view release on metacpan or  search on metacpan

factpacks/security.fact  view on Meta::CPAN

# From: Peter Johnson <peter@johnson.org>
# aka Rottz @ Undernet
acceptance procedure => a procedure which takes objects produced during the development, production and maintenance processes for a Target of Evaluation and, as a positive act, places them under the controls of a Configuration Control system.Acceptan...
acceptance inspection => The final inspection to determine whether or not a facility or system meets the specified technical and performance standards. Note: This inspection is held immediately after facility and software testing nd is the basis for ...
access => (1) A specific type of interaction between a subject and an object that results in the flow of information from one to the other. (2) The ability and the means necessary to approach, to store or retrieve data, to communicate with, or to mak...
access control => Process of limiting access to the resources of an IT product only to authorized users, programs, processes, systems, or other IT products.
access control List => Mechanism implementing discretionary access control in an IT product that identifies the users who may access an object and the type of access to the object that a user is permitted.
access control Mechanism => Security safeguards designed to detect and prevent unauthorized access, and to permit authorized access in an IT product.
access mediation => Process of monitoring and controlling access to the resources of an IT product, including but not limited to the monitoring and updating of policy at- tributes during accesses as well as the protection of unauthorized or inappropr...
access right => A granted permission for a User or Subject to carry out an Access Type.
access level => The hierarchical portion of the security level used to identify the sensitivity of data and the clearance or authorization of users.  Note: The access level, in conjunction with the nonhierarchical categories, forms the sensitivity la...
access period => A segment of time, generally expressed on a daily or weekly basis, during which access rights prevail.
access port => A logical or physical identifier that a computer uses to distinguish different terminal input/output data streams.
access type => The nature of an access right to a particular device, program, or file (e.g., read, write, execute, append, modify, delete, or create).
accountability => The property that enables activities on a system to be traced to individuals who may then be held responsible for their actions.
accreditation  => The administrative process of granting authority.
add-on security => The retrofitting of protection mechanisms, implemented by hardware or software.
administration documentation => The information about a Target of Evaluation supplied by the developer for use by an administrator.
administrative security => The management constraints and supplemental controls established to provide an acceptable level of protection for data.  Synonymous with procedural security.
administrator => a person in contact with the Target of Evaluation who is responsible for maintaining its operational capability.
algorithm => A mathematical procedure that can usually be explicitly encoded in a set of computer language instructions that manipulate data. Cryptographic algorithms are mathematical procedures used for such purposes as encrypting and decrypting mes...
API => Application Program Interface - System access point or library function that has a well- defined syntax and is accessible from application programs or user code to provide well-defined functionality.
architectural design => a phase of the Development Process wherein the top level definition and design of a Target of Evaluation is specified.
assignment => Requirement in a protection profile taken directly as stated, without change, from the list of components or derived by placing a bound on a threshold definition. Note: The assignment of environment-specific requirements to generic comp...
assurance => the confidence that may be held in the security provided by a Target of Evaluation.
assurance level => In evaluation criteria, a specific level on a hierarchical scale representing successively increased confidence that a TOE adequately fulfills the security requirements.
attack => The act of trying to bypass security controls on a system.  An attack may be active, resulting in the alteration of data; or passive, resulting in the release of data.  Note: The fact that an attack is made does not necessarily mean that it...
audit => Independent review and examination of records and activities to determine compliance with established usage policies and to detect possible inadequacies in product technical security policies of their enforcement.
audit trail => A chronological record of system activities that is sufficient to enable the reconstruction, reviewing, and examination of the sequence of environments and activities surrounding or leading to an operation, a procedure, or an event in ...
augmentation => The addition of one or more assurance component(s) to an assurance
authenticate => (1) To verify the identity of a user, device, or other entity in a computer system, often as a prerequisite to allowing access to resources in a system. (2) To verify the integrity of data that have been stored, transmitted, or otherw...
authentication => (1) To establish the validity of a claimed identity. (2) To provide protection against fraudulent transactions by establishing the validity of message, station, individual, or originator.
authenticator => The means used to confirm the identity or to verify the eligibility of a station, originator, or individual.
authorised user => A user who has a specific right or permission to do something described in the TSP.
authorization => The granting of access rights to a user, program, or process.
authorized - Entitled to a specific mode of access.
AIS => Automated Information System - Any equipment or interconnected systems or subsystems of equipment that is used in the automatic acquisition, storage, manipula- tion, management, movement, control, display, switching, interchange, transmission ...
ADP => Automated Data Processing - Synonymous with automated information systems security.
availability => The prevention of the unauthorised withholding of information or resources.
back door => Synonymous with trap door. 
backup plan => Synonymous with contingency plan.
bandwidth => Rate at which information is transmitted through a channel=2E (See channel capacity)  Note: Bandwidth is originally a term used in analog communication, measured in Hertz, and related to information rate by the "sampling theorem" (genera...
basic component => a component that is identifiable at the lowest hierarchical level of specification produced during Detailed Design.
bell-La padula model => A formal state transition model of computer security policy that describes a set of access control rules.  In this formal model, the entities in a computer system are divided into abstract sets of subjects and objects. The not...
benign environment => A nonhostile environment that may be protected from external hostile elements by physical, personnel, and procedural security countermeasures.
between-the-lines entry => Unauthorized access obtained by tapping the temporarily inactive terminal of a legitimate user. 
beyond A1 => A level of trust defined by the DoD Trusted Computer System Evaluation Criteria (TCSEC) that is beyond the state-of-the-art technology available at the time the criteria were developed.  It includes all the A1-level features plus additio...
binding of security functionality => The ability of security enforcing functions and mechanisms to work together in a way which is mutually supportive and provides an integrated and effective whole.
bit => Short for binary digit - 0 or 1. Keys are strings of bits.
browsing => The act of searching through storage to locate or acquire information without necessarily knowing of the existence or the format of the information being sought.
call back => A procedure for identifying a remote terminal.  In a call back, the host system disconnects the caller and then dials the authorized telephone number of the remote terminal to reestablish the connection.  Synonymous with dial back.
CTCPEC => Canadian Trusted Computer Product Evaluation Criteria - Canadian secure products criteria.
candidate TCB subset => The identification of the hardware, firmware, and software that make up the proposed TCB subset, along with the identification of its subjects and objects; one of the conditions for evaluation by parts.
capability => A protected identifier that both identifies the object and specifies the access rights to be allowed to the accessor who possesses the capability. In a capability-based system, access to protected objects such as files is granted if the...
category => A restrictive label that has been applied to classified or unclassified data as a means of increasing the protection of the data and further restricting access to the data.
cellular transmission => Data transmission via interchangeable wireless (radio) communications in a network of numerous small geographic cells. Most current technology is analog - represented as electrical levels, not bits. However, the trend is towa...
certification => The technical evaluation of a system's security features, made as part of and in support of the approval/accreditation process, that establishes the extent to which a particular computer system's design and implementation meet a set ...
certification body => an independent and impartial national organisation that performs certification.
channel => An information transfer path within a system.  May also refer to the mechanism by which the path is effected.
channel capacity => Maximum possible error-free rate, measured in bits per second, at which information can be sent along a communications path.
class => A group of related Families which reflects a specific set of security
cleartext => Intelligible data, the semantic content of which is available. Also referred to as plaintext.
closed user group => a closed user group permits users belonging to a group to communicate with each other, but precludes communications with other users who are not members of the group.
closed security environment => An environment in which both of the following conditions hold true: (1) Application developers (including maintainers) have sufficient clearances and authorizations to provide an acceptable presumption that they have no...
CCITS => Common Criteria for Information Technology Security - Evolving international security evaluation criteria being developed by the US, Canada, the UK, Germany, and France.
communication channel => the physical media and devices which provide the means for transmitting information from one component of a network to (one or more) other components.
communication link => the physical means of connecting one location to another for the purpose of transmitting and/or receiving data.
COMSEC => communications security - Measures taken to deny unauthorized persons information derived from telecommunications of the U.S.  Government concerning national security, and to ensure the authenticity of such telecommunicatons. Communications...
compartment => (1) A designation applied to a type of sensitive information, indicating the special handling procedures to be used for the information and the general class of people who may have access to the information. It can refer to the designa...
compartmented security mode => See modes of operation.
component => a device or set of devices, consisting of hardware, along with its firmware, and/or software that performs a specific function on a computer communications network. A component is a part of the larger system, and may itself consist of ot...
component reference monitor => an access control concept that refers to an abstract machine that mediates all access to objects within a component by subjects within the component.
compromise => a violation of the security system such that an unauthorized disclosure of sensitive information may have occurred.
compromising emanations => Unintentional data-related or intelligence-bearing signals that, if intercepted and analyzed, disclose the information transmission received, handled, or otherwise processed by any information processing equipment.  See TEM...
CSTVRP => Computer Security Technical Vulnerability Reporting Program - A program that focuses on technical vulnerabilities in commercially available hardware, firmware and software products acquired by DoD.  CSTVRP provides for the reporting, catalo...
abuse => The misuse, alteration, disruption or destruction of data processing resources.  The key aspect is that it is intentional and improper.
architecture => The set of layers and protocols (including formats and standards that different hardware/software must comply with to achieve stated objectives) which define a computer system. Computer architecture features can be available to applic...
cryptography => The use of a crypto-algorithm in a computer, microprocessor, or microcomputer to perform encryption or decryption in order to protect information or to authenticate users, sources, or information.
fraud => Computer-related crimes involving deliberate misrepresentation, alteration or disclosure of data in order to obtain something of value (usually for monetary gain).  A computer system must have been involved in the perpetration or coverup of ...
security => Synonymous with automated information systems security.
security subsystem => A device designed to provide limited computer security features in a larger system environment.
concealment system => A method of achieving confidentiality in which sensitive information is hidden by embedding it in irrelevant data.
confidentiality => (1) The assurance that information is not disclosed to inappropriate entities or processes. (2) The property that information is not made available or disclosed to unauthorized entities. (3) The prevention of the unauthorized discl...
configuration => the selection of one of the sets of possible combinations of features of a Target of Evaluation.
configuration control => management of changes made to a system's hardware, software, firmware, and documentation throughout the development and operational life of the system.
configuration management => The management of security features and assurances through control of changes made to a system's hardware, software, firmware, documentation, test, test fixtures and test documentation throughout the development and operat...
confinement => The prevention of the leaking of sensitive data from a program.
confinement channel => Synonymous with covert channel.
confinement property => Synonymous with star property (*-property).
connection => a liaison, in the sense of a network interrelationship, between two hosts for a period of time. The liaison is established (by an initiating host) for the purpose of information transfer (with the associated host); the period of time is...
constrained => A qualifier implying: within the TSF Scope of Control
construction => the process of creating a Target of Evaluation.
consumers => Individuals or groups responsible for specifying requirements for IT product security (e.g., policy makers and regulatory officials, system architects, integrators, acquisition managers, product purchasers, and end users.
contamination => The intermixing of data at different sensitivity and need-to-know levels.  The lower level data is said to be contaminated by the higher level data; thus, the contaminating (higher level) data may not receive the required level of pr...
content-dependent access control => Access control in which access is determined by the value of the data to be accessed.
context-dependent access control => Access control in which access is determined by the specific circumstances under which the data is being accessed.
contingency plan => A plan for emergency response, backup operations, and post-disaster recovery maintained by an activity as a part of its security program that will ensure the availability of critical resources and facilitate the continuity of oper...
control objective => Required result of protecting information within an IT product and its immediate environment.
control zone => The space, expressed in feet of radius, surrounding equipment processing sensitive information, that is under sufficient physical and technical control to preclude an unauthorized entry or compromise.
controlled access => See access control.
controlled sharing => The condition that exists when access control is applied to all users and components of a system.
corporate security policy => The set of laws, rules and practices that regulate how assets including sensitive information are managed, protected and distributed within a user organisation.
correctness => In security evaluation, the preservation of relevant properties between successive levels of representations. Examples of representations could be: top-level functional specification, detailed design specification, actual implementatio...
cost-risk analysis => The assessment of the costs of providing data protection for a system versus the cost of losing or compromising the data.
countermeasure => Action, device, procedure, technique, or other measure that reduces the vulnerability of an AIS.
covert channel => A communication channel that allows a process to transfer information in a manner that violates the system's security policy.  See also: Covert Storage Channel, Covert Timing Channel.
covert storage channel => A covert channel that involves the direct or indirect writing of a storage location by one process and the direct or indirect reading of the storage location by another process.  Covert storage channels typically involve a f...
covert timing channel => A covert channel in which one process signals information to another by modulating its own use of system resources (e.g=2E, CPU time) in such a way that this manipulation affects the real response time observed by the second ...

factpacks/security.fact  view on Meta::CPAN

global requirements => Those which require analysis of the entire system and for which separate analysis of the individual TCB (trusted computing base) subsets does not suffice.
granularity => Relative fineness or coarseness to which an access control mechanism or oth- er IT product aspect can be adjusted. Note: Protection at the file level is considered course granularity, whereas protection at the field level is considered...
group => Named collection of user identifiers.
gypsy verification environment => An integrated set of tools for specifying, coding, and verifying programs written in the Gypsy language, a language similar to Pascal which has both specification and programming features.  This methology includes an...
handshaking procedure => A dialogue between two entities (e.g., a user and a computer, a computer and another computer, or a program and another program) for the purpose of identifying and authenticating the entities to one another.
hierarchical decomposition => the ordered, structured reduction of a system or a component to primitives.
hierarchical development methodology => A methodology for specifying and verifying the design programs written in the Special specification language. The tools for this methodology include the Special specification processor, the Boyer-Moore theorem ...
host => any computer-based system connected to the network and containing the necessary protocol interpreter software to initiate network access and carry out information exchange across the communications network. This definition encompasses typical...
identification => The process that enables recognition of an entity by a system, generally by the use of unique machine-readable user names.
impersonating => Synonymous with spoofing.
implementation => a phase of the Development Process wherein the detailed specification of a Target of Evaluation is translated into actual hardware and software.
individual accountability => The ability to associate positively the identity of a user with the time, method, and degree of access to a system.
informal => Expressed in natural language.
informal specification => Statement about (the properties of) a product made using the gram- mar, syntax, and common definitions of a natural language (e.g., English). >Note: While no notational restrictions apply, the informal specification is also ...
information protection policy => Set of laws, rules, and practices that regulate how an IT product will, within specified limits, counter threats expected in the product's assumed operational environment.
ISSO => Information System Security Officer  -  The person responsible to the DAA for ensuring that security is provided for and implemented throughout the life cycle of an AIS from the beginning of the concept development plan through its design, de...
ITSEC => Information Technology Security Evaluation Criteria - European security evaluation criteria for targets of evaluation (TOE).
information flow control => A procedure to ensure that information transfers within a system are not made from a higher security level object to an object of a lower security level.  See covert channel, simple security property, star property (*-prop...
information processing standard => A set of detailed technical guidelines used to establish uniformity to support specific functions and/or interoperability in hardware, software, or telecommunications development, testing, and/or operation.
information protection policy => Set of laws, rules, and practices that regulate how an IT (information technology) product will, within specified limits, counter threats expected in the product's assumed operational environment.
IT => Information Technology - An international term for an information system, which consists of one or more automated information systems (AISs) or computer systems and communications systems.
integrity => a) The property that information or resources are not improperly affected.	b) The  property  that  assumptions  about  the  known  or expected  state  of information or resources remain true.
integrity policy => a security policy to prevent unauthorized users from modifying, viz., writing, sensitive information. See also Security Policy.
interdiction => See denial of service - DOS.
internal security controls => Mechanisms implemented in the hardware, firmware, and soft- ware of an IT product which provide protection for the IT product.
internal subject => a subject which is not acting as direct surrogate for a user. A process which is not associated with any user but performs system-wide functions such as packet switching, line printer spooling, and so on. Also known as a daemon or...
interoperability => The ability of computers to act upon information received from one another.
isolation => The containment of subjects and objects in a system in such a way that they are separated from one another, as well as from the protection controls of the operating system.
IT Security => The state of security in an IT system.
IT System => A specific IT installation, with a particular purpose and operational environment.
key management => A method of electronically transmitting, in a secure fashion, a secret key for use with a secret key cryptographic system. Key management can be used to support communications privacy. This method can be accomplished most securely w...
key escrow system => An electronic means of reconstructing a secret key (for secret key encryption) or a private key (for public key encryption)=2E The reconstructed key can then be used in a process to decrypt a communication.
key => A long string of seemingly random bits used with cryptographic algorithms to create or verify digital signatures and encrypt or decrypt messages and conversations. The keys must be known or guessed to forge a digital signature or decrypt an en...
label => see Security Label and Sensitivity Label.
lattice => A partially ordered set for which every pair of elements has a greatest lower bound and a least upper bound.
least privilege => The principle that requires that each subject be granted the most restrictive set of privileges needed for the performance of authorized tasks. The application of this principle limits the damage that can result from accident, erro...
limited access => Synonymous with access control.
list oriented => A computer protection system in which each protected object has a list of all subjects authorized to access it.  Compare ticket-oriented.
local requirements => Those for which separate analysis of the individual TCB (trusted computing base) subsets suffices to determine compliance for the composite TCB. (See the trusted database interpretation of the Trusted Computer System Evaluation ...
lock and key protection system => A protection system that involves matching a key or password with a specific access requirement.
logic bomb => A resident computer program that triggers the perpetration of an unauthorized act when particular states of the system are realized.
loophole => An error of omission or oversight in software or hardware that permits circumventing the system security policy.
*-property => (Star Property) - A Bell-LaPadula security model rule allowing a subject write access to an object only if the security level of the subject is dominated by the security level of the object.  Also known as the Confinement Property.
star property => A Bell-LaPadula security model rule allowing a subject write access to an object only if the security level of the subject is dominated by the security level of the object.  Also known as the Confinement Property.
machine user => A  machine,  group  of  machines  or  other  logical  entity outside  of  the  TOE  with interacts with the TOE.
magnetic remanence => A measure of the magnetic flux density remaining after removal of the applied magnetic force.  Refers to any data remaining on magnetic storage media after removal of the power.
maintenance hook => Special instructions in software to allow easy maintenance and additional feature development.  These are not clearly defined during access for design specification.  Hooks frequently allow entry into the code at unusual points or...
malicious logic => Hardware, software, or firmware that is intentionally included in a system for an unauthorized purpose; e.g., a Trojan horse.
mandatory access control => A means of restricting access to objects based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (i.e., clearance) of subjects to access information of ...
masquerading => Synonymous with spoofing.
mechanism => Operating system entry point or separate operating system support program that performs a specific action or related group of actions.
metadata => (1) Data referring to other data; data (such as data structures, indices, and pointers) that are used to instantiate an abstraction (such as "process," "task," "segment," "file," or "pipe"). (2) A special database, also referred to as a d...
mimicking => Synonymous with spoofing.
modes of operation => A description of the conditions under which an AIS functions, based on the sensitivity of data processed and the clearance levels and authorizations of the users.
multilevel device => A device that is used in a manner that permits it to simultaneously process data of two or more security levels without risk of compromise.  To accomplish this, sensitivity labels are normally stored on the same physical medium a...
multilevel secure => A class of system containing information with different sensitivities that simultaneously permits access by users with different security clearances and needs-to- know, but prevents users from obtaining access to information for ...
multilevel security mode => the mode of operation that allows two or more classification levels of information to be processed simultaneously within the same system when some users are not cleared for all levels of information present. Compare Dedica...
mutually suspicious => The state that exists between interacting processes (subsystems or programs) in which neither process can expect the other process to function securely with respect to some property. 
NCSC => National Computer Security Center - Originally named the DoD Computer  Security Center, the NCSC is responsible for encouraging the widespread availability of trusted computer systems throughout the Federal Government.
NSDD 145 => National Security Decision Directive 145 - Signed by President Reagan on l7 September l984, this directive is entitled "National Policy on Telecommunications and Automated Information Systems Security." It provides initial objectives, pol...
NTISSD => National Telecommunications and Information System Security Directives - NTISS Directives establish national-level decisions relating to NTISS policies, plans, programs, systems, or organizational delegations of authority. NTISSDs are promu...
NTISSI => National Telecommunications and Information Systems Security Advisory Memoranda/ Instructions - NTISS Advisory Memoranda and Instructions provide advice, assistance, or information of general interest on telecommunications and systems secur...
need to know => (1) Access to, or knowledge or possession of, specific information required to carry out official duties. (2) The necessity for access to, knowledge of, or possession of specific information required to carry out official duties.
network architecture => the set of layers and protocols (including formats and standards that different hardware/software must comply with to achieve stated objectives) which define a Network.
network component => a network subsystem which is evaluatable for compliance with the trusted network interpretations, relative to that policy induced on the component by the overall network policy.
network connection => A network connection is any logical or physical path from one host to another that makes possible the transmission of information from one host to the other. An example is a TCP connection. But also, when a host transmits an IP ...
network reference monitor => an access control concept that refers to an abstract machine that mediates all access to objects within the network by subjects within the network.
network security => the protection of networks and their services from unauthorized modification, destruction, or disclosure. Providing an assurance that the network performs its critical functions correctly and there are no harmful side-effects. Inc...
network security architecture => a subset of network architecture specifically addressing security-relevant issues.
network sponsor => the individual or organization that is responsible for stating the security policy enforced by the network, for designing the network security architecture to properly enforce that policy, and for ensuring that the network is imple...
network system => a system which is implemented with a collection of interconnected network components. A network system is based on a coherent security architecture and design.
NTCB => Network trusted computing base - the totality of protection mechanisms within a network system -- including hardware, firmware, and software -- the combination of which is responsible for enforcing a security policy. (See also Trusted Computi...
network front end => A device that implements the necessary network protocols, including security-related protocols, to allow a computer system to be attached to a network.
nondiscretionary access control => Means of restricting access to objects based largely on administrative actions. (See mandatory access control=2E)
normal operation => Process of using a system.
object => A passive entity that contains or receives information. Access to an object potentially implies access to the information it contains.  Examples of objects are:  records, blocks, pages, segments, files, directories, directory trees, and pro...
object reuse => The reassignment and reuse of a storage medium (e.g., page frame, disk sector, magnetic tape) that once contained one or more objects.  To be securely reused and assigned to a new subject, storage media must contain no residual data (...
open security environment => An environment that includes those systems in which at least one of the following conditions holds true: (l) Application developers (including maintainers) do not have sufficient clearance or authorization to provide an a...
operating procedure => a set of rules defining correct use of a Target of Evaluation.
operation => the process of using a Target of Evaluation.
operational documentation => the information produced by the developer of a Target of Evaluation to specify and explain how customers should use it.
OPSEC => Operations Security - An analytical process by which the U.S. Government and its supporting contractors can deny to potential adversaries information about capabilities and intentions by identifying, controlling, and protecting evidence of t...
orange book => Alternate name for DoD Trusted Computer Security Evaluation Criteria.
OSI => The International Organization for Standardization provides a framework for defining the communications process between systems. This framework includes a network architecture, consisting of seven layers. The architecture is referred to as the...
output => Information that has been exported by a TCB.
overt channel => an overt channel is a path within a network which is designed for the authorized transfer of data.
overwrite procedure => A stimulation to change the state of a bit followed by a known pattern.  See magnetic remanence.
owner => User granted privileges with respect to security attributes and privileges affecting specific subjects and objects.
package => A set of components combined together to satisfy a set of identified objectives.
partial order => A relation that is symmetric (a is related to a), transitive (if a is related to b and b is related to c, then a is related to c), and antisymmetric (if a is related to b and b is related to a, then a and b are identical.)
partitioned security mode => A mode of operation wherein all personnel have the clearance but not necessarily formal access approval and need-to-know for all information contained in the system.  Not to be confused with compartmented security mode.
passive => (1) A property of an object or network object that it lacks logical or computational capability and is unable to change the information it contains. (2) Those threats to the confidentiality of data which, if realized, would not result in a...
password => Protected/private character string used to authenticate an identity or to authorize access to data.
penetration => the successful violation of a protected system.
penetration testing => tests performed by an evaluator on the Target of Evaluation in order to confirm whether or not known vulnerabilities are actually exploitable in practice.
penetration signature => The characteristics or identifying marks that may be produced by a penetration.
penetration study => A study to determine the feasibility and methods for defeating controls of a system.
periods processing => The processing of various levels of sensitive information at distinctly different times.  Under periods processing, the system must be purged of all information from one processing period before transitioning to the next when th...
permissions => A description of the type of authorized interactions a subject can have with an object.  Examples include: read, write, execute, add, modify, and delete.
personnel security => The procedures established to ensure that all personnel who have access to sensitive information have the required authority as well as appropriate clearances.
physical security => The application of physical barriers and control procedures as preventive measures or countermeasures against threats to resources and sensitive information.
piggyback => Gaining unauthorized access to a system via another user's legitimate connection.  See between-the-lines entry.
plaintext => See cleartext.
PPL => Preferred Products List - A list of commercially produced equipments that meet TEMPEST and other requirements prescribed by the National Security Agency. This list is included in the NSA Information Systems Security Products and Services Catal...
primitive => An ordering relation between TCB subsets based on dependency (see "depends" above). A TCB subset B is more primitive than a second TCB subset A (and A is less primitive than B) if (a) A directly depends on B or (b) a chain of TCB subsets...
print suppression => Eliminating the displaying of characters in order to preserve their secrecy; e.g., not displaying the characters of a password as it is keyed at the input terminal.
privacy => (1) the ability of an individual or organization to control the collection, storage, sharing, and dissemination of personal and organizational information. (2) The right to insist on adequate security of, and to define authorized users of,...
private key =>  The undisclosed key in a matched key pair - private key and public key - that each party safeguards for public key cryptography.
privilege => Special authorization that is granted to particular users to perform security rel- evant operations.
privileged instructions => A set of instructions (e.g., interrupt handling or special computer instructions) to control features (such as storage protection features) that are generally executable only when the automated system is operating in the ex...
procedural security => Synonymous with administrative security.
process => a program in execution. It is completely characterized by a single current execution point (represented by the machine state) and address space.
producers =>  Providers of IT (information technology) product security (for example, product vendors, product developers, security analysts, and value-added resellers).
product => A package of IT software and/or hardware, providing functionality designed for use or incorporation within a multiplicity of systems.
product rationale => a description of the security capabilities of a product, giving the necessary information for a prospective purchaser to decide whether it will help to satisfy his system security objectives.
production =>  the process whereby copies of the Target of Evaluation are generated for distribution to customers.
profile => Detailed security description of the physical structure, equipment component, lo- cation, relationships, and general operating environment of an IT product or AIS. (See Protection Profile.) 
profile assurance => Measure of confidence in the technical soundness of a protection profile.
proprietary information => Information that is owned by a private enterprise and whose use and/or distribution is restricted by that enterprise. <br><br>Note: Proprietary information may be related to the company's products, business, or activities, ...
protection philosophy => An informal description of the overall design of a system that delineates each of the protection mechanisms employed.  A combination (appropriate to the evaluation class) of formal and informal techniques is used to show that...
PP => Protection Profile - A  combination  of  security  requirements including  assurance  and  functional requirements with associated rationale and target environment