E2.1.1. Access. A specific type of interaction between a subject (i.e., person, process, or input device) and an object (i.e., an AIS resource such as a record, file, program, output device) that results in the flow of information from one to the
other. Also, the ability and opportunity to obtain knowledge of classified, sensitive unclassified, or unclassified information.
E2.1.2. Accountability. The property that enables activities on an AIS to be traced to individuals who may then be held responsible for their actions.
E2.1.3. Accreditation. A formal declaration by the DAA that the AIS is approved to operate in a particular security mode using a prescribed set. of safeguards. Accreditation is the official management authorization for operation of an AIS and is based on the certification process as well as other management considerations. The accreditation statement affixes security responsibility with the DAA and shows that due care has been taken for security.
E2.1.4. AIS Security. Measures and controls that safeguard or protect an AIS against unauthorized (accidental or intentional) disclosure, modification, or destruction of AISs and data, and denial of service. AIS security includes consideration of all hardware and/or software functions, characteristics, and/or features; operational procedures, accountability procedures, and access controls at the central computer facility, remote computer, and terminal facilities; management constraints; physical structures and devices; and personnel and communication controls needed to provide an acceptable level of risk for the AIS and for the data and information contained in the AIS. It includes the totality of security safeguards needed to provide an acceptable protection level for an AIS and for data handled by an AIS.
E2.1.5. Assurance. A measure of confidence that the security features and architecture of an AIS accurately mediate and enforce the security policy. If the security features of an AIS are relied on to protect classified or sensitive unclassified information and restrict user access, the features must be tested to ensure that the security policy is enforced and may not be circumvented during AIS operation.
E2.1.6. Audit. An independent review and examination of system records and activities to test for adequacy of system controls, to ensure compliance with established policy and operational procedures, and to recommend any indicated changes in controls, policy, or procedures.
E2.1.7. Audit Trail. A chronological record of system activities that is sufficient to enable the reconstruction, reviewing, and examination of the sequence of environments and activities surrounding or leading to an operation, a procedure, or an event in a transaction from its inception to final results.
E2.1.8. Automated Information Systems (AISs). An assembly of computer hardware, software, and/or firmware configured to collect, create, communicate, compute, disseminate, process, store, and/or control data or information.
E2.1.9. Category. A grouping of classified or sensitive unclassified information to which an additional restrictive label is applied for signifying that personnel are granted access to the information only if they have formal access approval or other applicable authorization (e.g., proprietary information, for official use only, compartmented information).
E2.1.10. Certification. The technical evaluation of an AISs security features and other safeguards, made in support of the accreditation process, which establishes the extent that a particular AIS design and implementation meet a set of specified security requirements.
E2.1.11. Classified Information. Information or material that is (a) owned by, produced for or by, or under the control of the U.S. Government; and (b) determined under E.O.12356 (reference (r)), or prior orders, DoD 5200.1-R (reference (b)), to require protection against unauthorized disclosure; and so designated.
E2.1.12. Computer. A machine capable of accepting, performing calculations on, or otherwise manipulating or storing data. It usually consists of arithmetic and logical unit, and a control unit, and may have input and output devices and storage devices.
E2.1.13. Data. A representation of facts, concepts, information, or instructions suitable for communication, interpretation, or processing by humans or by an AIS.
E2.1.14. Data Integrity. The state that exists when data is unchanged from its source and accidentally or maliciously has not been modified, altered, or destroyed.
E2.1.15. Data Owner. The authority, individual, or organization who has original responsibility for the data by statute, Executive order, or Directive.
E2.1.16. Dedicated Security Mode. A mode of operation wherein all users have the clearance or authorization and need-to-know for all data handled by the AIS. If the AIS processes special access information, all users require formal access approval. In the dedicated mode, an AIS may handle a single classification level and/or category of information or a range of classification levels and/or categories.
E2.1.17. Denial of Service. Action or actions that result in the inability of an AIS or any essential part to perform its designated mission, either by loss or degradation of operational capability.
E2.1.18. Designated Approving Authority (DAA). The official who has the authority to decide on accepting the security safeguards prescribed for an AIS or the official who may be responsible for issuing an accreditation statement that records the decision to accept those safeguards. The DAA must be at an organizational level, have authority to evaluate the overall mission requirements of the AIS, and to provide definitive directions to AIS developers or owners relative to the risk in the security posture of the AIS.
E2.1.19. Embedded System. An embedded system is one that performs or controls a function, either in whole or in part, as an integral element of a larger system or subsystem (e.g., ground support equipment, flight simulators, engine test stands, or fire control systems).
E2.1.20. Evaluated Products List (EPL). A documented inventory of equipments, hardware, software, and/or
firmware that have been evaluated against the evaluation criteria found in DoD 5200.28-STD (reference (k)).
E2.1.21. Features. (See Security Features, definition E2.1.40.,
E2.1.22. Formal Access Approval. Documented approval by a data owner to allow access to a particular category of information.
E2.1.23. Handled By. The term "handled by" denotes the activities performed on data in an AIS, such as collecting, processing, transferring, storing, retrieving, sorting, transmitting, disseminating, and controlling.
E2.1.24. Information. Knowledge such as facts, data, or opinions, including numerical, graphic, or narrative forms, whether oral or maintained in any medium.
E2.1.25. Information System. The organized collection, processing, transmission, and dissemination of information in accordance with defined procedures, whether automated or manual.
E2.1.26. Information System Security Officer (ISSO). The person responsible to the DAA for ensuring that security is provided for and implemented throughout the life cycle of an AIS from the beginning of the concept development phase through its design, development, operation, maintenance, and secure disposal.
E2.1.27. Intelligent Terminal. A terminal that is programmable, able to accept peripheral devices, able to connect with other terminals or computers, able to accept additional memory, or which may be modified to have these characteristics.
E2.1.28. Multilevel Security Mode. A mode of operation that allows two or more classification levels of information to be processed simultaneously within the same system when not all users have a clearance or formal access approval for all data handled by the AIS.
E2.1.29. Need-to-Know. A determination made in the interest of U.S. national security by the custodian of classified or sensitive unclassified information, which a prospective recipient has a requirement for access to, knowledge of, or possession of the information to perform official tasks or services.
E2.1.30. Network. A network is composed of a communications medium and all components attached to that medium whose responsibility is the transference of information. Such components may include AISs, packet switches, telecommunications controllers, key distribution centers, and technical control devices.
E2.1.31. Orange Book Terminology. Reference (k),
also called the Orange Book, classifies AISs into four broad hierarchical divisions of security protection. Within divisions C and B there are further subdivisions called classes. These classes also are ordered in a hierarchical manner characterized by the set of computer security features they possess (see Security Features, definition E2.1.40., below).
E2.1.32. Partitioned security Mode. A mode of operation wherein all personnel have the clearance, but not necessarily formal access approval and need-to-know, for all information handled by the AIS. This security mode encompasses the compartmented mode defined in DCID No.1/16, reference (g).
E2.1.33. Periods Processing. A manner of operating an AIS in which the security mode of operation and/or maximum classification of data handled by the AIS is established for an interval of time (or period) and then changed for the following interval of time. A period extends from any secure initialization of the AIS to the completion of any purging of sensitive data handled by the AIS during the period.
E2.1.34. Purge. Removal of sensitive data from an AIS at the end of a period of processing, including from AIS storage devices and other peripheral devices with storage capacity, in such a way that there is ensurance proportional to the sensitivity of the data that the data may not be reconstructed. An AIS must be disconnected from any external network before a purge.
E2.1.35. Risk. A combination of the likelihood that a threat shall occur, the likelihood that a threat occurrence shall result in an adverse impact, and the severity of the resulting adverse impact.
E2.1.36. Risk Analysis. An analysis of system assets and vulnerabilities to establish an expected loss from certain events based on estimated probabilities of occurrence.
E2.1.37. Risk Index. The disparity between the minimum clearance or authorization of AIS users and the maximum sensitivity (e.g., classification and categories) of data handled by the AIS.
E2.1.38. Risk Management. The total process of identifying, measuring, and minimizing uncertain events affecting AIS resources. It includes risk analysis, cost benefit analysis, safeguard selection, security test and evaluation, safeguard implementation, and systems review.
E2.1.39. Safeguards. (See Security Safeguards, definition
E2.1.40. Security Features . The security-relevant functions, mechanisms, and characteristics of AIS hardware and software (e.g., identification, authentication, audit trail, access control).
E2.1.41. Security Mode. A mode of operation in which the
DAA accredits an AIS to operate. Inherent with each of the four security modes
(dedicated, system high, multilevel, and partitioned) are restrictions on the
user clearance levels, formal access requirements, need-to-know requirements,
and the range of sensitive information permitted on the AIS.
E2.1.42. Security Safeguards. The protective measures and
controls that are prescribed to meet the security requirements specified for
an AIS. These safe-guards may include, but are not necessarily limited to,
hardware and software security features; operation procedures; accountability
procedures; access and distribution controls; management constraints;
personnel security; and physical structures, areas, and devices.
E2.1.43. Sensitive Compartmented Information (SCI).
Classified information about or derived from intelligence sources, methods, or
analytical processes that is required to be handled exclusively within formal
access control systems established by the Director, Central Intelligence.
E2.1.44. Sensitive Unclassified Information
. Any information the loss, misuse, or unauthorized access to, or modification of which, adversely might affect U.S. national interest, the conduct of DoD programs, or the privacy of DoD personnel (e.g., FOIA exempt information and information whose distribution is limited by DoD Directive 5230.24 (reference (s))).
E2.1.45. SIOP-ESI. An acronym for Single Integrated
Operational Plan-Extremely Sensitive Information, a DoD Special Access
E2.1.46. Special Access Program. Any program imposing
need-to-know or access controls beyond those normally required for access to
Confidential, Secret, or Top Secret information. Such a program includes, but
is not limited to, special clearance of investigative requirements, special
designation of officials authorized to determine need-to-know, or special
lists of persons determined to have a need-to-know.
E2.1.47. System High Security Mode. A mode of operation
wherein all users having access to the AIS possess a security clearance or
authorization, but not necessarily a need-to-know, for all data handled by the
AIS. If the AIS processes special access information, all users must have
formal access approval.
E2.1.48. Telecommunications. Under this Directive, a
general term expressing data transmission between computing systems and
remotely located devices via a unit that performs the necessary format
conversion and controls the rate of transmission.
E2.1.49. Trusted Products. Products evaluated and
approved for inclusion on the Evaluated Products List (EPL).
E2.1.50. Unclassified Information. Any information that
need not be safeguarded against disclosure, but must be safeguarded against
tampering, destruction, or loss due to record value, utility, replacement cost
or susceptibility to fraud, waste, or abuse.
E2.1.51. Users. People or processes accessing an AIS
either by direct connections (i.e., via terminals) or indirect connections
(i.e., prepare input data or receive output that is not reviewed for content
or classification by a responsible individual).