tech-invite   World Map     

IETF     RFCs     Groups     SIP     ABNFs    |    3GPP     Specs     Gloss.     Arch.     IMS     UICC    |    Misc.    |    search     info

RFC 4949


Internet Security Glossary, Version 2

Part 4 of 13, p. 69 to 98
Prev RFC Part       Next RFC Part


prevText      Top      Up      ToC       Page 69 
   $ collateral information
      (O) /U.S. Government/ Information that is classified but is not
      required to be protected by an SAP. (See: /U.S. Government/

   $ color change
      (I) In a system being operated in periods-processing mode, the act
      of purging all information from one processing period and then
      changing over to the next processing period. (See: BLACK, RED.)

   $ Commercial COMSEC Evaluation Program (CCEP)
      (O) "Relationship between NSA and industry in which NSA provides
      the COMSEC expertise (i.e., standards, algorithms, evaluations,
      and guidance) and industry provides design, development, and
      production capabilities to produce a type 1 or type 2 product."

   $ commercially licensed evaluation facility (CLEF)
      (N) An organization that has official approval to evaluate the
      security of products and systems under the Common Criteria, ITSEC,
      or some other standard. (Compare: KLIF.)

   $ Committee on National Security Systems (CNSS)
      (O) /U.S. Government/ A Government, interagency, standing
      committee of the President's Critical Infrastructure Protection
      Board. The CNSS is chaired by the Secretary of Defense and
      provides a forum for the discussion of policy issues, sets
      national policy, and promulgates direction, operational
      procedures, and guidance for the security of national security
      systems. The Secretary of Defense and the Director of Central
      Intelligence are responsible for developing and overseeing the
      implementation of Government-wide policies, principles, standards,
      and guidelines for the security of systems that handle national
      security information.

   $ Common Criteria for Information Technology Security
      (N) A standard for evaluating information technology (IT) products
      and systems. It states requirements for security functions and for
      assurance measures. [CCIB] (See: CLEF, EAL, packages, protection
      profile, security target, TOE. Compare: CMM.)

      Tutorial: Canada, France, Germany, the Netherlands, the United
      Kingdom, and the United States (NIST and NSA) began developing
      this standard in 1993, based on the European ITSEC, the Canadian
      Trusted Computer Product Evaluation Criteria (CTCPEC), and the
      U.S. "Federal Criteria for Information Technology Security" and
      its precursor, the TCSEC. Work was done in cooperation with
      ISO/IEC Joint Technical Committee 1 (Information Technology),

Top      Up      ToC       Page 70 
      Subcommittee 27 (Security Techniques), Working Group 3 (Security
      Criteria). Version 2.0 of the Criteria has been issued as ISO's
      International Standard 15408. The U.S. Government intends this
      standard to supersede both the TCSEC and FIPS PUB 140. (See:

      The standard addresses data confidentiality, data integrity, and
      availability and may apply to other aspects of security. It
      focuses on threats to information arising from human activities,
      malicious or otherwise, but may apply to non-human threats. It
      applies to security measures implemented in hardware, firmware, or
      software. It does not apply to (a) administrative security not
      related directly to technical security, (b) technical physical
      aspects of security such as electromagnetic emanation control, (c)
      evaluation methodology or administrative and legal framework under
      which the criteria may be applied, (d) procedures for use of
      evaluation results, or (e) assessment of inherent qualities of
      cryptographic algorithms.

      Part 1, Introduction and General Model, defines general concepts
      and principles of IT security evaluation; presents a general model
      of evaluation; and defines constructs for expressing IT security
      objectives, for selecting and defining IT security requirements,
      and for writing high-level specifications for products and

      Part 2, Security Functional Requirements, contains a catalog of
      well-defined and well-understood functional requirement statements
      that are intended to be used as a standard way of expressing the
      security requirements for IT products and systems.

      Part 3, Security Assurance Requirements, contains a catalog of
      assurance components for use as a standard way of expressing such
      requirements for IT products and systems, and defines evaluation
      criteria for protection profiles and security targets.

   $ Common IP Security Option (CIPSO)
      (I) See: secondary definition under "IPSO".

   $ common name
      (N) A character string that (a) may be a part of the X.500 DN of a
      Directory object ("commonName" attribute), (b) is a (possibly
      ambiguous) name by which the object is commonly known in some
      limited scope (such as an organization), and (c) conforms to the
      naming conventions of the country or culture with which it is
      associated. [X520] (See: "subject" and "issuer" under "X.509
      public-key certificate".)

Top      Up      ToC       Page 71 
      Examples: "Dr. Albert Einstein", "The United Nations", and "12-th
      Floor Laser Printer".

   $ communications cover
      (N) "Concealing or altering of characteristic communications
      patterns to hide information that could be of value to an
      adversary." [C4009] (See: operations security, traffic-flow
      confidentiality, TRANSEC.)

   $ communication security (COMSEC)
      (I) Measures that implement and assure security services in a
      communication system, particularly those that provide data
      confidentiality and data integrity and that authenticate
      communicating entities.

      Usage: COMSEC is usually understood to include (a) cryptography
      and its related algorithms and key management methods and
      processes, devices that implement those algorithms and processes,
      and the lifecycle management of the devices and keying material.
      Also, COMSEC is sometimes more broadly understood as further
      including (b) traffic-flow confidentiality, (c) TRANSEC, and (d)
      steganography [Kahn]. (See: cryptology, signal security.)

   $ community of interest (COI)
      1. (I) A set of entities that operate under a common security
      policy. (Compare: domain.)

      2. (I) A set of entities that exchange information collaboratively
      for some purpose.

   $ community risk
      (N) Probability that a particular vulnerability will be exploited
      within an interacting population and adversely affect some members
      of that population. [C4009] (See: Morris worm, risk.)

   $ community string
      (I) A community name in the form of an octet string that serves as
      a cleartext password in SNMP version 1 (RFC 1157) and version 2
      (RFC 1901). (See: password, Simple Network Management Protocol.)

      Tutorial: The SNMPv1 and SNMPv2 protocols have been declared
      "historic" and have been replaced by the more secure SNMPv3
      standard (RFCs 3410-3418), which does not use cleartext passwords.

Top      Up      ToC       Page 72 
   $ compartment
      1. (I) A grouping of sensitive information items that require
      special access controls beyond those normally provided for the
      basic classification level of the information. (See: compartmented
      security mode. Compare: category, classification.)

      Usage: The term is usually understood to include the special
      handling procedures to be used for the information.

      2. (I) Synonym for "category".

      Deprecated Usage: This Glossary defines "category" with a slightly
      narrower meaning than "compartment". That is, a security label is
      assigned to a category because the data owner needs to handle the
      data as a compartment. However, a compartment could receive
      special protection in a system without being assigned a category

   $ compartmented security mode
      (N) A mode of system operation wherein all users having access to
      the system have the necessary security clearance for the single,
      hierarchical classification level of all data handled by the
      system, but some users do not have the clearance for a non-
      hierarchical category of some data handled by the system. (See:
      category, /system operation/ under "mode", protection level,
      security clearance.)

      Usage: Usually abbreviated as "compartmented mode". This term was
      defined in U.S. Government policy on system accreditation. In this
      mode, a system may handle (a) a single hierarchical classification
      level and (b) multiple non-hierarchical categories within that

   $ Compartments field
      (I) A 16-bit field (the "C field") that specifies compartment
      values in the security option (option type 130) of version 4 IP's
      datagram header format. The valid field values are assigned by the
      U.S. Government, as specified in RFC 791.

      Deprecated Abbreviation: IDOCs SHOULD NOT use the abbreviation "C
      field"; the abbreviation is potentially ambiguous. Instead, use
      "Compartments field".

   $ component
      See: system component.

Top      Up      ToC       Page 73 
   $ compression
      (I) A process that encodes information in a way that minimizes the
      number of resulting code symbols and thus reduces storage space or
      transmission time.

      Tutorial: A data compression algorithm may be "lossless", i.e.,
      retain all information that was encoded in the data, so that
      decompression can recover all the information; or an algorithm may
      be "lossy". Text usually needs to be compressed losslessly, but
      images are often compressed with lossy schemes.

      Not all schemes that encode information losslessly for machine
      processing are efficient in terms of minimizing the number of
      output bits. For example, ASCII encoding is lossless, but ASCII
      data can often be losslessly reencoded in fewer bits with other
      schemes. These more efficient schemes take advantage of some sort
      of inherent imbalance, redundancy, or repetition in the data, such
      as by replacing a character string in which all characters are the
      same by a shorter string consisting of only the single character
      and a character count.

      Lossless compression schemes cannot effectively reduce the number
      of bits in cipher text produced by a strong encryption algorithm,
      because the cipher text is essentially a pseudorandom bit string
      that does not contain patterns susceptible to reencoding.
      Therefore, protocols that offer both encryption and compression
      services (e.g., SSL) need to perform the compression operation
      before the encryption operation.

   $ compromise
      See: data compromise, security compromise.

   $ compromise recovery
      (I) The process of regaining a secure state for a system after
      detecting that the system has experienced a security compromise.

   $ compromised key list (CKL)
      (N) /MISSI/ A list that identifies keys for which unauthorized
      disclosure or alteration may have occurred. (See: compromise.)

      Tutorial: A CKL is issued by a CA, like a CRL is issued. But a CKL
      lists only KMIDs, not subjects that hold the keys, and not
      certificates in which the keys are bound.

      (I) See: computer security.

Top      Up      ToC       Page 74 
   $ computer emergency response team (CERT)
      (I) An organization that studies computer and network INFOSEC in
      order to provide incident response services to victims of attacks,
      publish alerts concerning vulnerabilities and threats, and offer
      other information to help improve computer and network security.
      (See: CSIRT, security incident.)

      Examples: CERT Coordination Center at Carnegie Mellon University
      (sometimes called "the" CERT); CIAC.

   $ Computer Incident Advisory Capability (CIAC)
      (O) The centralized CSIRT of the U.S. Department of Energy; a
      member of FIRST.

   $ computer network
      (I) A collection of host computers together with the subnetwork or
      internetwork through which they can exchange data.

      Usage: This definition is intended to cover systems of all sizes
      and types, ranging from the complex Internet to a simple system
      composed of a personal computer dialing in as a remote terminal of
      another computer.

   $ computer platform
      (I) A combination of computer hardware and an operating system
      (which may consist of software, firmware, or both) for that
      hardware. (Compare: computer system.)

   $ computer security (COMPUSEC)
      1. (I) Measures to implement and assure security services in a
      computer system, particularly those that assure access control

      Usage: Usually refers to internal controls (functions, features,
      and technical characteristics) that are implemented in software
      (especially in operating systems); sometimes refers to internal
      controls implemented in hardware; rarely used to refer to external

      2. (O) "The protection afforded to an automated information system
      in order to attain the applicable objectives of preserving the
      integrity, availability and confidentiality of information system
      resources (includes hardware, software, firmware,
      information/data, and telecommunications)." [SP12]

Top      Up      ToC       Page 75 
   $ computer security incident response team (CSIRT)
      (I) An organization "that coordinates and supports the response to
      security incidents that involve sites within a defined
      constituency." [R2350] (See: CERT, FIRST, security incident.)

      Tutorial: To be considered a CSIRT, an organization must do as
      follows: (a) Provide a (secure) channel for receiving reports
      about suspected security incidents. (b) Provide assistance to
      members of its constituency in handling the incidents. (c)
      Disseminate incident-related information to its constituency and
      other involved parties.

   $ computer security object
      (I) The definition or representation of a resource, tool, or
      mechanism used to maintain a condition of security in computerized
      environments. Includes many items referred to in standards that
      are either selected or defined by separate user communities.
      [CSOR] (See: object identifier, Computer Security Objects

   $ Computer Security Objects Register (CSOR)
      (N) A service operated by NIST is establishing a catalog for
      computer security objects to provide stable object definitions
      identified by unique names. The use of this register will enable
      the unambiguous specification of security parameters and
      algorithms to be used in secure data exchanges. (See: object

      Tutorial: The CSOR follows registration guidelines established by
      the international standards community and ANSI. Those guidelines
      establish minimum responsibilities for registration authorities
      and assign the top branches of an international registration
      hierarchy. Under that international registration hierarchy, the
      CSOR is responsible for the allocation of unique identifiers under
      the branch: {joint-iso-ccitt(2) country(16) us(840)
      organization(1) gov(101) csor(3)}.

   $ computer system
      (I) Synonym for "information system", or a component thereof.
      (Compare: computer platform.)

   $ Computers At Risk
      (O) The 1991 report [NRC91] of the System Security Study
      Committee, sponsored by the U.S. National Academy of Sciences and
      supported by the Defense Advanced Research Projects Agency of the
      U.S. DoD. It made many recommendations for industry and
      governments to improve computer security and trustworthiness. Some
      of the most important recommendations (e.g., establishing an

Top      Up      ToC       Page 76 
      Information Security Foundation chartered by the U.S. Government)
      have not been implemented at all, and others (e.g., codifying
      Generally Accepted System Security Principles similar to
      accounting principles) have been implemented but not widely
      adopted [SP14, SP27].

      (I) See: communication security.

   $ COMSEC account
      (O) /U.S. Government/ "Administrative entity, identified by an
      account number, used to maintain accountability, custody, and
      control of COMSEC material." [C4009] (See: COMSEC custodian.)

   $ COMSEC accounting
      (O) /U.S. Government/ The process of creating, collecting, and
      maintaining data records that describe the status and custody of
      designated items of COMSEC material. (See: accounting legend

      Tutorial: Almost any secure information system needs to record a
      security audit trail, but a system that manages COMSEC material
      needs to record additional data about the status and custody of
      COMSEC items.
      -  COMSEC tracking: The process of automatically collecting,
         recording, and managing information that describes the status
         of designated items of COMSEC material at all times during each
         product's lifecycle.
      -  COMSEC controlling: The process of supplementing tracking data
         with custody data, which consists of explicit acknowledgements
         of system entities that they (a) have received specific COMSEC
         items and (b) are responsible for preventing exposure of those

      For example, a key management system that serves a large customer
      base needs to record tracking data for the same reasons that a
      national parcel delivery system does, i.e., to answer the question
      "Where is that thing now?". If keys are encrypted immediately upon
      generation and handled only in BLACK form between the point of
      generation and the point of use, then tracking may be all that is
      needed. However, in cases where keys are handled at least partly
      in RED form and are potentially subject to exposure, then tracking
      needs to be supplemented by controlling.

      Data that is used purely for tracking need be retained only
      temporarily, until an item's status changes. Data that is used for
      controlling is retained indefinitely to ensure accountability and
      support compromise recovery.

Top      Up      ToC       Page 77 
   $ COMSEC boundary
      (N) "Definable perimeter encompassing all hardware, firmware, and
      software components performing critical COMSEC functions, such as
      key generation and key handling and storage." [C4009] (Compare:
      cryptographic boundary.)

   $ COMSEC custodian
      (O) /U.S. Government/ "Individual designated by proper authority
      to be responsible for the receipt, transfer, accounting,
      safeguarding, and destruction of COMSEC material assigned to a
      COMSEC account." [C4009]

   $ COMSEC material
      (N) /U.S. Government/ Items designed to secure or authenticate
      communications or information in general; these items include (but
      are not limited to) keys; equipment, devices, documents, firmware,
      and software that embodies or describes cryptographic logic; and
      other items that perform COMSEC functions. [C4009] (Compare:
      keying material.)

   $ COMSEC Material Control System (CMCS)
      (O) /U.S. Government/ "Logistics and accounting system through
      which COMSEC material marked 'CRYPTO' is distributed, controlled,
      and safeguarded." [C4009] (See: COMSEC account, COMSEC custodian.)

   $ confidentiality
      See: data confidentiality.

   $ concealment system
      (O) "A method of achieving confidentiality in which sensitive
      information is hidden by embedding it in irrelevant data." [NCS04]
      (Compare: steganography.)

   $ configuration control
      (I) The process of regulating changes to hardware, firmware,
      software, and documentation throughout the development and
      operational life of a system. (See: administrative security,
      harden, trusted distribution.)

      Tutorial: Configuration control helps protect against unauthorized
      or malicious alteration of a system and thus provides assurance of
      system integrity. (See: malicious logic.)

   $ confinement property
      (N) /formal model/ Property of a system whereby a subject has
      write access to an object only if the classification of the object
      dominates the clearance of the subject. (See: *-property, Bell-
      LaPadula model.)

Top      Up      ToC       Page 78 
   $ constraint
      (I) /access control/ A limitation on the function of an identity,
      role, or privilege. (See: rule-based access control.)

      Tutorial: In effect, a constraint is a form of security policy and
      may be either static or dynamic:
      -  "Static constraint": A constraint that must be satisfied at the
         time the policy is defined, and then continues to be satisfied
         until the constraint is removed.
      -  "Dynamic constraint": A constraint that may be defined to apply
         at various times that the identity, role, or other object of
         the constraint is active in the system.

   $ content filter
      (I) /World Wide Web/ Application software used to prevent access
      to certain Web servers, such as by parents who do not want their
      children to access pornography. (See: filter, guard.)

      Tutorial: The filter is usually browser-based, but could be part
      of an intermediate cache server. The two basic content filtering
      techniques are (a) to block a specified list of URLs and (b) to
      block material that contains specified words and phrases.

   $ contingency plan
      (I) A plan for emergency response, backup operations, and post-
      disaster recovery in a system as part of a security program to
      ensure availability of critical system resources and facilitate
      continuity of operations in a crisis. [NCS04] (See: availability.)

   $ control zone
      (O) "The space, expressed in feet of radius, surrounding equipment
      processing sensitive information, that is under sufficient
      physical and technical control to preclude an unauthorized entry
      or compromise." [NCSSG] (Compare: inspectable space, TEMPEST

   $ controlled access protection
      (O) /TCSEC/ The level of evaluation criteria for a C2 computer

      Tutorial: The major features of the C2 level are individual
      accountability, audit, access control, and object reuse.

   $ controlled cryptographic item (CCI)
      (O) /U.S. Government/ "Secure telecommunications or information
      handling equipment, or associated cryptographic component, that is
      unclassified but governed by a special set of control
      requirements." [C4009] (Compare: EUCI.)

Top      Up      ToC       Page 79 
      Tutorial: This category of equipment was established in 1985 to
      promote broad use of secure equipment for protecting both
      classified and unclassified information in the national interest.
      CCI equipment uses a classified cryptographic logic, but the
      hardware or firmware embodiment of that logic is unclassified.
      Drawings, software implementations, and other descriptions of that
      logic remain classified. [N4001]

   $ controlled interface
      (I) A mechanism that facilitates the adjudication of the different
      security policies of interconnected systems. (See: domain, guard.)

   $ controlled security mode
      (D) /U.S. DoD/ A mode of system operation wherein (a) two or more
      security levels of information are allowed to be handled
      concurrently within the same system when some users having access
      to the system have neither a security clearance nor need-to-know
      for some of the data handled by the system, but (b) separation of
      the users and the classified material on the basis, respectively,
      of clearance and classification level are not dependent only on
      operating system control (like they are in multilevel security
      mode). (See: /system operation/ under "mode", protection level.)

      Deprecated Term: IDOCs SHOULD NOT use this term. It was defined in
      a U.S. Government policy regarding system accreditation and was
      subsumed by "partitioned security mode" in a later policy. Both
      terms were dropped in still later policies.

      Tutorial: Controlled mode was intended to encourage ingenuity in
      meeting data confidentiality requirements in ways less restrictive
      than "dedicated security mode" and "system-high security mode",
      but at a level of risk lower than that generally associated with
      true "multilevel security mode". This was intended to be
      accomplished by implementation of explicit augmenting measures to
      reduce or remove a substantial measure of system software
      vulnerability together with specific limitation of the security
      clearance levels of users having concurrent access to the system.

   $ controlling authority
      (O) /U.S. Government/ "Official responsible for directing the
      operation of a cryptonet and for managing the operational use and
      control of keying material assigned to the cryptonet." [C4009,

   $ cookie
      1. (I) /HTTP/ Data exchanged between an HTTP server and a browser
      (a client of the server) to store state information on the client
      side and retrieve it later for server use.

Top      Up      ToC       Page 80 
      Tutorial: An HTTP server, when sending data to a client, may send
      along a cookie, which the client retains after the HTTP connection
      closes. A server can use this mechanism to maintain persistent
      client-side state information for HTTP-based applications,
      retrieving the state information in later connections. A cookie
      may include a description of the range of URLs for which the state
      is valid. Future requests made by the client in that range will
      also send the current value of the cookie to the server. Cookies
      can be used to generate profiles of web usage habits, and thus may
      infringe on personal privacy.

      2. (I) /IPsec/ Data objects exchanged by ISAKMP to prevent certain
      denial-of-service attacks during the establishment of a security

      3. (D) /access control/ Synonym for "capability token" or

      Deprecated Definition: IDOCs SHOULD NOT use this term with
      definition 3; that would duplicate the meaning of better-
      established terms and mix concepts in a potentially misleading

   $ Coordinated Universal Time (UTC)
      (N) UTC is derived from International Atomic Time (TAI) by adding
      a number of leap seconds. The International Bureau of Weights and
      Measures computes TAI once each month by averaging data from many
      laboratories. (See: GeneralizedTime, UTCTime.)

   $ correction
      (I) /security/ A system change made to eliminate or reduce the
      risk of reoccurrence of a security violation or threat
      consequence. (See: secondary definition under "security".)

   $ correctness
      (I) "The property of a system that is guaranteed as the result of
      formal verification activities." [Huff] (See: correctness proof,

   $ correctness integrity
      (I) The property that the information represented by data is
      accurate and consistent. (Compare: data integrity, source

      Tutorial: IDOCs SHOULD NOT use this term without providing a
      definition; the term is neither well-known nor precisely defined.
      Data integrity refers to the constancy of data values, and source
      integrity refers to confidence in data values. However,

Top      Up      ToC       Page 81 
      correctness integrity refers to confidence in the underlying
      information that data values represent, and this property is
      closely related to issues of accountability and error handling.

   $ correctness proof
      (I) A mathematical proof of consistency between a specification
      for system security and the implementation of that specification.
      (See: correctness, formal specification.)

   $ corruption
      (I) A type of threat action that undesirably alters system
      operation by adversely modifying system functions or data. (See:

      Usage: This type of threat action includes the following subtypes:
      -  "Tampering": /corruption/ Deliberately altering a system's
         logic, data, or control information to interrupt or prevent
         correct operation of system functions. (See: misuse, main entry
         for "tampering".)
      -  "Malicious logic": /corruption/ Any hardware, firmware, or
         software (e.g., a computer virus) intentionally introduced into
         a system to modify system functions or data. (See:
         incapacitation, main entry for "malicious logic", masquerade,
      -  "Human error": /corruption/ Human action or inaction that
         unintentionally results in the alteration of system functions
         or data.
      -  "Hardware or software error": /corruption/ Error that results
         in the alteration of system functions or data.
      -  "Natural disaster": /corruption/ Any "act of God" (e.g., power
         surge caused by lightning) that alters system functions or
         data. [FP031 Section 2]

   $ counter
      1. (N) /noun/ See: counter mode.

      2. (I) /verb/ See: countermeasure.

   $ counter-countermeasure
      (I) An action, device, procedure, or technique used by an attacker
      to offset a defensive countermeasure.

      Tutorial: For every countermeasure devised to protect computers
      and networks, some cracker probably will be able to devise a
      counter-countermeasure. Thus, systems must use "defense in depth".

Top      Up      ToC       Page 82 
   $ counter mode (CTR)
      (N) A block cipher mode that enhances ECB mode by ensuring that
      each encrypted block is different from every other block encrypted
      under the same key. [SP38A] (See: block cipher.)

      Tutorial: This mode operates by first encrypting a generated
      sequence of blocks, called "counters", that are separate from the
      input sequence of plaintext blocks which the mode is intended to
      protect. The resulting sequence of encrypted counters is
      exclusive-ORed with the sequence of plaintext blocks to produce
      the final ciphertext output blocks. The sequence of counters must
      have the property that each counter is different from every other
      counter for all of the plain text that is encrypted under the same

   $ Counter with Cipher Block Chaining-Message Authentication Code
      (N) A block cipher mode [SP38C] that provides both data
      confidentiality and data origin authentication, by combining the
      techniques of CTR and a CBC-based message authentication code.
      (See: block cipher.)

   $ countermeasure
      (I) An action, device, procedure, or technique that meets or
      opposes (i.e., counters) a threat, a vulnerability, or an attack
      by eliminating or preventing it, by minimizing the harm it can
      cause, or by discovering and reporting it so that corrective
      action can be taken.

      Tutorial: In an Internet protocol, a countermeasure may take the
      form of a protocol feature, a component function, or a usage

   $ country code
      (I) An identifier that is defined for a nation by ISO. [I3166]

      Tutorial: For each nation, ISO Standard 3166 defines a unique two-
      character alphabetic code, a unique three-character alphabetic
      code, and a three-digit code. Among many uses of these codes, the
      two-character codes are used as top-level domain names.

   $ Courtney's laws
      (N) Principles for managing system security that were stated by
      Robert H. Courtney, Jr.

Top      Up      ToC       Page 83 
      Tutorial: Bill Murray codified Courtney's laws as follows: [Murr]
      -  Courtney's first law: You cannot say anything interesting
         (i.e., significant) about the security of a system except in
         the context of a particular application and environment.
      -  Courtney's second law: Never spend more money eliminating a
         security exposure than tolerating it will cost you. (See:
         acceptable risk, risk analysis.)
         -- First corollary: Perfect security has infinite cost.
         -- Second corollary: There is no such thing as zero risk.
      -  Courtney's third law: There are no technical solutions to
         management problems, but there are management solutions to
         technical problems.

   $ covert action
      (I) An operation that is planned and executed in a way that
      conceals the identity of the operator.

   $ covert channel
      1. (I) An unintended or unauthorized intra-system channel that
      enables two cooperating entities to transfer information in a way
      that violates the system's security policy but does not exceed the
      entities' access authorizations. (See: covert storage channel,
      covert timing channel, out-of-band, tunnel.)

      2. (O) "A communications channel that allows two cooperating
      processes to transfer information in a manner that violates the
      system's security policy." [NCS04]

      Tutorial: The cooperating entities can be either two insiders or
      an insider and an outsider. Of course, an outsider has no access
      authorization at all. A covert channel is a system feature that
      the system architects neither designed nor intended for
      information transfer.

   $ covert storage channel
      (I) A system feature that enables one system entity to signal
      information to another entity by directly or indirectly writing a
      storage location that is later directly or indirectly read by the
      second entity. (See: covert channel.)

   $ covert timing channel
      (I) A system feature that enables one system entity to signal
      information to another by modulating its own use of a system
      resource in such a way as to affect system response time observed
      by the second entity. (See: covert channel.)

   $ CPS
      (I) See: certification practice statement.

Top      Up      ToC       Page 84 
   $ cracker
      (I) Someone who tries to break the security of, and gain
      unauthorized access to, someone else's system, often with
      malicious intent. (See: adversary, intruder, packet monkey, script
      kiddy. Compare: hacker.)

      Usage: Was sometimes spelled "kracker". [NCSSG]

   $ CRAM
      (I) See: Challenge-Response Authentication Mechanism.

   $ CRC
      (I) See: cyclic redundancy check.

   $ credential
      1. (I) /authentication/ "identifier credential": A data object
      that is a portable representation of the association between an
      identifier and a unit of authentication information, and that can
      be presented for use in verifying an identity claimed by an entity
      that attempts to access a system. Example: X.509 public-key
      certificate. (See: anonymous credential.)

      2. (I) /access control/ "authorization credential": A data object
      that is a portable representation of the association between an
      identifier and one or more access authorizations, and that can be
      presented for use in verifying those authorizations for an entity
      that attempts such access. Example: X.509 attribute certificate.
      (See: capability token, ticket.)

      3. (D) /OSIRM/ "Data that is transferred to establish the claimed
      identity of an entity." [I7498-2]

      Deprecated Definition: IDOCs SHOULD NOT use the term with
      definition 3. As explained in the tutorial below, an
      authentication process can involve the transfer of multiple data
      objects, and not all of those are credentials.

      4. (D) /U.S. Government/ "An object that is verified when
      presented to the verifier in an authentication transaction."

      Deprecated Definition: IDOCs SHOULD NOT use the term with
      definition 4; it mixes concepts in a potentially misleading way.
      For example, in an authentication process, it is the identity that
      is "verified", not the credential; the credential is "validated".
      (See: validate vs. verify.)

Top      Up      ToC       Page 85 
      Tutorial: In general English, "credentials" are evidence or
      testimonials that (a) support a claim of identity or authorization
      and (b) usually are intended to be used more than once (i.e., a
      credential's life is long compared to the time needed for one
      use). Some examples are a policeman's badge, an automobile
      driver's license, and a national passport. An authentication or
      access control process that uses a badge, license, or passport is
      outwardly simple: the holder just shows the thing.

      The problem with adopting this term in Internet security is that
      an automated process for authentication or access control usually
      requires multiple steps using multiple data objects, and it might
      not be immediately obvious which of those objects should get the
      name "credential".

      For example, if the verification step in a user authentication
      process employs public-key technology, then the process involves
      at least three data items: (a) the user's private key, (b) a
      signed value -- signed with that private key and passed to the
      system, perhaps in response to a challenge from the system -- and
      (c) the user's public-key certificate, which is validated by the
      system and provides the public key needed to verify the signature.
      -  Private key: The private key is *not* a credential, because it
         is never transferred or presented. Instead, the private key is
         "authentication information", which is associated with the
         user's identifier for a specified period of time and can be
         used in multiple authentications during that time.
      -  Signed value: The signed value is *not* a credential; the
         signed value is only ephemeral, not long lasting. The OSIRM
         definition could be interpreted to call the signed value a
         credential, but that would conflict with general English.
      -  Certificate: The user's certificate *is* a credential. It can
         be "transferred" or "presented" to any person or process that
         needs it at any time. A public-key certificate may be used as
         an "identity credential", and an attribute certificate may be
         used as an "authorization credential".

   $ critical
      1. (I) /system resource/ A condition of a system resource such
      that denial of access to, or lack of availability of, that
      resource would jeopardize a system user's ability to perform a
      primary function or would result in other serious consequences,
      such as human injury or loss of life. (See: availability,
      precedence. Compare: sensitive.)

      2. (N) /extension/ An indication that an application is not
      permitted to ignore an extension. [X509]

Top      Up      ToC       Page 86 
      Tutorial: Each extension of an X.509 certificate or CRL is flagged
      as either "critical" or "non-critical". In a certificate, if a
      computer program does not recognize an extension's type (i.e.,
      does not implement its semantics), then if the extension is
      critical, the program is required to treat the certificate as
      invalid; but if the extension is non-critical, the program is
      permitted to ignore the extension.

      In a CRL, if a program does not recognize a critical extension
      that is associated with a specific certificate, the program is
      required to assume that the listed certificate has been revoked
      and is no longer valid, and then take whatever action is required
      by local policy.

      When a program does not recognize a critical extension that is
      associated with the CRL as a whole, the program is required to
      assume that all listed certificates have been revoked and are no
      longer valid. However, since failing to process the extension may
      mean that the list has not been completed, the program cannot
      assume that other certificates are valid, and the program needs to
      take whatever action is therefore required by local policy.

   $ critical information infrastructure
      (I) Those systems that are so vital to a nation that their
      incapacity or destruction would have a debilitating effect on
      national security, the economy, or public health and safety.

   $ CRL
      (I) See: certificate revocation list.

   $ CRL distribution point
      (I) See: distribution point.

   $ CRL extension
      (I) See: extension.

   $ cross-certificate
      (I) A public-key certificate issued by a CA in one PKI to a CA in
      another PKI. (See: cross-certification.)

   $ cross-certification
      (I) The act or process by which a CA in one PKI issues a public-
      key certificate to a CA in another PKI. [X509] (See: bridge CA.)

      Tutorial: X.509 says that a CA (say, CA1) may issue a "cross-
      certificate" in which the subject is another CA (say, CA2). X.509
      calls CA2 the "subject CA" and calls CA1 an "intermediate CA", but

Top      Up      ToC       Page 87 
      this Glossary deprecates those terms. (See: intermediate CA,
      subject CA).

      Cross-certification of CA2 by CA1 appears similar to certification
      of a subordinate CA by a superior CA, but cross-certification
      involves a different concept. The "subordinate CA" concept applies
      when both CAs are in the same PKI, i.e., when either (a) CA1 and
      CA2 are under the same root or (b) CA1 is itself a root. The
      "cross-certification" concept applies in other cases:

      First, cross-certification applies when two CAs are in different
      PKIs, i.e., when CA1 and CA2 are under different roots, or perhaps
      are both roots themselves. Issuing the cross-certificate enables
      end entities certified under CA1 in PK1 to construct the
      certification paths needed to validate the certificates of end
      entities certified under CA2 in PKI2. Sometimes, a pair of cross-
      certificates is issued -- by CA1 to CA2, and by CA2 to CA1 -- so
      that an end entity in either PKI can validate certificates issued
      in the other PKI.

      Second, X.509 says that two CAs in some complex, multi-CA PKI can
      cross-certify one another to shorten the certification paths
      constructed by end entities. Whether or not a CA may perform this
      or any other form of cross-certification, and how such
      certificates may be used by end entities, should be addressed by
      the local certificate policy and CPS.

   $ cross-domain solution
      1. (D) Synonym for "guard".

      Deprecated Term: IDOCs SHOULD NOT use this term as a synonym for
      "guard"; this term unnecessarily (and verbosely) duplicates the
      meaning of the long-established "guard".

      2. (O) /U.S. Government/ A process or subsystem that provides a
      capability (which could be either manual or automated) to access
      two or more differing security domains in a system, or to transfer
      information between such domains. (See: domain, guard.)

   $ cryptanalysis
      1. (I) The mathematical science that deals with analysis of a
      cryptographic system to gain knowledge needed to break or
      circumvent the protection that the system is designed to provide.
      (See: cryptology, secondary definition under "intrusion".)

      2. (O) "The analysis of a cryptographic system and/or its inputs
      and outputs to derive confidential variables and/or sensitive data
      including cleartext." [I7498-2]

Top      Up      ToC       Page 88 
      Tutorial: Definition 2 states the traditional goal of
      cryptanalysis, i.e., convert cipher text to plain text (which
      usually is clear text) without knowing the key; but that
      definition applies only to encryption systems. Today, the term is
      used with reference to all kinds of cryptographic algorithms and
      key management, and definition 1 reflects that. In all cases,
      however, a cryptanalyst tries to uncover or reproduce someone
      else's sensitive data, such as clear text, a key, or an algorithm.
      The basic cryptanalytic attacks on encryption systems are
      ciphertext-only, known-plaintext, chosen-plaintext, and chosen-
      ciphertext; and these generalize to the other kinds of

   $ crypto, CRYPTO
      1. (N) A prefix ("crypto-") that means "cryptographic".

      Usage: IDOCs MAY use this prefix when it is part of a term listed
      in this Glossary. Otherwise, IDOCs SHOULD NOT use this prefix;
      instead, use the unabbreviated adjective, "cryptographic".

      2. (D) In lower case, "crypto" is an abbreviation for the
      adjective "cryptographic", or for the nouns "cryptography" or
      "cryptographic component".

      Deprecated Abbreviation: IDOCs SHOULD NOT use this abbreviation
      because it could easily be misunderstood in some technical sense.

      3. (O) /U.S. Government/ In upper case, "CRYPTO" is a marking or
      designator that identifies "COMSEC keying material used to secure
      or authenticate telecommunications carrying classified or
      sensitive U.S. Government or U.S. Government-derived information."
      [C4009] (See: security label, security marking.)

   $ cryptographic
      (I) An adjective that refers to cryptography.

   $ cryptographic algorithm
      (I) An algorithm that uses the science of cryptography, including
      (a) encryption algorithms, (b) cryptographic hash algorithms, (c)
      digital signature algorithms, and (d) key-agreement algorithms.

   $ cryptographic application programming interface (CAPI)
      (I) The source code formats and procedures through which an
      application program accesses cryptographic services, which are
      defined abstractly compared to their actual implementation.
      Example, see: PKCS #11, [R2628].

Top      Up      ToC       Page 89 
   $ cryptographic association
      (I) A security association that involves the use of cryptography
      to provide security services for data exchanged by the associated
      entities. (See: ISAKMP.)

   $ cryptographic boundary
      (I) See: secondary definition under "cryptographic module".

   $ cryptographic card
      (I) A cryptographic token in the form of a smart card or a PC

   $ cryptographic component
      (I) A generic term for any system component that involves
      cryptography. (See: cryptographic module.)

   $ cryptographic hash
      (I) See: secondary definition under "hash function".

   $ cryptographic ignition key (CIK)
      1. (N) A physical (usually electronic) token used to store,
      transport, and protect cryptographic keys and activation data.
      (Compare: dongle, fill device.)

      Tutorial: A key-encrypting key could be divided (see: split key)
      between a CIK and a cryptographic module, so that it would be
      necessary to combine the two to regenerate the key, use it to
      decrypt other keys and data contained in the module, and thus
      activate the module.

      2. (O) "Device or electronic key used to unlock the secure mode of
      cryptographic equipment." [C4009] Usage: Abbreviated as "crypto-
      ignition key".

   $ cryptographic key
      (I) See: key. Usage: Usually shortened to just "key".

   $ Cryptographic Message Syntax (CMS)
      (I) An encapsulation syntax (RFC 3852) for digital signatures,
      hashes, and encryption of arbitrary messages.

      Tutorial: CMS derives from PKCS #7. CMS values are specified with
      ASN.1 and use BER encoding. The syntax permits multiple
      encapsulation with nesting, permits arbitrary attributes to be
      signed along with message content, and supports a variety of
      architectures for digital certificate-based key management.

Top      Up      ToC       Page 90 
   $ cryptographic module
      (I) A set of hardware, software, firmware, or some combination
      thereof that implements cryptographic logic or processes,
      including cryptographic algorithms, and is contained within the
      module's "cryptographic boundary", which is an explicitly defined
      contiguous perimeter that establishes the physical bounds of the
      module. [FP140]

   $ cryptographic system
      1. (I) A set of cryptographic algorithms together with the key
      management processes that support use of the algorithms in some
      application context.

      Usage: IDOCs SHOULD use definition 1 because it covers a wider
      range of algorithms than definition 2.

      2. (O) "A collection of transformations from plain text into
      cipher text and vice versa [which would exclude digital signature,
      cryptographic hash, and key-agreement algorithms], the particular
      transformation(s) to be used being selected by keys. The
      transformations are normally defined by a mathematical algorithm."

   $ cryptographic token
      1. (I) A portable, user-controlled, physical device (e.g., smart
      card or PCMCIA card) used to store cryptographic information and
      possibly also perform cryptographic functions. (See: cryptographic
      card, token.)

      Tutorial: A smart token might implement some set of cryptographic
      algorithms and might incorporate related key management functions,
      such as a random number generator. A smart cryptographic token may
      contain a cryptographic module or may not be explicitly designed
      that way.

   $ cryptography
      1. (I) The mathematical science that deals with transforming data
      to render its meaning unintelligible (i.e., to hide its semantic
      content), prevent its undetected alteration, or prevent its
      unauthorized use. If the transformation is reversible,
      cryptography also deals with restoring encrypted data to
      intelligible form. (See: cryptology, steganography.)

      2. (O) "The discipline which embodies principles, means, and
      methods for the transformation of data in order to hide its
      information content, prevent its undetected modification and/or
      prevent its unauthorized use.... Cryptography determines the
      methods used in encipherment and decipherment." [I7498-2]

Top      Up      ToC       Page 91 
      Tutorial: Comprehensive coverage of applied cryptographic
      protocols and algorithms is provided by Schneier [Schn].
      Businesses and governments use cryptography to make data
      incomprehensible to outsiders; to make data incomprehensible to
      both outsiders and insiders, the data is sent to lawyers for a

   $ Cryptoki
      (N) A CAPI defined in PKCS #11. Pronunciation: "CRYPTO-key".
      Derivation: Abbreviation of "cryptographic token interface".

   $ cryptology
      (I) The science of secret communication, which includes both
      cryptography and cryptanalysis.

      Tutorial: Sometimes the term is used more broadly to denote
      activity that includes both rendering signals secure (see: signal
      security) and extracting information from signals (see: signal
      intelligence) [Kahn].

   $ cryptonet
      (I) A network (i.e., a communicating set) of system entities that
      share a secret cryptographic key for a symmetric algorithm. (See:
      controlling authority.)

      (O) "Stations holding a common key." [C4009]

   $ cryptoperiod
      (I) The time span during which a particular key value is
      authorized to be used in a cryptographic system. (See: key

      Usage: This term is long-established in COMPUSEC usage. In the
      context of certificates and public keys, "key lifetime" and
      "validity period" are often used instead.

      Tutorial: A cryptoperiod is usually stated in terms of calendar or
      clock time, but sometimes is stated in terms of the maximum amount
      of data permitted to be processed by a cryptographic algorithm
      using the key. Specifying a cryptoperiod involves a tradeoff
      between the cost of rekeying and the risk of successful

   $ cryptosystem
      (I) Contraction of "cryptographic system".

   $ cryptovariable
      (D) Synonym for "key".

Top      Up      ToC       Page 92 
      Deprecated Usage: In contemporary COMSEC usage, the term "key" has
      replaced the term "cryptovariable".

   $ CSIRT
      (I) See: computer security incident response team.

   $ CSOR
      (N) See: Computer Security Objects Register.

   $ CTAK
      (D) See: ciphertext auto-key.

   $ CTR
      (N) See: counter mode.

   $ cut-and-paste attack
      (I) An active attack on the data integrity of cipher text,
      effected by replacing sections of cipher text with other cipher
      text, such that the result appears to decrypt correctly but
      actually decrypts to plain text that is forged to the satisfaction
      of the attacker.

   $ cyclic redundancy check (CRC)
      (I) A type of checksum algorithm that is not a cryptographic hash
      but is used to implement data integrity service where accidental
      changes to data are expected. Sometimes called "cyclic redundancy

   $ DAC
      (N) See: Data Authentication Code, discretionary access control.

      Deprecated Usage: IDOCs that use this term SHOULD state a
      definition for it because this abbreviation is ambiguous.

   $ daemon
      (I) A computer program that is not invoked explicitly but waits
      until a specified condition occurs, and then runs with no
      associated user (principal), usually for an administrative
      purpose. (See: zombie.)

   $ dangling threat
      (O) A threat to a system for which there is no corresponding
      vulnerability and, therefore, no implied risk.

   $ dangling vulnerability
      (O) A vulnerability of a system for which there is no
      corresponding threat and, therefore, no implied risk.

Top      Up      ToC       Page 93 
   $ DASS
      (I) See: Distributed Authentication Security Service.

   $ data
      (I) Information in a specific representation, usually as a
      sequence of symbols that have meaning.

      Usage: Refers to both (a) representations that can be recognized,
      processed, or produced by a computer or other type of machine, and
      (b) representations that can be handled by a human.

   $ Data Authentication Algorithm, data authentication algorithm
      1. (N) /capitalized/ The ANSI standard for a keyed hash function
      that is equivalent to DES cipher block chaining with IV = 0.

      2. (D) /not capitalized/ Synonym for some kind of "checksum".

      Deprecated Term: IDOCs SHOULD NOT use the uncapitalized form "data
      authentication algorithm" as a synonym for any kind of checksum,
      regardless of whether or not the checksum is based on a hash.
      Instead, use "checksum", "Data Authentication Code", "error
      detection code", "hash", "keyed hash", "Message Authentication
      Code", "protected checksum", or some other specific term,
      depending on what is meant.

      The uncapitalized term can be confused with the Data
      Authentication Code and also mixes concepts in a potentially
      misleading way. The word "authentication" is misleading because
      the checksum may be used to perform a data integrity function
      rather than a data origin authentication function.

   $ Data Authentication Code, data authentication code
      1. (N) /capitalized/ A specific U.S. Government standard [FP113]
      for a checksum that is computed by the Data Authentication
      Algorithm. Usage: a.k.a. Message Authentication Code [A9009].)
      (See: DAC.)

      2. (D) /not capitalized/ Synonym for some kind of "checksum".

      Deprecated Term: IDOCs SHOULD NOT use the uncapitalized form "data
      authentication code" as a synonym for any kind of checksum,
      regardless of whether or not the checksum is based on the Data
      Authentication Algorithm. The uncapitalized term can be confused
      with the Data Authentication Code and also mixes concepts in a
      potentially misleading way (see: authentication code).

Top      Up      ToC       Page 94 
   $ data compromise
      1. (I) A security incident in which information is exposed to
      potential unauthorized access, such that unauthorized disclosure,
      alteration, or use of the information might have occurred.
      (Compare: security compromise, security incident.)

      2. (O) /U.S. DoD/ A "compromise" is a "communication or physical
      transfer of information to an unauthorized recipient." [DoD5]

      3. (O) /U.S. Government/ "Type of [security] incident where
      information is disclosed to unauthorized individuals or a
      violation of the security policy of a system in which unauthorized
      intentional or unintentional disclosure, modification,
      destruction, or loss of an object may have occurred." [C4009]

   $ data confidentiality
      1. (I) The property that data is not disclosed to system entities
      unless they have been authorized to know the data. (See: Bell-
      LaPadula model, classification, data confidentiality service,
      secret. Compare: privacy.)

      2. (D) "The property that information is not made available or
      disclosed to unauthorized individuals, entities, or processes
      [i.e., to any unauthorized system entity]." [I7498-2].

      Deprecated Definition: The phrase "made available" might be
      interpreted to mean that the data could be altered, and that would
      confuse this term with the concept of "data integrity".

   $ data confidentiality service
      (I) A security service that protects data against unauthorized
      disclosure. (See: access control, data confidentiality, datagram
      confidentiality service, flow control, inference control.)

      Deprecated Usage: IDOCs SHOULD NOT use this term as a synonym for
      "privacy", which is a different concept.

   $ Data Encryption Algorithm (DEA)
      (N) A symmetric block cipher, defined in the U.S. Government's
      DES. DEA uses a 64-bit key, of which 56 bits are independently
      chosen and 8 are parity bits, and maps a 64-bit block into another
      64-bit block. [FP046] (See: AES, symmetric cryptography.)

      Usage: This algorithm is usually referred to as "DES". The
      algorithm has also been adopted in standards outside the
      Government (e.g., [A3092]).

Top      Up      ToC       Page 95 
   $ data encryption key (DEK)
      (I) A cryptographic key that is used to encipher application data.
      (Compare: key-encrypting key.)

   $ Data Encryption Standard (DES)
      (N) A U.S. Government standard [FP046] that specifies the DEA and
      states policy for using the algorithm to protect unclassified,
      sensitive data. (See: AES.)

   $ data integrity
      1. (I) The property that data has not been changed, destroyed, or
      lost in an unauthorized or accidental manner. (See: data integrity
      service. Compare: correctness integrity, source integrity.)

      2. (O) "The property that information has not been modified or
      destroyed in an unauthorized manner." [I7498-2]

      Usage: Deals with (a) constancy of and confidence in data values,
      and not with either (b) information that the values represent
      (see: correctness integrity) or (c) the trustworthiness of the
      source of the values (see: source integrity).

   $ data integrity service
      (I) A security service that protects against unauthorized changes
      to data, including both intentional change or destruction and
      accidental change or loss, by ensuring that changes to data are
      detectable. (See: data integrity, checksum, datagram integrity

      Tutorial: A data integrity service can only detect a change and
      report it to an appropriate system entity; changes cannot be
      prevented unless the system is perfect (error-free) and no
      malicious user has access. However, a system that offers data
      integrity service might also attempt to correct and recover from

      The ability of this service to detect changes is limited by the
      technology of the mechanisms used to implement the service. For
      example, if the mechanism were a one-bit parity check across each
      entire SDU, then changes to an odd number of bits in an SDU would
      be detected, but changes to an even number of bits would not.

      Relationship between data integrity service and authentication
      services: Although data integrity service is defined separately
      from data origin authentication service and peer entity
      authentication service, it is closely related to them.
      Authentication services depend, by definition, on companion data
      integrity services. Data origin authentication service provides

Top      Up      ToC       Page 96 
      verification that the identity of the original source of a
      received data unit is as claimed; there can be no such
      verification if the data unit has been altered. Peer entity
      authentication service provides verification that the identity of
      a peer entity in a current association is as claimed; there can be
      no such verification if the claimed identity has been altered.

   $ data origin authentication
      (I) "The corroboration that the source of data received is as
      claimed." [I7498-2] (See: authentication.)

   $ data origin authentication service
      (I) A security service that verifies the identity of a system
      entity that is claimed to be the original source of received data.
      (See: authentication, authentication service.)

      Tutorial: This service is provided to any system entity that
      receives or holds the data. Unlike peer entity authentication
      service, this service is independent of any association between
      the originator and the recipient, and the data in question may
      have originated at any time in the past.

      A digital signature mechanism can be used to provide this service,
      because someone who does not know the private key cannot forge the
      correct signature. However, by using the signer's public key,
      anyone can verify the origin of correctly signed data.

      This service is usually bundled with connectionless data integrity
      service. (See: "relationship between data integrity service and
      authentication services" under "data integrity service".

   $ data owner
      (N) The organization that has the final statutory and operational
      authority for specified information.

   $ data privacy
      (D) Synonym for "data confidentiality".

      Deprecated Term: IDOCs SHOULD NOT use this term; it mixes concepts
      in a potentially misleading way. Instead, use either "data
      confidentiality" or "privacy" or both, depending on what is meant.

   $ data recovery
      1. (I) /cryptanalysis/ A process for learning, from some cipher
      text, the plain text that was previously encrypted to produce the
      cipher text. (See: recovery.)

Top      Up      ToC       Page 97 
      2. (I) /system integrity/ The process of restoring information
      following damage or destruction.

   $ data security
      (I) The protection of data from disclosure, alteration,
      destruction, or loss that either is accidental or is intentional
      but unauthorized.

      Tutorial: Both data confidentiality service and data integrity
      service are needed to achieve data security.

   $ datagram
      (I) "A self-contained, independent entity of data [i.e., a packet]
      carrying sufficient information to be routed from the source
      [computer] to the destination computer without reliance on earlier
      exchanges between this source and destination computer and the
      transporting network." [R1983] Example: A PDU of IP.

   $ datagram confidentiality service
      (I) A data confidentiality service that preserves the
      confidentiality of data in a single, independent, packet; i.e.,
      the service applies to datagrams one-at-a-time. Example: ESP.
      (See: data confidentiality.)

      Usage: When a protocol is said to provide data confidentiality
      service, this is usually understood to mean that only the SDU is
      protected in each packet. IDOCs that use the term to mean that the
      entire PDU is protected should include a highlighted definition.

      Tutorial: This basic form of network confidentiality service
      suffices for protecting the data in a stream of packets in both
      connectionless and connection-oriented protocols. Except perhaps
      for traffic flow confidentiality, nothing further is needed to
      protect the confidentiality of data carried by a packet stream.
      The OSIRM distinguishes between connection confidentiality and
      connectionless confidentiality. The IPS need not make that
      distinction, because those services are just instances of the same
      service (i.e., datagram confidentiality) being offered in two
      different protocol contexts. (For data integrity service, however,
      additional effort is needed to protect a stream, and the IPS does
      need to distinguish between "datagram integrity service" and
      "stream integrity service".)

   $ datagram integrity service
      (I) A data integrity service that preserves the integrity of data
      in a single, independent, packet; i.e., the service applies to
      datagrams one-at-a-time. (See: data integrity. Compare: stream
      integrity service.)

Top      Up      ToC       Page 98 
      Tutorial: The ability to provide appropriate data integrity is
      important in many Internet security situations, and so there are
      different kinds of data integrity services suited to different
      applications. This service is the simplest kind; it is suitable
      for connectionless data transfers.

      Datagram integrity service usually is designed only to attempt to
      detect changes to the SDU in each packet, but it might also
      attempt to detect changes to some or all of the PCI in each packet
      (see: selective field integrity). In contrast to this simple,
      one-at-a-time service, some security situations demand a more
      complex service that also attempts to detect deleted, inserted, or
      reordered datagrams within a stream of datagrams (see: stream
      integrity service).

   $ DEA
      (N) See: Data Encryption Algorithm.

   $ deception
      (I) A circumstance or event that may result in an authorized
      entity receiving false data and believing it to be true. (See:

      Tutorial: This is a type of threat consequence, and it can be
      caused by the following types of threat actions: masquerade,
      falsification, and repudiation.

   $ decipher
      (D) Synonym for "decrypt".

      Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym
      for "decrypt". However, see usage note under "encryption".

   $ decipherment
      (D) Synonym for "decryption".

      Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym
      for "decryption". However, see the Usage note under "encryption".

   $ declassification
      (I) An authorized process by which information is declassified.
      (Compare: classification.)

   $ declassify
      (I) To officially remove the security level designation of a
      classified information item or information type, such that the
      information is no longer classified (i.e., becomes unclassified).
      (See: classified, classify, security level. Compare: downgrade.)

Next RFC Part