 |
| NCSC-TG-004-88
Library No. S-231,238 FOREWORD This publication, "Glossary of Computer Security Terms," is
issued by the National Computer Recommendations for revision to this publication are encouraged and will
be reviewed National Computer Security Center 9800 Savage Road Fort George G. Meade, MD 20755-6000 Attention: Chief, Criteria and Technical Guidelines Division 21 October 1988 Patrick R. Gallagher, Jr. Director National Computer Security Center For sale by the Superintendent of Documents, Congressional Sales Office, U.S. Government Printing Office, Washington, DC 20402 ACKNOWLEDGMENTS Recognition is extended to Sue Berg as primary researcher for this glossary,
Carol Lane as the PREFACE This glossary contains material drawn primarily from official documents
of the United States The intent of the National Computer Security Center is for this document
to focus on terms in TABLE OF CONTENTS FOREWORD ACKNOWLEDGMENTS PREFACE COMPUTER SECURITY ACRONYMS COMPUTER SECURITY TERMS REFERENCES GLOSSARY OF COMPUTER SECURITY ACRONYMS AIS Automated Information System COMPUSEC Computer Security COMSEC Communications Security CSTVRP Computer Security Technical Vulnerability Reporting Program DAA Designated Approving Authority DAC Discretionary Access Control DES Data Encryption Standard DPL Degausser Products List DTLS Descriptive Top-Level Specification EPL Evaluated Products List ETL Endorsed Tools List FTLS Formal Top-Level Specification ISSO Information System Security Officer MAC Mandatory Access Control NCSC National Computer Security Center NTISSC National Telecommunications and Information Systems Security Committee OPSEC Operations Security PPL Preferred Products List SAISS Subcommittee on Automated Information Systems Security of NTISSC SSO System Security Officer STS Subcommittee on Telecommunications Security of NTISSC TCB Trusted Computing Base TCSEC DoD Trusted Computer System Evaluation Criteria GLOSSARY OF COMPUTER SECURITY TERMS -*- *-property (or star property) A Bell-La Padula security model rule allowing a subject write access
to an object only if the -A- acceptance inspection The final inspection to determine whether or not a facility or system
meets the specified access A specific type of interaction between a subject and an object that results
in the flow of access control The process of limiting access to the resources of a system only to authorized
programs, access control mechanism Hardware or software features, operating procedures, management procedures,
and various access level The hierarchical portion of the security level used to identify the sensitivity
of data and the access list A list of users, programs, and/or processes and the specifications of
access categories to which access period A segment of time, generally expressed on a daily or weekly basis, during
which access rights access port A logical or physical identifier that a computer uses to distinguish
different terminal input/ access type The nature of an access right to a particular device, program, or file
(e.g., read, write, execute, accountability The property that enables activities on a system to be traced to individuals
who may then be accreditation A formal declaration by the DAA that the AIS is approved to operate in
a particular security accreditation authority Synonymous with Designated Approving Authority. add-on security The retrofitting of protection mechanisms, implemented by hardware or software. administrative security The management constraints and supplemental controls established to provide
an acceptable assurance A measure of confidence that the security features and architecture of
an AIS accurately attack The act of trying to bypass security controls on a system. An attack
may be active, resulting audit trail A chronological record of system activities that is sufficient to enable
the reconstruction, authenticate (1) To verify the identity of a user, device, or other entity in a computer
system, often as a (2) To verify the integrity of data that have been stored, transmitted,
or otherwise exposed to authenticator The means used to confirm the identity or to verify the eligibility of
a station, originator, or authorization The granting of access rights to a user, program, or process. automated data processing security Synonymous with automated information systems security. automated information system (AIS) An assembly of computer hardware, software and/or firmware configured
to collect, create, automated information system security Measures and controls that protect an AIS against denial of service and
unauthorized automated security monitoring The use of automated procedures to ensure that security controls are not circumvented. availability of data The state when data are in the place needed by the user, at the time
the user needs them, and -B- back door Synonymous with trap door. backup plan Synonymous with contingency pIan. Bell-La Padula model A formal state transition model of computer security policy that describes
a set of access benign environment A nonhostile environment that may be protected from external hostile
elements by physical, between-the-lines entry Unauthorized access obtained by tapping the temporarily inactive terminal
of a legitimate beyond A1 A level of trust defined by the DoD Trusted Computer System Evaluation
Criteria (TCSEC) browsing The act of searching through storage to locate or acquire information
without necessarily -C- call back A procedure for identifying a remote terminal. In a call back, the host
system disconnects the capability A protected identifier that both identifies the object and specifies
the access rights to be category A restrictive label that has been applied to classified or unclassified
data as a means of certification The comprehensive evaluation of the technical and nontechnical security
features of an AIS closed security environment An environment in which both of the following conditions hold true: (1) Application developers (including maintainers) have sufficient clearances
and communications security (COMSEC) Measures taken to deny unauthorized persons information derived from
telecommunications compartment A class of information that has need-to-know access controls beyond those
normally provided compartmented security mode See modes of operation. compromise A violation of the security policy of a system such that unauthorized
disclosure of sensitive compromising emanations Unintentional data-related or intelligence-bearing signals that, if intercepted
and analyzed, computer abuse The misuse, alteration, disruption or destruction of data processing
resources. The key aspect computer cryptography The use of a crypto-algorithm in a computer, microprocessor, or microcomputer
to perform computer fraud Computer-related crimes involving deliberate misrepresentation, alteration
or disclosure of computer security (COMPUSEC) Synonymous with automated information systems security. computer security subsystem A device designed to provide limited computer security features in a
larger system Computer Security Technical Vulnerability Reporting Program (CSTVRP) A program that focuses on technical vulnerabilities in commercially available
hardware, concealment system A method of achieving confidentiality in which sensitive information
is hidden by embedding confidentiality The concept of holding sensitive data in confidence, limited to an appropriate
set of configuration control The process of controlling modifications to the system's hardware, firmware,
software, and configuration management The management of security features and assurances through control of
changes made to a confinement The prevention of the leaking of sensitive data from a program. confinement channel Synonymous with covert channel. confinement property Synonymous with star property (*-property). contamination The intermixing of data at different sensitivity and need-to-know levels.
The lower level data contingency plan A plan for emergency response, backup operations, and post-disaster recovery
maintained by control zone The space, expressed in feet of radius, surrounding equipment processing
sensitive controlled access See access control. controlled sharing The condition that exists when access control is applied to all users
and components of a cost-risk analysis The assessment of the costs of providing data protection for a system
versus the cost of losing countermeasure Any action, device, procedure, technique, or other measure that reduces
the vulnerability of or covert channel A communications channel that allows two cooperating processes to transfer
information in a covert storage channel A covert channel that involves the direct or indirect writing of a storage
location by one covert timing channel A covert channel in which one process signals information to another
by modulating its own Criteria See DoD Trusted Computer System Evaluation Criteria. crypto-algorithm A well-defined procedure or sequence of rules or steps used to produce
a key stream or cipher cryptography The principles, means and methods for rendering information unintelligible,
and for restoring cryptosecurity The security or protection resulting from the proper use of technically sound cryptosystems. -D- Data Encryption Standard (DES) A cryptographic algorithm for the protection of unclassified data, published
in Federal data flow control Synonymous with information flow control. data integrity The property that data meet an a priori expectation of quality. data security The protection of data from unauthorized (accidental or intentional)
modification, destruction, declassification of AIS storage media An administrative decision or procedure to remove or reduce the security
classification of the dedicated security mode See modes of operation. default classification A temporary classification reflecting the highest classification being
processed in a system. degauss To reduce magnetic flux density to zero by applying a reverse magnetizing field. degausser An electrical device that can generate a magnetic field for the purpose
of degaussing magnetic Degausser Products List (DPL) A list of commercially produced degaussers that meet National Security
Agency denial of service Any action or series of actions that prevent any part of a system from
functioning in Descriptive Top-Level Specification (DTLS) A top-level specification that is written in a natural language (e.g.,
English), an informal Designated Approving Authority (DAA) The official who has the authority to decide on accepting the security
safeguards prescribed dial back Synonymous with call back. dial-up The service whereby a computer terminal can use the telephone to initiate
and effect disaster plan Synonymous with contingency plan. discretionary access control (DAC) A means of restricting access to objects based on the identity and need-to-know
of the user, DoD Trusted Computer System Evaluation Criteria (TCSEC) A document published by the National Computer Security Center containing
a uniform set of domain The unique context (e.g., access control parameters) in which a program
is operating; in effect, dominate Security level S1 is said to dominate security level S2 if the hierarchical
classification of S1 is -E- emanations See compromising emanations. embedded system A system that performs or controls a function, either in whole or in
part, as an integral element emergency plan Synonymous with contingency pIan. emission security The protection resulting from all measures taken to deny unauthorized
persons information of end-to-end encryption The protection of information passed in a telecommunications system by
cryptographic Endorsed Tools List (ETL) The list of formal verification tools endorsed by the NCSC for the development
of systems Enhanced Hierarchical Development Methodology An integrated set of tools designed to aid in creating, analyzing, modifying,
managing, and entrapment The deliberate planting of apparent flaws in a system for the purpose
of detecting attempted environment The aggregate of external procedures, conditions, and objects that affect
the development, erasure A process by which a signal recorded on magnetic media is removed. Erasure
is accomplished Evaluated Products List (EPL) A list of equipments, hardware, software, and/or firmware that have been
evaluated against, executive state One of several states in which a system may operate and the only one
in which certain exploitable channel Any information channel that is usable or detectable by subjects external
to the trusted -F- failsafe Pertaining to the automatic protection of programs and/or processing
systems to maintain failsoft Pertaining to the selective termination of affected nonessential processing
when a hardware or failure access An unauthorized and usually inadvertent access to data resulting from
a hardware or software failure control The methodology used to detect and provide fail-safe or fail-soft recovery
from hardware and fault A condition that causes a device or system component to fail to perform in a required manner. fetch protection A system-provided restriction to prevent a program from accessing data
in another users file protection The aggregate of all processes and procedures in a system designed to
inhibit unauthorized file security The means by which access to computer files is limited to authorized users only. flaw hypothesis methodology A systems analysis and penetration technique in which specifications
and documentation for flow control See information flow control. formal access approval Documented approval by a data owner to allow access to a particular category of information. Formal Development Methodology A collection of languages and tools that enforces a rigorous method of
verification. This formal proof A complete and convincing mathematical argument, presenting the full
logical justification formal security policy model A mathematically precise statement of a security policy. To be adequately
precise, such a Formal Top-Level Specification (FTLS) A top-level specification that is written in a formal mathematical language
to allow theorems formal verification The process of using formal proofs to demonstrate the consistency between
a formal front-end security filter A security filter, which could be implemented in hardware or software,
that is logically functional testing The segment of security testing in which the advertised security mechanisms
of the system are -G- granularity An expression of the relative size of a data object; e.g., protection
at the file level is considered guard A processor that provides a filter between two disparate systems operating
at different security Gypsy Verification Environment An integrated set of tools for specifying, coding, and verifying programs
written in the Gypsy -H- handshaking procedure A dialogue between two entities (e.g., a user and a computer, a computer
and another Hierarchical Development Methodology A methodology for specifying and verifying the design programs written
in the Special host to front-end protocol A set of conventions governing the format and control of data that are
passed from a host to a -I- identification The process that enables recognition of an entity by a system, generally
by the use of unique impersonating Synonymous with spoofing. incomplete parameter checking A system design flaw that results when all parameters have not been fully
anticipated for individual accountability The ability to associate positively the identity of a user with the time,
method, and degree of information flow control A procedure to ensure that information transfers within a system are
not made from a higher Information System Security Officer (ISSO) The person responsible to the DAA for ensuring that security is provided
for and implemented Information Systems Security Products and Services Catalogue A catalogue issued quarterly by the National Security Agency that incorporates
the DPL, EPL, integrity Sound, unimpaired or perfect condition. interdiction See denial of service. internal security controls Hardware, firmware, and software features within a system that restrict
access to resources isolation The containment of subjects and objects in a system in such a way that
they are separated from -J- This document contains no entries beginning with the letter "J". -K- This document contains no entries beginning with the letter "K". -L- least privilege The principle that requires that each subject be granted the most restrictive
set of privileges limited access Synonymous with access control. list-oriented A computer protection system in which each protected object has a list
of all subjects lock-and-key protection system A protection system that involves matching a key or password with a specific
access logic bomb A resident computer program that triggers the perpetration of an unauthorized
act when loophole An error of omission or oversight in software or hardware that permits
circumventing the -M- magnetic remanence A measure of the magnetic flux density remaining after removal of the
applied magnetic force. maintenance hook Special instructions in software to allow easy maintenance and additional
feature malicious logic Hardware, software, or firmware that is intentionally included in a system
for an unauthorized mandatory access control (MAC) A means of restricting access to objects based on the sensitivity (as
represented by a label) of masquerading Synonymous with spoofing. mimicking Synonymous with spoofing. modes of operation A description of the conditions under which an AIS functions, based on
the sensitivity of data (1) Dedicated Mode An AIS is operating in the dedicated mode when each user with direct
or indirect a. A valid personnel clearance for all information on the system. b. Formal access approval for, and has signed nondisclosure agreements
for all the c. A valid need-to-know for all information contained within the system. (2) System-High Mode An AS is operating in the system-high mode when each user with direct
or indirect access a. A valid personnel clearance for all information on the AIS. b. Formal access approval for, and has signed nondisclosure agreements
for all the c. A valid need-to-know for some of the information contained within the AIS. (3) Compartmented Mode An AIS is operating in the compartmented mode when each user with direct
or indirect a. A valid personnel clearance for the most restricted information processed
in the b. Formal access approval for, and has signed nondisclosure agreements
for that c. A valid need-to-know for that information to which he/she is to have access. (4) Multilevel Mode An AIS is operating in the multilevel mode when all the following statements
are a. Some do not have a valid personnel clearance for all the information
processed b. All have the proper clearance and have the appropriate formal access
approval c. All have a valid need-to-know for that information to which they are
to have multilevel device A device that is used in a manner that permits it to simultaneously process
data of two or more multilevel secure A class of system containing information with different sensitivities
that simultaneously multilevel security mode See modes of operation. multiple access rights terminal A terminal that may be used by more than one class of users; for example,
users with different multiuser mode of operation A mode of operation designed for systems that process sensitive unclassified
information in mutually suspicious The state that exists between interacting processes (subsystems or programs)
in which neither -N- National Computer Security Assessment Program A program designed to evaluate the interrelationship of empirical data
of computer security National Computer Security Center (NCSC) Originally named the DoD Computer Security Center, the NCSC is responsible
for National Security Decision Directive 145 (NSDD 145) Signed by President Reagan on 17 September 1984, this directive is entitled
"National Policy National Telecommunications and Information Systems Security Advisory Memoranda/Instructions (NTISSAM, NTISSI) NTISS Advisory Memoranda and Instructions provide advice, assistance,
or information of National Telecommunications and Information System Security Directives (NTISSD) NTISS Directives establish national-level decisions relating to NTISS
policies, plans, need-to-know The necessity for access to, knowledge of, or possession of specific
information required to network front end A device that implements the necessary network protocols, including security-related
NSDD 145 See National Security Decision Directive 145. -O- object A passive entity that contains or receives information. Access to an
object potentially implies object reuse The reassignment and reuse of a storage medium (e.g., page frame, disk
sector, magnetic tape) open security environment An environment that includes those systems in which at least one of the
folIowing conditions Operations Security (OPSEC) An analytical process by which the U.S. Government and its supporting
contractors can deny Orange Book Alternate name for DoD Trusted Computer Security Evaluation Criteria. overt channel A path within a computer system or network that is designed for the authorized
transfer of overwrite procedure A stimulation to change the state of a bit followed by a known pattern.
See magnetic -P- partitioned security mode A mode of operation wherein all personnel have the clearance but not
necessarily formal password A protected/private character string used to authenticate an identity. penetration The successful act of bypassing the security mechanisms of a system. penetration signature The characteristics or identifying marks that may be produced by a penetration. penetration study A study to determine the feasibility and methods for defeating controls of a system. penetration testing The portion of security testing in which the evaluators attempt to circumvent
the security periods processing The processing of various levels of sensitive information at distinctly
different times. Under permissions A description of the type of authorized interactions a subject can have
with an object. personnel security The procedures established to ensure that all personnel who have access
to sensitive physical security The application of physical barriers and control procedures as preventive
measures or piggyback Gaining unauthorized access to a system via another user's legitimate
connection. See Preferred Products List (PPL) A list of commercially produced equipments that meet TEMPEST and other
requirements print suppression Eliminating the displaying of characters in order to preserve their secrecy;
e.g., not displaying privileged instructions A set of instructions (e.g., interrupt handling or special computer instructions)
to control procedural security Synonymous with administrative security. process A program in execution. See domain and subject. protection philosophy An informal description of the overall design of a system that delineates
each of the protection protection ring One of a hierarchy of privileged modes of a system that gives certain
access rights to user protection-critical portions of the TCB Those portions of the TCB whose normal function is to deal with the control
of access between protocols A set of rules and formats, semantic and syntactic, that permits entities
to exchange pseudo-flaw An apparent loophole deliberately implanted in an operating system program
as a trap for Public Law 100-235 (P.L. 100-235) Also known as the Computer Security Act of 1987, this law creates a means
for establishing purge The removal of sensitive data from an AIS, AIS storage device, or peripheral
device with -Q- This document contains no entries beginning with the letter "Q". -R- read A fundamental operation that results only in the flow of information
from an object to a read access Permission to read information. recovery procedures The actions necessary to restore a system's computational capability
and data files after a reference monitor concept An access-control concept that refers to an abstract machine that mediates
all accesses to reference validation mechanism An implementation of the reference monitor concept. A security kernel
is a type of reference reliability The probability of a given system performing its mission adequately for
a specified period of residual risk The portion of risk that remains after security measures have been applied. residue Data left in storage after processing operations are complete, but before
degaussing or resource encapsulation The process of ensuring that a resource not be directly accessible by
a subject, but that it be restricted area Any area to which access is subject to special restrictions or controls
for reasons of security risk The probability that a particular threat will exploit a particular vulnerability of the system. risk analysis The process of identifying security risks, determining their magnitude,
and identifying areas risk assessment Synonymous with risk analysis. risk index The disparity between the minimum clearance or authorization of system
users and the risk management The total process of identifying, controlling, and eliminating or minimizing
uncertain events -S- safeguards See security safeguards. scavenging Searching through object residue to acquire unauthorized data. secure configuration management The set of procedures appropriate for controlling changes to a system's
hardware and software secure state A condition in which no subject can access any object in an unauthorized manner. secure subsystem A subsystem that contains its own implementation of the reference monitor
concept for those security critical mechanisms Those security mechanisms whose correct operation is necessary to ensure
that the security security evaluation An evaluation done to assess the degree of trust that can be placed in
systems for the secure security fault analysis A security analysis, usually performed on hardware at gate level, to
determine the security security features The security-relevant functions, mechanisms, and characteristics of system
hardware and security filter A trusted subsystem that enforces a security policy on the data that pass through it. security flaw An error of commission or omission in a system that may allow protection
mechanisms to be security flow analysis A security analysis performed on a formal system specification that locates
potential flows of security kernel The hardware, firmware, and software elements of a TCB that implement
the reference security label A piece of information that represents the security level of an object. security level The combination of a hierarchical classification and a set of nonhierarchical
categories that security measures Elements of software, firmware, hardware, or procedures that are included
in a system for the security perimeter The boundary where security controls are in effect to protect assets. security policy The set of laws, rules, and practices that regulate how an organization
manages, protects, and security policy model A formal presentation of the security policy enforced by the system.
It must identify the set of security range The highest and lowest security levels that are permitted in or on a
system, system component, security requirements The types and levels of protection necessary for equipment, data, information,
applications, security requirements baseline A description of minimum requirements necessary for a system to maintain
an acceptable security safeguards The protective measures and controls that are prescribed to meet the
security requirements security specifications A detailed description of the safeguards required to protect a system. security test and evaluation An examination and analysis of the security safeguards of a system as
they have been applied security testing A process used to determine that the security features of a system are
implemented as sensitive information Any information, the loss, misuse, modification of, or unauthorized access
to, could affect the sensitivity label A piece of information that represents the security level of an object.
Sensitivity labels are simple security condition See simple security property. simple security property A Bell-La Padula security model rule allowing a subject read access to
an object only if the single-level device An automated information systems device that is used to process data
of a single security level Software Development Methodologies Methodologies for specifying and verifying design programs for system
development. Each software security General purpose (executive, utility or software development tools) and
applications programs software system test and evaluation process A process that plans, develops and documents the quantitative demonstration
of the fulfillment spoofing An attempt to gain access to a system by posing as an authorized user.
Synonymous with stand-alone, shared system A system that is physically and electrically isolated from all other
systems, and is intended to stand-alone, single-user system A system that is physically and electrically isolated from all other
systems, and is intended to star property See *-property, page 2. State Delta Verification System A system designed to give high confidence regarding microcode performance
by using state variable A variable that represents either the state of the system or the state of some system resource. storage object An object that supports both read and write accesses. Subcommittee on Automated Information Systems Security (SAISS) NSDD-145 authorizes and directs the establishment, under the NTISSC,
of a permanent Subcommittee on Telecommunications Security (STS) NSDD-145 authorizes and directs the establishment, under the NTISSC,
of a permanent subject An active entity, generally in the form of a person, process, or device,
that causes information subject security level A subject's security level is equal to the security level of the objects
to which it has both read supervisor state Synonymous with executive state. System Development Methodologies Methodologies developed through software engineering to manage the complexity
of system system high security mode See modes of operation. system integrity The quality that a system has when it performs its intended function
in an unimpaired manner, system low The lowest security level supported by a system at a particular time
or in a particular System Security Officer (550) See Information System Security Officer. Systems Security Steering Group The senior government body established by NSDD-145 to provide top-level
review and policy -T- tampering An unauthorized modification that alters the proper functioning of an
equipment or system in technical attack An attack that can be perpetrated by circumventing or nullifying hardware
and software technical vulnerability A hardware, firmware, communication, or software flaw that leaves a computer
processing TEMPEST The study and control of spurious electronic signals emitted by electrical equipment. terminal identification The means used to uniquely identify a terminal to a system. threat Any circumstance or event with the potential to cause harm to a system
in the form of threat agent A method used to exploit a vulnerability in a system, operation, or facility. threat analysis The examination of all actions and events that might adversely affect a system or operation. threat monitoring The analysis, assessment, and review of audit trails and other data collected
for the purpose of ticket-oriented A computer protection system in which each subject maintains a list of
unforgeable bit time-dependent password A password that is valid only at a certain time of day or during a specified interval of time. top-level specification A nonprocedural description of system behavior at the most abstract level;
typically, a tranquility A security model rule stating that the security level of an object cannot
change while the object trap door A hidden software or hardware mechanism that can be triggered to permit
system protection Trojan horse A computer program with an apparently or actually useful function that
contains additional trusted computer system A system that employs sufficient hardware and software assurance measures
to allow its use Trusted Computing Base (TCB) The totality of protection mechanisms within a computer system, including
hardware, trusted distribution A trusted method for distributing the TCB hardware, software, and firmware
components, trusted identification forwarding An identification method used in networks whereby the sending host can
verify that an trusted path A mechanism by which a person at a terminal can communicate directly
with the TCB. This trusted process A process whose incorrect or malicious execution is capable of violating
system security trusted software The software portion of the TCB. -U- untrusted process A process that has not been evaluated or examined for adherence to the
security policy. It may user Person or process accessing an AIS either by direct connections (i.e.,
via terminals), or indirect user ID A unique symbol or character string that is used by a system to identify a specific user. user profile Patterns of a user's activity that can be used to detect changes in normal routines. -V- verification The process of comparing two levels of system specification for proper
correspondence (e.g., virus A self-propagating Trojan horse, composed of a mission component, a trigger
component, and vulnerability A weakness in system security procedures, system design, implementation,
internal controls, vulnerability analysis The systematic examination of systems in order to determine the adequacy
of security vulnerability assessment A measurement of vulnerability which includes the susceptibility of a
particular system to a -W- work factor An estimate of the effort or time needed by a potential penetrator with
specified expertise and write A fundamental operation that results only in the flow of information
from a subject to an write access Permission to write to an object. -X,Y,Z- This document contains no entries beginning with the letters "X," "Y," or "Z." REFERENCES Air Force Regulation 700-10, "Information Systems Security," 15 March 1985. Army Regulation 380-380, "Automated Systems Security," 3 March 1985. Department of Defense Computer Security Center, CSC-STD-002-85, "Department
of Defense Department of Defense Computer Security Center, CSC-STD-003-85, "Computer
Security Department of Defense Computer Security Center, CSC-STD-004-85, "Technical
Rationale Department of Defense Directive 5200.1-R, "Information Security
Program Regulation," June Department of Defense Directive 5200.28, "Security Requirements
for Automated Information Department of Defense Directive 5200.28-M, "ADP Security Manual," January 1973. Department of Defense Directive 5200.28-STD, "Department of Defense
Trusted Computer Department of Defense Directive 5215.1, "Computer Security Evaluation
Center," 25 October Department of Defense Directive 5230.25, "Withholding of Unclassified
Technical Data from Department of Defense Directive 7040.6, "Internal Control Systems," 24 March 1982. Department of Defense Instruction 5215.2, "Computer Security Technical
Vulnerability Reporting Department of Energy Order 5635.1A, "Control of Classified Documents
and Information," 12 Department of Energy Order 5637.1, "Classified Computer Security Program," 29 January 1988. Director of Central Intelligence Directive 1/16, "Security Policy
for Uniform Protection of Mitre Corp. Technical Report MTR-8201, "Trusted Computer Systems - Glossary," March 1981. National Security Decision Directive 145, "National Policy on Telecommunications
and Office of Navy Operations Instruction 5239.1A, "Department of the
Navy Automatic Data Public Law 100-235, "Computer Security Act of 1987," 8 January
1988. Stein, Jess (ed.), "The |
