of written material that is generated in the
Internet Standards Process (RFC 2026), i.e., an RFC, an Internet-
Draft, or some other item of discourse.
Deprecated Usage: This abbreviation SHOULD NOT be used in an IDOC
unless it is first defined in the IDOC because the abbreviation
was invented for this Glossary and is not widely known.
$ IDS $ IDS
(I) See: intrusion detection system. (I) See: intrusion detection system.
$ IEEE $ IEEE
(N) See: Institute of Electrical and Electronics Engineers, Inc. (N) See: Institute of Electrical and Electronics Engineers, Inc.
$ IEEE 802.10 $ IEEE 802.10
(N) An IEEE committee developing security standards for local area (N) An IEEE committee developing security standards for LANs.
networks. (See: SILS.) (See: SILS.)
$ IEEE P1363 $ IEEE P1363
(N) An IEEE working group, Standard for Public-Key Cryptography, (N) An IEEE working group, Standard for Public-Key Cryptography,
engaged in developing a comprehensive reference standard for engaged in developing a comprehensive reference standard for
asymmetric cryptography. Covers discrete logarithm (e.g., DSA), asymmetric cryptography. Covers discrete logarithm (e.g., DSA),
elliptic curve, and integer factorization (e.g., RSA); and covers elliptic curve, and integer factorization (e.g., RSA); and covers
key agreement, digital signature, and encryption. key agreement, digital signature, and encryption.
$ IESG $ IESG
(I) See: Internet Engineering Steering Group. (I) See: Internet Engineering Steering Group.
skipping to change at page 141, line 31 skipping to change at page 141, line 41
from B with a source address that is not within the range of from B with a source address that is not within the range of
legitimately advertised addresses for B. This method does not legitimately advertised addresses for B. This method does not
prevent all attacks that can originate from B, but the actual prevent all attacks that can originate from B, but the actual
source of such attacks can be more easily traced because the source of such attacks can be more easily traced because the
originating network is known. originating network is known.
$ initialization value (IV) $ initialization value (IV)
(I) /cryptography/ An input parameter that sets the starting state (I) /cryptography/ An input parameter that sets the starting state
of a cryptographic algorithm or mode. (Compare: activation data.) of a cryptographic algorithm or mode. (Compare: activation data.)
Usage: Sometimes called "initialization vector" or "message
indicator", but ISDs SHOULD NOT use these synonyms because they
mix concepts in potentially confusing ways.
Tutorial: An IV can be used to synchronize one cryptographic Tutorial: An IV can be used to synchronize one cryptographic
process with another; e.g., CBC, CFB, and OFB use IVs. An IV also process with another; e.g., CBC, CFB, and OFB use IVs. An IV also
can be used to introduce cryptographic variance (see: salt) can be used to introduce cryptographic variance (see: salt)
besides that provided by a key. besides that provided by a key.
$ initialization vector $ initialization vector
(D) /cryptographic function/ Synonym for "initialization value". (D) /cryptography/ Synonym for "initialization value".
Deprecated Term: To avoid international misunderstanding, ISDs Deprecated Term: To avoid international misunderstanding, IDOCs
SHOULD NOT use this term in the context of cryptographic functions SHOULD NOT use this term in the context of cryptography because
because the term's dictionary definition includes the concept of most dictionary definitions of "vector" includes a concept of
direction, which is not intended in cryptographic use. direction or magnitude, which are irrelevant to cryptographic use.
$ insertion $ insertion
1. (I) /packet/ See: secondary definition under "stream integrity 1. (I) /packet/ See: secondary definition under "stream integrity
service". service".
2. (I) /threat action/ See: secondary definition under 2. (I) /threat action/ See: secondary definition under
"falsification". "falsification".
$ inside attack $ inside attack
(I) See: secondary definition under "attack". Compare: insider. (I) See: secondary definition under "attack". Compare: insider.
skipping to change at page 143, line 4 skipping to change at page 143, line 10
$ integrity $ integrity
See: data integrity, datagram integrity service, correctness See: data integrity, datagram integrity service, correctness
integrity, source integrity, stream integrity service, system integrity, source integrity, stream integrity service, system
integrity. integrity.
$ integrity check $ integrity check
(D) A computation that is part of a mechanism to provide data (D) A computation that is part of a mechanism to provide data
integrity service or data origin authentication service. (Compare: integrity service or data origin authentication service. (Compare:
checksum.) checksum.)
Deprecated Term: ISDs SHOULD NOT use this term as a synonym for
Deprecated Term: IDOCs SHOULD NOT use this term as a synonym for
"cryptographic hash" or "protected checksum". This term "cryptographic hash" or "protected checksum". This term
unnecessarily duplicates the meaning of other, well-established unnecessarily duplicates the meaning of other, well-established
terms; this term only mentions integrity, even though the intended terms; this term only mentions integrity, even though the intended
service may be data origin authentication; and not every checksum service may be data origin authentication; and not every checksum
is cryptographically protected. is cryptographically protected.
$ integrity label $ integrity label
(I) A security label that tells the degree of confidence that may (I) A security label that tells the degree of confidence that may
be placed in the data, and may also tell what countermeasures are be placed in the data, and may also tell what countermeasures are
required to be applied to protect the data against from alteration required to be applied to protect the data against from alteration
skipping to change at page 143, line 48 skipping to change at page 143, line 55
system and that contains the data but was not intended to system and that contains the data but was not intended to
communicate the data. (See: emanation.) communicate the data. (See: emanation.)
$ interference $ interference
(I) /threat action/ See: secondary definition under "obstruction". (I) /threat action/ See: secondary definition under "obstruction".
$ intermediate CA $ intermediate CA
(D) The CA that issues a cross-certificate to another CA. [X509] (D) The CA that issues a cross-certificate to another CA. [X509]
(See: cross-certification.) (See: cross-certification.)
Deprecated Term: ISDs SHOULD NOT use this term because it is not Deprecated Term: IDOCs SHOULD NOT use this term because it is not
widely known and mixes concepts in a potentially misleading way. widely known and mixes concepts in a potentially misleading way.
For example, suppose that end entity 1 ("EE1) is in one PKI For example, suppose that end entity 1 ("EE1) is in one PKI
("PKI1"), end entity 2 ("EE2) is in another PKI ("PKI2"), and the ("PKI1"), end entity 2 ("EE2) is in another PKI ("PKI2"), and the
root in PKI1 ("CA1") cross-certifies the root CA in PKI2 ("CA2"). root in PKI1 ("CA1") cross-certifies the root CA in PKI2 ("CA2").
Then if EE1 constructs the certification path CA1-to-CA2-to-EE2 to Then if EE1 constructs the certification path CA1-to-CA2-to-EE2 to
validate a certificate of EE2, conventional English usage would validate a certificate of EE2, conventional English usage would
describe CA2 as being in the "intermediate" position in that path, describe CA2 as being in the "intermediate" position in that path,
not CA1. not CA1.
$ internal controls $ internal controls
skipping to change at page 144, line 37 skipping to change at page 144, line 44
$ internet, Internet $ internet, Internet
1. (I) /not capitalized/ Abbreviation of "internetwork". 1. (I) /not capitalized/ Abbreviation of "internetwork".
2. (I) /capitalized/ The Internet is the single, interconnected, 2. (I) /capitalized/ The Internet is the single, interconnected,
worldwide system of commercial, government, educational, and other worldwide system of commercial, government, educational, and other
computer networks that share (a) the protocol suite specified by computer networks that share (a) the protocol suite specified by
the IAB (RFC 2026) and (b) the name and address spaces managed by the IAB (RFC 2026) and (b) the name and address spaces managed by
the ICANN. (See: Internet Layer, Internet Protocol Suite.) the ICANN. (See: Internet Layer, Internet Protocol Suite.)
Usage: Use with definite article "the" when using as a noun. E.g., Usage: Use with definite article ("the") when using as a noun. For
say "My LAN is small, but the Internet is large." Don't say "My example, say "My LAN is small, but the Internet is large." Don't
LAN is small, but Internet is large." say "My LAN is small, but Internet is large."
$ Internet Architecture Board (IAB) $ Internet Architecture Board (IAB)
(I) A technical advisory group of the ISOC, chartered by the ISOC (I) A technical advisory group of the ISOC, chartered by the ISOC
Trustees to provide oversight of Internet architecture and Trustees to provide oversight of Internet architecture and
protocols and, in the context of Internet Standards, a body to protocols and, in the context of Internet Standards, a body to
which decisions of the IESG may be appealed. Responsible for which decisions of the IESG may be appealed. Responsible for
approving appointments to the IESG from among nominees submitted approving appointments to the IESG from among nominees submitted
by the IETF nominating committee. (RFC 2026) by the IETF nominating committee. (RFC 2026)
$ Internet Assigned Numbers Authority (IANA) $ Internet Assigned Numbers Authority (IANA)
skipping to change at page 146, line 16 skipping to change at page 146, line 22
chairs the IESG. (RFC 2026) chairs the IESG. (RFC 2026)
$ Internet Engineering Task Force (IETF) $ Internet Engineering Task Force (IETF)
(I) A self-organized group of people who make contributions to the (I) A self-organized group of people who make contributions to the
development of Internet technology. The principal body engaged in development of Internet technology. The principal body engaged in
developing Internet Standards, although not itself a part of the developing Internet Standards, although not itself a part of the
ISOC. Composed of Working Groups, which are arranged into Areas ISOC. Composed of Working Groups, which are arranged into Areas
(such as the Security Area), each coordinated by one or more Area (such as the Security Area), each coordinated by one or more Area
Directors. Nominations to the IAB and the IESG are made by a Directors. Nominations to the IAB and the IESG are made by a
committee selected at random from regular IETF meeting attendees committee selected at random from regular IETF meeting attendees
who have volunteered. (RFC 2026) [RFC 2323] who have volunteered. (RFCs 2026, 3935) [R2323]
$ Internet Key Exchange (IKE) $ Internet Key Exchange (IKE)
(I) An Internet, IPsec, key-establishment protocol [R4306] for (I) An Internet, IPsec, key-establishment protocol [R4306] for
putting in place authenticated keying material (a) for use with putting in place authenticated keying material (a) for use with
ISAKMP and (b) for other security associations, such as in AH and ISAKMP and (b) for other security associations, such as in AH and
ESP. ESP.
Tutorial: IKE is based on three earlier protocol designs: ISAKMP, Tutorial: IKE is based on three earlier protocol designs: ISAKMP,
OAKLEY, and SKEME. OAKLEY, and SKEME.
skipping to change at page 146, line 41 skipping to change at page 146, line 47
(I) An Internet protocol (RFC 2060) by which a client workstation (I) An Internet protocol (RFC 2060) by which a client workstation
can dynamically access a mailbox on a server host to manipulate can dynamically access a mailbox on a server host to manipulate
and retrieve mail messages that the server has received and is and retrieve mail messages that the server has received and is
holding for the client. (See: POP3.) holding for the client. (See: POP3.)
Tutorial: IMAP4 has mechanisms for optionally authenticating a Tutorial: IMAP4 has mechanisms for optionally authenticating a
client to a server and providing other security services. (See: client to a server and providing other security services. (See:
IMAP4 AUTHENTICATE.) IMAP4 AUTHENTICATE.)
$ Internet Open Trading Protocol (IOTP) $ Internet Open Trading Protocol (IOTP)
(I) An Internet protocol (RFC 2801) proposed as a general (I) An Internet protocol [R2801] proposed as a general framework
framework for Internet commerce, able to encapsulate transactions for Internet commerce, able to encapsulate transactions of various
of various proprietary payment systems (e.g., GeldKarte, Mondex, proprietary payment systems (e.g., GeldKarte, Mondex, SET, Visa
SET, Visa Cash). Provides optional security services by Cash). Provides optional security services by incorporating
incorporating various Internet security mechanisms (e.g., MD5) and various Internet security mechanisms (e.g., MD5) and protocols
protocols (e.g., TLS). (e.g., TLS).
$ Internet Policy Registration Authority (IPRA) $ Internet Policy Registration Authority (IPRA)
(I) An X.509-compliant CA that is the top CA of the Internet (I) An X.509-compliant CA that is the top CA of the Internet
certification hierarchy operated under the auspices of the ISOC certification hierarchy operated under the auspices of the ISOC
[R1422]. (See: /PEM/ under "certification hierarchy".) [R1422]. (See: /PEM/ under "certification hierarchy".)
$ Internet Private Line Interface (IPLI) $ Internet Private Line Interface (IPLI)
(O) A successor to the PLI, updated to use TCP/IP and newer (O) A successor to the PLI, updated to use TCP/IP and newer
military-grade COMSEC equipment (TSEC/KG-84). The IPLI was a military-grade COMSEC equipment (TSEC/KG-84). The IPLI was a
portable, modular system that was developed for use in tactical, portable, modular system that was developed for use in tactical,
skipping to change at page 147, line 33 skipping to change at page 147, line 39
protocols used there, such as AH and ESP, are just IP variations. protocols used there, such as AH and ESP, are just IP variations.
$ Internet Protocol security $ Internet Protocol security
See: IP Security Protocol. See: IP Security Protocol.
$ Internet Protocol Security Option (IPSO) $ Internet Protocol Security Option (IPSO)
(I) Refers to one of three types of IP security options, which are (I) Refers to one of three types of IP security options, which are
fields that may be added to an IP datagram for carrying security fields that may be added to an IP datagram for carrying security
information about the datagram. (Compare: IPsec.) information about the datagram. (Compare: IPsec.)
Deprecated Usage: ISDs SHOULD NOT use this term without a modifier Deprecated Usage: IDOCs SHOULD NOT use this term without a
to indicate which of the following three types is meant: modifier to indicate which of the following three types is meant:
- "DoD Basic Security Option" (IP option type 130): Defined for - "DoD Basic Security Option" (IP option type 130): Defined for
use on U.S. DoD common-use data networks. Identifies the DoD use on U.S. DoD common-use data networks. Identifies the DoD
classification level at which the datagram is to be protected classification level at which the datagram is to be protected
and the protection authorities whose rules apply to the and the protection authorities whose rules apply to the
datagram. (A "protection authority" is a National Access datagram. (A "protection authority" is a National Access
Program (e.g., GENSER, SIOP-ESI, SCI, NSA, Department of Program (e.g., GENSER, SIOP-ESI, SCI, NSA, Department of
Energy) or Special Access Program that specifies protection Energy) or Special Access Program that specifies protection
rules for transmission and processing of the information rules for transmission and processing of the information
contained in the datagram.) [R1108] contained in the datagram.) [R1108]
- "DoD Extended Security Option" (IP option type 133): Permits - "DoD Extended Security Option" (IP option type 133): Permits
skipping to change at page 148, line 52 skipping to change at page 149, line 6
|2.Data Link | +-------------+ |2.Data Link | +-------------+
| | LLC [I8802-2] - Network - The IPS does | | LLC [I8802-2] - Network - The IPS does
| | MAC [I8802-3] - Hardware - not include | | MAC [I8802-3] - Hardware - not include
+----------------+ - (or Network - standards for +----------------+ - (or Network - standards for
|1.Physical | Baseband - Substrate) - this layer. |1.Physical | Baseband - Substrate) - this layer.
+----------------+ Signaling [Stal] + - - - - - - + +----------------+ Signaling [Stal] + - - - - - - +
The diagram approximates how the five IPS layers align with the The diagram approximates how the five IPS layers align with the
seven OSIRM layers, and it offers examples of protocol stacks that seven OSIRM layers, and it offers examples of protocol stacks that
provide roughly equivalent electronic mail service over a private provide roughly equivalent electronic mail service over a private
local area network that uses baseband signaling. LAN that uses baseband signaling.
- IPS Application Layer: The user runs an application program. - IPS Application Layer: The user runs an application program.
The program selects the data transport service it needs -- The program selects the data transport service it needs --
either a sequence of data messages or a continuous stream of either a sequence of data messages or a continuous stream of
data -- and hands application data to the Transport Layer for data -- and hands application data to the Transport Layer for
delivery. delivery.
- IPS Transport Layer: This layer divides application data into - IPS Transport Layer: This layer divides application data into
packets, adds a destination address to each, and communicates packets, adds a destination address to each, and communicates
them end-to-end -- from one application program to another -- them end-to-end -- from one application program to another --
skipping to change at page 151, line 17 skipping to change at page 151, line 23
Internet. (RFC 2026) (Compare: RFC.) Internet. (RFC 2026) (Compare: RFC.)
Tutorial: The "Internet Standards Process" is an activity of the Tutorial: The "Internet Standards Process" is an activity of the
ISOC and is organized and managed by the IAB and the IESG. The ISOC and is organized and managed by the IAB and the IESG. The
process is concerned with all protocols, procedures, and process is concerned with all protocols, procedures, and
conventions used in or by the Internet, whether or not they are conventions used in or by the Internet, whether or not they are
part of the IPS. The "Internet Standards Track" has three levels part of the IPS. The "Internet Standards Track" has three levels
of increasing maturity: Proposed Standard, Draft Standard, and of increasing maturity: Proposed Standard, Draft Standard, and
Standard. (Compare: ISO, W3C.) Standard. (Compare: ISO, W3C.)
$ Internet Standards document (ISD)
(I) An RFC or an Internet-Draft that is produced as part of the
Internet Standards Process (RFC 2026). (See: Internet Standard.)
Deprecated Usage: ISDs that use this term SHOULD state a
definition for it because neither the term nor the abbreviation is
widely accepted.
$ internetwork $ internetwork
(I) A system of interconnected networks; a network of networks. (I) A system of interconnected networks; a network of networks.
Usually shortened to "internet". (See: internet, Internet.) Usually shortened to "internet". (See: internet, Internet.)
Tutorial: An internet can be built using OSIRM Layer 3 gateways to Tutorial: An internet can be built using OSIRM Layer 3 gateways to
implement connections between a set of similar subnetworks. With implement connections between a set of similar subnetworks. With
dissimilar subnetworks, i.e., subnetworks that differ in the Layer dissimilar subnetworks, i.e., subnetworks that differ in the Layer
3 protocol service they offer, an internet can be built by 3 protocol service they offer, an internet can be built by
implementing a uniform internetwork protocol (e.g., IP) that implementing a uniform internetwork protocol (e.g., IP) that
operates at the top of Layer 3 and hides the underlying operates at the top of Layer 3 and hides the underlying
skipping to change at page 153, line 45 skipping to change at page 153, line 43
$ IP Security Protocol (IPsec) $ IP Security Protocol (IPsec)
1a. (I) The name of the IETF working group that is specifying an 1a. (I) The name of the IETF working group that is specifying an
architecture [R2401] and set of protocols to provide security architecture [R2401] and set of protocols to provide security
services for IP traffic. (See: AH, ESP, IKE, SAD, SPD. Compare: services for IP traffic. (See: AH, ESP, IKE, SAD, SPD. Compare:
IPSO.) IPSO.)
1b. (I) A collective name for the IP security architecture [R2401] 1b. (I) A collective name for the IP security architecture [R2401]
and associated set of protocols (primarily AH, ESP, and IKE). and associated set of protocols (primarily AH, ESP, and IKE).
Usage: In ISDs that use the abbreviation "IPsec", the letters "IP" Usage: In IDOCs that use the abbreviation "IPsec", the letters
SHOULD be in upper case, and the letters "sec" SHOULD NOT. "IP" SHOULD be in upper case, and the letters "sec" SHOULD NOT.
Tutorial: The security services provided by IPsec include access Tutorial: The security services provided by IPsec include access
control service, connectionless data integrity service, data control service, connectionless data integrity service, data
origin authentication service, protection against replays origin authentication service, protection against replays
(detection of the arrival of duplicate datagrams, within a (detection of the arrival of duplicate datagrams, within a
constrained window), data confidentiality service, and limited constrained window), data confidentiality service, and limited
traffic-flow confidentiality. IPsec specifies (a) security traffic-flow confidentiality. IPsec specifies (a) security
protocols (AH and ESP), (b) security associations (what they are, protocols (AH and ESP), (b) security associations (what they are,
how they work, how they are managed, and associated processing), how they work, how they are managed, and associated processing),
(c) key management (IKE), and (d) algorithms for authentication (c) key management (IKE), and (d) algorithms for authentication
skipping to change at page 154, line 28 skipping to change at page 154, line 26
$ IPsec $ IPsec
(I) See: IP Security Protocol. (I) See: IP Security Protocol.
$ IPSO $ IPSO
(I) See: Internet Protocol Security Option. (I) See: Internet Protocol Security Option.
$ ISAKMP $ ISAKMP
(I) See: Internet Security Association and Key Management (I) See: Internet Security Association and Key Management
Protocol. Protocol.
$ ISD
(I) See: Internet Standards document.
$ ISO $ ISO
(I) International Organization for Standardization, a voluntary, (I) International Organization for Standardization, a voluntary,
non-treaty, non-government organization, established in 1947, with non-treaty, non-government organization, established in 1947, with
voting members that are designated standards bodies of voting members that are designated standards bodies of
participating nations and non-voting observer organizations. participating nations and non-voting observer organizations.
(Compare: ANSI, IETF, ITU-T, W3C.) (Compare: ANSI, IETF, ITU-T, W3C.)
Tutorial: Legally, ISO is a Swiss, non-profit, private Tutorial: Legally, ISO is a Swiss, non-profit, private
organization. ISO and the IEC (the International Electrotechnical organization. ISO and the IEC (the International Electrotechnical
Commission) form the specialized system for worldwide Commission) form the specialized system for worldwide
skipping to change at page 157, line 6 skipping to change at page 156, line 53
Tutorial: Kerberos was originally developed by Project Athena and Tutorial: Kerberos was originally developed by Project Athena and
is named for the mythical three-headed dog that guards Hades. The is named for the mythical three-headed dog that guards Hades. The
system architecture includes authentication servers and ticket- system architecture includes authentication servers and ticket-
granting servers that function as an ACC and a KDC. granting servers that function as an ACC and a KDC.
RFC 4556 describes extensions to the Kerberos specification that RFC 4556 describes extensions to the Kerberos specification that
modify the initial authentication exchange between a client and modify the initial authentication exchange between a client and
the KDC. The extensions employ public-key cryptography to enable the KDC. The extensions employ public-key cryptography to enable
the client and KDC to mutually authenticate and establish shared, the client and KDC to mutually authenticate and establish shared,
symmetric keys that are used to complete the exchange. (See: symmetric keys that are used to complete the exchange. (See:
PKINT.) PKINIT.)
$ kernel $ kernel
(I) A small, trusted part of a system that provides services on (I) A small, trusted part of a system that provides services on
which the other parts of the system depend. (See: security which the other parts of the system depend. (See: security
kernel.) kernel.)
$ Kernelized Secure Operating System (KSOS) $ Kernelized Secure Operating System (KSOS)
(O) An MLS computer operating system, designed to be a provably (O) An MLS computer operating system, designed to be a provably
secure replacement for UNIX Version 6, and consisting of a secure replacement for UNIX Version 6, and consisting of a
security kernel, non-kernel security-related utility programs, and security kernel, non-kernel security-related utility programs, and
skipping to change at page 158, line 29 skipping to change at page 158, line 25
$ key authentication $ key authentication
(N) "The assurance of the legitimate participants in a key (N) "The assurance of the legitimate participants in a key
agreement [i.e., in a key-agreement protocol] that no non- agreement [i.e., in a key-agreement protocol] that no non-
legitimate party possesses the shared symmetric key." [A9042] legitimate party possesses the shared symmetric key." [A9042]
$ key-auto-key (KAK) $ key-auto-key (KAK)
(D) "Cryptographic logic [i.e., a mode of operation] using (D) "Cryptographic logic [i.e., a mode of operation] using
previous key to produce key." [C4009, A1523] (See: CTAK, previous key to produce key." [C4009, A1523] (See: CTAK,
/cryptographic operation/ under "mode".) /cryptographic operation/ under "mode".)
Deprecated Term: ISDs SHOULD NOT use this term; it is neither Deprecated Term: IDOCs SHOULD NOT use this term; it is neither
well-known nor precisely defined. Instead, use terms associated well-known nor precisely defined. Instead, use terms associated
with modes that are defined in standards, such as CBC, CFB, and with modes that are defined in standards, such as CBC, CFB, and
OFB. OFB.
$ key center $ key center
(I) A centralized, key-distribution process (used in symmetric (I) A centralized, key-distribution process (used in symmetric
cryptography), usually a separate computer system, that uses cryptography), usually a separate computer system, that uses
master keys (i.e., KEKs) to encrypt and distribute session keys master keys (i.e., KEKs) to encrypt and distribute session keys
needed by a community of users. needed by a community of users.
skipping to change at page 160, line 44 skipping to change at page 160, line 40
key with (b) a bit string representation of the plaintext). key with (b) a bit string representation of the plaintext).
$ key length $ key length
(I) The number of symbols (usually stated as a number of bits) (I) The number of symbols (usually stated as a number of bits)
needed to be able to represent any of the possible values of a needed to be able to represent any of the possible values of a
cryptographic key. (See: key space.) cryptographic key. (See: key space.)
$ key lifetime $ key lifetime
1. (D) Synonym for "cryptoperiod". 1. (D) Synonym for "cryptoperiod".
Deprecated Definition: ISDs SHOULD NOT use this term with Deprecated Definition: IDOCs SHOULD NOT use this term with
definition 1 because a key's cryptoperiod may be only a part of definition 1 because a key's cryptoperiod may be only a part of
the key's lifetime. A key could be generated at some time prior to the key's lifetime. A key could be generated at some time prior to
when its cryptoperiod begins and might not be destroyed (i.e., when its cryptoperiod begins and might not be destroyed (i.e.,
zeroized) until some time after its cryptoperiod ends. zeroized) until some time after its cryptoperiod ends.
2. (O) /MISSI/ An attribute of a MISSI key pair that specifies a 2. (O) /MISSI/ An attribute of a MISSI key pair that specifies a
time span that bounds the validity period of any MISSI X.509 time span that bounds the validity period of any MISSI X.509
public-key certificate that contains the public component of the public-key certificate that contains the public component of the
pair. (See: cryptoperiod.) pair. (See: cryptoperiod.)
skipping to change at page 161, line 47 skipping to change at page 161, line 41
policy." [I7498-2] policy." [I7498-2]
$ Key Management Protocol (KMP) $ Key Management Protocol (KMP)
(N) A protocol to establish a shared symmetric key between a pair (N) A protocol to establish a shared symmetric key between a pair
(or a group) of users. (One version of KMP was developed by SDNS, (or a group) of users. (One version of KMP was developed by SDNS,
and another by SILS.) Superseded by ISAKMP and IKE. and another by SILS.) Superseded by ISAKMP and IKE.
$ key material $ key material
(D) Synonym for "keying material". (D) Synonym for "keying material".
Deprecated Usage: ISDs SHOULD NOT use this term as a synonym for Deprecated Usage: IDOCs SHOULD NOT use this term as a synonym for
"keying material". "keying material".
$ key pair $ key pair
(I) A set of mathematically related keys -- a public key and a (I) A set of mathematically related keys -- a public key and a
private key -- that are used for asymmetric cryptography and are private key -- that are used for asymmetric cryptography and are
generated in a way that makes it computationally infeasible to generated in a way that makes it computationally infeasible to
derive the private key from knowledge of the public key. (See: derive the private key from knowledge of the public key. (See:
Diffie-Hellman-Merkle, RSA.) Diffie-Hellman-Merkle, RSA.)
Tutorial: A key pair's owner discloses the public key to other Tutorial: A key pair's owner discloses the public key to other
system entities so they can use the key to (a) encrypt data, (b) system entities so they can use the key to (a) encrypt data, (b)
verify a digital signature, or (c) generate a key with a key- verify a digital signature, or (c) generate a key with a key-
agreement algorithm. The matching private key is kept secret by agreement algorithm. The matching private key is kept secret by
the owner, who uses it to (a') decrypt data, (b') generate a the owner, who uses it to (a') decrypt data, (b') generate a
digital signature, or (c') generate a key with a key-agreement digital signature, or (c') generate a key with a key-agreement
algorithm. algorithm.
$ key recovery $ key recovery
1. (I) /cryptanalysis/ A process for learning the value of a 1. (I) /cryptanalysis/ A process for learning the value of a
skipping to change at page 163, line 31 skipping to change at page 163, line 28
produce a new key. [C4009] produce a new key. [C4009]
$ key validation $ key validation
1. (I) "The procedure for the receiver of a public key to check 1. (I) "The procedure for the receiver of a public key to check
that the key conforms to the arithmetic requirements for such a that the key conforms to the arithmetic requirements for such a
key in order to thwart certain types of attacks." [A9042] (See: key in order to thwart certain types of attacks." [A9042] (See:
weak key) weak key)
2. (D) Synonym for "certificate validation". 2. (D) Synonym for "certificate validation".
Deprecated Usage: ISDs SHOULD NOT use the term as a synonym for Deprecated Usage: IDOCs SHOULD NOT use the term as a synonym for
"certificate validation"; that would unnecessarily duplicate the "certificate validation"; that would unnecessarily duplicate the
meaning of the latter term and mix concepts in a potentially meaning of the latter term and mix concepts in a potentially
misleading way. In validating an X.509 public-key certificate, the misleading way. In validating an X.509 public-key certificate, the
public key contained in the certificate is normally treated as an public key contained in the certificate is normally treated as an
opaque data object. opaque data object.
$ keyed hash $ keyed hash
(I) A cryptographic hash (e.g., [R1828]) in which the mapping to a (I) A cryptographic hash (e.g., [R1828]) in which the mapping to a
hash result is varied by a second input parameter that is a hash result is varied by a second input parameter that is a
cryptographic key. (See: checksum.) cryptographic key. (See: checksum.)
skipping to change at page 165, line 20 skipping to change at page 165, line 14
$ label $ label
See: time stamp, security label. See: time stamp, security label.
$ laboratory attack $ laboratory attack
(O) "Use of sophisticated signal recovery equipment in a (O) "Use of sophisticated signal recovery equipment in a
laboratory environment to recover information from data storage laboratory environment to recover information from data storage
media." [C4009] media." [C4009]
$ LAN $ LAN
(I) local area network. (I) Abbreviation for "local area network" [R1983]. (See: [FP191].)
$ land attack $ land attack
(I) A denial-of-service attack that sends an IP packet that (a) (I) A denial-of-service attack that sends an IP packet that (a)
has the same address in both the Source Address and Destination has the same address in both the Source Address and Destination
Address fields and (b) contains a TCP SYN packet that has the same Address fields and (b) contains a TCP SYN packet that has the same
port number in both the Source Port and Destination Port fields. port number in both the Source Port and Destination Port fields.
Derivation: This single-packet attack was named for "land", the Derivation: This single-packet attack was named for "land", the
program originally published by the cracker who invented this program originally published by the cracker who invented this
exploit. Perhaps that name was chosen because the inventor thought exploit. Perhaps that name was chosen because the inventor thought
of multi-packet (i.e., flooding) attacks as arriving by "sea". of multi-packet (i.e., flooding) attacks as arriving by sea.
$ Language of Temporal Ordering Specification (LOTOS) $ Language of Temporal Ordering Specification (LOTOS)
(N) A language (ISO 8807-1990) for formal specification of (N) A language (ISO 8807-1990) for formal specification of
computer network protocols; describes the order in which events computer network protocols; describes the order in which events
occur. occur.
$ lattice $ lattice
(I) A finite set together with a partial ordering on its elements (I) A finite set together with a partial ordering on its elements
such that for every pair of elements there is a least upper bound such that for every pair of elements there is a least upper bound
and a greatest lower bound. and a greatest lower bound.
Example: A lattice is formed by a finite set S of security levels Example: A lattice is formed by a finite set S of security levels
-- i.e., a set S of all ordered pairs (x,c), where x is one of a -- i.e., a set S of all ordered pairs (x,c), where x is one of a
finite set X of hierarchically ordered classification levels X(1), finite set X of hierarchically ordered classification levels X(1),
non-hierarchical categories C(1), ..., C(M) -- together with the non-hierarchical categories C(1), ..., C(M) -- together with the
"dominate" relation. Security level (x,c) is said to "dominate" "dominate" relation. Security level (x,c) is said to "dominate"
(x',c') if and only if (a) x is greater (higher) than or equal to (x',c') if and only if (a) x is greater (higher) than or equal to
x' and (b) c includes at least all of the elements of c'. (See: x' and (b) c includes at least all of the elements of c'. (See:
dominate, lattice model.) dominate, lattice model.)
Tutorial: Lattices are used in some branches of cryptography, both
as a basis for hard computational problems upon which
cryptographic algorithms can be defined, and also as a basis for
attacks on cryptographic algorithms.
$ lattice model $ lattice model
1. (I) A description of the semantic structure formed by a finite 1. (I) A description of the semantic structure formed by a finite
set of security levels, such as those used in military set of security levels, such as those used in military
organizations. (See: dominate, lattice, security model.) organizations. (See: dominate, lattice, security model.)
2. (I) /formal model/ A model for flow control in a system, based 2. (I) /formal model/ A model for flow control in a system, based
on the lattice that is formed by the finite security levels in a on the lattice that is formed by the finite security levels in a
system and their partial ordering. [Denn] system and their partial ordering. [Denn]
$ Law Enforcement Access Field (LEAF) $ Law Enforcement Access Field (LEAF)
(N) A data item that is automatically embedded in data encrypted (N) A data item that is automatically embedded in data encrypted
skipping to change at page 167, line 37 skipping to change at page 167, line 37
2. (I) /COMSEC/ The initial part, i.e., the first communication 2. (I) /COMSEC/ The initial part, i.e., the first communication
step or steps, of a protocol that is vulnerable to attack step or steps, of a protocol that is vulnerable to attack
(especially a man-in-the-middle attack) during that part but, if (especially a man-in-the-middle attack) during that part but, if
that part is completed without being attacked, is subsequently not that part is completed without being attacked, is subsequently not
vulnerable in later steps (i.e., results in a secure communication vulnerable in later steps (i.e., results in a secure communication
association for which no man-in-the-middle attack is possible). association for which no man-in-the-middle attack is possible).
Usage: This term is listed in English dictionaries, but their Usage: This term is listed in English dictionaries, but their
definitions are broad and can be interpreted in many ways in definitions are broad and can be interpreted in many ways in
Internet contexts. Similarly, the definition stated here can be Internet contexts. Similarly, the definition stated here can be
interpreted in several ways. Therefore, ISDs that use this term interpreted in several ways. Therefore, IDOCs that use this term
(especially ISDs that are protocol specifications) SHOULD state a (especially IDOCs that are protocol specifications) SHOULD state a
more specific definition for it. more specific definition for it.
Tutorial: In a protocol, a leap of faith typically consists of Tutorial: In a protocol, a leap of faith typically consists of
accepting a claim of peer identity, data origin, or data integrity accepting a claim of peer identity, data origin, or data integrity
without authenticating that claim. When a protocol includes such a without authenticating that claim. When a protocol includes such a
step, the protocol might also be designed so that if a man-in-the- step, the protocol might also be designed so that if a man-in-the-
middle attack succeeds during the vulnerable first part, then the middle attack succeeds during the vulnerable first part, then the
attacker must remain in the middle for all subsequent exchanges or attacker must remain in the middle for all subsequent exchanges or
else one of the legitimate parties will be able to detect the else one of the legitimate parties will be able to detect the
attack. attack.
skipping to change at page 169, line 52 skipping to change at page 169, line 52
$ low probability of intercept $ low probability of intercept
(I) Result of TRANSEC measures used to prevent interception of a (I) Result of TRANSEC measures used to prevent interception of a
communication. communication.
$ LOTOS $ LOTOS
(N) See: Language of Temporal Ordering Specification. (N) See: Language of Temporal Ordering Specification.
$ MAC $ MAC
(N) See: mandatory access control, Message Authentication Code. (N) See: mandatory access control, Message Authentication Code.
Deprecated Usage: ISDs that use this term SHOULD state a Deprecated Usage: IDOCs that use this term SHOULD state a
definition for it because this abbreviation is ambiguous. definition for it because this abbreviation is ambiguous.
$ magnetic remanence $ magnetic remanence
(N) Magnetic representation of residual information remaining on a (N) Magnetic representation of residual information remaining on a
magnetic medium after the medium has been cleared. [NCS25] (See: magnetic medium after the medium has been cleared. [NCS25] (See:
clear, degauss, purge.) clear, degauss, purge.)
$ main mode $ main mode
(I) See: /IKE/ under "mode". (I) See: /IKE/ under "mode".
skipping to change at page 170, line 29 skipping to change at page 170, line 29
$ malicious logic $ malicious logic
(I) Hardware, firmware, or software that is intentionally included (I) Hardware, firmware, or software that is intentionally included
or inserted in a system for a harmful purpose. (See: logic bomb, or inserted in a system for a harmful purpose. (See: logic bomb,
Trojan horse, spyware, virus, worm. Compare: secondary definitions Trojan horse, spyware, virus, worm. Compare: secondary definitions
under "corruption", "incapacitation", "masquerade", and "misuse".) under "corruption", "incapacitation", "masquerade", and "misuse".)
$ malware $ malware
(D) A contraction of "malicious software". (See: malicious logic.) (D) A contraction of "malicious software". (See: malicious logic.)
Deprecated Term: ISDs SHOULD NOT use this term; it is not listed Deprecated Term: IDOCs SHOULD NOT use this term; it is not listed
in most dictionaries and could confuse international readers. in most dictionaries and could confuse international readers.
$ MAN $ MAN
(I) metropolitan area network. (I) metropolitan area network.
$ man-in-the-middle attack $ man-in-the-middle attack
(I) A form of active wiretapping attack in which the attacker (I) A form of active wiretapping attack in which the attacker
intercepts and selectively modifies communicated data to intercepts and selectively modifies communicated data to
masquerade as one or more of the entities involved in a masquerade as one or more of the entities involved in a
communication association. (See: hijack attack, piggyback attack.) communication association. (See: hijack attack, piggyback attack.)
skipping to change at page 171, line 27 skipping to change at page 171, line 27
2. (O) "A means of restricting access to objects based on the 2. (O) "A means of restricting access to objects based on the
sensitivity (as represented by a label) of the information sensitivity (as represented by a label) of the information
contained in the objects and the formal authorization (i.e., contained in the objects and the formal authorization (i.e.,
clearance) of subjects to access information of such sensitivity." clearance) of subjects to access information of such sensitivity."
[DoD1] [DoD1]
$ manipulation detection code $ manipulation detection code
(D) Synonym for "checksum". (D) Synonym for "checksum".
Deprecated Term: ISDs SHOULD NOT use this term as a synonym for Deprecated Term: IDOCs SHOULD NOT use this term as a synonym for
"checksum"; the word "manipulation" implies protection against "checksum"; the word "manipulation" implies protection against
active attacks, which an ordinary checksum might not provide. active attacks, which an ordinary checksum might not provide.
Instead, if such protection is intended, use "protected checksum" Instead, if such protection is intended, use "protected checksum"
or some particular type thereof, depending on which is meant. If or some particular type thereof, depending on which is meant. If
such protection is not intended, use "error detection code" or such protection is not intended, use "error detection code" or
some specific type of checksum that is not protected. some specific type of checksum that is not protected.
$ marking $ marking
See: time stamp, security marking. See: time stamp, security marking.
skipping to change at page 171, line 49 skipping to change at page 171, line 49
(O) A symmetric, 128-bit block cipher with variable key length (O) A symmetric, 128-bit block cipher with variable key length
(128 to 448 bits), developed by IBM as a candidate for the AES. (128 to 448 bits), developed by IBM as a candidate for the AES.
$ Martian $ Martian
(D) /slang/ A packet that arrives unexpectedly at the wrong (D) /slang/ A packet that arrives unexpectedly at the wrong
address or on the wrong network because of incorrect routing or address or on the wrong network because of incorrect routing or
because it has a non-registered or ill-formed IP address. [R1208] because it has a non-registered or ill-formed IP address. [R1208]
Deprecated Term: It is likely that other cultures use different Deprecated Term: It is likely that other cultures use different
metaphors for this concept. Therefore, to avoid international metaphors for this concept. Therefore, to avoid international
misunderstanding, ISDs SHOULD NOT use this term. (See: Deprecated misunderstanding, IDOCs SHOULD NOT use this term. (See: Deprecated
Usage under "Green Book".) Usage under "Green Book".)
$ masquerade $ masquerade
(I) A type of threat action whereby an unauthorized entity gains (I) A type of threat action whereby an unauthorized entity gains
access to a system or performs a malicious act by illegitimately access to a system or performs a malicious act by illegitimately
posing as an authorized entity. (See: deception.) posing as an authorized entity. (See: deception.)
Usage: This type of threat action includes the following subtypes: Usage: This type of threat action includes the following subtypes:
- "Spoof": Attempt by an unauthorized entity to gain access to a - "Spoof": Attempt by an unauthorized entity to gain access to a
system by posing as an authorized user. system by posing as an authorized user.
- "Malicious logic": In context of masquerade, any hardware, - "Malicious logic": In context of masquerade, any hardware,
skipping to change at page 173, line 24 skipping to change at page 173, line 24
PKI, trust-file PKI.) PKI, trust-file PKI.)
$ Message Authentication Code (MAC), message authentication code $ Message Authentication Code (MAC), message authentication code
1. (N) /capitalized/ A specific ANSI standard for a checksum that 1. (N) /capitalized/ A specific ANSI standard for a checksum that
is computed with a keyed hash that is based on DES. [A9009] Usage: is computed with a keyed hash that is based on DES. [A9009] Usage:
a.k.a. Data Authentication Code, which is a U.S. Government a.k.a. Data Authentication Code, which is a U.S. Government
standard. [FP113] (See: MAC.) standard. [FP113] (See: MAC.)
2. (D) /not capitalized/ Synonym for "error detection code". 2. (D) /not capitalized/ Synonym for "error detection code".
Deprecated Term: ISDs SHOULD NOT use the uncapitalized form Deprecated Term: IDOCs SHOULD NOT use the uncapitalized form
"message authentication code". Instead, use "checksum", "error "message authentication code". Instead, use "checksum", "error
detection code", "hash", "keyed hash", "Message Authentication detection code", "hash", "keyed hash", "Message Authentication
Code", or "protected checksum", depending on what is meant. (See: Code", or "protected checksum", depending on what is meant. (See:
authentication code.) authentication code.)
The uncapitalized form mixes concepts in a potentially misleading The uncapitalized form mixes concepts in a potentially misleading
way. The word "message" is misleading because it implies that the way. The word "message" is misleading because it implies that the
mechanism is particularly suitable for or limited to electronic mechanism is particularly suitable for or limited to electronic
mail (see: Message Handling Systems). The word "authentication" is mail (see: Message Handling Systems). The word "authentication" is
misleading because the mechanism primarily serves a data integrity misleading because the mechanism primarily serves a data integrity
function rather than an authentication function. The word "code" function rather than an authentication function. The word "code"
is misleading because it implies that either encoding or is misleading because it implies that either encoding or
encryption is involved or that the term refers to computer encryption is involved or that the term refers to computer
software. software.
$ message digest $ message digest
(D) Synonym for "hash result". (See: cryptographic hash.) (D) Synonym for "hash result". (See: cryptographic hash.)
Deprecated Term: ISDs SHOULD NOT use this term as a synonym for Deprecated Term: IDOCs SHOULD NOT use this term as a synonym for
"hash result"; this term unnecessarily duplicates the meaning of "hash result"; this term unnecessarily duplicates the meaning of
the other, more general term and mixes concepts in a potentially the other, more general term and mixes concepts in a potentially
misleading way. The word "message" is misleading because it misleading way. The word "message" is misleading because it
implies that the mechanism is particularly suitable for or limited implies that the mechanism is particularly suitable for or limited
to electronic mail (see: Message Handling Systems). to electronic mail (see: Message Handling Systems).
$ message handling system $ message handling system
(D) Synonym for the Internet electronic mail system. (D) Synonym for the Internet electronic mail system.
Deprecated Term: ISDs SHOULD NOT use this term, because it could Deprecated Term: IDOCs SHOULD NOT use this term, because it could
be confused with Message Handling System. Instead, use "Internet be confused with Message Handling System. Instead, use "Internet
electronic mail" or some other, more specific term. electronic mail" or some other, more specific term.
$ Message Handling System $ Message Handling System
(O) A ITU-T system concept that encompasses the notion of (O) A ITU-T system concept that encompasses the notion of
electronic mail but defines more comprehensive OSI systems and electronic mail but defines more comprehensive OSI systems and
services that enable users to exchange messages on a store-and- services that enable users to exchange messages on a store-and-
forward basis. (The ISO equivalent is "Message Oriented Text forward basis. (The ISO equivalent is "Message Oriented Text
Interchange System".) (See: X.400.) Interchange System".) (See: X.400.)
$ message indicator $ message indicator
1. (D) /cryptographic function/ Synonym for "initialization 1. (D) /cryptographic function/ Synonym for "initialization
value". (Compare: indicator.) value". (Compare: indicator.)
2. (D) "Sequence of bits transmitted over a communications system 2. (D) "Sequence of bits transmitted over a communications system
for synchronizing cryptographic equipment." [C4009] for synchronizing cryptographic equipment." [C4009]
Deprecated Term: ISDs SHOULD NOT use this term as a synonym for Deprecated Term: IDOCs SHOULD NOT use this term as a synonym for
"initialization value"; the term mixes concepts in a potentially "initialization value"; the term mixes concepts in a potentially
misleading way. The word "message" is misleading because it misleading way. The word "message" is misleading because it
suggests that the mechanism is limited to electronic mail. (See: suggests that the mechanism is specific to electronic mail. (See:
Message Handling System.) Message Handling System.)
$ message integrity check $ message integrity check
$ message integrity code (MIC) $ message integrity code (MIC)
(D) Synonyms for some form of "checksum". (D) Synonyms for some form of "checksum".
Deprecated Term: ISDs SHOULD NOT use these terms for any form of Deprecated Term: IDOCs SHOULD NOT use these terms for any form of
checksum. Instead, use "checksum", "error detection code", "hash", checksum. Instead, use "checksum", "error detection code", "hash",
"keyed hash", "Message Authentication Code", or "protected "keyed hash", "Message Authentication Code", or "protected
checksum", depending on what is meant. checksum", depending on what is meant.
These two terms mix concepts in potentially misleading ways. The These two terms mix concepts in potentially misleading ways. The
word "message" is misleading because it suggests that the word "message" is misleading because it suggests that the
mechanism is particularly suitable for or limited to electronic mechanism is particularly suitable for or limited to electronic
mail. The word "integrity" is misleading because the checksum may mail. The word "integrity" is misleading because the checksum may
be used to perform a data origin authentication function rather be used to perform a data origin authentication function rather
than an integrity function. The word "code" is misleading because than an integrity function. The word "code" is misleading because
skipping to change at page 175, line 16 skipping to change at page 175, line 16
Meta-data can be associated with a data object in two basic ways: Meta-data can be associated with a data object in two basic ways:
- Explicitly: Be part of the data object (e.g., a header field of - Explicitly: Be part of the data object (e.g., a header field of
a data file or packet) or be linked to the object. a data file or packet) or be linked to the object.
- Implicitly: Be associated with the data object because of some - Implicitly: Be associated with the data object because of some
other, explicit attribute of the object. other, explicit attribute of the object.
$ metadata, Metadata(trademark), METADATA(trademark) $ metadata, Metadata(trademark), METADATA(trademark)
(D) Proprietary variants of "meta-data". (See: SPAM(trademark).) (D) Proprietary variants of "meta-data". (See: SPAM(trademark).)
Deprecated Usage: ISDs SHOULD NOT use these unhypenated forms; Deprecated Usage: IDOCs SHOULD NOT use these unhypenated forms;
ISDs SHOULD use only the uncapitalized, hyphenated "meta-data". IDOCs SHOULD use only the uncapitalized, hyphenated "meta-data".
The terms "Metadata" and "METADATA" are claimed as registered The terms "Metadata" and "METADATA" are claimed as registered
trademarks (numbers 1,409,260 and 2,185,504) owned by The Metadata trademarks (numbers 1,409,260 and 2,185,504) owned by The Metadata
Company, originally known as Metadata Information Partners, a Company, originally known as Metadata Information Partners, a
company founded by Jack Myers. The status of "metadata" is company founded by Jack Myers. The status of "metadata" is
unclear. unclear.
$ MHS $ MHS
(N) See: message handling system. (N) See: message handling system.
$ MIC $ MIC
skipping to change at page 177, line 51 skipping to change at page 177, line 51
installation or execution by the recipient." installation or execution by the recipient."
2a. (O) /U.S. DoD/ "Technology that enables the creation of 2a. (O) /U.S. DoD/ "Technology that enables the creation of
executable information that can be delivered to an information executable information that can be delivered to an information
system and directly executed on any hardware/software architecture system and directly executed on any hardware/software architecture
that has an appropriate host execution environment." that has an appropriate host execution environment."
2b. (O) "Programs (e.g., script, macro, or other portable 2b. (O) "Programs (e.g., script, macro, or other portable
instruction) that can be shipped unchanged to a heterogeneous instruction) that can be shipped unchanged to a heterogeneous
collection of platforms and executed with identical semantics" collection of platforms and executed with identical semantics"
[SP-28]. (See: active content.) [SP28]. (See: active content.)
Tutorial: Mobile code might be malicious. Using techniques such as Tutorial: Mobile code might be malicious. Using techniques such as
"code signing" and a "sandbox" can reduce the risks of receiving "code signing" and a "sandbox" can reduce the risks of receiving
and executing mobile code. and executing mobile code.
$ mode $ mode
$ mode of operation $ mode of operation
1. (I) /cryptographic operation/ A technique for enhancing the 1. (I) /cryptographic operation/ A technique for enhancing the
effect of a cryptographic algorithm or adapting the algorithm for effect of a cryptographic algorithm or adapting the algorithm for
an application, such as applying a block cipher to a sequence of an application, such as applying a block cipher to a sequence of
skipping to change at page 182, line 47 skipping to change at page 182, line 47
(I) A penetration technique in which an intruder avoids detection (I) A penetration technique in which an intruder avoids detection
and traceback by using multiple linked communication networks to and traceback by using multiple linked communication networks to
access and attack a system. [C4009] access and attack a system. [C4009]
$ NIAP $ NIAP
(N) See: National Information Assurance Partnership. (N) See: National Information Assurance Partnership.
$ nibble $ nibble
(D) Half of a byte (i.e., usually, 4 bits). (D) Half of a byte (i.e., usually, 4 bits).
Deprecated Term: To avoid international misunderstanding, ISDs Deprecated Term: To avoid international misunderstanding, IDOCs
SHOULD NOT use this term; instead, state the size of the block SHOULD NOT use this term; instead, state the size of the block
explicitly (e.g., "4-bit block"). (See: Deprecated Usage under explicitly (e.g., "4-bit block"). (See: Deprecated Usage under
"Green Book".) "Green Book".)
$ NIPRNET $ NIPRNET
(O) The U.S. DoD's common-use Non-Classified Internet Protocol (O) The U.S. DoD's common-use Non-Classified Internet Protocol
Router Network; the part of the Internet that is wholly controlled Router Network; the part of the Internet that is wholly controlled
by the U.S. DoD and is used for official DoD business. by the U.S. DoD and is used for official DoD business.
$ NIST $ NIST
skipping to change at page 183, line 53 skipping to change at page 183, line 53
can deny that it sent a data object, or it can deny that it can deny that it sent a data object, or it can deny that it
received a data object -- and, therefore, two separate types of received a data object -- and, therefore, two separate types of
non-repudiation service are possible. (See: non-repudiation with non-repudiation service are possible. (See: non-repudiation with
proof of origin, non-repudiation with proof of receipt.) proof of origin, non-repudiation with proof of receipt.)
2. (D) "Assurance [that] the sender of data is provided with proof 2. (D) "Assurance [that] the sender of data is provided with proof
of delivery and the recipient is provided with proof of the of delivery and the recipient is provided with proof of the
sender's identity, so neither can later deny having processed the sender's identity, so neither can later deny having processed the
data." [C4009] data." [C4009]
Deprecated Definition: ISDs SHOULD NOT use definition 2 because it Deprecated Definition: IDOCs SHOULD NOT use definition 2 because
bundles two security services -- non-repudiation with proof of it bundles two security services -- non-repudiation with proof of
origin, and non-repudiation with proof of receipt -- that can be origin, and non-repudiation with proof of receipt -- that can be
provided independently of each other. provided independently of each other.
Usage: ISDs SHOULD distinguish between the technical aspects and Usage: IDOCs SHOULD distinguish between the technical aspects and
the legal aspects of a non-repudiation service: the legal aspects of a non-repudiation service:
- "Technical non-repudiation": Refers to the assurance a relying - "Technical non-repudiation": Refers to the assurance a relying
party has that if a public key is used to validate a digital party has that if a public key is used to validate a digital
signature, then that signature had to have been made by the signature, then that signature had to have been made by the
corresponding private signature key. [SP32] corresponding private signature key. [SP32]
- "Legal non-repudiation": Refers to how well possession or - "Legal non-repudiation": Refers to how well possession or
control of the private signature key can be established. [SP32] control of the private signature key can be established. [SP32]
Tutorial: Non-repudiation service does not prevent an entity from Tutorial: Non-repudiation service does not prevent an entity from
repudiating a communication. Instead, the service provides repudiating a communication. Instead, the service provides
skipping to change at page 187, line 56 skipping to change at page 187, line 56
$ OFB $ OFB
(N) See: output feedback. (N) See: output feedback.
$ off-line attack $ off-line attack
(I) See: secondary definition under "attack". (I) See: secondary definition under "attack".
$ ohnosecond $ ohnosecond
(D) That minuscule fraction of time in which you realize that your (D) That minuscule fraction of time in which you realize that your
private key has been compromised. private key has been compromised.
Deprecated Usage: ISDs SHOULD NOT use this term; it is a joke for Deprecated Usage: IDOCs SHOULD NOT use this term; it is a joke for
English speakers. (See: Deprecated Usage under "Green Book".) English speakers. (See: Deprecated Usage under "Green Book".)
$ OID $ OID
(N) See: object identifier. (N) See: object identifier.
$ On-line Certificate Status Protocol (OCSP) $ On-line Certificate Status Protocol (OCSP)
(I) An Internet protocol [R2560] used by a client to obtain from a (I) An Internet protocol [R2560] used by a client to obtain from a
server the validity status and other information about a digital server the validity status and other information about a digital
certificate. (Mentioned in [X509] but not specified there.) certificate. (Mentioned in [X509] but not specified there.)
skipping to change at page 189, line 15 skipping to change at page 189, line 15
other than exhaustive procedures even if the cryptographic key is other than exhaustive procedures even if the cryptographic key is
known. (See: brute force, encryption.) known. (See: brute force, encryption.)
$ one-way function $ one-way function
(I) "A (mathematical) function, f, [that] is easy to compute, but (I) "A (mathematical) function, f, [that] is easy to compute, but
which for a general value y in the range, it is computationally which for a general value y in the range, it is computationally
difficult to find a value x in the domain such that f(x) = y. difficult to find a value x in the domain such that f(x) = y.
There may be a few values of y for which finding x is not There may be a few values of y for which finding x is not
computationally difficult." [X509] computationally difficult." [X509]
Deprecated Usage: ISDs SHOULD NOT use this term as a synonym for Deprecated Usage: IDOCs SHOULD NOT use this term as a synonym for
"cryptographic hash". "cryptographic hash".
$ onion routing $ onion routing
(I) A system that can be used to provide both (a) data (I) A system that can be used to provide both (a) data
confidentiality and (b) traffic-flow confidentiality for network confidentiality and (b) traffic-flow confidentiality for network
packets, and also provide (c) anonymity for the source of the packets, and also provide (c) anonymity for the source of the
packets. packets.
Tutorial: The source, instead of sending a packet directly to the Tutorial: The source, instead of sending a packet directly to the
intended destination, sends it to an "onion routing proxy" that intended destination, sends it to an "onion routing proxy" that
skipping to change at page 191, line 16 skipping to change at page 191, line 16
(I) Synonym for "system integrity"; this synonym emphasizes the (I) Synonym for "system integrity"; this synonym emphasizes the
actual performance of system functions rather than just the actual performance of system functions rather than just the
ability to perform them. ability to perform them.
$ operational security $ operational security
1. (I) System capabilities, or performance of system functions, 1. (I) System capabilities, or performance of system functions,
that are needed either (a) to securely manage a system or (b) to that are needed either (a) to securely manage a system or (b) to
manage security features of a system. (Compare: operations manage security features of a system. (Compare: operations
security (OPSEC).) security (OPSEC).)
Usage: ISDs that use this term SHOULD state a definition because Usage: IDOCs that use this term SHOULD state a definition because
(a) the definition provided here is general and vague and (b) the (a) the definition provided here is general and vague and (b) the
term could easily be confused with "operations security", which is term could easily be confused with "operations security", which is
a different concept. a different concept.
Tutorial: For example, in the context of an Internet service Tutorial: For example, in the context of an Internet service
provider, the term could refer to capabilities to manage network provider, the term could refer to capabilities to manage network
devices in the event of attacks, simplify troubleshooting, keep devices in the event of attacks, simplify troubleshooting, keep
track of events that affect system integrity, help analyze sources track of events that affect system integrity, help analyze sources
of attacks, and provide administrators with control over network of attacks, and provide administrators with control over network
addresses and protocols to help mitigate the most common attacks addresses and protocols to help mitigate the most common attacks
and exploits. [R3871] and exploits. [R3871]
2. (D) Synonym for "administrative security". 2. (D) Synonym for "administrative security".
Deprecated Definition: ISDs SHOULD NOT use this term as a synonym Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym
for "administrative security". Any type of security may affect for "administrative security". Any type of security may affect
system operations; therefore, the term may be misleading. Instead, system operations; therefore, the term may be misleading. Instead,
use "administrative security", "communication security", "computer use "administrative security", "communication security", "computer
security", "emanations security", "personnel security", "physical security", "emanations security", "personnel security", "physical
security", or whatever specific type is meant. (See: security security", or whatever specific type is meant. (See: security
architecture. Compare: operational integrity, OPSEC.) architecture. Compare: operational integrity, OPSEC.)
$ operations security (OPSEC) $ operations security (OPSEC)
(I) A process to identify, control, and protect evidence of the (I) A process to identify, control, and protect evidence of the
planning and execution of sensitive activities and operations, and planning and execution of sensitive activities and operations, and
thereby prevent potential adversaries from gaining knowledge of thereby prevent potential adversaries from gaining knowledge of
capabilities and intentions. (See: communications cover. Compare: capabilities and intentions. (See: communications cover. Compare:
operational security.) operational security.)
$ operator $ operator
(I) A person who has been authorized to direct selected functions (I) A person who has been authorized to direct selected functions
of a system. (Compare: manager, user.) of a system. (Compare: manager, user.)
Usage: ISDs that use this term SHOULD state a definition for it Usage: IDOCs that use this term SHOULD state a definition for it
because a system operator may or may not be treated as a "user". because a system operator may or may not be treated as a "user".
$ OPSEC $ OPSEC
1. (I) Abbreviation for "operations security". 1. (I) Abbreviation for "operations security".
2. (D) Abbreviation for "operational security". 2. (D) Abbreviation for "operational security".
Deprecated Usage: ISDs SHOULD NOT use this abbreviation for Deprecated Usage: IDOCs SHOULD NOT use this abbreviation for
"operational security" (as defined in this Glossary), because its "operational security" (as defined in this Glossary), because its
use for "operations security" has been well established for many use for "operations security" has been well established for many
years, particular in the military community. years, particular in the military community.
$ ORA $ ORA
See: organizational registration authority. See: organizational registration authority.
$ Orange Book $ Orange Book
(D) /slang/ Synonym for "Trusted Computer System Evaluation (D) /slang/ Synonym for "Trusted Computer System Evaluation
Criteria" [CSC001, DoD1]. Criteria" [CSC1, DoD1].
Deprecated Usage: ISDs SHOULD NOT use this term as a synonym for Deprecated Usage: IDOCs SHOULD NOT use this term as a synonym for
"Trusted Computer System Evaluation Criteria" [CSC001, DoD1]. "Trusted Computer System Evaluation Criteria" [CSC001, DoD1].
Instead, use the full, proper name of the document or, in Instead, use the full, proper name of the document or, in
subsequent references, the abbreviation "TCSEC". (See: Deprecated subsequent references, the abbreviation "TCSEC". (See: Deprecated
Usage under "Green Book".) Usage under "Green Book".)
$ organizational certificate $ organizational certificate
1. (I) An X.509 public-key certificate in which the "subject" 1. (I) An X.509 public-key certificate in which the "subject"
field contains the name of an institution or set (e.g., a field contains the name of an institution or set (e.g., a
business, government, school, labor union, club, ethnic group, business, government, school, labor union, club, ethnic group,
nationality, system, or group of individuals playing the same nationality, system, or group of individuals playing the same
skipping to change at page 193, line 7 skipping to change at page 193, line 7
administrative authority, and the term refers both to the role and administrative authority, and the term refers both to the role and
to the person who plays that role. An ORA does not sign to the person who plays that role. An ORA does not sign
certificates, CRLs, or CKLs. (See: no-PIN ORA, SSO-PIN ORA, user- certificates, CRLs, or CKLs. (See: no-PIN ORA, SSO-PIN ORA, user-
PIN ORA.) PIN ORA.)
$ origin authentication $ origin authentication
(D) Synonym for "data origin authentication". (See: (D) Synonym for "data origin authentication". (See:
authentication, data origin authentication.) authentication, data origin authentication.)
Deprecated Term: ISDs SHOULD NOT use this term; it suggests Deprecated Term: IDOCs SHOULD NOT use this term; it suggests
careless use of the internationally standardized term "data origin careless use of the internationally standardized term "data origin
authentication" and also could be confused with "peer entity authentication" and also could be confused with "peer entity
authentication." authentication."
$ origin authenticity $ origin authenticity
(D) Synonym for "data origin authentication". (See: authenticity, (D) Synonym for "data origin authentication". (See: authenticity,
data origin authentication.) data origin authentication.)
Deprecated Term: ISDs SHOULD NOT use this term; it suggests Deprecated Term: IDOCs SHOULD NOT use this term; it suggests
careless use of the internationally standardized term "data origin careless use of the internationally standardized term "data origin
authentication" and mixes concepts in a potentially misleading authentication" and mixes concepts in a potentially misleading
way. way.
$ OSI, OSIRM $ OSI, OSIRM
(N) See: Open Systems Interconnection Reference Model. (N) See: Open Systems Interconnection Reference Model.
$ OSIRM Security Architecture $ OSIRM Security Architecture
(N) The part of the OSIRM [I7498-2] that specifies the security (N) The part of the OSIRM [I7498-2] that specifies the security
services and security mechanisms that can be applied to protect services and security mechanisms that can be applied to protect
skipping to change at page 193, line 39 skipping to change at page 193, line 39
Tutorial: This part of the OSIRM includes an allocation of Tutorial: This part of the OSIRM includes an allocation of
security services to protocol layers. The following table show security services to protocol layers. The following table show
which security services (see definitions in this Glossary) are which security services (see definitions in this Glossary) are
permitted by the OSIRM in each of its layer. (Also, an application permitted by the OSIRM in each of its layer. (Also, an application
process that operates above the Application Layer may itself process that operates above the Application Layer may itself
provide security services.) Similarly, the table suggests which provide security services.) Similarly, the table suggests which
services are suitable for each IPS layer. However, explaining and services are suitable for each IPS layer. However, explaining and
justifying these allocations is beyond the scope of this Glossary. justifying these allocations is beyond the scope of this Glossary.
Legend for Table Entries: Legend for Table Entries:
O = Yes, [IS7498-2] permits the service in this OSIRM layer. O = Yes, [I7498-2] permits the service in this OSIRM layer.
I = Yes, the service can be incorporated in this IPS layer. I = Yes, the service can be incorporated in this IPS layer.
* = This layer subsumed by Application Layer in IPS. * = This layer subsumed by Application Layer in IPS.
IPS Protocol Layers +-----------------------------------------+ IPS Protocol Layers +-----------------------------------------+
|Network| Net |In-| Trans | Application | |Network| Net |In-| Trans | Application |
| H/W |Inter|ter| -port | | | H/W |Inter|ter| -port | |
| |-face|net| | | | |-face|net| | |
OSIRM Protocol Layers +-----------------------------------------+ OSIRM Protocol Layers +-----------------------------------------+
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | | 1 | 2 | 3 | 4 | 5 | 6 | 7 |
Confidentiality +-----------------------------------------+ Confidentiality +-----------------------------------------+
skipping to change at page 196, line 15 skipping to change at page 196, line 15
$ packet filter $ packet filter
(I) See: secondary definition under "filtering router". (I) See: secondary definition under "filtering router".
$ packet monkey $ packet monkey
(D) /slang/ Someone who floods a system with packets, creating a (D) /slang/ Someone who floods a system with packets, creating a
denial-of-service condition for the system's users. (See: denial-of-service condition for the system's users. (See:
cracker.) cracker.)
Deprecated Term: It is likely that other cultures use different Deprecated Term: It is likely that other cultures use different
metaphors for this concept. Therefore, to avoid international metaphors for this concept. Therefore, to avoid international
misunderstanding, ISDs SHOULD NOT use this term. (See: Deprecated misunderstanding, IDOCs SHOULD NOT use this term. (See: Deprecated
Usage under "Green Book".) Usage under "Green Book".)
$ pagejacking $ pagejacking
(D) /slang/ A contraction of "Web page hijacking". A masquerade (D) /slang/ A contraction of "Web page hijacking". A masquerade
attack in which the attacker copies (steals) a home page or other attack in which the attacker copies (steals) a home page or other
material from the target server, rehosts the page on a server the material from the target server, rehosts the page on a server the
attacker controls, and causes the rehosted page to be indexed by attacker controls, and causes the rehosted page to be indexed by
the major Web search services, thereby diverting browsers from the the major Web search services, thereby diverting browsers from the
target server to the attacker's server. target server to the attacker's server.
Deprecated Term: ISDs SHOULD NOT use this contraction. The term is Deprecated Term: IDOCs SHOULD NOT use this contraction. The term
not listed in most dictionaries and could confuse international is not listed in most dictionaries and could confuse international
readers. (See: Deprecated Usage under "Green Book".) readers. (See: Deprecated Usage under "Green Book".)
$ PAN $ PAN
(O) See: primary account number. (O) See: primary account number.
$ PAP $ PAP
(I) See: Password Authentication Protocol. (I) See: Password Authentication Protocol.
$ parity bit $ parity bit
(I) A checksum that is computed on a block of bits by computing (I) A checksum that is computed on a block of bits by computing
skipping to change at page 197, line 6 skipping to change at page 197, line 6
Usage: Usually abbreviated as "partitioned mode". This term was Usage: Usually abbreviated as "partitioned mode". This term was
defined in U.S. Government policy on system accreditation. defined in U.S. Government policy on system accreditation.
$ PASS $ PASS
(N) See: personnel authentication system string. (N) See: personnel authentication system string.
$ passive attack $ passive attack
(I) See: secondary definition under "attack". (I) See: secondary definition under "attack".
$ passive user $ passive user
(I) See: secondary definition under "user". (I) See: secondary definition under "system user".
$ passive wiretapping $ passive wiretapping
(I) A wiretapping attack that attempts only to observe a (I) A wiretapping attack that attempts only to observe a
communication flow and gain knowledge of the data it contains, but communication flow and gain knowledge of the data it contains, but
does not alter or otherwise affect that flow. (See: wiretapping. does not alter or otherwise affect that flow. (See: wiretapping.
Compare: passive attack, active wiretapping.) Compare: passive attack, active wiretapping.)
$ password $ password
1a. (I) A secret data value, usually a character string, that is 1a. (I) A secret data value, usually a character string, that is
presented to a system by a user to authenticate the user's presented to a system by a user to authenticate the user's
skipping to change at page 199, line 6 skipping to change at page 199, line 6
and width, roughly the size of a credit card, but differ in their and width, roughly the size of a credit card, but differ in their
thickness from 3.3 to 10.5 mm. Examples include storage modules, thickness from 3.3 to 10.5 mm. Examples include storage modules,
modems, device interface adapters, and cryptographic modules. modems, device interface adapters, and cryptographic modules.
$ PCA $ PCA
(D) Abbreviation of various kinds of "certification authority". (D) Abbreviation of various kinds of "certification authority".
(See: Internet policy certification authority, (MISSI) policy (See: Internet policy certification authority, (MISSI) policy
creation authority, (SET) payment gateway certification creation authority, (SET) payment gateway certification
authority.) authority.)
Deprecated Usage: An ISD that uses this abbreviation SHOULD define Deprecated Usage: An IDOC that uses this abbreviation SHOULD
it at the point of first use. define it at the point of first use.
$ PCI $ PCI
(N) See: "protocol control information" under "protocol data (N) See: "protocol control information" under "protocol data
unit". unit".
$ PCMCIA $ PCMCIA
(N) Personal Computer Memory Card International Association, a (N) Personal Computer Memory Card International Association, a
group of manufacturers, developers, and vendors, founded in 1989 group of manufacturers, developers, and vendors, founded in 1989
to standardize plug-in peripheral memory cards for personal to standardize plug-in peripheral memory cards for personal
computers and now extended to deal with any technology that works computers and now extended to deal with any technology that works
skipping to change at page 204, line 25 skipping to change at page 204, line 25
(D) /slang/ A technique for attempting to acquire sensitive data, (D) /slang/ A technique for attempting to acquire sensitive data,
such as bank account numbers, through a fraudulent solicitation in such as bank account numbers, through a fraudulent solicitation in
email or on a Web site, in which the perpetrator masquerades as a email or on a Web site, in which the perpetrator masquerades as a
legitimate business or reputable person. (See: social legitimate business or reputable person. (See: social
engineering.) engineering.)
Derivation: Possibly from "phony fishing"; the solicitation Derivation: Possibly from "phony fishing"; the solicitation
usually involves some kind of lure or bait to hook unwary usually involves some kind of lure or bait to hook unwary
recipients. (Compare: phreaking.) recipients. (Compare: phreaking.)
Deprecated Term: ISDs SHOULD NOT use this term; it is not listed Deprecated Term: IDOCs SHOULD NOT use this term; it is not listed
in most dictionaries and could confuse international readers. in most dictionaries and could confuse international readers.
(See: Deprecated Usage under "Green Book.") (See: Deprecated Usage under "Green Book.")
$ Photuris $ Photuris
(I) A UDP-based, key establishment protocol for session keys, (I) A UDP-based, key establishment protocol for session keys,
designed for use with the IPsec protocols AH and ESP. Superseded designed for use with the IPsec protocols AH and ESP. Superseded
by IKE. by IKE.
$ phreaking $ phreaking
(D) A contraction of "telephone breaking". An attack on or (D) A contraction of "telephone breaking". An attack on or
penetration of a telephone system or, by extension, any other penetration of a telephone system or, by extension, any other
communication or information system. [Raym] communication or information system. [Raym]
Deprecated Term: ISDs SHOULD NOT use this contraction; it is not Deprecated Term: IDOCs SHOULD NOT use this contraction; it is not
listed in most dictionaries and could confuse international listed in most dictionaries and could confuse international
readers. (See: Deprecated Usage under "Green Book.") readers. (See: Deprecated Usage under "Green Book.")
$ physical destruction $ physical destruction
(I) /threat action/ See: secondary definition under (I) /threat action/ See: secondary definition under
"incapacitation". "incapacitation".
$ physical security $ physical security
(I) Tangible means of preventing unauthorized physical access to a (I) Tangible means of preventing unauthorized physical access to a
system. Examples: Fences, walls, and other barriers; locks, safes, system. Examples: Fences, walls, and other barriers; locks, safes,
and vaults; dogs and armed guards; sensors and alarm bells. and vaults; dogs and armed guards; sensors and alarm bells.
[FP031, R1455] (See: security architecture.) [FP031, R1455] (See: security architecture.)
$ piggyback attack $ piggyback attack
(I) A form of active wiretapping in which the attacker gains (I) A form of active wiretapping in which the attacker gains
access to a system via intervals of inactivity in another user's access to a system via intervals of inactivity in another user's
legitimate communication connection. Sometimes called a "between- legitimate communication connection. Sometimes called a "between-
the-lines" attack. (See: hijack attack, man-in-the-middle attack.) the-lines" attack. (See: hijack attack, man-in-the-middle attack.)
Deprecated Usage: ISDs that use this term SHOULD state a Deprecated Usage: IDOCs that use this term SHOULD state a
definition for it because the term could confuse international definition for it because the term could confuse international
readers. readers.
$ PIN $ PIN
(I) See: personal identification number. (I) See: personal identification number.
$ ping of death $ ping of death
(D) A denial-of-service attack that sends an improperly large ICMP (D) A denial-of-service attack that sends an improperly large ICMP
echo request packet (a "ping") with the intent of causing the echo request packet (a "ping") with the intent of causing the
destination system to fail. (See: ping sweep, teardrop.) destination system to fail. (See: ping sweep, teardrop.)
Deprecated Term: ISDs SHOULD NOT use this term; instead, use "ping Deprecated Term: IDOCs SHOULD NOT use this term; instead, use
packet overflow attack" or some other term that is specific with "ping packet overflow attack" or some other term that is specific
regard to the attack mechanism. with regard to the attack mechanism.
Tutorial: This attack seeks to exploit an implementation Tutorial: This attack seeks to exploit an implementation
vulnerability. The IP specification requires hosts to be prepared vulnerability. The IP specification requires hosts to be prepared
to accept datagrams of up to 576 octets, but also permits IP to accept datagrams of up to 576 octets, but also permits IP
datagrams to be up to 65,535 octets long. If an IP implementation datagrams to be up to 65,535 octets long. If an IP implementation
does not properly handle very long IP packets, the ping packet may does not properly handle very long IP packets, the ping packet may
overflow the input buffer and cause a fatal system error. overflow the input buffer and cause a fatal system error.
$ ping sweep $ ping sweep
(I) An attack that sends ICMP echo requests ("pings") to a range (I) An attack that sends ICMP echo requests ("pings") to a range
skipping to change at page 206, line 21 skipping to change at page 206, line 21
possibly in PKCS #7 format. possibly in PKCS #7 format.
$ PKCS #11 $ PKCS #11
(N) A standard [PKC11] from the PKCS series; defines CAPI called (N) A standard [PKC11] from the PKCS series; defines CAPI called
"Cryptoki" for devices that hold cryptographic information and "Cryptoki" for devices that hold cryptographic information and
perform cryptographic functions. perform cryptographic functions.
$ PKI $ PKI
(I) See: public-key infrastructure. (I) See: public-key infrastructure.
$ PKINT $ PKINIT
(I) Abbreviation for "Public Key Cryptography for Initial (I) Abbreviation for "Public Key Cryptography for Initial
Authentication in Kerberos" (RFC 4556). (See: Tutorial under Authentication in Kerberos" (RFC 4556). (See: Tutorial under
"Kerberos".) "Kerberos".)
$ PKIX $ PKIX
1a. (I) A contraction of "Public-Key Infrastructure (X.509)", the 1a. (I) A contraction of "Public-Key Infrastructure (X.509)", the
name of the IETF working group that is specifying an architecture name of the IETF working group that is specifying an architecture
[R3280] and set of protocols [R4210] to provide X.509-based PKI [R3280] and set of protocols [R4210] to provide X.509-based PKI
services for the Internet. services for the Internet.
skipping to change at page 207, line 5 skipping to change at page 207, line 5
the PKI, and (d) information about certificate policies and CPSs, the PKI, and (d) information about certificate policies and CPSs,
covering the areas of PKI security not directly addressed in the covering the areas of PKI security not directly addressed in the
rest of PKIX. rest of PKIX.
$ plain text $ plain text
1. (I) /noun/ Data that is input to an encryption process. (See: 1. (I) /noun/ Data that is input to an encryption process. (See:
plaintext. Compare: cipher text, clear text.) plaintext. Compare: cipher text, clear text.)
2. (D) /noun/ Synonym for "clear text". 2. (D) /noun/ Synonym for "clear text".
Deprecated Definition: ISDs SHOULD NOT use this term as a synonym Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym
for "clear text". Sometimes plain text that is input to an for "clear text". Sometimes plain text that is input to an
encryption operation is clear text, but other times plain text is encryption operation is clear text, but other times plain text is
cipher text that was output from a previous encryption operation. cipher text that was output from a previous encryption operation.
(See: superencryption.) (See: superencryption.)
$ plaintext $ plaintext
1. (O) /noun/ Synonym for "plain text". 1. (O) /noun/ Synonym for "plain text".
2. (I) /adjective/ Referring to plain text. Usage: Commonly used 2. (I) /adjective/ Referring to plain text. Usage: Commonly used
instead of "plain-text". (Compare: ciphertext, cleartext.) instead of "plain-text". (Compare: ciphertext, cleartext.)
3. (D) /noun/ Synonym for "cleartext". 3. (D) /noun/ Synonym for "cleartext".
Deprecated Definition: ISDs SHOULD NOT use this term as a synonym Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym
for "cleartext". Cleartext data is, by definition, not encrypted; for "cleartext". Cleartext data is, by definition, not encrypted;
but plaintext data that is input to an encryption operation may be but plaintext data that is input to an encryption operation may be
cleartext data or may be ciphertext data that was output from a cleartext data or may be ciphertext data that was output from a
previous encryption operation. (See: superencryption.) previous encryption operation. (See: superencryption.)
$ PLI $ PLI
(I) See: Private Line Interface. (I) See: Private Line Interface.
$ PMA $ PMA
(N) See: policy management authority. (N) See: policy management authority.
skipping to change at page 208, line 16 skipping to change at page 208, line 16
1a. (I) A plan or course of action that is stated for a system or 1a. (I) A plan or course of action that is stated for a system or
organization and is intended to affect and direct the decisions organization and is intended to affect and direct the decisions
and deeds of that entity's components or members. (See: security and deeds of that entity's components or members. (See: security
policy.) policy.)
1b. (O) A definite goal, course, or method of action to guide and 1b. (O) A definite goal, course, or method of action to guide and
determine present and future decisions, that is implemented or determine present and future decisions, that is implemented or
executed within a particular context, such as within a business executed within a particular context, such as within a business
unit. [R3198] unit. [R3198]
Deprecated Abbreviation: ISDs SHOULD NOT use "policy" as an Deprecated Abbreviation: IDOCs SHOULD NOT use "policy" as an
abbreviation of either "security policy" or "certificate policy". abbreviation of either "security policy" or "certificate policy".
Instead, to avoid misunderstanding, use a fully qualified term, at Instead, to avoid misunderstanding, use a fully qualified term, at
least at the point of first usage. least at the point of first usage.
Tutorial: The introduction of new technology to replace Tutorial: The introduction of new technology to replace
traditional systems can result in new systems being deployed traditional systems can result in new systems being deployed
without adequate policy definition and before the implications of without adequate policy definition and before the implications of
the new technology are fully understand. In some cases, it can be the new technology are fully understand. In some cases, it can be
difficult to establish policies for new technology before the difficult to establish policies for new technology before the
technology has been operationally tested and evaluated. Thus, technology has been operationally tested and evaluated. Thus,
skipping to change at page 209, line 11 skipping to change at page 209, line 11
- For every control defined by a practice statement, there should - For every control defined by a practice statement, there should
be corresponding procedures to implement the control and be corresponding procedures to implement the control and
provide ongoing measurement of the control parameters. provide ongoing measurement of the control parameters.
Conversely, procedures require management practices to insure Conversely, procedures require management practices to insure
consistent and correct operational behavior. consistent and correct operational behavior.
$ policy approval authority $ policy approval authority
(D) /PKI/ Synonym for "policy management authority". [PAG] (D) /PKI/ Synonym for "policy management authority". [PAG]
Deprecated Term: ISDs SHOULD NOT use this term as synonym for Deprecated Term: IDOCs SHOULD NOT use this term as synonym for
"policy management authority". The term suggests a limited, "policy management authority". The term suggests a limited,
passive role that is not typical of PMAs. passive role that is not typical of PMAs.
$ policy approving authority (PAA) $ policy approving authority (PAA)
(O) /MISSI/ The top-level signing authority of a MISSI (O) /MISSI/ The top-level signing authority of a MISSI
certification hierarchy. The term refers both to that certification hierarchy. The term refers both to that
authoritative office or role and to the person who plays that authoritative office or role and to the person who plays that
role. (See: policy management authority, root registry.) role. (See: policy management authority, root registry.)
Tutorial: A MISSI PAA (a) registers MISSI PCAs and signs their Tutorial: A MISSI PAA (a) registers MISSI PCAs and signs their
X.509 public-key certificates, (b) issues CRLs but does not issue X.509 public-key certificates, (b) issues CRLs but does not issue
a CKL, and (c) may issue cross-certificates to other PAAs. a CKL, and (c) may issue cross-certificates to other PAAs.
$ policy authority $ policy authority
(D) /PKI/ Synonym for "policy management authority". [PAG] (D) /PKI/ Synonym for "policy management authority". [PAG]
Deprecated Term: ISDs SHOULD NOT use this term as synonym for Deprecated Term: IDOCs SHOULD NOT use this term as synonym for
"policy management authority". The term is unnecessarily vague and "policy management authority". The term is unnecessarily vague and
thus may be confused with other PKI entities, such as CAs and RAs, thus may be confused with other PKI entities, such as CAs and RAs,
that enforce of apply various aspects of PKI policy. that enforce of apply various aspects of PKI policy.
$ policy certification authority (Internet PCA) $ policy certification authority (Internet PCA)
(I) An X.509-compliant CA at the second level of the Internet (I) An X.509-compliant CA at the second level of the Internet
certification hierarchy, under the IPRA. Each PCA operates under certification hierarchy, under the IPRA. Each PCA operates under
its published security policy (see: certificate policy, CPS) and its published security policy (see: certificate policy, CPS) and
within constraints established by the IPRA for all PCAs. [R1422]. within constraints established by the IPRA for all PCAs. [R1422].
(See: policy creation authority.) (See: policy creation authority.)
skipping to change at page 211, line 25 skipping to change at page 211, line 25
$ positive authorization $ positive authorization
(I) The principle that a security architecture should be designed (I) The principle that a security architecture should be designed
so that access to system resources is permitted only when so that access to system resources is permitted only when
explicitly granted; i.e., in the absence of an explicit explicitly granted; i.e., in the absence of an explicit
authorization that grants access, the default action shall be to authorization that grants access, the default action shall be to
refuse access. (See: authorization, access.) refuse access. (See: authorization, access.)
$ POSIX $ POSIX
(N) Portable Operating System Interface for Computer Environments, (N) Portable Operating System Interface for Computer Environments,
a standard [FP151, IS9945-1] (originally IEEE Standard P1003.1) a standard [FP151, I9945] (originally IEEE Standard P1003.1) that
that defines an operating system interface and environment to defines an operating system interface and environment to support
support application portability at the source code level. It is application portability at the source code level. It is intended
intended to be used by both application developers and system to be used by both application developers and system implementers.
implementers.
Tutorial: P1003.1 supports security functionality like that on Tutorial: P1003.1 supports security functionality like that on
most UNIX systems, including discretionary access control and most UNIX systems, including discretionary access control and
privileges. IEEE Draft Standard P1003.6 specifies additional privileges. IEEE Draft Standard P1003.6 specifies additional
functionality not provided in the base standard, including (a) functionality not provided in the base standard, including (a)
discretionary access control, (b) audit trail mechanisms, (c) discretionary access control, (b) audit trail mechanisms, (c)
privilege mechanisms, (d) mandatory access control, and (e) privilege mechanisms, (d) mandatory access control, and (e)
information label mechanisms. information label mechanisms.
$ Post Office Protocol, version 3 (POP3) $ Post Office Protocol, version 3 (POP3)
skipping to change at page 213, line 6 skipping to change at page 213, line 4
"web of trust". "web of trust".
$ prevention $ prevention
(I) See: secondary definition under "security". (I) See: secondary definition under "security".
$ primary account number (PAN) $ primary account number (PAN)
(O) /SET/ "The assigned number that identifies the card issuer and (O) /SET/ "The assigned number that identifies the card issuer and
cardholder. This account number is composed of an issuer cardholder. This account number is composed of an issuer
identification number, an individual account number identification number, an individual account number
identification, and an accompanying check digit as defined by ISO identification, and an accompanying check digit as defined by ISO
7812-1985." [SET2, IS7812] (See: bank identification number.) 7812-1985." [SET2, I7812] (See: bank identification number.)
Tutorial: The PAN is embossed, encoded, or both on a magnetic- Tutorial: The PAN is embossed, encoded, or both on a magnetic-
strip-based credit card. The PAN identifies the issuer to which a strip-based credit card. The PAN identifies the issuer to which a
transaction is to be routed and the account to which it is to be transaction is to be routed and the account to which it is to be
applied unless specific instructions indicate otherwise. The applied unless specific instructions indicate otherwise. The
authority that assigns the BIN part of the PAN is the American authority that assigns the BIN part of the PAN is the American
Bankers Association. Bankers Association.
$ principal $ principal
(I) A specific identity claimed by a user when accessing a system. (I) A specific identity claimed by a user when accessing a system.
skipping to change at page 213, line 40 skipping to change at page 213, line 38
(I) /information system/ Precedence for processing an event or (I) /information system/ Precedence for processing an event or
data object, determined by security importance or other factors. data object, determined by security importance or other factors.
(See: precedence.) (See: precedence.)
$ privacy $ privacy
1. (I) The right of an entity (normally a person), acting in its 1. (I) The right of an entity (normally a person), acting in its
own behalf, to determine the degree to which it will interact with own behalf, to determine the degree to which it will interact with
its environment, including the degree to which the entity is its environment, including the degree to which the entity is
willing to share its personal information with others. (See: willing to share its personal information with others. (See:
HIPAA, personal information, Privacy Act of 1974. Compare: HIPAA, personal information, Privacy Act of 1974. Compare:
anonymity, data confidentiality.) anonymity, data confidentiality.) [FP041]
2. (O) "The right of individuals to control or influence what 2. (O) "The right of individuals to control or influence what
information related to them may be collected and stored and by information related to them may be collected and stored and by
whom and to whom that information may be disclosed." [I7498-2] whom and to whom that information may be disclosed." [I7498-2]
3. (D) Synonym for "data confidentiality". 3. (D) Synonym for "data confidentiality".
Deprecated Definition: ISDs SHOULD NOT use this term as a synonym Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym
for "data confidentiality" or "data confidentiality service", for "data confidentiality" or "data confidentiality service",
which are different concepts. Privacy is a reason for security which are different concepts. Privacy is a reason for security
rather than a kind of security. For example, a system that stores rather than a kind of security. For example, a system that stores
personal data needs to protect the data to prevent harm, personal data needs to protect the data to prevent harm,
embarrassment, inconvenience, or unfairness to any person about embarrassment, inconvenience, or unfairness to any person about
whom data is maintained, and to protect the person's privacy. For whom data is maintained, and to protect the person's privacy. For
that reason, the system may need to provide data confidentiality that reason, the system may need to provide data confidentiality
service. service.
Tutorial: The term "privacy" is used for various separate but Tutorial: The term "privacy" is used for various separate but
related concepts, including bodily privacy, territorial privacy, related concepts, including bodily privacy, territorial privacy,
personal information privacy, and communication privacy. ISDs are personal information privacy, and communication privacy. IDOCs are
expected to address only communication privacy, which in this expected to address only communication privacy, which in this
Glossary is defined primarily by "data confidentiality" and Glossary is defined primarily by "data confidentiality" and
secondarily by "data integrity". secondarily by "data integrity".
ISDs are not expected to address information privacy, but this IDOCs are not expected to address information privacy, but this
Glossary provides definition 1 for that concept because personal Glossary provides definition 1 for that concept because personal
information privacy is often confused with communication privacy. information privacy is often confused with communication privacy.
ISDS are not expected to address bodily privacy or territorial IDOCs are not expected to address bodily privacy or territorial
privacy, and this Glossary does not define those concepts because privacy, and this Glossary does not define those concepts because
they are not easily confused with communication privacy. they are not easily confused with communication privacy.
$ Privacy Act of 1974 $ Privacy Act of 1974
(O) A U.S. Federal law (Section 552a of Title 5, United States (O) A U.S. Federal law (Section 552a of Title 5, United States
Code) that seeks to balance the U.S. Government's need to maintain Code) that seeks to balance the U.S. Government's need to maintain
data about individuals with the rights of individuals to be data about individuals with the rights of individuals to be
protected against unwarranted invasions of their privacy stemming protected against unwarranted invasions of their privacy stemming
from federal agencies' collection, maintenance, use, and from federal agencies' collection, maintenance, use, and
disclosure of personal data. (See: privacy.) disclosure of personal data. (See: privacy.)
skipping to change at page 215, line 15 skipping to change at page 215, line 13
over MD2). over MD2).
PEM is designed to be compatible with a wide range of key PEM is designed to be compatible with a wide range of key
management methods, but is limited to specifying security services management methods, but is limited to specifying security services
only for text messages and, like MOSS, has not been widely only for text messages and, like MOSS, has not been widely
implemented in the Internet. implemented in the Internet.
$ private component $ private component
(I) Synonym for "private key". (I) Synonym for "private key".
Deprecated Usage: In most cases, ISDs SHOULD NOT use this term; Deprecated Usage: In most cases, IDOCs SHOULD NOT use this term;
instead, to avoid confusing readers, use "private key". However, instead, to avoid confusing readers, use "private key". However,
the term MAY be used when discussing a key pair; e.g., "A key pair the term MAY be used when discussing a key pair; e.g., "A key pair
has a public component and a private component." has a public component and a private component."
$ private extension $ private extension
(I) See: secondary definition under "extension". (I) See: secondary definition under "extension".
$ private key $ private key
1. (I) The secret component of a pair of cryptographic keys used 1. (I) The secret component of a pair of cryptographic keys used
for asymmetric cryptography. (See: key pair, public key, secret for asymmetric cryptography. (See: key pair, public key, secret
skipping to change at page 215, line 51 skipping to change at page 215, line 49
1b. (I) /computer platform/ An authorization to perform a 1b. (I) /computer platform/ An authorization to perform a
security-relevant function in the context of a computer's security-relevant function in the context of a computer's
operating system. operating system.
$ privilege management infrastructure $ privilege management infrastructure
(O) "The infrastructure able to support the management of (O) "The infrastructure able to support the management of
privileges in support of a comprehensive authorization service and privileges in support of a comprehensive authorization service and
in relationship with a" PKI; i.e., processes concerned with in relationship with a" PKI; i.e., processes concerned with
attribute certificates. [X509] attribute certificates. [X509]
Deprecated Usage: ISDs SHOULD NOT use this term with this Deprecated Usage: IDOCs SHOULD NOT use this term with this
definition. This definition is vague, and there is no consensus on definition. This definition is vague, and there is no consensus on
a more specific one. a more specific one.
$ privileged process $ privileged process
(I) An computer process that is authorized (and, therefore, (I) An computer process that is authorized (and, therefore,
trusted) to perform some security-relevant functions that ordinary trusted) to perform some security-relevant functions that ordinary
processes are not. (See: privilege, trusted process.) processes are not. (See: privilege, trusted process.)
$ privileged user $ privileged user
(I) An user that has access to system control, monitoring, or (I) An user that has access to system control, monitoring, or
skipping to change at page 216, line 39 skipping to change at page 216, line 35
something about the system. (See: port scan.) something about the system. (See: port scan.)
Tutorial: The purpose of a probe may be offensive, e.g., an Tutorial: The purpose of a probe may be offensive, e.g., an
attempt to gather information for circumventing the system's attempt to gather information for circumventing the system's
protections; or the purpose may be defensive, e.g., to verify that protections; or the purpose may be defensive, e.g., to verify that
the system is working properly. the system is working properly.
$ procedural security $ procedural security
(D) Synonym for "administrative security". (D) Synonym for "administrative security".
Deprecated Term: ISDs SHOULD NOT use this term as a synonym for Deprecated Term: IDOCs SHOULD NOT use this term as a synonym for
"administrative security". The term may be misleading because any "administrative security". The term may be misleading because any
type of security may involve procedures, and procedures may be type of security may involve procedures, and procedures may be
either external to the system or internal. Instead, use either external to the system or internal. Instead, use
"administrative security", "communication security", "computer "administrative security", "communication security", "computer
security", "emanations security", "personnel security", "physical security", "emanations security", "personnel security", "physical
security", or whatever specific type is meant. (See: security security", or whatever specific type is meant. (See: security
architecture.) architecture.)
$ profile $ profile
See: certificate profile, protection profile. See: certificate profile, protection profile.
skipping to change at page 220, line 28 skipping to change at page 220, line 28
authentication of clients, or peer entity authentication of authentication of clients, or peer entity authentication of
servers when clients do not have that ability. A proxy at OSIRM servers when clients do not have that ability. A proxy at OSIRM
Layer 7 can also provide finer-grained security service than can a Layer 7 can also provide finer-grained security service than can a
filtering router at Layer 3. For example, an FTP proxy could filtering router at Layer 3. For example, an FTP proxy could
permit transfers out of, but not into, a protected network. permit transfers out of, but not into, a protected network.
$ proxy certificate $ proxy certificate
(I) An X.509 public-key certificate derived from a end-entity (I) An X.509 public-key certificate derived from a end-entity
certificate, or from another proxy certificate, for the purpose of certificate, or from another proxy certificate, for the purpose of
establishing proxies and delegating authorizations in the context establishing proxies and delegating authorizations in the context
of a PKI-based authentication system. [R3280] of a PKI-based authentication system. [R3820]
Tutorial: A proxy certificate has the following properties: Tutorial: A proxy certificate has the following properties:
- It contains an critical extension that (a) identifies it as a - It contains an critical extension that (a) identifies it as a
proxy certificate and (b) may contain a certification path proxy certificate and (b) may contain a certification path
length constraint and policy constraints. length constraint and policy constraints.
- It contains the public component of a key pair that is distinct - It contains the public component of a key pair that is distinct
from that associated with any other certificate. from that associated with any other certificate.
- It is signed by the private component of a key pair that is - It is signed by the private component of a key pair that is
associated with an end-entity certificate or another proxy associated with an end-entity certificate or another proxy
certificate. certificate.
skipping to change at page 221, line 5 skipping to change at page 221, line 5
(I) A sequence of values that appears to be random (i.e., (I) A sequence of values that appears to be random (i.e.,
unpredictable) but is actually generated by a deterministic unpredictable) but is actually generated by a deterministic
algorithm. (See: compression, random, random number generator.) algorithm. (See: compression, random, random number generator.)
$ pseudorandom number generator $ pseudorandom number generator
(I) See: secondary definition under "random number generator". (I) See: secondary definition under "random number generator".
$ public component $ public component
(I) Synonym for "public key". (I) Synonym for "public key".
Deprecated Usage: In most cases, ISDs SHOULD NOT use this term; to Deprecated Usage: In most cases, IDOCs SHOULD NOT use this term;
avoid confusing readers, use "private key" instead. However, the to avoid confusing readers, use "private key" instead. However,
term MAY be used when discussing a key pair; e.g., "A key pair has the term MAY be used when discussing a key pair; e.g., "A key pair
a public component and a private component." has a public component and a private component."
$ public key $ public key
1. (I) The publicly disclosable component of a pair of 1. (I) The publicly disclosable component of a pair of
cryptographic keys used for asymmetric cryptography. (See: key cryptographic keys used for asymmetric cryptography. (See: key
pair. Compare: private key.) pair. Compare: private key.)
2. (O) In a public key cryptosystem, "that key of a user's key 2. (O) In a public key cryptosystem, "that key of a user's key
pair which is publicly known." [X509] pair which is publicly known." [X509]
$ public-key certificate $ public-key certificate
skipping to change at page 221, line 40 skipping to change at page 221, line 40
unforgeable. Thus, the certificate can be published, such as by unforgeable. Thus, the certificate can be published, such as by
posting it in a directory, without the directory having to protect posting it in a directory, without the directory having to protect
the certificate's data integrity. the certificate's data integrity.
$ public-key cryptography $ public-key cryptography
(I) Synonym for "asymmetric cryptography". (I) Synonym for "asymmetric cryptography".
$ Public-Key Cryptography Standards (PKCS) $ Public-Key Cryptography Standards (PKCS)
(N) A series of specifications published by RSA Laboratories for (N) A series of specifications published by RSA Laboratories for
data structures and algorithms used in basic applications of data structures and algorithms used in basic applications of
asymmetric cryptography. (See: PKCS #5 through PKCS #11.) asymmetric cryptography. [PKCS] (See: PKCS #5 through PKCS #11.)
Tutorial: The PKCS were begun in 1991 in cooperation with industry Tutorial: The PKCS were begun in 1991 in cooperation with industry
and academia, originally including Apple, Digital, Lotus, and academia, originally including Apple, Digital, Lotus,
Microsoft, Northern Telecom, Sun, and MIT. Today, the Microsoft, Northern Telecom, Sun, and MIT. Today, the
specifications are widely used, but they are not sanctioned by an specifications are widely used, but they are not sanctioned by an
official standards organization, such as ANSI, ITU-T, or IETF. RSA official standards organization, such as ANSI, ITU-T, or IETF. RSA
Laboratories retains sole decision-making authority over the PKCS. Laboratories retains sole decision-making authority over the PKCS.
$ public-key forward secrecy (PFS) $ public-key forward secrecy (PFS)
(I) For a key-agreement protocol based on asymmetric cryptography, (I) For a key-agreement protocol based on asymmetric cryptography,
skipping to change at page 223, line 10 skipping to change at page 223, line 10
resistant. [C4009] (Compare: protective packaging, TEMPEST.) resistant. [C4009] (Compare: protective packaging, TEMPEST.)
Tutorial: Equipment cannot be made completely tamper-proof, but it Tutorial: Equipment cannot be made completely tamper-proof, but it
can be made tamper-resistant or tamper-evident. can be made tamper-resistant or tamper-evident.
$ qualified certificate $ qualified certificate
(I) A public-key certificate that has the primary purpose of (I) A public-key certificate that has the primary purpose of
identifying a person with a high level of assurance, where the identifying a person with a high level of assurance, where the
certificate meets some qualification requirements defined by an certificate meets some qualification requirements defined by an
applicable legal framework, such as the European Directive on applicable legal framework, such as the European Directive on
Electronic Signature [EU-ESDIR]. [R3739]. Electronic Signature. [R3739]
$ quick mode $ quick mode
(I) See: /IKE/ under "mode". (I) See: /IKE/ under "mode".
$ RA $ RA
(I) See: registration authority. (I) See: registration authority.
$ RA domains $ RA domains
(I) A feature of a CAW that allows a CA to divide the (I) A feature of a CAW that allows a CA to divide the
responsibility for certificate requests among multiple RAs. responsibility for certificate requests among multiple RAs.
skipping to change at page 224, line 20 skipping to change at page 224, line 20
uniformly distributed. uniformly distributed.
- "Pseudorandom number generator": It uses a deterministic - "Pseudorandom number generator": It uses a deterministic
computational process (usually implemented by software) that computational process (usually implemented by software) that
has one or more inputs called "seeds", and it outputs a has one or more inputs called "seeds", and it outputs a
sequence of values that appears to be random according to sequence of values that appears to be random according to
specified statistical tests. specified statistical tests.
$ RBAC $ RBAC
(N) See: role-based access control, rule-based access control. (N) See: role-based access control, rule-based access control.
Deprecated Usage: ISDs that use this term SHOULD state a Deprecated Usage: IDOCs that use this term SHOULD state a
definition for it because the abbreviation is ambiguous. definition for it because the abbreviation is ambiguous.
$ RC2, RC4, RC6 $ RC2, RC4, RC6
(N) See: Rivest Cipher #2, #4, #6. (N) See: Rivest Cipher #2, #4, #6.
$ read $ read
(I) /security model/ A system operation that causes a flow of (I) /security model/ A system operation that causes a flow of
information from an object to a subject. (See: access mode. information from an object to a subject. (See: access mode.
Compare: write.) Compare: write.)
skipping to change at page 225, line 24 skipping to change at page 225, line 24
$ RED/BLACK separation $ RED/BLACK separation
(N) An architectural concept for cryptographic systems that (N) An architectural concept for cryptographic systems that
strictly separates the parts of a system that handle plain text strictly separates the parts of a system that handle plain text
(i.e., RED information) from the parts that handle cipher text (i.e., RED information) from the parts that handle cipher text
(i.e., BLACK information). (See: BLACK, RED.) (i.e., BLACK information). (See: BLACK, RED.)
$ Red Book $ Red Book
(D) /slang/ Synonym for "Trusted Network Interpretation of the (D) /slang/ Synonym for "Trusted Network Interpretation of the
Trusted Computer System Evaluation Criteria" [NCS05]. Trusted Computer System Evaluation Criteria" [NCS05].
Deprecated Term: ISDs SHOULD NOT use this term. Instead, use the Deprecated Term: IDOCs SHOULD NOT use this term. Instead, use the
full proper name of the document or, in subsequent references, a full proper name of the document or, in subsequent references, a
more conventional abbreviation, e.g., TNI-TCSEC. (See: TCSEC, more conventional abbreviation, e.g., TNI-TCSEC. (See: TCSEC,
Rainbow Series, Deprecated Usage under "Green Book".) Rainbow Series, Deprecated Usage under "Green Book".)
$ RED key $ RED key
(N) A cleartext key, which is usable in its present form (i.e., it (N) A cleartext key, which is usable in its present form (i.e., it
does not need to be decrypted before being used). (See: RED. does not need to be decrypted before being used). (See: RED.
Compare: BLACK key.) Compare: BLACK key.)
$ reference monitor $ reference monitor
skipping to change at page 225, line 53 skipping to change at page 225, line 53
to analysis and tests to ensure that it is correct). to analysis and tests to ensure that it is correct).
$ reflection attack $ reflection attack
(I) An attack in which a valid data transmission is replayed to (I) An attack in which a valid data transmission is replayed to
the originator by an attacker who intercepts the original the originator by an attacker who intercepts the original
transmission. (Compare: indirect attack, replay attack.) transmission. (Compare: indirect attack, replay attack.)
$ reflector attack $ reflector attack
(D) Synonym for "indirect attack". (D) Synonym for "indirect attack".
Deprecated Term: ISDs SHOULD NOT use this term; it could be Deprecated Term: IDOCs SHOULD NOT use this term; it could be
confused with "reflection attack", which is a different concept. confused with "reflection attack", which is a different concept.
$ registered user $ registered user
(I) A system entity that is authorized to receive a system's (I) A system entity that is authorized to receive a system's
products and services or otherwise access system resources. (See: products and services or otherwise access system resources. (See:
registration, user.) registration, user.)
$ registration $ registration
1. (I) /information system/ A system process that (a) initializes 1. (I) /information system/ A system process that (a) initializes
an identity (of a system entity) in the system, (b) establishes an an identity (of a system entity) in the system, (b) establishes an
skipping to change at page 229, line 45 skipping to change at page 229, line 45
responsibility for sending data. responsibility for sending data.
- False denial of receipt: Action whereby a recipient denies - False denial of receipt: Action whereby a recipient denies
receiving and possessing data. receiving and possessing data.
3. (O) /OSIRM/ "Denial by one of the entities involved in a 3. (O) /OSIRM/ "Denial by one of the entities involved in a
communication of having participated in all or part of the communication of having participated in all or part of the
communication." [I7498-2] communication." [I7498-2]
$ Request for Comment (RFC) $ Request for Comment (RFC)
1. (I) One of the documents in the archival series that is the 1. (I) One of the documents in the archival series that is the
official channel for ISDs and other publications of the Internet official channel for IDOCs and other publications of the Internet
Engineering Steering Group, the Internet Architecture Board, and Engineering Steering Group, the Internet Architecture Board, and
the Internet community in general. (RFC 2026, 2223) (See: Internet the Internet community in general. (RFC 2026, 2223) (See: Internet
Standard.) Standard.)
2. (D) A popularly misused synonym for a document on the Internet 2. (D) A popularly misused synonym for a document on the Internet
Standards Track, i.e., an Internet Standard, Draft Standard, or Standards Track, i.e., an Internet Standard, Draft Standard, or
Proposed Standard. (See: Internet Standard.) Proposed Standard. (See: Internet Standard.)
Deprecated Definition: ISDs SHOULD NOT use this term with Deprecated Definition: IDOCs SHOULD NOT use this term with
definition 2 because many other types of documents also are definition 2 because many other types of documents also are
published as RFCs. published as RFCs.
$ residual risk $ residual risk
(I) The portion of an original risk or set of risks that remains (I) The portion of an original risk or set of risks that remains
after countermeasures have been applied. (Compare: acceptable after countermeasures have been applied. (Compare: acceptable
risk, risk analysis.) risk, risk analysis.)
$ restore $ restore
See: card restore. See: card restore.
skipping to change at page 233, line 38 skipping to change at page 233, line 38
to get v'. He then computes h(m') = v". If v' equals v", Bob is to get v'. He then computes h(m') = v". If v' equals v", Bob is
assured that m' is the same m that Alice sent. assured that m' is the same m that Alice sent.
$ robustness $ robustness
(N) See: level of robustness. (N) See: level of robustness.
$ role $ role
1. (I) A job function or employment position to which people or 1. (I) A job function or employment position to which people or
other system entities may be assigned in a system. (See: role- other system entities may be assigned in a system. (See: role-
based access control. Compare: duty, billet, principal, user.) based access control. Compare: duty, billet, principal, user.)
f
2. (O) /Common Criteria/ A pre-defined set of rules establishing 2. (O) /Common Criteria/ A pre-defined set of rules establishing
the allowed interactions between a user and the TOE. the allowed interactions between a user and the TOE.
$ role-based access control $ role-based access control
(I) A form of identity-based access control wherein the system (I) A form of identity-based access control wherein the system
entities that are identified and controlled are functional entities that are identified and controlled are functional
positions in an organization or process. [Sand] (See: positions in an organization or process. [Sand] (See:
authorization, constraint, identity, principal, role.) authorization, constraint, identity, principal, role.)
Tutorial: Administrators assign permissions to roles as needed to Tutorial: Administrators assign permissions to roles as needed to
skipping to change at page 237, line 22 skipping to change at page 237, line 22
$ salami swindle $ salami swindle
(D) /slang/ "Slicing off a small amount from each transaction. (D) /slang/ "Slicing off a small amount from each transaction.
This kind of theft was made worthwhile by automation. Given a high This kind of theft was made worthwhile by automation. Given a high
transaction flow, even rounding down to the nearest cent and transaction flow, even rounding down to the nearest cent and
putting the 'extra' in a bogus account can be very profitable." putting the 'extra' in a bogus account can be very profitable."
[NCSSG] [NCSSG]
Deprecated Term: It is likely that other cultures use different Deprecated Term: It is likely that other cultures use different
metaphors for this concept. Therefore, to avoid international metaphors for this concept. Therefore, to avoid international
misunderstanding, ISDs SHOULD NOT use this term. (See: Deprecated misunderstanding, IDOCs SHOULD NOT use this term. (See: Deprecated
Usage under "Green Book.") Usage under "Green Book.")
$ salt $ salt
(I) A data value used to vary the results of a computation in a (I) A data value used to vary the results of a computation in a
security mechanism, so that an exposed computational result from security mechanism, so that an exposed computational result from
one instance of applying the mechanism cannot be reused by an one instance of applying the mechanism cannot be reused by an
attacker in another instance. (Compare: initialization value.) attacker in another instance. (Compare: initialization value.)
Example: A password-based access control mechanism might protect Example: A password-based access control mechanism might protect
against capture or accidental disclosure of its password file by against capture or accidental disclosure of its password file by
skipping to change at page 238, line 32 skipping to change at page 238, line 32
$ SCOMP $ SCOMP
(N) Secure COMmunications Processor; an enhanced, MLS version of (N) Secure COMmunications Processor; an enhanced, MLS version of
the Honeywell Level 6 minicomputer. It was the first system to be the Honeywell Level 6 minicomputer. It was the first system to be
rated in TCSEC Class A1. (See: KSOS.) rated in TCSEC Class A1. (See: KSOS.)
$ screen room $ screen room
(D) /slang/ Synonym for "shielded enclosure" in the context of (D) /slang/ Synonym for "shielded enclosure" in the context of
electromagnetic emanations. (See: EMSEC, TEMPEST.) electromagnetic emanations. (See: EMSEC, TEMPEST.)
Deprecated Term: To avoid international misunderstanding, ISDs Deprecated Term: To avoid international misunderstanding, IDOCs
SHOULD NOT use this term. SHOULD NOT use this term.
$ screening router $ screening router
(I) Synonym for "filtering router". (I) Synonym for "filtering router".
$ script kiddy $ script kiddy
(D) /slang/ A cracker who is able to use existing attack (D) /slang/ A cracker who is able to use existing attack
techniques (i.e., to read scripts) and execute existing attack techniques (i.e., to read scripts) and execute existing attack
software, but is unable to invent new exploits or manufacture the software, but is unable to invent new exploits or manufacture the
tools to perform them; pejoratively, an immature or novice tools to perform them; pejoratively, an immature or novice
cracker. cracker.
Deprecated Term: It is likely that other cultures use different Deprecated Term: It is likely that other cultures use different
metaphors for this concept. Therefore, to avoid international metaphors for this concept. Therefore, to avoid international
misunderstanding, ISDs SHOULD NOT use this term. (See: Deprecated misunderstanding, IDOCs SHOULD NOT use this term. (See: Deprecated
Usage under "Green Book".) Usage under "Green Book".)
$ SDE $ SDE
(N) See: Secure Data Exchange. (N) See: Secure Data Exchange.
$ SDNS $ SDNS
(O) See: Secure Data Network System. (O) See: Secure Data Network System.
$ SDU $ SDU
(N) See: "service data unit" under "protocol data unit". (N) See: "service data unit" under "protocol data unit".
$ seal $ seal
1. (I) To use asymmetric cryptography to encrypt plain text with a 1. (I) To use asymmetric cryptography to encrypt plain text with a
public key in such a way that only the holder of the matching public key in such a way that only the holder of the matching
private key can learn what was the plain text. [Chau] (Compare: private key can learn what was the plain text. [Chau] (Compare:
shroud, wrap.) shroud, wrap.)
Deprecated Usage: ISDs SHOULD NOT use this term with definition 1 Deprecated Usage: An IDOC SHOULD NOT use this term with definition
unless the ISD includes the definition, because the definition is 1 unless the IDOC includes the definition, because the definition
not widely known and the concept can be expressed by using other, is not widely known and the concept can be expressed by using
standard terms. Instead, use "salt and encrypt" or other other, standard terms. Instead, use "salt and encrypt" or other
terminology that is specific with regard to the mechanism being terminology that is specific with regard to the mechanism being
used. used.
Tutorial: The definition does *not* say "only the holder of the Tutorial: The definition does *not* say "only the holder of the
matching private key can decrypt the ciphertext to learn what was matching private key can decrypt the ciphertext to learn what was
the plaintext"; sealing is stronger than that. If Alice simply the plaintext"; sealing is stronger than that. If Alice simply
encrypts a plaintext P with a public key K to produce ciphertext C encrypts a plaintext P with a public key K to produce ciphertext C
= K(P), then if Bob guesses that P = X, Bob could verify the guess = K(P), then if Bob guesses that P = X, Bob could verify the guess
by checking whether K(P) = K(X). To "seal" P and block Bob's by checking whether K(P) = K(X). To "seal" P and block Bob's
guessing attack, Alice could attach a long string R of random bits guessing attack, Alice could attach a long string R of random bits
to P before encrypting to produce C = K(P,R); if Bob guesses that to P before encrypting to produce C = K(P,R); if Bob guesses that
P = X, Bob can only test the guess by also guessing R. (See: P = X, Bob can only test the guess by also guessing R. (See:
salt.) salt.)
2. (D) To use cryptography to provide data integrity service for a 2. (D) To use cryptography to provide data integrity service for a
data object. (See: sign.) data object. (See: sign.)
Deprecated Definition: ISDs SHOULD NOT use this term with Deprecated Definition: IDOCs SHOULD NOT use this term with
definition 2. Instead, use a term that is more specific with definition 2. Instead, use a term that is more specific with
regard to the mechanism used to provide the data integrity regard to the mechanism used to provide the data integrity
service; e.g., use "sign" when the mechanism is digital signature. service; e.g., use "sign" when the mechanism is digital signature.
$ secret $ secret
1a. (I) /adjective/ The condition of information being protected 1a. (I) /adjective/ The condition of information being protected
from being known by any system entities except those that are from being known by any system entities except those that are
intended to know it. (See: data confidentiality.) intended to know it. (See: data confidentiality.)
1b. (I) /noun/ An item of information that is protected thusly. 1b. (I) /noun/ An item of information that is protected thusly.
Usage: This term applies to symmetric keys, private keys, and Usage: This term applies to symmetric keys, private keys, and
passwords. passwords.
$ secret key $ secret key
(D) A key that is kept secret or needs to be kept secret. (D) A key that is kept secret or needs to be kept secret.
Deprecated Term: ISDs SHOULD NOT use this term; it mixes concepts Deprecated Term: IDOCs SHOULD NOT use this term; it mixes concepts
in a potentially misleading way. In the context of asymmetric in a potentially misleading way. In the context of asymmetric
cryptography, ISDs SHOULD use "private key". In the context of cryptography, IDOCs SHOULD use "private key". In the context of
symmetric cryptography, the adjective "secret" is unnecessary symmetric cryptography, the adjective "secret" is unnecessary
because all keys must be kept secret. because all keys must be kept secret.
$ secret-key cryptography $ secret-key cryptography
(D) Synonym for "symmetric cryptography". (D) Synonym for "symmetric cryptography".
Deprecated Term: ISDs SHOULD NOT use this term; it could be Deprecated Term: IDOCs SHOULD NOT use this term; it could be
confused with "asymmetric cryptography", in which the private key confused with "asymmetric cryptography", in which the private key
is kept secret. is kept secret.
Derivation: Symmetric cryptography is sometimes called "secret-key Derivation: Symmetric cryptography is sometimes called "secret-key
cryptography" because entities that share the key, such as the cryptography" because entities that share the key, such as the
originator and the recipient of a message, need to keep the key originator and the recipient of a message, need to keep the key
secret from other entities. secret from other entities.
$ Secure BGP (S-BGP) $ Secure BGP (S-BGP)
(I) A project of BBN Technologies, sponsored by the U.S. DoD's (I) A project of BBN Technologies, sponsored by the U.S. DoD's
skipping to change at page 240, line 54 skipping to change at page 240, line 54
$ Secure Data Network System (SDNS) $ Secure Data Network System (SDNS)
(O) An NSA program that developed security protocols for (O) An NSA program that developed security protocols for
electronic mail (see: MSP), OSIRM Layer 3 (see: SP3), OSIRM Layer electronic mail (see: MSP), OSIRM Layer 3 (see: SP3), OSIRM Layer
4 (see: SP4), and key establishment (see: KMP). 4 (see: SP4), and key establishment (see: KMP).
$ secure distribution $ secure distribution
(I) See: trusted distribution. (I) See: trusted distribution.
$ Secure Hash Algorithm (SHA) $ Secure Hash Algorithm (SHA)
(N) A cryptographic hash function (specified in SHS) that produces (N) A cryptographic hash function (specified in SHS) that produces
a 160-bit output (hash result) for input data of any length < an output (see: "hash result") -- of selectable length of either
160, 224, 256, 384, or 512 bits -- for input data of any length <
2**64 bits. 2**64 bits.
$ Secure Hash Standard (SHS) $ Secure Hash Standard (SHS)
(N) The U.S. Government standard [FP180] that specifies SHA. (N) The U.S. Government standard [FP180] that specifies SHA.
$ Secure Hypertext Transfer Protocol (S-HTTP) $ Secure Hypertext Transfer Protocol (S-HTTP)
(I) A Internet protocol [R2660] for providing client-server (I) A Internet protocol [R2660] for providing client-server
security services for HTTP communications. (Compare: https.) security services for HTTP communications. (Compare: https.)
Tutorial: S-HTTP was originally specified by CommerceNet, a Tutorial: S-HTTP was originally specified by CommerceNet, a
skipping to change at page 241, line 52 skipping to change at page 241, line 53
- Multicast security policy: Policy translation and - Multicast security policy: Policy translation and
interpretation across the multiple administrative domains that interpretation across the multiple administrative domains that
typically are spanned by a multicast application. typically are spanned by a multicast application.
$ Secure Shell(trademark) (SSH(trademark)) $ Secure Shell(trademark) (SSH(trademark))
(N) Refers to a protocol for secure remote login and other secure (N) Refers to a protocol for secure remote login and other secure
network services. network services.
Usage: On the Web site of SSH Communication Security Corporation, Usage: On the Web site of SSH Communication Security Corporation,
at http://www.ssh.com/legal_notice.html, it says, "SSH [and] the at http://www.ssh.com/legal_notice.html, it says, "SSH [and] the
SSH logo . . . are either trademarks or registered trademarks of SSH logo ... are either trademarks or registered trademarks of
SSH." This Glossary seeks to make readers aware of this trademark SSH." This Glossary seeks to make readers aware of this trademark
claim but takes no position on its validity. claim but takes no position on its validity.
Tutorial: SSH has three main parts: Tutorial: SSH has three main parts:
- Transport layer protocol: Provides server authentication, - Transport layer protocol: Provides server authentication,
confidentiality, and integrity; and can optionally provide confidentiality, and integrity; and can optionally provide
compression. This layer typically runs over a TCP connection, compression. This layer typically runs over a TCP connection,
but might also run on top of any other reliable data stream. but might also run on top of any other reliable data stream.
- User authentication protocol: Authenticates the client-side - User authentication protocol: Authenticates the client-side
user to the server. It runs over the transport layer protocol. user to the server. It runs over the transport layer protocol.
skipping to change at page 244, line 37 skipping to change at page 244, line 38
3. (O) "A set of policy and cryptographic keys that provide 3. (O) "A set of policy and cryptographic keys that provide
security services to network traffic that matches that policy". security services to network traffic that matches that policy".
[R3740] (See: cryptographic association, group security [R3740] (See: cryptographic association, group security
association.) association.)
4. (O) "The totality of communications and security mechanisms and 4. (O) "The totality of communications and security mechanisms and
functions (e.g., communications protocols, security protocols, functions (e.g., communications protocols, security protocols,
security mechanisms and functions) that securely binds together security mechanisms and functions) that securely binds together
two security contexts in different end systems or relay systems two security contexts in different end systems or relay systems
supporting the same information domain." [DGSA] supporting the same information domain." [DoD6]
$ Security Association Database (SAD) $ Security Association Database (SAD)
(I) /IPsec/ In an IPsec implementation that operates in a network (I) /IPsec/ In an IPsec implementation that operates in a network
node, a database that contains parameters to describe the status node, a database that contains parameters to describe the status
and operation of each of the active security associations that the and operation of each of the active security associations that the
node has established with other nodes. Separate inbound and node has established with other nodes. Separate inbound and
outbound SADs are needed because of the directionality of IPsec outbound SADs are needed because of the directionality of IPsec
security associations. [R2401] (Compare: SPD.) security associations. [R2401] (Compare: SPD.)
$ security association identifier (SAID) $ security association identifier (SAID)
skipping to change at page 245, line 14 skipping to change at page 245, line 17
for having confidence that the system operates such that the for having confidence that the system operates such that the
system's security policy is enforced. (Compare: trust.) system's security policy is enforced. (Compare: trust.)
2. (I) A procedure that ensures a system is developed and operated 2. (I) A procedure that ensures a system is developed and operated
as intended by the system's security policy. as intended by the system's security policy.
3. (D) "The degree of confidence one has that the security 3. (D) "The degree of confidence one has that the security
controls operate correctly and protect the system as intended." controls operate correctly and protect the system as intended."
[SP12] [SP12]
Deprecated Definition: ISDs SHOULD NOT use definition 3; it is a Deprecated Definition: IDOCs SHOULD NOT use definition 3; it is a
definition for "assurance level" rather than for "assurance". definition for "assurance level" rather than for "assurance".
4. (D) /U.S. Government, identity authentication/ The (a) "degree 4. (D) /U.S. Government, identity authentication/ The (a) "degree
of confidence in the vetting process used to establish the of confidence in the vetting process used to establish the
identity of the individual to whom the [identity] credential was identity of the individual to whom the [identity] credential was
issued" and the (b) "degree of confidence that the individual who issued" and the (b) "degree of confidence that the individual who
uses the credential is the individual to whom the credential was uses the credential is the individual to whom the credential was
issued". [M0404] issued". [M0404]
Deprecated Definition: ISDs SHOULD NOT use definition 4; it mixes Deprecated Definition: IDOCs SHOULD NOT use definition 4; it mixes
concepts in a potentially misleading way. Part "a" is a definition concepts in a potentially misleading way. Part "a" is a definition
for "assurance level" (rather than "security assurance") of an for "assurance level" (rather than "security assurance") of an
identity registration process; and part "b" is a definition for identity registration process; and part "b" is a definition for
"assurance level" (rather than "security assurance") of an "assurance level" (rather than "security assurance") of an
identity authentication process. Also, the processes of identity authentication process. Also, the processes of
registration and authentication should be defined and designed registration and authentication should be defined and designed
separately to ensure clarity in certification. separately to ensure clarity in certification.
$ security audit $ security audit
(I) An independent review and examination of a system's records (I) An independent review and examination of a system's records
skipping to change at page 246, line 28 skipping to change at page 246, line 31
In computer and network security, the principle of "no security by In computer and network security, the principle of "no security by
obscurity" also applies to security mechanisms other than obscurity" also applies to security mechanisms other than
cryptography. For example, if the design and implementation of a cryptography. For example, if the design and implementation of a
protocol for access control are strong, then reading the protocol for access control are strong, then reading the
protocol's source code should not enable you to find a way to protocol's source code should not enable you to find a way to
evade the protection and penetrate the system. evade the protection and penetrate the system.
$ security class $ security class
(D) Synonym for "security level". (D) Synonym for "security level".
Deprecated Term: ISDs SHOULD NOT use this term. Instead, use Deprecated Term: IDOCs SHOULD NOT use this term. Instead, use
"security level", which is more widely established and understood. "security level", which is more widely established and understood.
$ security clearance $ security clearance
(I) A determination that a person is eligible, under the standards (I) A determination that a person is eligible, under the standards
of a specific security policy, for authorization to access of a specific security policy, for authorization to access
sensitive information or other system resources. (See: clearance sensitive information or other system resources. (See: clearance
level.) level.)
$ security compromise $ security compromise
(I) A security violation in which a system resource is exposed, or (I) A security violation in which a system resource is exposed, or
skipping to change at page 248, line 29 skipping to change at page 248, line 31
$ security incident $ security incident
1. (I) A security event that involves a security violation. (See: 1. (I) A security event that involves a security violation. (See:
CERT, security event, security intrusion, security violation.) CERT, security event, security intrusion, security violation.)
Tutorial: In other words, a security event in which the system's Tutorial: In other words, a security event in which the system's
security policy is disobeyed or otherwise breached. security policy is disobeyed or otherwise breached.
2. (D) "Any adverse event [that] compromises some aspect of 2. (D) "Any adverse event [that] compromises some aspect of
computer or network security." [R2350] computer or network security." [R2350]
Deprecated Definition: ISDs SHOULD NOT use definition 2 because Deprecated Definition: IDOCs SHOULD NOT use definition 2 because
(a) a security incident may occur without actually being harmful (a) a security incident may occur without actually being harmful
(i.e., adverse) and because (b) this Glossary defines "compromise" (i.e., adverse) and because (b) this Glossary defines "compromise"
more narrowly in relation to unauthorized access. more narrowly in relation to unauthorized access.
3. (D) "A violation or imminent threat of violation of computer 3. (D) "A violation or imminent threat of violation of computer
security policies, acceptable use policies, or standard computer security policies, acceptable use policies, or standard computer
security practices." [SP61] security practices." [SP61]
Deprecated Definition: ISDs SHOULD NOT use definition 3 because it Deprecated Definition: IDOCs SHOULD NOT use definition 3 because
mixes concepts in way that does not agree with common usage; a it mixes concepts in way that does not agree with common usage; a
security incident is commonly thought of as involving a security incident is commonly thought of as involving a
realization of a threat (see: threat action), not just a threat. realization of a threat (see: threat action), not just a threat.
$ security intrusion $ security intrusion
(I) A security event, or a combination of multiple security (I) A security event, or a combination of multiple security
events, that constitutes a security incident in which an intruder events, that constitutes a security incident in which an intruder
gains, or attempts to gain, access to a system or system resource gains, or attempts to gain, access to a system or system resource
without having authorization to do so. without having authorization to do so.
$ security kernel $ security kernel
skipping to change at page 248, line 54 skipping to change at page 249, line 4
(I) A security event, or a combination of multiple security (I) A security event, or a combination of multiple security
events, that constitutes a security incident in which an intruder events, that constitutes a security incident in which an intruder
gains, or attempts to gain, access to a system or system resource gains, or attempts to gain, access to a system or system resource
without having authorization to do so. without having authorization to do so.
$ security kernel $ security kernel
(I) "The hardware, firmware, and software elements of a trusted (I) "The hardware, firmware, and software elements of a trusted
computing base that implement the reference monitor concept. It computing base that implement the reference monitor concept. It
must mediate all accesses, be protected from modification, and be must mediate all accesses, be protected from modification, and be
verifiable as correct." [NCS04] (See: kernel, TCB.) verifiable as correct." [NCS04] (See: kernel, TCB.)
Tutorial: A security kernel is an implementation of a reference Tutorial: A security kernel is an implementation of a reference
monitor for a given hardware base. [Huff] monitor for a given hardware base. [Huff]
$ security label $ security label
(I) An item of meta-data that designates the value of one or more (I) An item of meta-data that designates the value of one or more
security-relevant attributes (e.g., security level) of a system security-relevant attributes (e.g., security level) of a system
resource. (See: [R1457]. Compare: security marking.) resource. (See: [R1457]. Compare: security marking.)
Deprecated usage: To avoid confusion, ISDs SHOULD NOT use Deprecated usage: To avoid confusion, IDOCs SHOULD NOT use
"security label" for "security marking", or vice versa, even "security label" for "security marking", or vice versa, even
though that is commonly done (including in some national and though that is commonly done (including in some national and
international standards that should know better). international standards that should know better).
Tutorial: Humans and automated security mechanisms use a security Tutorial: Humans and automated security mechanisms use a security
label of a system resource to determine, according to applicable label of a system resource to determine, according to applicable
security policy, how to control access to the resource (and they security policy, how to control access to the resource (and they
affix appropriate, matching security markings to physical affix appropriate, matching security markings to physical
instances of the resource). Security labels are most often used to instances of the resource). Security labels are most often used to
support data confidentiality policy, and sometimes used to support support data confidentiality policy, and sometimes used to support
skipping to change at page 249, line 44 skipping to change at page 249, line 45
Both classified and unclassified system resources may require a Both classified and unclassified system resources may require a
security label. (See: FOUO.) security label. (See: FOUO.)
$ security level $ security level
(I) The combination of a hierarchical classification level and a (I) The combination of a hierarchical classification level and a
set of non-hierarchical category designations that represents how set of non-hierarchical category designations that represents how
sensitive a specified type or item of information is. (See: sensitive a specified type or item of information is. (See:
dominate, lattice model. Compare: classification level.) dominate, lattice model. Compare: classification level.)
Usage: ISDs that use this term SHOULD state a definition for it. Usage: IDOCs that use this term SHOULD state a definition for it.
The term is usually understood to involve sensitivity to The term is usually understood to involve sensitivity to
disclosure, but it also is used in many other ways and could disclosure, but it also is used in many other ways and could
easily be misunderstood. easily be misunderstood.
$ Security Level field $ Security Level field
(I) A 16-bit field that specifies a security level value in the (I) A 16-bit field that specifies a security level value in the
security option (option type 130) of version 4 IP's datagram security option (option type 130) of version 4 IP's datagram
header format. header format.
Deprecated Abbreviation: ISDs SHOULD NOT use the abbreviation "S Deprecated Abbreviation: IDOCs SHOULD NOT use the abbreviation "S
field", which is potentially ambiguous. field", which is potentially ambiguous.
$ security management infrastructure (SMI) $ security management infrastructure (SMI)
(I) System components and activities that support security policy (I) System components and activities that support security policy
by monitoring and controlling security services and mechanisms, by monitoring and controlling security services and mechanisms,
distributing security information, and reporting security events. distributing security information, and reporting security events.
Tutorial: The associated functions are as follows [I7498-4]: Tutorial: The associated functions are as follows [I7498-4]:
- Controlling (granting or restricting) access to system - Controlling (granting or restricting) access to system
resources: This includes verifying authorizations and resources: This includes verifying authorizations and
skipping to change at page 250, line 52 skipping to change at page 250, line 55
Usage: Usually understood to refer primarily to components of Usage: Usually understood to refer primarily to components of
communication security, computer security, and emanation security. communication security, computer security, and emanation security.
Examples: Authentication exchange, checksum, digital signature, Examples: Authentication exchange, checksum, digital signature,
encryption, and traffic padding. encryption, and traffic padding.
$ security model $ security model
(I) A schematic description of a set of entities and relationships (I) A schematic description of a set of entities and relationships
by which a specified set of security services are provided by or by which a specified set of security services are provided by or
within a system. Example: Bell-LaPadula model, OSIRM . (See: within a system. Example: Bell-LaPadula model, OSIRM. (See:
Tutorial under "security policy".) Tutorial under "security policy".)
$ security parameters index (SPI) $ security parameters index (SPI)
1. (I) /IPsec/ A 32-bit identifier used to distinguish among 1. (I) /IPsec/ A 32-bit identifier used to distinguish among
security associations that terminate at the same destination (IP security associations that terminate at the same destination (IP
address) and use the same security protocol (AH or ESP). Carried address) and use the same security protocol (AH or ESP). Carried
in AH and ESP to enable the receiving system to determine under in AH and ESP to enable the receiving system to determine under
which security association to process a received packet. which security association to process a received packet.
2. (I) /mobile IP/ A 32-bit index identifying a security 2. (I) /mobile IP/ A 32-bit index identifying a security
skipping to change at page 251, line 25 skipping to change at page 251, line 25
protocol messages that the nodes exchange. protocol messages that the nodes exchange.
$ security perimeter $ security perimeter
(I) A physical or logical boundary that is defined for a domain or (I) A physical or logical boundary that is defined for a domain or
enclave and within which a particular security policy or security enclave and within which a particular security policy or security
architecture applies. (See: insider, outsider.) architecture applies. (See: insider, outsider.)
$ security policy $ security policy
1. (I) A definite goal, course, or method of action to guide and 1. (I) A definite goal, course, or method of action to guide and
determine present and future decisions concerning security in a determine present and future decisions concerning security in a
system. [R3198] (Compare: certificate policy.) system. [NCS03, R3198] (Compare: certificate policy.)
2a. (I) A set of policy rules (or principles) that direct how a 2a. (I) A set of policy rules (or principles) that direct how a
system (or an organization) provides security services to protect system (or an organization) provides security services to protect
sensitive and critical system resources. (See: identity-based sensitive and critical system resources. (See: identity-based
security policy, policy rule, rule-based security policy, rules of security policy, policy rule, rule-based security policy, rules of
behavior. Compare: security architecture, security doctrine, behavior. Compare: security architecture, security doctrine,
security mechanism, security model, [R1281].) security mechanism, security model, [R1281].)
2b. (O) A set of rules to administer, manage, and control access 2b. (O) A set of rules to administer, manage, and control access
to network resources. [R3060, R3198] to network resources. [R3060, R3198]
skipping to change at page 253, line 19 skipping to change at page 253, line 19
data security at the top of OSIRM Layer 3. (Compare: IPsec, NLSP.) data security at the top of OSIRM Layer 3. (Compare: IPsec, NLSP.)
$ Security Protocol 4 (SP4) $ Security Protocol 4 (SP4)
(O) A protocol [SDNS4] developed by SDNS to provide either (O) A protocol [SDNS4] developed by SDNS to provide either
connectionless or end-to-end connection-oriented data security at connectionless or end-to-end connection-oriented data security at
the bottom of OSIRM Layer 4. (See: TLSP.) the bottom of OSIRM Layer 4. (See: TLSP.)
$ security-relevant event $ security-relevant event
(D) Synonym for "security event". (D) Synonym for "security event".
Deprecated Term: ISDs SHOULD NOT use this term; it is wordy. Deprecated Term: IDOCs SHOULD NOT use this term; it is wordy.
$ security-sensitive function $ security-sensitive function
(D) Synonym for "security function". (D) Synonym for "security function".
Deprecated Term: ISDs SHOULD NOT use this term; it is wordy. Deprecated Term: IDOCs SHOULD NOT use this term; it is wordy.
$ security service $ security service
1. (I) A processing or communication service that is provided by a 1. (I) A processing or communication service that is provided by a
system to give a specific kind of protection to system resources. system to give a specific kind of protection to system resources.
(See: access control service, audit service, availability service, (See: access control service, audit service, availability service,
data confidentiality service, data integrity service, data origin data confidentiality service, data integrity service, data origin
authentication service, non-repudiation service, peer entity authentication service, non-repudiation service, peer entity
authentication service, system integrity service.) authentication service, system integrity service.)
Tutorial: Security services implement security policies, and are Tutorial: Security services implement security policies, and are
skipping to change at page 256, line 24 skipping to change at page 256, line 24
defense or foreign policy. defense or foreign policy.
Tutorial: Systems that are not U.S. national security systems, but Tutorial: Systems that are not U.S. national security systems, but
contain sensitive U.S. Federal Government information, must be contain sensitive U.S. Federal Government information, must be
protected according to the Computer Security Act of 1987 (Public protected according to the Computer Security Act of 1987 (Public
Law 100-235). (See: national security.) Law 100-235). (See: national security.)
$ sensitivity label $ sensitivity label
(D) Synonym for "classification label". (D) Synonym for "classification label".
Deprecated term: ISDs SHOULD NOT use this term because the Deprecated term: IDOCs SHOULD NOT use this term because the
definition of "sensitive" involves not only data confidentiality, definition of "sensitive" involves not only data confidentiality,
but also data integrity. but also data integrity.
$ sensitivity level $ sensitivity level
(D) Synonym for "classification level". (D) Synonym for "classification level".
Deprecated term: ISDs SHOULD NOT use this term because the Deprecated term: IDOCs SHOULD NOT use this term because the
definition of "sensitive" involves not only data confidentiality, definition of "sensitive" involves not only data confidentiality,
but also data integrity. but also data integrity.
$ separation of duties $ separation of duties
(I) The practice of dividing the steps in a system process among (I) The practice of dividing the steps in a system process among
different individual entities (i.e., different users or different different individual entities (i.e., different users or different
roles) so as to prevent a single entity acting alone from being roles) so as to prevent a single entity acting alone from being
able to subvert the process. Usage: a.k.a. "separation of able to subvert the process. Usage: a.k.a. "separation of
privilege". (See: administrative security, dual control.) privilege". (See: administrative security, dual control.)
skipping to change at page 258, line 45 skipping to change at page 258, line 45
$ SHA, SHA-1, SHA-2 $ SHA, SHA-1, SHA-2
(N) See: Secure Hash Algorithm. (N) See: Secure Hash Algorithm.
$ shared identity $ shared identity
(I) See: secondary definition under "identity". (I) See: secondary definition under "identity".
$ shared secret $ shared secret
(D) Synonym for "cryptographic key" or "password". (D) Synonym for "cryptographic key" or "password".
Deprecated Usage: ISDs that use this term SHOULD state a Deprecated Usage: IDOCs that use this term SHOULD state a
definition for it because the term is used in many ways and could definition for it because the term is used in many ways and could
easily be misunderstood. easily be misunderstood.
$ shielded enclosure $ shielded enclosure
(O) "Room or container designed to attenuate electromagnetic (O) "Room or container designed to attenuate electromagnetic
radiation." [C4009] (See: emanation. Compare: SCIF.) radiation." [C4009] (See: emanation. Compare: SCIF.)
$ short title $ short title
(O) "Identifying combination of letters and numbers assigned to (O) "Identifying combination of letters and numbers assigned to
certain items of COMSEC material to facilitate handling, certain items of COMSEC material to facilitate handling,
accounting, and controlling." [C4009] (Compare: KMID, long title.) accounting, and controlling." [C4009] (Compare: KMID, long title.)
$ shroud $ shroud
(D) /verb/ To encrypt a private key, possibly in concert with a (D) /verb/ To encrypt a private key, possibly in concert with a
policy that prevents the key from ever being available in policy that prevents the key from ever being available in
cleartext form beyond a certain, well-defined security perimeter. cleartext form beyond a certain, well-defined security perimeter.
[PKCS12] (See: encrypt. Compare: seal, wrap.) [PKC12] (See: encrypt. Compare: seal, wrap.)
Deprecated Term: ISDs SHOULD NOT use this term as defined here; Deprecated Term: IDOCs SHOULD NOT use this term as defined here;
the definition duplicates the meaning of other, standard terms. the definition duplicates the meaning of other, standard terms.
Instead, use "encrypt" or other terminology that is specific with Instead, use "encrypt" or other terminology that is specific with
regard to the mechanism being used. regard to the mechanism being used.
$ SHS $ SHS
(N) See: Secure Hash Standard. (N) See: Secure Hash Standard.
$ sign $ sign
(I) Create a digital signature for a data object. (See: signer.) (I) Create a digital signature for a data object. (See: signer.)
skipping to change at page 261, line 26 skipping to change at page 261, line 26
established and used to encrypt the session key, and the encrypted established and used to encrypt the session key, and the encrypted
session key is placed in a SKIP header that is added to each IP session key is placed in a SKIP header that is added to each IP
packet that is encrypted with that session key. packet that is encrypted with that session key.
$ Simple Mail Transfer Protocol (SMTP) $ Simple Mail Transfer Protocol (SMTP)
(I) A TCP-based, Application-Layer, Internet Standard protocol (I) A TCP-based, Application-Layer, Internet Standard protocol
(RFC 821) for moving electronic mail messages from one computer to (RFC 821) for moving electronic mail messages from one computer to
another. another.
$ Simple Network Management Protocol (SNMP) $ Simple Network Management Protocol (SNMP)
(I) A TCP-based, Application-Layer, Internet Standard protocol (I) A (usually) UDP-based, Application-Layer, Internet Standard
(RFCs 3410-3418) for conveying management information between protocol (RFCs 3410-3418) for conveying management information
system components that act as managers and agents. between system components that act as managers and agents.
$ Simple Public Key Infrastructure (SPKI) $ Simple Public Key Infrastructure (SPKI)
(I) A set of experimental concepts (RFCs 2692, 2693) that were (I) A set of experimental concepts (RFCs 2692, 2693) that were
proposed as alternatives to the concepts standardized in PKIX. proposed as alternatives to the concepts standardized in PKIX.
$ simple security property $ simple security property
(N) /formal model/ Property of a system whereby a subject has (N) /formal model/ Property of a system whereby a subject has
read access to an object only if the clearance of the subject read access to an object only if the clearance of the subject
dominates the classification of the object. See: Bell-LaPadula dominates the classification of the object. See: Bell-LaPadula
model. model.
skipping to change at page 263, line 24 skipping to change at page 263, line 24
$ SMTP $ SMTP
(I) See: Simple Mail Transfer Protocol. (I) See: Simple Mail Transfer Protocol.
$ smurf attack $ smurf attack
(D) /slang/ A denial-of-service attack that uses IP broadcast (D) /slang/ A denial-of-service attack that uses IP broadcast
addressing to send ICMP ping packets with the intent of flooding a addressing to send ICMP ping packets with the intent of flooding a
system. (See: fraggle attack, ICMP flood.) system. (See: fraggle attack, ICMP flood.)
Deprecated Term: It is likely that other cultures use different Deprecated Term: It is likely that other cultures use different
metaphors for this concept. Therefore, to avoid international metaphors for this concept. Therefore, to avoid international
misunderstanding, ISDs SHOULD NOT use this term. misunderstanding, IDOCs SHOULD NOT use this term.
Derivation: The Smurfs are a fictional race of small, blue Derivation: The Smurfs are a fictional race of small, blue
creatures that were created by a cartoonist. Perhaps the inventor creatures that were created by a cartoonist. Perhaps the inventor
of this attack thought that a swarm of ping packets resembled a of this attack thought that a swarm of ping packets resembled a
gang of smurfs. (See: Deprecated Usage under "Green Book".) gang of smurfs. (See: Deprecated Usage under "Green Book".)
Tutorial: The attacker sends ICMP echo request ("ping") packets Tutorial: The attacker sends ICMP echo request ("ping") packets
that appear to originate not from the attacker's own IP address, that appear to originate not from the attacker's own IP address,
but from the address of the host or router that is the target of but from the address of the host or router that is the target of
the attack. Each packet is addressed to an IP broadcast address, the attack. Each packet is addressed to an IP broadcast address,
skipping to change at page 263, line 48 skipping to change at page 263, line 48
disrupt service at a particular host, at the hosts that depend on disrupt service at a particular host, at the hosts that depend on
a particular router, or in an entire network. a particular router, or in an entire network.
$ sneaker net $ sneaker net
(D) /slang/ A process that transfers data between systems only (D) /slang/ A process that transfers data between systems only
manually, under human control; i.e., a data transfer process that manually, under human control; i.e., a data transfer process that
involves an air gap. involves an air gap.
Deprecated Term: It is likely that other cultures use different Deprecated Term: It is likely that other cultures use different
metaphors for this concept. Therefore, to avoid international metaphors for this concept. Therefore, to avoid international
misunderstanding, ISDs SHOULD NOT use this term. misunderstanding, IDOCs SHOULD NOT use this term.
$ Snefru $ Snefru
(N) A public-domain, cryptographic hash function (a.k.a. "The (N) A public-domain, cryptographic hash function (a.k.a. "The
Xerox Secure Hash Function") designed by Ralph C. Merkle at Xerox Xerox Secure Hash Function") designed by Ralph C. Merkle at Xerox
Corporation. Snefru can produce either a 128-bit or 256-bit output Corporation. Snefru can produce either a 128-bit or 256-bit output
(i.e., hash result). [Schn] (See: Khafre, Khufu.) (i.e., hash result). [Schn] (See: Khafre, Khufu.)
$ sniffing $ sniffing
(D) /slang/ Synonym for "passive wiretapping"; most often refers (D) /slang/ Synonym for "passive wiretapping"; most often refers
to capturing and examining the data packets carried on a LAN. to capturing and examining the data packets carried on a LAN.
(See: password sniffing.) (See: password sniffing.)
Deprecated Term: ISDs SHOULD NOT use this term; it unnecessarily Deprecated Term: IDOCs SHOULD NOT use this term; it unnecessarily
duplicates the meaning of a term that is better established. (See: duplicates the meaning of a term that is better established. (See:
Deprecated Usage under "Green Book". Deprecated Usage under "Green Book".
$ SNMP $ SNMP
(I) See: Simple Network Management Protocol. (I) See: Simple Network Management Protocol.
$ social engineering $ social engineering
(D) Euphemism for non-technical or low-technology methods, often (D) Euphemism for non-technical or low-technology methods, often
involving trickery or fraud, that are used to attack information involving trickery or fraud, that are used to attack information
systems. Example: phishing. systems. Example: phishing.
Deprecated Term: ISDs SHOULD NOT use this term; it is too vague. Deprecated Term: IDOCs SHOULD NOT use this term; it is too vague.
Instead, use a term that is specific with regard to the means of Instead, use a term that is specific with regard to the means of
attack, e.g., blackmail, bribery, coercion, impersonation, attack, e.g., blackmail, bribery, coercion, impersonation,
intimidation, lying, or theft. intimidation, lying, or theft.
$ SOCKS $ SOCKS
(I) An Internet protocol [R1928] that provides a generalized proxy (I) An Internet protocol [R1928] that provides a generalized proxy
server that enables client-server applications (e.g., TELNET, FTP, server that enables client-server applications (e.g., TELNET, FTP,
or HTTP; running over either TCP or UDP) to use the services of a or HTTP; running over either TCP or UDP) to use the services of a
firewall. firewall.
skipping to change at page 264, line 52 skipping to change at page 264, line 52
$ soft TEMPEST $ soft TEMPEST
(O) The use of software techniques to reduce the radio frequency (O) The use of software techniques to reduce the radio frequency
information leakage from computer displays and keyboards. [Kuhn] information leakage from computer displays and keyboards. [Kuhn]
(See: TEMPEST.) (See: TEMPEST.)
$ soft token $ soft token
(D) A data object that is used to control access or authenticate (D) A data object that is used to control access or authenticate
authorization. (See: token.) authorization. (See: token.)
Deprecated Term: ISDs SHOULD NOT use this term as defined here; Deprecated Term: IDOCs SHOULD NOT use this term as defined here;
the definition duplicates the meaning of other, standard terms. the definition duplicates the meaning of other, standard terms.
Instead, use "attribute certificate" or another term that is Instead, use "attribute certificate" or another term that is
specific with regard to the mechanism being used. specific with regard to the mechanism being used.
$ software $ software
(I) Computer programs (which are stored in and executed by (I) Computer programs (which are stored in and executed by
computer hardware) and associated data (which also is stored in computer hardware) and associated data (which also is stored in
the hardware) that may be dynamically written or modified during the hardware) that may be dynamically written or modified during
execution. (Compare: firmware.) execution. (Compare: firmware.)
skipping to change at page 265, line 23 skipping to change at page 265, line 23
"exposure", and "incapacitation". "exposure", and "incapacitation".
$ SORA $ SORA
(O) See: SSO-PIN ORA. (O) See: SSO-PIN ORA.
$ source authentication $ source authentication
(D) Synonym for "data origin authentication" or "peer entity (D) Synonym for "data origin authentication" or "peer entity
authentication". (See: data origin authentication, peer entity authentication". (See: data origin authentication, peer entity
authentication). authentication).
Deprecated Term: ISDs SHOULD NOT use this term because it is Deprecated Term: IDOCs SHOULD NOT use this term because it is
ambiguous and, in either meaning, duplicates the meaning of ambiguous and, in either meaning, duplicates the meaning of
internationally standardized terms. If the intent is to internationally standardized terms. If the intent is to
authenticate the original creator or packager of data received, authenticate the original creator or packager of data received,
then use "data origin authentication". If the intent is to then use "data origin authentication". If the intent is to
authenticate the identity of the sender of data in the current authenticate the identity of the sender of data in the current
instance, then use "peer entity authentication". instance, then use "peer entity authentication".
$ source integrity $ source integrity
(I) The property that data is trustworthy (i.e., worthy of (I) The property that data is trustworthy (i.e., worthy of
reliance or trust), based on the trustworthiness of its sources reliance or trust), based on the trustworthiness of its sources
skipping to change at page 266, line 4 skipping to change at page 266, line 4
$ SP4 $ SP4
(O) See: Security Protocol 4. (O) See: Security Protocol 4.
$ spam $ spam
1a. (I) /slang verb/ To indiscriminately send unsolicited, 1a. (I) /slang verb/ To indiscriminately send unsolicited,
unwanted, irrelevant, or inappropriate messages, especially unwanted, irrelevant, or inappropriate messages, especially
commercial advertising in mass quantities. commercial advertising in mass quantities.
1b. (I) /slang noun/ Electronic "junk mail". [R2635] 1b. (I) /slang noun/ Electronic "junk mail". [R2635]
Deprecated Usage: ISDs SHOULD NOT use this term in upper-case Deprecated Usage: IDOCs SHOULD NOT use this term in upper-case
letters, because SPAM(trademark) is a trademark of Hormel Foods letters, because SPAM(trademark) is a trademark of Hormel Foods
Corporation. Hormel says, "We do not object to use of this slang Corporation. Hormel says, "We do not object to use of this slang
term [spam] to describe [unsolicited advertising email], although term [spam] to describe [unsolicited advertising email], although
we do object to the use of our product image in association with we do object to the use of our product image in association with
that term. Also, if the term is to be used, it SHOULD be used in that term. Also, if the term is to be used, it SHOULD be used in
all lower-case letters to distinguish it from our trademark SPAM, all lower-case letters to distinguish it from our trademark SPAM,
which SHOULD be used with all uppercase letters." (See: metadata.) which SHOULD be used with all uppercase letters." (See: metadata.)
Tutorial: In sufficient volume, spam can cause denial of service. Tutorial: In sufficient volume, spam can cause denial of service.
(See: flooding.) According to Hormel, the term was adopted as a (See: flooding.) According to Hormel, the term was adopted as a
skipping to change at page 267, line 34 skipping to change at page 267, line 34
technique decreases potential interference to other receivers, technique decreases potential interference to other receivers,
while achieving data confidentiality and increasing immunity of while achieving data confidentiality and increasing immunity of
spread spectrum receivers to noise and interference. spread spectrum receivers to noise and interference.
$ spyware $ spyware
(D) /slang/ Software that an intruder has installed (D) /slang/ Software that an intruder has installed
surreptitiously on a networked computer to gather data from that surreptitiously on a networked computer to gather data from that
computer and send it through the network to the intruder or some computer and send it through the network to the intruder or some
other interested party. (See: malicious logic, Trojan horse.) other interested party. (See: malicious logic, Trojan horse.)
Deprecated Usage: ISDs that use this term SHOULD state a Deprecated Usage: IDOCs that use this term SHOULD state a
definition for it because the term is used in many ways and could definition for it because the term is used in many ways and could
easily be misunderstood. easily be misunderstood.
Tutorial: Some examples of the types of data that might be Tutorial: Some examples of the types of data that might be
gathered by spyware are application files, passwords, email gathered by spyware are application files, passwords, email
addresses, usage histories, and keystrokes. Some examples of addresses, usage histories, and keystrokes. Some examples of
motivations for gathering the data are blackmail, financial fraud, motivations for gathering the data are blackmail, financial fraud,
identity theft, industrial espionage, market research, and identity theft, industrial espionage, market research, and
voyeurism. voyeurism.
skipping to change at page 268, line 19 skipping to change at page 268, line 19
use by an end user and also the functions intended for use by a use by an end user and also the functions intended for use by a
MISSI CA. (See: user PIN.) MISSI CA. (See: user PIN.)
$ SSO-PIN ORA (SORA) $ SSO-PIN ORA (SORA)
(O) /MISSI/ A MISSI organizational RA that operates in a mode in (O) /MISSI/ A MISSI organizational RA that operates in a mode in
which the ORA performs all card management functions and, which the ORA performs all card management functions and,
therefore, requires knowledge of the SSO PIN for FORTEZZA PC cards therefore, requires knowledge of the SSO PIN for FORTEZZA PC cards
issued to end users. issued to end users.
$ Standards for Interoperable LAN/MAN Security (SILS) $ Standards for Interoperable LAN/MAN Security (SILS)
1. (N) The IEEE 802.10 standards committee. (See: FP191.) 1. (N) The IEEE 802.10 standards committee. (See: [FP191].)
2. (N) A set of IEEE standards, which has eight parts: (a) Model, 2. (N) A set of IEEE standards, which has eight parts: (a) Model,
including security management, (b) Secure Data Exchange protocol, including security management, (b) Secure Data Exchange protocol,
(c) Key Management, (d) [has been incorporated in (a)], (e) SDE (c) Key Management, (d) [has been incorporated in (a)], (e) SDE
Over Ethernet 2.0, (f) SDE Sublayer Management, (g) SDE Security Over Ethernet 2.0, (f) SDE Sublayer Management, (g) SDE Security
Labels, and (h) SDE PICS Conformance. Parts b, e, f, g, and h are Labels, and (h) SDE PICS Conformance. Parts b, e, f, g, and h are
incorporated in IEEE Standard 802.10-1998. incorporated in IEEE Standard 802.10-1998.
$ star property $ star property
(N) See: *-property. (N) See: *-property.
$ Star Trek attack $ Star Trek attack
(D) /slang/ An attack that penetrates your system where no attack (D) /slang/ An attack that penetrates your system where no attack
has ever gone before. has ever gone before.
Deprecated Usage: ISDs SHOULD NOT use this term; it is a joke for Deprecated Usage: IDOCs SHOULD NOT use this term; it is a joke for
Trekkies. (See: Deprecated Usage under "Green Book".) Trekkies. (See: Deprecated Usage under "Green Book".)
$ static $ static
(I) /adjective/ Refers to a cryptographic key or other parameter (I) /adjective/ Refers to a cryptographic key or other parameter
that is relatively long-lived. (Compare: ephemeral.) that is relatively long-lived. (Compare: ephemeral.)
$ steganography $ steganography
(I) Methods of hiding the existence of a message or other data. (I) Methods of hiding the existence of a message or other data.
This is different than cryptography, which hides the meaning of a This is different than cryptography, which hides the meaning of a
message but does not hide the message itself. Examples: For message but does not hide the message itself. Examples: For
skipping to change at page 269, line 36 skipping to change at page 269, line 36
- "Reordering": The destination receives packets in a different - "Reordering": The destination receives packets in a different
order than that in which they were sent by the source. order than that in which they were sent by the source.
- "Deletion": A packet sent by the source is not ever delivered - "Deletion": A packet sent by the source is not ever delivered
to the intended destination. to the intended destination.
- "Delay": A packet is detained for some period of time at a - "Delay": A packet is detained for some period of time at a
relay, thus hampering and postponing the packet's normal timely relay, thus hampering and postponing the packet's normal timely
delivery from source to destination. delivery from source to destination.
$ strength $ strength
1. (I) /cryptography/ A cryptographic mechanism's level of 1. (I) /cryptography/ A cryptographic mechanism's level of
resistance to attacks [R3776]. (See: entropy, strong, work resistance to attacks [R3766]. (See: entropy, strong, work
factor.) factor.)
2. (N) /Common Criteria/ "Strength of function" is a 2. (N) /Common Criteria/ "Strength of function" is a
"qualification of a TOE security function expressing the minimum "qualification of a TOE security function expressing the minimum
efforts assumed necessary to defeat its expected security behavior efforts assumed necessary to defeat its expected security behavior
by directly attacking its underlying security mechanisms": (See: by directly attacking its underlying security mechanisms": (See:
strong.) strong.)
- Basic: "A level of the TOE strength of function where analysis - Basic: "A level of the TOE strength of function where analysis
shows that the function provides adequate protection against shows that the function provides adequate protection against
casual breach of TOE security by attackers possessing a low casual breach of TOE security by attackers possessing a low
skipping to change at page 270, line 35 skipping to change at page 270, line 35
subset of the set of objects. (See: Bell-LaPadula model, object.) subset of the set of objects. (See: Bell-LaPadula model, object.)
2. (I) /digital certificate/ The name (of a system entity) that is 2. (I) /digital certificate/ The name (of a system entity) that is
bound to the data items in a digital certificate; e.g., a DN that bound to the data items in a digital certificate; e.g., a DN that
is bound to a key in a public-key certificate. (See: X.509.) is bound to a key in a public-key certificate. (See: X.509.)
$ subject CA $ subject CA
(D) The CA that is the subject of a cross-certificate issued by (D) The CA that is the subject of a cross-certificate issued by
another CA. [X509] (See: cross-certification.) another CA. [X509] (See: cross-certification.)
Deprecated Term: ISDs SHOULD NOT use this term because it is not Deprecated Term: IDOCs SHOULD NOT use this term because it is not
widely known and could be misunderstood. Instead, say "the CA that widely known and could be misunderstood. Instead, say "the CA that
is the subject of the cross-certificate". is the subject of the cross-certificate".
$ subnetwork $ subnetwork
(N) An OSI term for a system of packet relays and connecting links (N) An OSI term for a system of packet relays and connecting links
that implement OSIRM layer 2 or 3 to provide a communication that implement OSIRM layer 2 or 3 to provide a communication
service that interconnects attached end systems. Usually, the service that interconnects attached end systems. Usually, the
relays are all of the same type (e.g., X.25 packet switches, or relays are all of the same type (e.g., X.25 packet switches, or
interface units in an IEEE 802.3 LAN). (See: gateway, internet, interface units in an IEEE 802.3 LAN). (See: gateway, internet,
router.) router.)
skipping to change at page 273, line 39 skipping to change at page 273, line 39
$ synchronization $ synchronization
(I) Any technique by which a receiving (decrypting) cryptographic (I) Any technique by which a receiving (decrypting) cryptographic
process attains an internal state that matches the transmitting process attains an internal state that matches the transmitting
(encrypting) process, i.e., has the appropriate keying material to (encrypting) process, i.e., has the appropriate keying material to
process the cipher text and is correctly initialized to do so. process the cipher text and is correctly initialized to do so.
$ system $ system
(I) Synonym for "information system". (I) Synonym for "information system".
Usage: This is a generic definition, and is the one with which the Usage: This is a generic definition, and is the one with which the
term is used in this Glossary. However, ISDs that use the term, term is used in this Glossary. However, IDOCs that use the term,
especially ISDs that are protocol specifications, SHOULD state a especially IDOCs that are protocol specifications, SHOULD state a
more specific definition. Also, ISDs that specify security more specific definition. Also, IDOCs that specify security
features, services, and assurances need to define which system features, services, and assurances need to define which system
components and system resources are inside the applicable security components and system resources are inside the applicable security
perimeter and which are outside. (See: security architecture.) perimeter and which are outside. (See: security architecture.)
$ system architecture $ system architecture
(N) The structure of system components, their relationships, and (N) The structure of system components, their relationships, and
the principles and guidelines governing their design and evolution the principles and guidelines governing their design and evolution
over time. [DoDAF1] (Compare: security architecture.) over time. [DoD10] (Compare: security architecture.)
$ system component $ system component
1. (I) A collection of system resources that (a) forms a physical 1. (I) A collection of system resources that (a) forms a physical
or logical part of the system, (b) has specified functions and or logical part of the system, (b) has specified functions and
interfaces, and (c) is treated (e.g., by policies or interfaces, and (c) is treated (e.g., by policies or
specifications) as existing independently of other parts of the specifications) as existing independently of other parts of the
system. (See: subsystem.) system. (See: subsystem.)
2. (O) /ITSEC/ An identifiable and self-contained part of a TOE. 2. (O) /ITSEC/ An identifiable and self-contained part of a TOE.
skipping to change at page 274, line 53 skipping to change at page 274, line 53
intended function in a unimpaired manner, free from deliberate or intended function in a unimpaired manner, free from deliberate or
inadvertent unauthorized manipulation." [NCS04] (See: recovery, inadvertent unauthorized manipulation." [NCS04] (See: recovery,
system integrity service.) system integrity service.)
2. (D) "Quality of an [information system] reflecting the logical 2. (D) "Quality of an [information system] reflecting the logical
correctness and reliability of the operating system; the logical correctness and reliability of the operating system; the logical
completeness of the hardware and software implementing the completeness of the hardware and software implementing the
protection mechanisms; and the consistency of the data structures protection mechanisms; and the consistency of the data structures
and occurrence of the stored data." [C4009] and occurrence of the stored data." [C4009]
Deprecated Definition: ISDs SHOULD NOT use definition 2 because it Deprecated Definition: IDOCs SHOULD NOT use definition 2 because
mixes several concepts in a potentially misleading way. Instead, it mixes several concepts in a potentially misleading way.
ISDs should use the term with definition 1 and, depending on what Instead, IDOCs should use the term with definition 1 and,
is meant, couple the term with additional, more specifically depending on what is meant, couple the term with additional, more
descriptive and informative terms, such as "correctness", specifically descriptive and informative terms, such as
"reliability", and "data integrity". "correctness", "reliability", and "data integrity".
$ system integrity service $ system integrity service
(I) A security service that protects system resources in a (I) A security service that protects system resources in a
verifiable manner against unauthorized or accidental change, loss, verifiable manner against unauthorized or accidental change, loss,
or destruction. (See: system integrity.) or destruction. (See: system integrity.)
$ system low $ system low
(I) The lowest security level supported by a system at a (I) The lowest security level supported by a system at a
particular time or in a particular environment. (Compare: system particular time or in a particular environment. (Compare: system
high.) high.)
skipping to change at page 275, line 38 skipping to change at page 275, line 38
security policy that applies to a system. (Compare: manager, security policy that applies to a system. (Compare: manager,
operator.) operator.)
$ system user $ system user
(I) A system entity that consumes a product or service provided by (I) A system entity that consumes a product or service provided by
the system, or that accesses and employs system resources to the system, or that accesses and employs system resources to
produce a product or service of the system. (See: access, [R2504]. produce a product or service of the system. (See: access, [R2504].
Compare: authorized user, manager, operator, principal, privileged Compare: authorized user, manager, operator, principal, privileged
user, subject, subscriber, system entity, unauthorized user.) user, subject, subscriber, system entity, unauthorized user.)
Usage: ISDs that use this term SHOULD state a definition for it Usage: IDOCs that use this term SHOULD state a definition for it
because the term is used in many ways and could easily be because the term is used in many ways and could easily be
misunderstood: misunderstood:
- This term usually refers to an entity that has been authorized - This term usually refers to an entity that has been authorized
to access the system, but the term sometimes is used without to access the system, but the term sometimes is used without
regard for whether access is authorized. regard for whether access is authorized.
- This term usually refers to a living human being acting either - This term usually refers to a living human being acting either
personally or in an organizational role. However, the term also personally or in an organizational role. However, the term also
may refer to an automated process in the form of hardware, may refer to an automated process in the form of hardware,
software, or firmware; to a set of persons; or to a set of software, or firmware; to a set of persons; or to a set of
processes. processes.
- ISDs SHOULD NOT use the term to refer a mixed set containing - IDOCs SHOULD NOT use the term to refer a mixed set containing
both persons and processes. This exclusion is intended to both persons and processes. This exclusion is intended to
prevent situations that might cause a security policy to be prevent situations that might cause a security policy to be
interpreted in two different and conflicting ways. interpreted in two different and conflicting ways.
A user can be characterized as direct or indirect: A system user can be characterized as direct or indirect:
- "Passive user": A system entity that is (a) outside the - "Passive user": A system entity that is (a) outside the
system's security perimeter *and* (b) can receive output from system's security perimeter *and* (b) can receive output from
the system but cannot provide input or otherwise interact with the system but cannot provide input or otherwise interact with
the system. the system.
- "Active user": A system entity that is (a) inside the system's - "Active user": A system entity that is (a) inside the system's
security perimeter *or* (b) can provide input or otherwise security perimeter *or* (b) can provide input or otherwise
interact with the system. interact with the system.
$ TACACS $ TACACS
(I) See: Terminal Access Controller (TAC) Access Control System. (I) See: Terminal Access Controller (TAC) Access Control System.
skipping to change at page 277, line 36 skipping to change at page 277, line 36
TSEC.) TSEC.)
$ TDEA $ TDEA
(I) See: Triple Data Encryption Algorithm. (I) See: Triple Data Encryption Algorithm.
$ teardrop attack $ teardrop attack
(D) /slang/ An denial-of-service attack that sends improperly (D) /slang/ An denial-of-service attack that sends improperly
formed IP packet fragments with the intent of causing the formed IP packet fragments with the intent of causing the
destination system to fail. destination system to fail.
Deprecated Term: ISDs that use this term SHOULD state a definition Deprecated Term: IDOCs that use this term SHOULD state a
for it because the term is often used imprecisely and could easily definition for it because the term is often used imprecisely and
be misunderstood. (See: Deprecated Usage under "Green Book".) could easily be misunderstood. (See: Deprecated Usage under "Green
Book".)
$ technical non-repudiation $ technical non-repudiation
(I) See: (secondary definition under) non-repudiation. (I) See: (secondary definition under) non-repudiation.
$ technical security $ technical security
(I) Security mechanisms and procedures that are implemented in and (I) Security mechanisms and procedures that are implemented in and
executed by computer hardware, firmware, or software to provide executed by computer hardware, firmware, or software to provide
automated protection for a system. (See: security architecture. automated protection for a system. (See: security architecture.
Compare: administrative security.) Compare: administrative security.)
skipping to change at page 278, line 35 skipping to change at page 278, line 35
version has no letter, next version has "A" (e.g., KG-84, KG- version has no letter, next version has "A" (e.g., KG-84, KG-
84A), etc. 84A), etc.
$ TELNET $ TELNET
(I) A TCP-based, Application-Layer, Internet Standard protocol (I) A TCP-based, Application-Layer, Internet Standard protocol
(RFC 854) for remote login from one host to another. (RFC 854) for remote login from one host to another.
$ TEMPEST $ TEMPEST
1. (N) Short name for technology and methods for protecting 1. (N) Short name for technology and methods for protecting
against data compromise due to electromagnetic emanations from against data compromise due to electromagnetic emanations from
electrical and electronic equipment. [Russ] (See: inspectable electrical and electronic equipment. [Army, Russ] (See:
space, soft TEMPEST, TEMPEST zone. Compare: QUADRANT) inspectable space, soft TEMPEST, TEMPEST zone. Compare: QUADRANT)
2. (O) /U.S. Government/ "Short name referring to investigation, 2. (O) /U.S. Government/ "Short name referring to investigation,
study, and control of compromising emanations from IS equipment." study, and control of compromising emanations from IS equipment."
[C4009] [C4009]
Deprecated Usage: ISDs SHOULD NOT use this term as a synonym for Deprecated Usage: IDOCs SHOULD NOT use this term as a synonym for
"electromagnetic emanations security"; instead, use EMSEC. Also, "electromagnetic emanations security"; instead, use EMSEC. Also,
the term is NOT an acronym for Transient Electromagnetic Pulse the term is NOT an acronym for Transient Electromagnetic Pulse
Surveillance Technology. Surveillance Technology.
Tutorial: The U.S. Federal Government issues security policies Tutorial: The U.S. Federal Government issues security policies
that (a) state specifications and standards for techniques to that (a) state specifications and standards for techniques to
reduce the strength of emanations from systems and reduce the reduce the strength of emanations from systems and reduce the
ability of unauthorized parties to receive and make use of ability of unauthorized parties to receive and make use of
emanations and (b) state rules for applying those techniques. emanations and (b) state rules for applying those techniques.
Other nations presumably do the same. Other nations presumably do the same.
skipping to change at page 280, line 45 skipping to change at page 280, line 45
demonstrated, presumed, or inferred intent of that entity to demonstrated, presumed, or inferred intent of that entity to
conduct such activity. conduct such activity.
Tutorial: To be likely to launch an attack, an adversary must have Tutorial: To be likely to launch an attack, an adversary must have
(a) a motive to attack, (b) a method or technical ability to make (a) a motive to attack, (b) a method or technical ability to make
the attack, and (c) an opportunity to appropriately access the the attack, and (c) an opportunity to appropriately access the
targeted system. targeted system.
3. (D) "An indication of an impending undesirable event." [Park] 3. (D) "An indication of an impending undesirable event." [Park]
Deprecated Definition: ISDs SHOULD NOT use this term with Deprecated Definition: IDOCs SHOULD NOT use this term with
definition 3 because the definition is ambiguous; the definition definition 3 because the definition is ambiguous; the definition
was intended to include the following three meanings: was intended to include the following three meanings:
- "Potential threat": A possible security violation; i.e., the - "Potential threat": A possible security violation; i.e., the
same as definition 1. same as definition 1.
- "Active threat": An expression of intent to violate security. - "Active threat": An expression of intent to violate security.
(Context usually distinguishes this meaning from the previous (Context usually distinguishes this meaning from the previous
one.) one.)
- "Accomplished threat" or "actualized threat": That is, a threat - "Accomplished threat" or "actualized threat": That is, a threat
action. Deprecated Usage: ISDs SHOULD NOT use the term "threat" action. Deprecated Usage: IDOCs SHOULD NOT use the term
with this meaning; instead, use "threat action". "threat" with this meaning; instead, use "threat action".
$ threat action $ threat action
(I) A realization of a threat, i.e., an occurrence in which system (I) A realization of a threat, i.e., an occurrence in which system
security is assaulted as the result of either an accidental event security is assaulted as the result of either an accidental event
or an intentional act. (See: attack, threat, threat consequence.) or an intentional act. (See: attack, threat, threat consequence.)
Tutorial: A complete security architecture deals with both Tutorial: A complete security architecture deals with both
intentional acts (i.e. attacks) and accidental events [FIPS31]. intentional acts (i.e. attacks) and accidental events [FP031].
(See: various kinds of threat actions defined under the four kinds (See: various kinds of threat actions defined under the four kinds
of "threat consequence".) of "threat consequence".)
$ threat agent $ threat agent
(I) A system entity that performs a threat action, or an event (I) A system entity that performs a threat action, or an event
that results in a threat action. that results in a threat action.
$ threat analysis $ threat analysis
(I) An analysis of the threat actions that might affect a system, (I) An analysis of the threat actions that might affect a system,
primarily emphasizing their probability of occurrence but also primarily emphasizing their probability of occurrence but also
skipping to change at page 281, line 41 skipping to change at page 281, line 42
terms for lists of the types of threat actions that can result in terms for lists of the types of threat actions that can result in
these consequences.) these consequences.)
$ thumbprint $ thumbprint
1. (I) A pattern of curves formed by the ridges on the tip of a 1. (I) A pattern of curves formed by the ridges on the tip of a
thumb. (See: biometric authentication, fingerprint.) thumb. (See: biometric authentication, fingerprint.)
2. (D) Synonym for some type of "hash result". (See: biometric 2. (D) Synonym for some type of "hash result". (See: biometric
authentication. Compare: fingerprint.) authentication. Compare: fingerprint.)
Deprecated Usage: ISDs SHOULD NOT use this term with definition 2 Deprecated Usage: IDOCs SHOULD NOT use this term with definition 2
because that meaning mixes concepts in a potentially misleading because that meaning mixes concepts in a potentially misleading
way. way.
$ ticket $ ticket
(I) Synonym for "capability token". (I) Synonym for "capability token".
Tutorial: A ticket is usually granted by a centralized access Tutorial: A ticket is usually granted by a centralized access
control server (ticket-granting agent) to authorize access to a control server (ticket-granting agent) to authorize access to a
system resource for a limited time. Tickets can be implemented system resource for a limited time. Tickets can be implemented
with either symmetric cryptography (see: Kerberos) or asymmetric with either symmetric cryptography (see: Kerberos) or asymmetric
cryptography (see: attribute certificate). cryptography (see: attribute certificate).
$ tiger team $ tiger team
(O) A group of evaluators employed by a system's managers to (O) A group of evaluators employed by a system's managers to
perform penetration tests on the system. perform penetration tests on the system.
Deprecated Usage: It is likely that other cultures use different Deprecated Usage: It is likely that other cultures use different
metaphors for this concept. Therefore, to avoid international metaphors for this concept. Therefore, to avoid international
misunderstanding, ISDs SHOULD NOT use this term. (See: Deprecated misunderstanding, IDOCs SHOULD NOT use this term. (See: Deprecated
Usage under "Green Book".) Usage under "Green Book".)
$ time stamp $ time stamp
1. (I) /noun/ With respect to a data object, a label or marking in 1. (I) /noun/ With respect to a data object, a label or marking in
which is recorded the time (time of day or other instant of which is recorded the time (time of day or other instant of
elapsed time) at which the label or marking was affixed to the elapsed time) at which the label or marking was affixed to the
data object. (See: Time-Stamp Protocol.) data object. (See: Time-Stamp Protocol.)
2. (O) /noun/ "With respect to a recorded network event, a data 2. (O) /noun/ "With respect to a recorded network event, a data
field in which is recorded the time (time of day or other instant field in which is recorded the time (time of day or other instant
skipping to change at page 283, line 24 skipping to change at page 283, line 26
$ token $ token
1. (I) /cryptography/ See: cryptographic token. (Compare: dongle.) 1. (I) /cryptography/ See: cryptographic token. (Compare: dongle.)
2. (I) /access control/ An object that is used to control access 2. (I) /access control/ An object that is used to control access
and is passed between cooperating entities in a protocol that and is passed between cooperating entities in a protocol that
synchronizes use of a shared resource. Usually, the entity that synchronizes use of a shared resource. Usually, the entity that
currently holds the token has exclusive access to the resource. currently holds the token has exclusive access to the resource.
(See: capability token.) (See: capability token.)
Usage: This term is heavily overloaded in the computing Usage: This term is heavily overloaded in the computing
literature; therefore, ISDs SHOULD NOT use this term with any literature; therefore, IDOCs SHOULD NOT use this term with any
definition other than 1 or 2. definition other than 1 or 2.
3a. (D) /authentication/ A data object or a physical device used 3a. (D) /authentication/ A data object or a physical device used
to verify an identity in an authentication process. to verify an identity in an authentication process.
3b. (D) /U.S. Government/ Something that the claimant in an 3b. (D) /U.S. Government/ Something that the claimant in an
authentication process (i.e., the entity that claims an identity) authentication process (i.e., the entity that claims an identity)
possesses and controls, and uses to prove the claim during the possesses and controls, and uses to prove the claim during the
verification step of the process. [SP63] verification step of the process. [SP63]
Deprecated usage: ISDs SHOULD NOT use this term with definitions Deprecated usage: IDOCs SHOULD NOT use this term with definitions
3a and 3b; instead, use more specifically descriptive and 3a and 3b; instead, use more specifically descriptive and
informative terms such as "authentication information" or informative terms such as "authentication information" or
"cryptographic token", depending on what is meant. "cryptographic token", depending on what is meant.
NIST defines four types of claimant tokens for electronic NIST defines four types of claimant tokens for electronic
authentication in an information system [SP63]. ISDs SHOULD NOT authentication in an information system [SP63]. IDOCs SHOULD NOT
use these four NIST terms; they mix concepts in potentially use these four NIST terms; they mix concepts in potentially
confusing ways and duplicate the meaning of better-established confusing ways and duplicate the meaning of better-established
terms. These four terms can be avoided by using more specifically terms. These four terms can be avoided by using more specifically
descriptive terms as follows: descriptive terms as follows:
- NIST "hard token": A hardware device that contains a protected - NIST "hard token": A hardware device that contains a protected
cryptographic key. (This is a type of "cryptographic token", cryptographic key. (This is a type of "cryptographic token",
and the key is a type of "authentication information".) and the key is a type of "authentication information".)
- NIST "one-time password device token": A personal hardware - NIST "one-time password device token": A personal hardware
device that generates one-time passwords. (One-time passwords device that generates one-time passwords. (One-time passwords
are typically generated cryptographically. Therefore, this is a are typically generated cryptographically. Therefore, this is a
skipping to change at page 290, line 6 skipping to change at page 290, line 9
can trust the CA to create only valid and reliable certificates." can trust the CA to create only valid and reliable certificates."
[X509] [X509]
$ trust anchor $ trust anchor
(I) /PKI/ An established point of trust (usually based on the (I) /PKI/ An established point of trust (usually based on the
authority of some person, office, or organization) from which a authority of some person, office, or organization) from which a
certificate user begins the validation of a certification path. certificate user begins the validation of a certification path.
(See: apex trust anchor, path validation, trust anchor CA, trust (See: apex trust anchor, path validation, trust anchor CA, trust
anchor certificate, trust anchor key.) anchor certificate, trust anchor key.)
Usage: ISDs that use this term SHOULD state a definition for it Usage: IDOCs that use this term SHOULD state a definition for it
because it is used in various ways in existing ISDs and other PKI because it is used in various ways in existing IDOCs and other PKI
literature. The literature almost always uses this term in a sense literature. The literature almost always uses this term in a sense
that is equivalent to this definition, but usage often differs that is equivalent to this definition, but usage often differs
with regard to what constitutes the point of trust. with regard to what constitutes the point of trust.
Tutorial: A trust anchor may be defined as being based on a public Tutorial: A trust anchor may be defined as being based on a public
key, a CA, a public-key certificate, or some combination or key, a CA, a public-key certificate, or some combination or
variation of those: variation of those:
- 1. A public key as a point of trust: Although a certification - 1. A public key as a point of trust: Although a certification
path is defined as beginning with a "sequence of public-key path is defined as beginning with a "sequence of public-key
skipping to change at page 291, line 49 skipping to change at page 291, line 52
certification path. (See: root key, trust anchor, trusted public certification path. (See: root key, trust anchor, trusted public
key.) key.)
$ trust anchor information $ trust anchor information
(I) See: secondary definition under "trust anchor". (I) See: secondary definition under "trust anchor".
$ trust chain $ trust chain
(D) Synonym for "certification path". (See: trust anchor, trusted (D) Synonym for "certification path". (See: trust anchor, trusted
certificate.) certificate.)
Deprecated Term: ISDs SHOULD NOT use this term, because it Deprecated Term: IDOCs SHOULD NOT use this term, because it
unnecessarily duplicates the meaning of the internationally unnecessarily duplicates the meaning of the internationally
standardized term. standardized term.
Also, the term mixes concepts in a potentially misleading way. Also, the term mixes concepts in a potentially misleading way.
Having "trust" involves factors unrelated to simply verifying Having "trust" involves factors unrelated to simply verifying
signatures and performing other tests as specified by a standard signatures and performing other tests as specified by a standard
algorithm for path validation (e.g., RFC 3280). Thus, even if a algorithm for path validation (e.g., RFC 3280). Thus, even if a
user is able to validate a certification path algorithmically, the user is able to validate a certification path algorithmically, the
user still might distrust one of the CAs that issued certificates user still might distrust one of the CAs that issued certificates
in that path or distrust some other aspects of the PKI. in that path or distrust some other aspects of the PKI.
skipping to change at page 292, line 25 skipping to change at page 292, line 29
Example: Popular browsers are distributed with an initial file of Example: Popular browsers are distributed with an initial file of
trust anchor certificates, which often are self-signed trust anchor certificates, which often are self-signed
certificates. Users can add certificates to the file or delete certificates. Users can add certificates to the file or delete
from it. The file may be directly managed by the user, or the from it. The file may be directly managed by the user, or the
user's organization may manage it from a centralized server. user's organization may manage it from a centralized server.
$ trust hierarchy $ trust hierarchy
(D) Synonym for "certification hierarchy". (D) Synonym for "certification hierarchy".
Deprecated Usage: ISDs SHOULD NOT use this term because it mixes Deprecated Usage: IDOCs SHOULD NOT use this term because it mixes
concepts in a potentially misleading way, and because a trust concepts in a potentially misleading way, and because a trust
hierarchy could be implemented in other ways. (See: trust, trust hierarchy could be implemented in other ways. (See: trust, trust
chain, web of trust.) chain, web of trust.)
$ trust level $ trust level
(N) A characterization of a standard of security protection to be (N) A characterization of a standard of security protection to be
met by an information system. (See: Common Criteria, TCSEC.) met by an information system. (See: Common Criteria, TCSEC.)
Tutorial: A trust level is based not only on (a) the presence of Tutorial: A trust level is based not only on (a) the presence of
security mechanisms, but also on the use of (b) systems security mechanisms, but also on the use of (b) systems
skipping to change at page 293, line 23 skipping to change at page 293, line 26
means that cause the user to believe the certificate accurately means that cause the user to believe the certificate accurately
binds its subject's name to the subject's public key or other binds its subject's name to the subject's public key or other
attribute values. Many choices are possible; e.g., a trusted attribute values. Many choices are possible; e.g., a trusted
public-key certificate might be (a) the root certificate in a public-key certificate might be (a) the root certificate in a
hierarchical PKI, (b) the certificate of the CA that issued the hierarchical PKI, (b) the certificate of the CA that issued the
user's own certificate in a mesh PKI, or (c) a certificate user's own certificate in a mesh PKI, or (c) a certificate
provided with an application that uses a trust-file PKI. provided with an application that uses a trust-file PKI.
$ Trusted Computer System Evaluation Criteria (TCSEC) $ Trusted Computer System Evaluation Criteria (TCSEC)
(N) A standard for evaluating the security provided by operating (N) A standard for evaluating the security provided by operating
systems [CSC001, DoD1]. Known as the "Orange Book" because of the systems [CSC1, DoD1]. Known as the "Orange Book" because of the
color of its cover; first document in the Rainbow Series. (See: color of its cover; first document in the Rainbow Series. (See:
Common Criteria, Deprecated Usage under "Green Book", Orange Book, Common Criteria, Deprecated Usage under "Green Book", Orange Book,
trust level, trusted system. Compare: TSEC.) trust level, trusted system. Compare: TSEC.)
Tutorial: The TCSEC defines classes of hierarchically ordered Tutorial: The TCSEC defines classes of hierarchically ordered
assurance levels for rating computer systems. From highest to assurance levels for rating computer systems. From highest to
lowest, the classes are as follows: lowest, the classes are as follows:
- Division A: Verified protection. - Division A: Verified protection.
Beyond A1 Beyond current technology. (See: beyond A1.) Beyond A1 Beyond current technology. (See: beyond A1.)
Class A1 Verified design. (See: SCOMP.) Class A1 Verified design. (See: SCOMP.)
skipping to change at page 294, line 4 skipping to change at page 294, line 7
system, including hardware, firmware, and software, the system, including hardware, firmware, and software, the
combination of which is responsible for enforcing a security combination of which is responsible for enforcing a security
policy." [NCS04] (See: "trusted" under "trust". Compare: TPM.) policy." [NCS04] (See: "trusted" under "trust". Compare: TPM.)
$ Trusted Computing Group (TCG) $ Trusted Computing Group (TCG)
(N) A not-for-profit, industry standards organization formed to (N) A not-for-profit, industry standards organization formed to
develop, define, and promote open standards for hardware-enabled develop, define, and promote open standards for hardware-enabled
trusted computing and security technologies, including hardware trusted computing and security technologies, including hardware
building blocks and software interfaces, across multiple building blocks and software interfaces, across multiple
platforms, peripherals, and devices. (See: TPM, trusted system. platforms, peripherals, and devices. (See: TPM, trusted system.
Compare: TSIG.) Compare: TSIG.)
$ trusted distribution $ trusted distribution
(I) /COMPUSEC/ "A trusted method for distributing the TCB (I) /COMPUSEC/ "A trusted method for distributing the TCB
hardware, software, and firmware components, both originals and hardware, software, and firmware components, both originals and
updates, that provides methods for protecting the TCB from updates, that provides methods for protecting the TCB from
modification during distribution and for detection of any changes modification during distribution and for detection of any changes
to the TCB that may occur." [NCS04] (See: code signing, to the TCB that may occur." [NCS04] (See: code signing,
configuration control.) configuration control.)
$ trusted key $ trusted key
(D) Abbreviation for "trusted public key" and also for other types (D) Abbreviation for "trusted public key" and also for other types
of keys. (See: root key, trust anchor key.) of keys. (See: root key, trust anchor key.)
Deprecated Usage: ISDs SHOULD either (a) state a definition for Deprecated Usage: IDOCs SHOULD either (a) state a definition for
this term or (b) use a different, less ambiguous term. This term this term or (b) use a different, less ambiguous term. This term
is ambiguous when it stands alone; e.g., it could refer to a is ambiguous when it stands alone; e.g., it could refer to a
trusted public key or to a private key or symmetric key that is trusted public key or to a private key or symmetric key that is
believed to be secure (i.e., not compromised). believed to be secure (i.e., not compromised).
$ trusted path $ trusted path
1a. (I) /COMPUSEC/ A mechanism by which a computer system user can 1a. (I) /COMPUSEC/ A mechanism by which a computer system user can
communicate directly and reliably with the TCB and that can only communicate directly and reliably with the TCB and that can only
be activated by the user or the TCB and cannot be imitated by be activated by the user or the TCB and cannot be imitated by
untrusted software within the computer. [NCS04] untrusted software within the computer. [NCS04]
skipping to change at page 298, line 22 skipping to change at page 298, line 25
following types of threat actions: exposure, interception, following types of threat actions: exposure, interception,
inference, and intrusion. Some methods of protecting against this inference, and intrusion. Some methods of protecting against this
consequence include access control, flow control, and inference consequence include access control, flow control, and inference
control. (See: data confidentiality.) control. (See: data confidentiality.)
$ unauthorized user $ unauthorized user
(I) /access control/ A system entity that accesses a system (I) /access control/ A system entity that accesses a system
resource for which the entity has not received an authorization. resource for which the entity has not received an authorization.
(See: user. Compare: authorized user, insider, outsider.) (See: user. Compare: authorized user, insider, outsider.)
Usage: ISDs that use this term SHOULD state a definition for it Usage: IDOCs that use this term SHOULD state a definition for it
because the term is used in many ways and could easily be because the term is used in many ways and could easily be
misunderstood. misunderstood.
$ uncertainty $ uncertainty
(N) An information-theoretic measure (usually stated as a number (N) An information-theoretic measure (usually stated as a number
of bits) of the minimum amount of plaintext information that needs of bits) of the minimum amount of plaintext information that needs
to be recovered from cipher text to learn the entire plain text to be recovered from cipher text to learn the entire plain text
that was encrypted. [SP63] (See: entropy.) that was encrypted. [SP63] (See: entropy.)
$ unclassified $ unclassified
skipping to change at page 299, line 15 skipping to change at page 299, line 18
$ uniform resource identifier (URI) $ uniform resource identifier (URI)
(I) A type of formatted identifier (RFC 3986) that encapsulates (I) A type of formatted identifier (RFC 3986) that encapsulates
the name of an Internet object, and labels it with an the name of an Internet object, and labels it with an
identification of the name space, thus producing a member of the identification of the name space, thus producing a member of the
universal set of names in registered name spaces and of addresses universal set of names in registered name spaces and of addresses
referring to registered protocols or name spaces. referring to registered protocols or name spaces.
Example: HTML uses URIs to identify the target of hyperlinks. Example: HTML uses URIs to identify the target of hyperlinks.
Usage: "A URI can be classified as a locator (see: URL), a name Usage: "A URI can be classified as a locator (see: URL), a name
(see: URN), or both. . . . Instances of URIs from any given scheme (see: URN), or both. ... Instances of URIs from any given scheme
may have the characteristics of names or locators or both, often may have the characteristics of names or locators or both, often
depending on the persistence and care in the assignment of depending on the persistence and care in the assignment of
identifiers by the naming authority, rather than on any quality of identifiers by the naming authority, rather than on any quality of
the scheme." ISDs SHOULD "use the general term 'URI' rather than the scheme." IDOCs SHOULD "use the general term 'URI' rather than
the more restrictive terms 'URL' and 'URN'." (RFC 3986) the more restrictive terms 'URL' and 'URN'." (RFC 3986)
$ uniform resource locator (URL) $ uniform resource locator (URL)
(I) A URI that describes the access method and location of an (I) A URI that describes the access method and location of an
information resource object on the Internet. (See: Usage under information resource object on the Internet. (See: Usage under
"URI". Compare: URN.) "URI". Compare: URN.)
Tutorial: The term URL "refers to the subset of URIs that, besides Tutorial: The term URL "refers to the subset of URIs that, besides
identifying a resource, provide a means of locating the resource identifying a resource, provide a means of locating the resource
by describing its primary access mechanism (e.g., its network by describing its primary access mechanism (e.g., its network
skipping to change at page 300, line 39 skipping to change at page 300, line 42
$ URL $ URL
(I) See: uniform resource locator. (I) See: uniform resource locator.
$ URN $ URN
(I) See: uniform resource name. (I) See: uniform resource name.
$ user $ user
See: system user. See: system user.
Usage: ISDs that use this term SHOULD state a definition for it Usage: IDOCs that use this term SHOULD state a definition for it
because the term is used in many ways and could easily be because the term is used in many ways and could easily be
misunderstood. misunderstood.
$ user authentication service $ user authentication service
(I) A security service that verifies the identity claimed by an (I) A security service that verifies the identity claimed by an
entity that attempts to access the system. (See: authentication, entity that attempts to access the system. (See: authentication,
user.) user.)
$ User Datagram Protocol (UDP) $ User Datagram Protocol (UDP)
(I) An Internet Standard, Transport-Layer protocol (RFC 768) that (I) An Internet Standard, Transport-Layer protocol (RFC 768) that
delivers a sequence of datagrams from one computer to another in a delivers a sequence of datagrams from one computer to another in a
computer network. (See: UPD flood.) computer network. (See: UPD flood.)
Tutorial: UDP assumes that IP is the underlying protocol. UDP Tutorial: UDP assumes that IP is the underlying protocol. UDP
enables application programs to send transaction-oriented data to enables application programs to send transaction-oriented data to
other programs with minimal protocol mechanism. UDP does not other programs with minimal protocol mechanism. UDP does not
provide reliable delivery, flow control, sequencing, or other end- provide reliable delivery, flow control, sequencing, or other end-
to-end service guarantees that TCP does. to-end service guarantees that TCP does.
$ user identity
(I) See: identity.
$ user identifier $ user identifier
(I) See: identifier. (I) See: identifier.
$ user identity
(I) See: identity.
$ user PIN $ user PIN
(O) /MISSI/ One of two PINs that control access to the functions (O) /MISSI/ One of two PINs that control access to the functions
and stored data of a FORTEZZA PC card. Knowledge of the user PIN and stored data of a FORTEZZA PC card. Knowledge of the user PIN
enables a card user to perform the FORTEZZA functions that are enables a card user to perform the FORTEZZA functions that are
intended for use by an end user. (See: PIN. Compare: SSO PIN.) intended for use by an end user. (See: PIN. Compare: SSO PIN.)
$ user-PIN ORA (UORA) $ user-PIN ORA (UORA)
(O) /MISSI/ A MISSI organizational RA that operates in a mode in (O) /MISSI/ A MISSI organizational RA that operates in a mode in
which the ORA performs only the subset of card management which the ORA performs only the subset of card management
functions that are possible with knowledge of the user PIN for a functions that are possible with knowledge of the user PIN for a
skipping to change at page 301, line 46 skipping to change at page 301, line 49
Coordinated Universal Time. Compare: GeneralizedTime.) Coordinated Universal Time. Compare: GeneralizedTime.)
Usage: If you care about centuries or millennia, you probably need Usage: If you care about centuries or millennia, you probably need
to use the GenralizedTime data type instead of UTCTime. to use the GenralizedTime data type instead of UTCTime.
$ v1 certificate $ v1 certificate
(N) An abbreviation that ambiguously refers to either an "X.509 (N) An abbreviation that ambiguously refers to either an "X.509
public-key certificate in version 1 format" or an "X.509 attribute public-key certificate in version 1 format" or an "X.509 attribute
certificate in version 1 format". certificate in version 1 format".
Deprecated Usage: ISDs MAY use this term as an abbreviation of Deprecated Usage: IDOCs MAY use this term as an abbreviation of
"version 1 X.509 public-key certificate", but only after using the "version 1 X.509 public-key certificate", but only after using the
full term at the first instance. Otherwise, the term is ambiguous, full term at the first instance. Otherwise, the term is ambiguous,
because X.509 specifies both v1 public-key certificates and v1 because X.509 specifies both v1 public-key certificates and v1
attribute certificates. (See: X.509 attribute certificate, X.509 attribute certificates. (See: X.509 attribute certificate, X.509
public-key certificate.) public-key certificate.)
$ v1 CRL $ v1 CRL
(N) Abbreviation of "X.509 CRL in version 1 format". (N) Abbreviation of "X.509 CRL in version 1 format".
Usage: ISDs MAY use this abbreviation, but SHOULD use the full Usage: IDOCs MAY use this abbreviation, but SHOULD use the full
term at its first occurrence and define the abbreviation there. term at its first occurrence and define the abbreviation there.
$ v2 certificate $ v2 certificate
(N) Abbreviation of "X.509 public-key certificate in version 2 (N) Abbreviation of "X.509 public-key certificate in version 2
format". format".
Usage: ISDs MAY use this abbreviation, but SHOULD use the full Usage: IDOCs MAY use this abbreviation, but SHOULD use the full
term at its first occurrence and define the abbreviation there. term at its first occurrence and define the abbreviation there.
$ v2 CRL $ v2 CRL
(N) Abbreviation of "X.509 CRL in version 2 format". (N) Abbreviation of "X.509 CRL in version 2 format".
Usage: ISDs MAY use this abbreviation, but SHOULD use the full Usage: IDOCs MAY use this abbreviation, but SHOULD use the full
term at its first occurrence and define the abbreviation there. term at its first occurrence and define the abbreviation there.
$ v3 certificate $ v3 certificate
(N) Abbreviation of "X.509 public-key certificate in version 3 (N) Abbreviation of "X.509 public-key certificate in version 3
format". format".
Usage: ISDs MAY use this abbreviation, but SHOULD use the full Usage: IDOCs MAY use this abbreviation, but SHOULD use the full
term at its first occurrence and define the abbreviation there. term at its first occurrence and define the abbreviation there.
$ valid certificate $ valid certificate
1. (I) A digital certificate that can be validated successfully. 1. (I) A digital certificate that can be validated successfully.
(See: validate, verify.) (See: validate, verify.)
2. (I) A digital certificate for which the binding of the data 2. (I) A digital certificate for which the binding of the data
items can be trusted. items can be trusted.
$ valid signature $ valid signature
(D) Synonym for "verified signature". (D) Synonym for "verified signature".
Deprecated Term: ISDs SHOULD NOT use this synonym. This Glossary Deprecated Term: IDOCs SHOULD NOT use this synonym. This Glossary
recommends saying "validate the certificate" and "verify the recommends saying "validate the certificate" and "verify the
signature"; therefore, it would be inconsistent to say that a signature"; therefore, it would be inconsistent to say that a
signature is "valid". (See: validate, verify.) signature is "valid". (See: validate, verify.)
$ validate $ validate
1. (I) Establish the soundness or correctness of a construct. 1. (I) Establish the soundness or correctness of a construct.
Example: certificate validation. (See: validate vs. verify.) Example: certificate validation. (See: validate vs. verify.)
2. (I) To officially approve something, sometimes in relation to a 2. (I) To officially approve something, sometimes in relation to a
standard. Example: NIST validates cryptographic modules for standard. Example: NIST validates cryptographic modules for
conformance with FIPS PUB 140 [FP140]. conformance with [FP140].
$ validate vs. verify $ validate vs. verify
Usage: To ensure consistency and align with ordinary English Usage: To ensure consistency and align with ordinary English
usage, ISDs SHOULD comply with the following two rules: usage, IDOCs SHOULD comply with the following two rules:
- Rule 1: Use "validate" when referring to a process intended to - Rule 1: Use "validate" when referring to a process intended to
establish the soundness or correctness of a construct (e.g., establish the soundness or correctness of a construct (e.g.,
"certificate validation"). (See: validate.) "certificate validation"). (See: validate.)
- Rule 2: Use "verify" when referring to a process intended to - Rule 2: Use "verify" when referring to a process intended to
test or prove the truth or accuracy of a fact or value (e.g., test or prove the truth or accuracy of a fact or value (e.g.,
"authenticate). (See: verify.) "authenticate). (See: verify.)
Tutorial: The Internet security community sometimes uses these two Tutorial: The Internet security community sometimes uses these two
terms inconsistently, especially in a PKI context. Most often, terms inconsistently, especially in a PKI context. Most often,
however, we say "verify the signature" but say "validate the however, we say "verify the signature" but say "validate the
certificate". That is, we "verify" atomic truths but "validate" certificate". That is, we "verify" atomic truths but "validate"
data structures, relationships, and systems that are composed of data structures, relationships, and systems that are composed of
or depend on verified items. This usage has a basis in Latin: or depend on verified items. This usage has a basis in Latin:
skipping to change at page 305, line 54 skipping to change at page 305, line 55
$ W3C $ W3C
(N) See: World Wide Web Consortium. (N) See: World Wide Web Consortium.
$ war dialer $ war dialer
(I) /slang/ A computer program that automatically dials a series (I) /slang/ A computer program that automatically dials a series
of telephone numbers to find lines connected to computer systems, of telephone numbers to find lines connected to computer systems,
and catalogs those numbers so that a cracker can try to break the and catalogs those numbers so that a cracker can try to break the
systems. systems.
Deprecated Usage: ISDs that use this term SHOULD state a Deprecated Usage: IDOCs that use this term SHOULD state a
definition for it because the term could confuse international definition for it because the term could confuse international
readers. readers.
$ Wassenaar Arrangement $ Wassenaar Arrangement
(N) The Wassenaar Arrangement on Export Controls for Conventional (N) The Wassenaar Arrangement on Export Controls for Conventional
Arms and Dual-Use Goods and Technologies is a global, multilateral Arms and Dual-Use Goods and Technologies is a global, multilateral
agreement approved by 33 countries in July 1996 to contribute to agreement approved by 33 countries in July 1996 to contribute to
regional and international security and stability, by promoting regional and international security and stability, by promoting
information exchange concerning, and greater responsibility in, information exchange concerning, and greater responsibility in,
transfers of arms and dual-use items, thus preventing transfers of arms and dual-use items, thus preventing
skipping to change at page 307, line 7 skipping to change at page 307, line 9
(I) In the context of a particular cryptographic algorithm, a key (I) In the context of a particular cryptographic algorithm, a key
value that provides poor security. (See: strong.) value that provides poor security. (See: strong.)
Example: The DEA has four "weak keys" [Schn] for which encryption Example: The DEA has four "weak keys" [Schn] for which encryption
produces the same result as decryption. It also has ten pairs of produces the same result as decryption. It also has ten pairs of
"semi-weak keys" [Schn] (a.k.a. "dual keys" [FP074]) for which "semi-weak keys" [Schn] (a.k.a. "dual keys" [FP074]) for which
encryption with one key in the pair produces the same result as encryption with one key in the pair produces the same result as
decryption with the other key. decryption with the other key.
$ web, Web $ web, Web
1. (I) /not capitalized/ ISDs SHOULD NOT capitalize "web" when 1. (I) /not capitalized/ IDOCs SHOULD NOT capitalize "web" when
using the term (usually as an adjective) to refer generically to using the term (usually as an adjective) to refer generically to
technology -- such as web browsers, web servers, HTTP, and HTML -- technology -- such as web browsers, web servers, HTTP, and HTML --
that is used in the Web or similar networks. that is used in the Web or similar networks.
2. (I) /capitalized/ ISDs SHOULD capitalize "Web" when using the 2. (I) /capitalized/ IDOCs SHOULD capitalize "Web" when using the
term (as either a noun or an adjective) to refer specifically to term (as either a noun or an adjective) to refer specifically to
the World Wide Web. (Similarly, see: internet.) the World Wide Web. (Similarly, see: internet.)
Usage: ISDs SHOULD NOT use "web" or "Web" in a way that might Usage: IDOCs SHOULD NOT use "web" or "Web" in a way that might
confuse these definitions with the PGP "web of trust". When using confuse these definitions with the PGP "web of trust". When using
Web as an abbreviation for "World Wide Web", ISDs SHOULD fully Web as an abbreviation for "World Wide Web", IDOCs SHOULD fully
spell out the term at the first instance of usage. spell out the term at the first instance of usage.
$ web of trust $ web of trust
(D) /PGP/ A PKI architecture in which each certificate user (D) /PGP/ A PKI architecture in which each certificate user
defines their own trust anchor(s) by depending on personal defines their own trust anchor(s) by depending on personal
relationships. (See: trust anchor. Compare: hierarchical PKI, mesh relationships. (See: trust anchor. Compare: hierarchical PKI, mesh
PKI.) PKI.)
Deprecated Usage: ISDs SHOULD NOT use this term except with Deprecated Usage: IDOCs SHOULD NOT use this term except with
reference to PGP. This term mixes concepts in potentially reference to PGP. This term mixes concepts in potentially
misleading ways; e.g., this architecture does not depend on World misleading ways; e.g., this architecture does not depend on World
Wide Web technology. Instead of this term, ISDs MAY use "trust- Wide Web technology. Instead of this term, IDOCs MAY use "trust-
file PKI". (See: web, Web). file PKI". (See: web, Web).
Tutorial: This type of architecture does not usually include Tutorial: This type of architecture does not usually include
public repositories of certificates. Instead, each certificate public repositories of certificates. Instead, each certificate
user builds their own, private repository of trusted public keys user builds their own, private repository of trusted public keys
by making personal judgments about being able to trust certain by making personal judgments about being able to trust certain
people to be holding properly certified keys of other people. It people to be holding properly certified keys of other people. It
is this set of person-to-person relationships from which the is this set of person-to-person relationships from which the
architecture gets its name. architecture gets its name.
skipping to change at page 309, line 19 skipping to change at page 309, line 19
Morris Worm, virus.) Morris Worm, virus.)
$ wrap $ wrap
1. (N) To use cryptography to provide data confidentiality service 1. (N) To use cryptography to provide data confidentiality service
for keying material. (See: encrypt, wrapping algorithm, wrapping for keying material. (See: encrypt, wrapping algorithm, wrapping
key. Compare: seal, shroud.) key. Compare: seal, shroud.)
2. (D) To use cryptography to provide data confidentiality service 2. (D) To use cryptography to provide data confidentiality service
for data in general. for data in general.
Deprecated Usage: ISDs SHOULD NOT use this term with definition 2 Deprecated Usage: IDOCs SHOULD NOT use this term with definition 2
because that duplicates the meaning of the more widely understood because that duplicates the meaning of the more widely understood
"encrypt". "encrypt".
$ wrapping algorithm $ wrapping algorithm
(N) An encryption algorithm that is specifically intended for use (N) An encryption algorithm that is specifically intended for use
in encrypting keys. (See: KEK, wrap.) in encrypting keys. (See: KEK, wrap.)
$ wrapping key $ wrapping key
(N) Synonym for "KEK". (See: encrypt. Compare: seal, shroud.) (N) Synonym for "KEK". (See: encrypt. Compare: seal, shroud.)
skipping to change at page 311, line 4 skipping to change at page 311, line 5
X.509 public-key certificate. X.509 public-key certificate.
2b. subjectName DN of the subject. 2b. subjectName DN of the subject.
3. issuer DN of the issuer (the CA who signed). 3. issuer DN of the issuer (the CA who signed).
4. signature OID of algorithm that signed the cert. 4. signature OID of algorithm that signed the cert.
5. serialNumber Certificate serial number; 5. serialNumber Certificate serial number;
an integer assigned by the issuer. an integer assigned by the issuer.
6. attCertValidityPeriod Validity period; a pair of UTCTime 6. attCertValidityPeriod Validity period; a pair of UTCTime
values: "not before" and "not after". values: "not before" and "not after".
7. attributes Sequence of attributes describing the 7. attributes Sequence of attributes describing the
subject. subject.
8. issuerUniqueId Optional, when a DN is not sufficient. 8. issuerUniqueId Optional, when a DN is not sufficient.
9. extensions Optional. 9. extensions Optional.
$ X.509 certificate $ X.509 certificate
(N) Synonym for "X.509 public-key certificate". (N) Synonym for "X.509 public-key certificate".
Usage: ISDs MAY use this term as an abbreviation of "X.509 public- Usage: IDOCs MAY use this term as an abbreviation of "X.509
key certificate", but only after using the full term at the first public-key certificate", but only after using the full term at the
instance. Otherwise, the term is ambiguous, because X.509 first instance. Otherwise, the term is ambiguous, because X.509
specifies both public-key certificates and attribute certificates. specifies both public-key certificates and attribute certificates.
(See: X.509 attribute certificate, X.509 public-key certificate.) (See: X.509 attribute certificate, X.509 public-key certificate.)
Deprecated Usage: ISDs SHOULD NOT use this term as an abbreviation Deprecated Usage: IDOCs SHOULD NOT use this term as an
of "X.509 attribute certificate", because the term is much more abbreviation of "X.509 attribute certificate", because the term is
commonly used to mean "X.509 public-key certificate" and, much more commonly used to mean "X.509 public-key certificate"
therefore, is likely to be misunderstood. and, therefore, is likely to be misunderstood.
$ X.509 certificate revocation list (CRL) $ X.509 certificate revocation list (CRL)
(N) A CRL in one of the formats defined by X.509 -- version 1 (v1) (N) A CRL in one of the formats defined by X.509 -- version 1 (v1)
or version 2 (v2). (The v1 and v2 designations for an X.509 CRL or version 2 (v2). (The v1 and v2 designations for an X.509 CRL
are disjoint from the v1 and v2 designations for an X.509 public- are disjoint from the v1 and v2 designations for an X.509 public-
key certificate, and from the v1 designation for an X.509 key certificate, and from the v1 designation for an X.509
attribute certificate.) (See: certificate revocation.) attribute certificate.) (See: certificate revocation.)
Usage: ISDs SHOULD NOT refer to an X.509 CRL as a digital Usage: IDOCs SHOULD NOT refer to an X.509 CRL as a digital
certificate; however, note that an X.509 CRL does meet this certificate; however, note that an X.509 CRL does meet this
Glossary's definition of "digital certificate". That is, like a Glossary's definition of "digital certificate". That is, like a
digital certificate, an X.509 CRL makes an assertion and is signed digital certificate, an X.509 CRL makes an assertion and is signed
by a CA. But instead of binding a key or other attributes to a by a CA. But instead of binding a key or other attributes to a
subject, an X.509 CRL asserts that certain previously issued, subject, an X.509 CRL asserts that certain previously issued,
X.509 certificates have been revoked. X.509 certificates have been revoked.
Tutorial: An X.509 CRL contains a sequence of data items and has a Tutorial: An X.509 CRL contains a sequence of data items and has a
digital signature computed on that sequence. Besides the digital signature computed on that sequence. Besides the
signature, both v1 and v2 contain items 2 through 6b listed below. signature, both v1 and v2 contain items 2 through 6b listed below.
skipping to change at page 312, line 46 skipping to change at page 312, line 47
digital signatures (based on asymmetric cryptography) that can be digital signatures (based on asymmetric cryptography) that can be
applied to any digital content (i.e., any data object) including applied to any digital content (i.e., any data object) including
other XML material. other XML material.
$ Yellow Book $ Yellow Book
(D) /slang/ Synonym for "Computer Security Requirements: Guidance (D) /slang/ Synonym for "Computer Security Requirements: Guidance
for Applying the [U.S.] Department of Defense Trusted Computer for Applying the [U.S.] Department of Defense Trusted Computer
System Evaluation Criteria in Specific Environments" [CSC3] (See: System Evaluation Criteria in Specific Environments" [CSC3] (See:
"first law" under "Courtney's laws".) "first law" under "Courtney's laws".)
Deprecated Term: ISDs SHOULD NOT use this term as a synonym for Deprecated Term: IDOCs SHOULD NOT use this term as a synonym for
that or any other document. Instead, use the full proper name of that or any other document. Instead, use the full proper name of
the document or, in subsequent references, a conventional the document or, in subsequent references, a conventional
abbreviation. (See: Deprecated Usage under "Green Book", Rainbow abbreviation. (See: Deprecated Usage under "Green Book", Rainbow
Series.) Series.)
$ zero-knowledge proof $ zero-knowledge proof
(I) /cryptography/ A proof-of-possession protocol whereby a system (I) /cryptography/ A proof-of-possession protocol whereby a system
entity can prove possession of some information to another entity, entity can prove possession of some information to another entity,
without revealing any of that information. (See: proof-of- without revealing any of that information. (See: proof-of-
possession protocol.) possession protocol.)
skipping to change at page 313, line 28 skipping to change at page 313, line 29
$ zombie $ zombie
(I) /slang/ An Internet host computer that has been (I) /slang/ An Internet host computer that has been
surreptitiously penetrated by an intruder that installed malicious surreptitiously penetrated by an intruder that installed malicious
daemon software to cause the host to operate as an accomplice in daemon software to cause the host to operate as an accomplice in
attacking other hosts, particularly in distributed attacks that attacking other hosts, particularly in distributed attacks that
attempt denial of service through flooding. attempt denial of service through flooding.
Deprecated Usage: Other cultures likely use different metaphorical Deprecated Usage: Other cultures likely use different metaphorical
terms (such as "robot") for this concept, and some use this term terms (such as "robot") for this concept, and some use this term
for different concepts. Therefore, to avoid international for different concepts. Therefore, to avoid international
misunderstanding, ISDs SHOULD NOT use this term. Instead, use misunderstanding, IDOCs SHOULD NOT use this term. Instead, use
"compromised, coopted computer" or other explicitly descriptive "compromised, coopted computer" or other explicitly descriptive
terminology. (See: Deprecated Usage under "Green Book".) terminology. (See: Deprecated Usage under "Green Book".)
$ zone of control $ zone of control
(O) /EMSEC/ Synonym for "inspectable space". [C4009] (See: (O) /EMSEC/ Synonym for "inspectable space". [C4009] (See:
TEMPEST.) TEMPEST.)
5. Informative References 5. Informative References
This Glossary focuses on the Internet Standards Process. Therefore, This Glossary focuses on the Internet Standards Process. Therefore,
skipping to change at page 315, line 22 skipping to change at page 315, line 22
December 1990. December 1990.
[B1822] Bolt Baranek and Newman Inc., "Appendix H: Interfacing a [B1822] Bolt Baranek and Newman Inc., "Appendix H: Interfacing a
Host to a Private Line Interface", in "Specifications for Host to a Private Line Interface", in "Specifications for
the Interconnection of a Host and an IMP", BBN Report No. the Interconnection of a Host and an IMP", BBN Report No.
1822, revised, December 1983. 1822, revised, December 1983.
[B4799] ---, "A History of the Arpanet: The First Decade", BBN [B4799] ---, "A History of the Arpanet: The First Decade", BBN
Report No. 4799, April 1981. Report No. 4799, April 1981.
[BS7799] British Standards Institution, "Information Security
Management, Part 1: Code of Practice for Information
Security Management", BS 7799-1:1999, 15 May 1999.
---, ---, "Part 2: Specification for Information Security
Management Systems", BS 7799-2:1999, 15 May 1999.
[Bell] Bell, D. and L. LaPadula, "Secure Computer Systems: [Bell] Bell, D. and L. LaPadula, "Secure Computer Systems:
Mathematical Foundations and Model", M74-244, The MITRE Mathematical Foundations and Model", M74-244, The MITRE
Corporation, Bedford, MA, May 1973. (Available as AD-771543, Corporation, Bedford, MA, May 1973. (Available as AD-771543,
National Technical Information Service, Springfield, VA.) National Technical Information Service, Springfield, VA.)
[Biba] K. Biba, "Integrity Considerations for Secure Computer [Biba] K. Biba, "Integrity Considerations for Secure Computer
Systems", ESD-TR-76-372, USAF Electronic Systems Division, Systems", ESD-TR-76-372, USAF Electronic Systems Division,
Bedford, MA, April 1977. Bedford, MA, April 1977.
[BN89] Brewer, D. and M. Nash, "The Chinese wall security policy", [BN89] Brewer, D. and M. Nash, "The Chinese wall security policy",
in "Proceedings of IEEE Symposium on Security and Privacy", in "Proceedings of IEEE Symposium on Security and Privacy",
May 1989, pp. 205-214. May 1989, pp. 205-214.
[BS7799] British Standards Institution, "Information Security
Management, Part 1: Code of Practice for Information
Security Management", BS 7799-1:1999, 15 May 1999.
---, ---, "Part 2: Specification for Information Security
Management Systems", BS 7799-2:1999, 15 May 1999.
[C4009] Committee on National Security Systems (U.S. Government), [C4009] Committee on National Security Systems (U.S. Government),
"National Information Assurance (IA) Glossary", CNSS "National Information Assurance (IA) Glossary", CNSS
Instruction No. 4009, revised May 2003. Instruction No. 4009, revised May 2003.
[CCIB] Common Criteria Implementation Board, "Common Criteria for [CCIB] Common Criteria Implementation Board, "Common Criteria for
Information Technology Security Evaluation, Part 1: Information Technology Security Evaluation, Part 1:
Introduction and General Model", version 2.0, CCIB-98-026, Introduction and General Model", version 2.0, CCIB-98-026,
May 1998. May 1998.
[Chau] D. Chaum, "Untraceable Electronic Mail, Return Addresses, [Chau] D. Chaum, "Untraceable Electronic Mail, Return Addresses,
skipping to change at page 316, line 23 skipping to change at page 316, line 23
[Clark] Clark, D. and D. Wilson, "A Comparison of Commercial and [Clark] Clark, D. and D. Wilson, "A Comparison of Commercial and
Military computer Security Policies", in "Proceedings of the Military computer Security Policies", in "Proceedings of the
IEEE Symposium on Security and Privacy", April 1987, pp. IEEE Symposium on Security and Privacy", April 1987, pp.
184-194. 184-194.
[Cons] NSA, "Consistency Instruction Manual for Development of U.S. [Cons] NSA, "Consistency Instruction Manual for Development of U.S.
Government Protection Profiles for Use in Basic Robustness Government Protection Profiles for Use in Basic Robustness
Environments", Release 2.0, 1 March 2004 Environments", Release 2.0, 1 March 2004
[CORBA] Object Management Group, Inc., "CORBAservices: Common Object
Service Specification", December 1998.
[CSC1] U.S. DoD Computer Security Center, "Department of Defense [CSC1] U.S. DoD Computer Security Center, "Department of Defense
Trusted Computer System Evaluation Criteria", CSC-STD-001- Trusted Computer System Evaluation Criteria", CSC-STD-001-
83, 15 August 1983. (Superseded by [DoD1].) 83, 15 August 1983. (Superseded by [DoD1].)
[CSC2] ---, "Department of Defense Password Management Guideline", [CSC2] ---, "Department of Defense Password Management Guideline",
CSC-STD-002-85, 12 April 1985. CSC-STD-002-85, 12 April 1985.
[CSC3] ---, "Computer Security Requirements: Guidance for Applying [CSC3] ---, "Computer Security Requirements: Guidance for Applying
the Department of Defense Trusted Computer System Evaluation the Department of Defense Trusted Computer System Evaluation
Criteria in Specific Environments", CSC-STD-003-85, 25 June Criteria in Specific Environments", CSC-STD-003-85, 25 June
skipping to change at page 317, line 17 skipping to change at page 317, line 20
[DoD1] U.S. DoD, "Department of Defense Trusted Computer System [DoD1] U.S. DoD, "Department of Defense Trusted Computer System
Evaluation Criteria", DoD 5200.28-STD, 26 December 1985. Evaluation Criteria", DoD 5200.28-STD, 26 December 1985.
(Supersedes [CSC1].) (Superseded by DoD Directive 8500.1.) (Supersedes [CSC1].) (Superseded by DoD Directive 8500.1.)
[DoD4] ---, "NSA Key Recovery Assessment Criteria", 8 June 1998. [DoD4] ---, "NSA Key Recovery Assessment Criteria", 8 June 1998.
[DoD5] ---, Directive 5200.1, "DoD Information Security Program", [DoD5] ---, Directive 5200.1, "DoD Information Security Program",
13 December 1996. 13 December 1996.
[DoD6] ---, "DoD Architecture Framework", Version 1, 30 August [DoD6] ---, "Department of Defense Technical Architecture Framework
2003. for Information Management, Volume 6: Department of Defense
(DoD) Goal Security Architecture", Defense Information
Systems Agency, Center for Standards, version 3.0, 15 April
1996.
[DoD7] ---, "X.509 Certificate Policy for the United States [DoD7] ---, "X.509 Certificate Policy for the United States
Department of Defense", version 7, 18 December 2002. Department of Defense", version 7, 18 December 2002.
(Superseded by [DoD9].) (Superseded by [DoD9].)
[DoD9] ---, "X.509 Certificate Policy for the United States [DoD9] ---, "X.509 Certificate Policy for the United States
Department of Defense", version 9, 9 February 2005. Department of Defense", version 9, 9 February 2005.
[DoDGSA] ---, "Department of Defense Technical Architecture Framework [DoD10] ---, "DoD Architecture Framework, Version 1: Deskbook", 9
for Information Management, Volume 6: Department of Defense February 2004.
(DoD) Goal Security Architecture", Defense Information
Systems Agency, Center for Standards, version 3.0, 15 April
1996.
[DSG] American Bar Association, "Digital Signature Guidelines: [DSG] American Bar Association, "Digital Signature Guidelines:
Legal Infrastructure for Certification Authorities and Legal Infrastructure for Certification Authorities and
Secure Electronic Commerce", Chicago, IL, 1 August 1996. Secure Electronic Commerce", Chicago, IL, 1 August 1996.
(See: [PAG].) (See: [PAG].)
[ElGa] El Gamal, T., "A Public-Key Cryptosystem and a Signature [ElGa] El Gamal, T., "A Public-Key Cryptosystem and a Signature
Scheme Based on Discrete Logarithms", in "IEEE Transactions Scheme Based on Discrete Logarithms", in "IEEE Transactions
on Information Theory", vol. IT-31, no. 4, 1985, pp. 469- on Information Theory", vol. IT-31, no. 4, 1985, pp. 469-
472. 472.
skipping to change at page 328, line 53 skipping to change at page 329, line 5
[Raym] Raymond, E., ed., "The On-Line Hacker Jargon File", version [Raym] Raymond, E., ed., "The On-Line Hacker Jargon File", version
4.0.0, 24 July 1996. (See: http://www.catb.org/~esr/jargon 4.0.0, 24 July 1996. (See: http://www.catb.org/~esr/jargon
for the latest version. Also, "The New Hacker's Dictionary", for the latest version. Also, "The New Hacker's Dictionary",
3rd edition, MIT Press, September 1996, ISBN 0-262-68092-0.) 3rd edition, MIT Press, September 1996, ISBN 0-262-68092-0.)
[Roge] Rogers, H., "An Overview of the CANEWARE Program", in [Roge] Rogers, H., "An Overview of the CANEWARE Program", in
"Proceedings of the 10th National Computer Security "Proceedings of the 10th National Computer Security
Conference", NIST and NCSC, September 1987. Conference", NIST and NCSC, September 1987.
[RSA78] Rivest, R., A. Shamir, and L. Adleman, "A Method for
Obtaining Digital Signatures and Public-Key Cryptosystems",
in "Communications of the ACM", vol. 21, no. 2, February
1978, pp. 120-126.
[RSCG] NSA, "Router Security Configuration Guide: Principles and [RSCG] NSA, "Router Security Configuration Guide: Principles and
Guidance for Secure Configuration of IP Routers, with Guidance for Secure Configuration of IP Routers, with
Detailed Instructions for Cisco Systems Routers", version Detailed Instructions for Cisco Systems Routers", version
1.0g, C4-054R-00, 20 April 2001, available at 1.0g, C4-054R-00, 20 April 2001, available at
http://www.nsa.gov. http://www.nsa.gov.
[Russ] Russell, D. et al, Chapter 10 ("TEMPEST") of "Computer [Russ] Russell, D. et al, Chapter 10 ("TEMPEST") of "Computer
Security Basics", ISBN 0-937175-71-4, 1991. Security Basics", ISBN 0-937175-71-4, 1991.
[SAML] Organization for the Advancement of Structured Information [SAML] Organization for the Advancement of Structured Information
skipping to change at page 333, line 33 skipping to change at page 333, line 33
Please address all comments to: Please address all comments to:
Robert W. Shirey BBN Technologies Corp. Robert W. Shirey BBN Technologies Corp.
Email addresses: Suite 400, Mail Stop 30/6C1 Email addresses: Suite 400, Mail Stop 30/6C1
Current - rshirey@bbn.com 1300 Seventeenth Street North Current - rshirey@bbn.com 1300 Seventeenth Street North
Long-term - rwshirey@uwalumni.com Arlington, VA 22209-3801 USA Long-term - rwshirey@uwalumni.com Arlington, VA 22209-3801 USA
9. Full Copyright Statement 9. Full Copyright Statement
Copyright (C) The Internet Society (2006). This document is subject Copyright (C) The IETF Trust (2006).
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights. This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE IS SPONSORED "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
BY, THE INTERNET SOCIETY, AND THE INTERNET ENGINEERING TASK FORCE OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
OR FITNESS FOR A PARTICULAR PURPOSE. WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Expiration Date: 8 March 2007. Expiration Date: 1 May 2007.
 End of changes. 334 change blocks. 
458 lines changed or deleted 479 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/