backup results from the CPAN

Amethyst
# From: Peter Johnson <peter@johnson.org>
# aka Rottz @ Undernet
acceptance procedure => a procedure which takes objects produced during the development, production and maintenance processes for a Target of Evaluation and, as a positive act, places them under the controls of a Configuration Control system.Acceptan...
acceptance inspection => The final inspection to determine whether or not a facility or system meets the specified technical and performance standards. Note: This inspection is held immediately after facility and software testing nd is the basis for ...
access => (1) A specific type of interaction between a subject and an object that results in the flow of information from one to the other. (2) The ability and the means necessary to approach, to store or retrieve data, to communicate with, or to mak...
access control => Process of limiting access to the resources of an IT product only to authorized users, programs, processes, systems, or other IT products.
access control List => Mechanism implementing discretionary access control in an IT product that identifies the users who may access an object and the type of access to the object that a user is permitted.
access control Mechanism => Security safeguards designed to detect and prevent unauthorized access, and to permit authorized access in an IT product.
access mediation => Process of monitoring and controlling access to the resources of an IT product, including but not limited to the monitoring and updating of policy at- tributes during accesses as well as the protection of unauthorized or inappropr...
access right => A granted permission for a User or Subject to carry out an Access Type.
access level => The hierarchical portion of the security level used to identify the sensitivity of data and the clearance or authorization of users.  Note: The access level, in conjunction with the nonhierarchical categories, forms the sensitivity la...
access period => A segment of time, generally expressed on a daily or weekly basis, during which access rights prevail.
access port => A logical or physical identifier that a computer uses to distinguish different terminal input/output data streams.
access type => The nature of an access right to a particular device, program, or file (e.g., read, write, execute, append, modify, delete, or create).
accountability => The property that enables activities on a system to be traced to individuals who may then be held responsible for their actions.
accreditation  => The administrative process of granting authority.
add-on security => The retrofitting of protection mechanisms, implemented by hardware or software.
administration documentation => The information about a Target of Evaluation supplied by the developer for use by an administrator.
administrative security => The management constraints and supplemental controls established to provide an acceptable level of protection for data.  Synonymous with procedural security.
administrator => a person in contact with the Target of Evaluation who is responsible for maintaining its operational capability.
algorithm => A mathematical procedure that can usually be explicitly encoded in a set of computer language instructions that manipulate data. Cryptographic algorithms are mathematical procedures used for such purposes as encrypting and decrypting mes...
API => Application Program Interface - System access point or library function that has a well- defined syntax and is accessible from application programs or user code to provide well-defined functionality.
architectural design => a phase of the Development Process wherein the top level definition and design of a Target of Evaluation is specified.
assignment => Requirement in a protection profile taken directly as stated, without change, from the list of components or derived by placing a bound on a threshold definition. Note: The assignment of environment-specific requirements to generic comp...
assurance => the confidence that may be held in the security provided by a Target of Evaluation.
assurance level => In evaluation criteria, a specific level on a hierarchical scale representing successively increased confidence that a TOE adequately fulfills the security requirements.
attack => The act of trying to bypass security controls on a system.  An attack may be active, resulting in the alteration of data; or passive, resulting in the release of data.  Note: The fact that an attack is made does not necessarily mean that it...
audit => Independent review and examination of records and activities to determine compliance with established usage policies and to detect possible inadequacies in product technical security policies of their enforcement.
audit trail => A chronological record of system activities that is sufficient to enable the reconstruction, reviewing, and examination of the sequence of environments and activities surrounding or leading to an operation, a procedure, or an event in ...
augmentation => The addition of one or more assurance component(s) to an assurance
authenticate => (1) To verify the identity of a user, device, or other entity in a computer system, often as a prerequisite to allowing access to resources in a system. (2) To verify the integrity of data that have been stored, transmitted, or otherw...
authentication => (1) To establish the validity of a claimed identity. (2) To provide protection against fraudulent transactions by establishing the validity of message, station, individual, or originator.
authenticator => The means used to confirm the identity or to verify the eligibility of a station, originator, or individual.
authorised user => A user who has a specific right or permission to do something described in the TSP.
authorization => The granting of access rights to a user, program, or process.
authorized - Entitled to a specific mode of access.
AIS => Automated Information System - Any equipment or interconnected systems or subsystems of equipment that is used in the automatic acquisition, storage, manipula- tion, management, movement, control, display, switching, interchange, transmission ...
ADP => Automated Data Processing - Synonymous with automated information systems security.
availability => The prevention of the unauthorised withholding of information or resources.
back door => Synonymous with trap door. 
backup plan => Synonymous with contingency plan.
bandwidth => Rate at which information is transmitted through a channel=2E (See channel capacity)  Note: Bandwidth is originally a term used in analog communication, measured in Hertz, and related to information rate by the "sampling theorem" (genera...
basic component => a component that is identifiable at the lowest hierarchical level of specification produced during Detailed Design.
bell-La padula model => A formal state transition model of computer security policy that describes a set of access control rules.  In this formal model, the entities in a computer system are divided into abstract sets of subjects and objects. The not...
benign environment => A nonhostile environment that may be protected from external hostile elements by physical, personnel, and procedural security countermeasures.
between-the-lines entry => Unauthorized access obtained by tapping the temporarily inactive terminal of a legitimate user. 
beyond A1 => A level of trust defined by the DoD Trusted Computer System Evaluation Criteria (TCSEC) that is beyond the state-of-the-art technology available at the time the criteria were developed.  It includes all the A1-level features plus additio...
binding of security functionality => The ability of security enforcing functions and mechanisms to work together in a way which is mutually supportive and provides an integrated and effective whole.
bit => Short for binary digit - 0 or 1. Keys are strings of bits.
browsing => The act of searching through storage to locate or acquire information without necessarily knowing of the existence or the format of the information being sought.
call back => A procedure for identifying a remote terminal.  In a call back, the host system disconnects the caller and then dials the authorized telephone number of the remote terminal to reestablish the connection.  Synonymous with dial back.
CTCPEC => Canadian Trusted Computer Product Evaluation Criteria - Canadian secure products criteria.
candidate TCB subset => The identification of the hardware, firmware, and software that make up the proposed TCB subset, along with the identification of its subjects and objects; one of the conditions for evaluation by parts.
capability => A protected identifier that both identifies the object and specifies the access rights to be allowed to the accessor who possesses the capability. In a capability-based system, access to protected objects such as files is granted if the...
category => A restrictive label that has been applied to classified or unclassified data as a means of increasing the protection of the data and further restricting access to the data.
cellular transmission => Data transmission via interchangeable wireless (radio) communications in a network of numerous small geographic cells. Most current technology is analog - represented as electrical levels, not bits. However, the trend is towa...
certification => The technical evaluation of a system's security features, made as part of and in support of the approval/accreditation process, that establishes the extent to which a particular computer system's design and implementation meet a set ...
certification body => an independent and impartial national organisation that performs certification.
channel => An information transfer path within a system.  May also refer to the mechanism by which the path is effected.
channel capacity => Maximum possible error-free rate, measured in bits per second, at which information can be sent along a communications path.
class => A group of related Families which reflects a specific set of security
cleartext => Intelligible data, the semantic content of which is available. Also referred to as plaintext.
closed user group => a closed user group permits users belonging to a group to communicate with each other, but precludes communications with other users who are not members of the group.
closed security environment => An environment in which both of the following conditions hold true: (1) Application developers (including maintainers) have sufficient clearances and authorizations to provide an acceptable presumption that they have no...
CCITS => Common Criteria for Information Technology Security - Evolving international security evaluation criteria being developed by the US, Canada, the UK, Germany, and France.
communication channel => the physical media and devices which provide the means for transmitting information from one component of a network to (one or more) other components.
communication link => the physical means of connecting one location to another for the purpose of transmitting and/or receiving data.
COMSEC => communications security - Measures taken to deny unauthorized persons information derived from telecommunications of the U.S.  Government concerning national security, and to ensure the authenticity of such telecommunicatons. Communications...
compartment => (1) A designation applied to a type of sensitive information, indicating the special handling procedures to be used for the information and the general class of people who may have access to the information. It can refer to the designa...
compartmented security mode => See modes of operation.
component => a device or set of devices, consisting of hardware, along with its firmware, and/or software that performs a specific function on a computer communications network. A component is a part of the larger system, and may itself consist of ot...
component reference monitor => an access control concept that refers to an abstract machine that mediates all access to objects within a component by subjects within the component.
compromise => a violation of the security system such that an unauthorized disclosure of sensitive information may have occurred.
compromising emanations => Unintentional data-related or intelligence-bearing signals that, if intercepted and analyzed, disclose the information transmission received, handled, or otherwise processed by any information processing equipment.  See TEM...
CSTVRP => Computer Security Technical Vulnerability Reporting Program - A program that focuses on technical vulnerabilities in commercially available hardware, firmware and software products acquired by DoD.  CSTVRP provides for the reporting, catalo...
abuse => The misuse, alteration, disruption or destruction of data processing resources.  The key aspect is that it is intentional and improper.
architecture => The set of layers and protocols (including formats and standards that different hardware/software must comply with to achieve stated objectives) which define a computer system. Computer architecture features can be available to applic...
cryptography => The use of a crypto-algorithm in a computer, microprocessor, or microcomputer to perform encryption or decryption in order to protect information or to authenticate users, sources, or information.
fraud => Computer-related crimes involving deliberate misrepresentation, alteration or disclosure of data in order to obtain something of value (usually for monetary gain).  A computer system must have been involved in the perpetration or coverup of ...
security => Synonymous with automated information systems security.
security subsystem => A device designed to provide limited computer security features in a larger system environment.
concealment system => A method of achieving confidentiality in which sensitive information is hidden by embedding it in irrelevant data.
confidentiality => (1) The assurance that information is not disclosed to inappropriate entities or processes. (2) The property that information is not made available or disclosed to unauthorized entities. (3) The prevention of the unauthorized discl...
configuration => the selection of one of the sets of possible combinations of features of a Target of Evaluation.
configuration control => management of changes made to a system's hardware, software, firmware, and documentation throughout the development and operational life of the system.
configuration management => The management of security features and assurances through control of changes made to a system's hardware, software, firmware, documentation, test, test fixtures and test documentation throughout the development and operat...
confinement => The prevention of the leaking of sensitive data from a program.
confinement channel => Synonymous with covert channel.
confinement property => Synonymous with star property (*-property).
connection => a liaison, in the sense of a network interrelationship, between two hosts for a period of time. The liaison is established (by an initiating host) for the purpose of information transfer (with the associated host); the period of time is...
constrained => A qualifier implying: within the TSF Scope of Control
construction => the process of creating a Target of Evaluation.
consumers => Individuals or groups responsible for specifying requirements for IT product security (e.g., policy makers and regulatory officials, system architects, integrators, acquisition managers, product purchasers, and end users.
contamination => The intermixing of data at different sensitivity and need-to-know levels.  The lower level data is said to be contaminated by the higher level data; thus, the contaminating (higher level) data may not receive the required level of pr...
content-dependent access control => Access control in which access is determined by the value of the data to be accessed.
context-dependent access control => Access control in which access is determined by the specific circumstances under which the data is being accessed.
contingency plan => A plan for emergency response, backup operations, and post-disaster recovery maintained by an activity as a part of its security program that will ensure the availability of critical resources and facilitate the continuity of oper...
control objective => Required result of protecting information within an IT product and its immediate environment.
control zone => The space, expressed in feet of radius, surrounding equipment processing sensitive information, that is under sufficient physical and technical control to preclude an unauthorized entry or compromise.
controlled access => See access control.
controlled sharing => The condition that exists when access control is applied to all users and components of a system.
corporate security policy => The set of laws, rules and practices that regulate how assets including sensitive information are managed, protected and distributed within a user organisation.
correctness => In security evaluation, the preservation of relevant properties between successive levels of representations. Examples of representations could be: top-level functional specification, detailed design specification, actual implementatio...
cost-risk analysis => The assessment of the costs of providing data protection for a system versus the cost of losing or compromising the data.
countermeasure => Action, device, procedure, technique, or other measure that reduces the vulnerability of an AIS.
covert channel => A communication channel that allows a process to transfer information in a manner that violates the system's security policy.  See also: Covert Storage Channel, Covert Timing Channel.
covert storage channel => A covert channel that involves the direct or indirect writing of a storage location by one process and the direct or indirect reading of the storage location by another process.  Covert storage channels typically involve a f...
covert timing channel => A covert channel in which one process signals information to another by modulating its own use of system resources (e.g=2E, CPU time) in such a way that this manipulation affects the real response time observed by the second ...
criteria => See DoD Trusted Computer System Evaluation Criteria. Examples of other criteria are the Information Technology Security Evaluation Criteria (Europe), Canadian Trusted Computer Product Evaluation Criteria, Federal Criteria for Information ...
critical mechanism => a mechanism within a Target of Evaluation whose failure would create a security weakness. Customer - the person or organisation that purchases a Target of Evaluation.
cryptoalgorithm => A well-defined procedure or sequence of rules or steps used to produce a key stream or ciphertext from plaintext and vice versa.
cryptography => (1) The principles, means, and methods for rendering information unintelligible, and for restoring encrypted information to intelligible form. (2) The transformation of ordinary text, or "plaintext," into coded form by encryption and ...
cryptosecurity => The security or protection resulting from the proper use of technically sound cryptosystems. 
data => Information with a specific physical representation.
data confidentiality => the state that exists when data is held in confidence and is protected from unauthorized disclosure.
DES => Data Encryption Standard - (1) A cryptographic algorithm for the protection of unclassified data, published in US Federal Information Processing Standard (FIPS) 46. The DES, which was approved by the US National Institute of Standards and Tech...
data integrity => (1) The state that exists when computerized data is the same as that in the source documents and has not been exposed to accidental or malicious alteration or destruction. (2) The property that data has not been exposed to accidenta...
data flow control => Synonymous with  information flow control.
data security => The protection of data from unauthorized (accidental or intentional) modification, destruction, or disclosure.
database management system => A computer system whose main function is to facilitate the sharing of a common set of data among many different users. It may or may not maintain semantic relationships among the data items.
DBMS => Abbreviation for "database management system."
decomposition => Requirement in a protection profile that spans several components. Note: The decomposition of a specific requirement becomes necessary when that requirement must be assigned to multiple components of the generic product requirements ...
dedicated security mode => the mode of operation in which the system is specifically and exclusively dedicated to and controlled for the processing of one particular type or classification of information, either for full-time operation or for a speci...
default classification => A temporary classification reflecting the highest classification being processed in a system.  The default classification is included in the caution statement affixed to the object.
degauss => To reduce magnetic flux density to zero by applying a reverse magnetizing field.
DPL => Degausser Products List - A list of commercially produced degaussers that meet US National Security Agency (NSA) specifications. This list is included in NSA's "Information Systems Security Products and Services Catalogue," available through t...
degausser => An electrical device that can generate a magnetic field for the purpose of degaussing magnetic storage media.  Degausser Products List (DPL) A list of commercially produced degaussers that meet National Security Agency specifications.  T...
delivery => the process whereby a copy of the Target of Evaluation is transferred from the developer to a customer.
DOS => Denial Of Service - (1) The prevention of authorized access to system assets or services or the delaying of time-critical operations. (2) Any action or series of actions that prevents any part of a system from functioning in accordance with it...
dependency => Condition in which the correctness of one TCB subset is contingent (depends for its correctness) on the correctness of another TCB subset. Note: A TCB subset A depends for its correctness on TCB subset B if and only if the (engineering)...
depends => A TCB subset A depends (for its correctness) on TCB subset B if and only if the (engineering) arguments of the correct implementation of A with respect to its specification assume, wholly or in part, that the specification of B has been im...
DTLS => Descriptive Top-Level Specification - A top-level specification that is written in a natural language (e.g., English), an informal design notation, or a combination of the two.
DAA => Designated Approving Authority - Official with the authority to formally assume responsibility for operating an IT product, an AIS, or network at an acceptable level of risk.
detailed design => a phase of the Development Process wherein the top level definition and design of a Target of Evaluation is refined and expanded to a level of detail that can be used as a basis for implementation.
developer => the person or organisation that manufactures a Target of Evaluation.
developer security => the physical, procedural and personnel security controls imposed by a developer on his Development Environment.
development assurance => Sources of IT product assurance ranging from how a product was designed and implemented to how it is tested, operated and maintained.
development assurance component => Fundamental building block, specifying how an IT product is developed, from which development assurance requirements are assembled.
development assurance package => Grouping of development assurance components assembled to ease specification and common understanding of how an IT product is developed.
development assurance requirements => Requirements in a protection profile which address how each conforming IT product is developed including the production of ap- propriate supporting developmental process evidence and how that product will be main...
development environment => the organisational measures, procedures and standards used whilst constructing a Target of Evaluation.
development process => The set of phases and tasks whereby a Target of Evaluation is constructed, translating requirements into actual hardware and software.
dial back => Synonymous with call back.
dialup => The service whereby a computer terminal can use the telephone to initiate and effect communication with a computer.
digital signature => A cryptographic method, provided by public key cryptography, used by a message's recipient and any third party to verify the identity of the message's sender. It can also be used to verify the authenticity of the message. A sende...
DSS => Digital Signature Standard - A US Federal Information Processing Standard proposed by NIST (National Institute of Standards and Technology) to support digital signature.
digital telephony => Telephone systems that use digital communications technology.
disaster plan => Synonymous with contingency plan.
DAC => Discretionary Access Control - a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that: (a) A subject with a certain access permission is c...
documentation => the written (or otherwise recorded) information about a Target of Evaluation required for an evaluation. This information may, but need not, be contained within a single document produced for the specified purpose.
TCSEC => DoD Trusted Computer System Evaluation Criteria - A document published by the National Computer Security Center containing a uniform set of basic requirements and evaluation classes for assessing degrees of assurance in the effectiveness of ...
domain => The unique context (for example, access control parameters) in which a program is operating - in effect, the set of objects that a subject has the ability to access. Note: A subject's domain determines which access control attributes an obj...
dominate => Security level S1 is said to dominate security level S2 if the hierarchical classification of S1 is greater than or equal to that of S2 and the non-hierarchical categories of S1 include all those of S2 as a subset.
ease of use => an aspect of the assessment of the effectiveness of a Target of Evaluation, namely that it cannot be configured or used in a manner which is insecure but which an administrator or end-user would reasonably believe to be secure.
effectiveness => In security evaluations, an aspect of assurance assessing how well the applied security functions and mechanisms working together will actually satisfy the security requirements.
element => An indivisible security requirement which is to be satisfied during an evaluation.
emanations => See compromising emanations.
( run in 0.892 second using v1.01-cache-2.11-cpan-8f98c5d2c55 )