Training And Awareness
The Lighter Side
OPSEC Glossary of Terms
| Information provided by IOSS
|A | B | C
| D | E | F | G
| H | I | J | K
| L | M | N | O
| P | Q | R | S
| T | U | V | W
| X | Y | Z
Abbreviations & Acronyms
acceptable level of risk: An authority's determination
of the level of potential harm to an operation, program, or activity due
to the loss of information that the authority is willing to accept.
access control mechanisms: Measures or procedures designed to
prevent unauthorized access to protected information or facilities.
ACINT: See Acoustic Intelligence.
Acoustic Intelligence: Intelligence information derived from
the collection and analysis of acoustical phenomena (DOD JP 1997a).
adversary: An individual, group, organization or government that
must be denied critical information. Synonymous with competitor/enemy.
adversary collection methodology: Any resource and method available
to and used by an adversary for the collection and exploitation of sensitive/critical
information or indicators thereof.
adversary threat strategy: The process of defining, in narrative
or graphical format, the threat presented to an operation, program, or
project. The adversary threat strategy should define the potential adversaries,
the courses of action those adversaries might take against the operation,
and the information needed by the adversaries to execute those actions.
agent: A person who engages in a clandestine activity.
AIS: See Automated Information Systems.
analysis: The process by which information is examined in order
in order to identify significant facts and/or derive conclusions.
assessment: To evaluate the worth, significance, or status of
something; especially to give an expert judgment of the value or merit
asset: 1. Any resource-a person, group, relationship, instrument
installation, supply-at the disposition of an intelligence agency for
use in an operational or support role. 2. A person who contributes to
a clandestine mission but is not a fully controlled agent (ICS 1989).
authentication: Security measures designed to establish the validity
of a transmission, message, or originator, or a means of verifying an
individual's authorization to receive specific categories of information
authenticity: Having an undisputed identity or origin.
Automated Information Systems: An assembly of computer hardware,
software, or firmware configured to collect, create, communicate, compute,
disseminate, process, store, or control data or information (NSC EO 1995).
availability: The assurance that data transmissions, computer
processing systems, and/or communications are not denied to those who
are authorized to use them (JCS 1997).
camouflage: The use of natural or artificial material on personnel,
objects, or positions (e.g., tactical) in order to confuse, mislead, or
evade the enemy/adversary (DOD JP 1997a).
case officer: A professional employee of an intelligence organization
who is responsible for providing direction for an agent operation. CCD.
See the individual components: camouflage; concealment; and deception.
clandestine operation: 1. An operation sponsored or conducted
by government departments or agencies in such a way as to insure secrecy
or concealment (JCS 1997). 2. An operation sponsored or conducted in such
a way as to insure the secrecy or concealment of the person or organization
doing the sponsoring/conducting. See also covert operation; overt operation.
classification: The determination that official information requires,
in the interest of national security, a specific degree of protection
against unauthorized disclosure, coupled with a designation signifying
that such a determination has been made; the designation is normally termed
a security classification and includes Confidential, Secret, and Top Secret
classification guide: A documentary form of classification guidance,
issued by an original classification authority. It identifies the elements
of information, regarding a specific subject, that must be classified
and establishes the level and duration of classification for each such
element (NSC EO 1995).
classified information: Information that has been determined,
pursuant to Executive Order 12598 or any predecessor order, to require
protection against unauthorized disclosure and is marked to indicate its
classified status when in documentary form (NSC EO 1995).
COMINT: See Communications Intelligence.
Command and Control Warfare: The integrated use of operations
security (OPSEC), military deception, psychological operations (PSYOP),
electronic warfare (EW), and physical destruction. C2W is mutually supported
by intelligence to deny information to, influence, degrade, or destroy
adversary command and control capabilities. This process is accomplished
while protecting friendly command and control capabilities against such
actions. Command and control warfare applies across the operational continuum
and all levels of conflict (DOD JP 1997a).
C2W: See Command and Control Warfare.
commercial-off-the-shelf: Any commercially available hardware
or software. communications deception. Deliberate transmission, retransmission,
or alteration of communications in order to mislead an adversary's interpretation
of the communications (NSTISSI 1997).
Communications Intelligence: Technical and intelligence information
derived from the intercept of foreign communications by other than the
intended recipients of those communications (DOD JP 1997a; ICS 1989).
communications profile: An analytic model of communications associated
with an organization or activity. The model is prepared from a systematic
examination of communications content and patterns, the functions they
reflect, and the COMSEC measures applied (NSTISSI 1997).
Communications Security: Measures and controls taken to deny
unauthorized persons information derived from telecommunications and to
ensure the authenticity of such telecommunications. Communications security
includes cryptosecurity, transmission security, emission security, and
physical security of COMSEC material (NSTISSI 1997).
compartmentation: 1. A formal system for restricting access to
selected activities or information. 2. The establishment and management
of an organization so that information about the personnel, internal organization,
or activities of one component is made available to any other component
only to the extent required for the performance of assigned duties (DOD
competitor: See adversary.
compromise: Unauthorized intentional or unintentional disclosure
of information or data to unauthorized persons. Compromise is also a security
policy violation of a system in which, modification, destruction, or loss
of an object may have occurred (NSTISSI 1997).
compromising emanations: Unintentional signals that, if intercepted
and analyzed, would disclose the information transmitted, received, handled,
or otherwise processed by information systems equipment (NSTISSI 1997).
NOTE: This is also known as TEMPEST.
COMPUSEC: See Computer Security.
Computer Security: Measures and controls that ensure confidentiality,
integrity, and^ availability of information systems assets including hardware,
software, firmware, and information being processed, stored, and communicated
COMSEC: See Communications Security.
COMSEC monitoring: The act of listening to, copying, or recording
transmissions of one's own official telecommunications in order to analyze
the degree of security (NSTISSI 1997).
concealment: The act of remaining hidden.
confidential source: Any individual or organization that provides
information to the United States government on matters pertaining to the
national security and expects, in return, that the information or relationship,
or both, will be held in confidence (NSC EO 1995).
confidentiality: An assurance that information is not disclosed
to unauthorized entities or processes (DOD JP 1994; JCS 1997).
contingency plan: Plan maintained for emergency response, backup
operations, and post-disaster recovery for an information system, to ensure
the availability of critical resources and facilitate the continuity of
operations in an emergency situation (NSTISSI 1997).
controlled information: Information and indicators deliberately
conveyed or denied to foreign targets in order to evoke invalid official
estimates that result in foreign official actions advantageous to U.S.
interests and objectives (DOD JP 1997a).
COTS: See commercial-off-the-shelf
counterintelligence: 1. That phase of intelligence covering all
activity designed to neutralize the effectiveness of adversary intelligence
collection activities. 2. Those activities that are concerned with identifying
and counteracting the security threat posed by hostile intelligence services,
organizations, or by individuals engaged in espionage, sabotage, subversion,
or terrorism. (DOD JP 1997a).
countermeasure: Anything which effectively negates or mitigates
an adversary's ability to exploit vulnerabilities.
cover: Protective action taken to mask or conceal an operation
or activity from an adversary.
covert operation: An operation that is so planned and executed
as to conceal the identity of, or permit plausible denial by, the sponsor
(JCS 1997). A covert operation differs from a clandestine operation in
that emphasis is placed on concealment of the identity of the sponsor,
rather than on concealment of the operation. Synonymous with law enforcement's
Critical and Sensitive Information List: Those areas, activities,
functions, or other matters that a facility/organization considers most
important to keep from adversaries (DOE 1992).
critical information: Specific facts about friendly (e.g., U.S.)
intentions, capabilities, or activities vitally needed by adversaries
for them to plan and act effectively so as to guarantee failure or unacceptable
consequences for accomplishment of friendly objectives.
critical infrastructures: Certain national infrastructures so
vital that their incapacity or destruction would have a debilitating impact
on the defense or economic security of the United States. These critical
infrastructures include telecommunications, electrical power systems,
gas and oil storage and transportation, banking and finance, transportation,
water supply systems, emergency services (including medical, police, fire,
and rescue), and continuity of government (JCS 1997; EO n.d.).
cryptanalysis: Operations performed in converting encrypted messages
to plain text without initial knowledge of the crypto-algorithm and/or
key employed in the encryption (NSTISSI 1997).
crypto-equipment: The equipment used to render plain information
unintelligible and restore encrypted information to intelligible form.
cryptography: Art or science concerning the principles, means,
and methods for rendering plain information unintelligible and of restoring
encrypted information to intelligible form (JCS 1997; NSTISSI 1996).
cryptosecurity: A component of communications security resulting
from the provisions of technically sound cryptosystems and their proper
use (NSTISSI 1996).
CSIL: See Critical and Sensitive Information List.
damage: A loss of friendly effectiveness due to adversary action.
Synonymous with harm.
deception: Those measures designed to mislead the enemy/adversary
by manipulation, distortion, or falsification of evidence in order to
induce a reaction from that adversary which is prejudicial to the adversary's
interests (DOD JP 1997a).
Defense Information Infrastructure: The Dn encompasses information
transfer and processing resources, including information and data storage,
manipulation, retrieval, and display. More specifically, the DII is the
shared or interconnected system of computers, communications, data, applications,
security, people, training, and other support structure, serving the DOD's
local and worldwide information needs. The Dn (a) connects DOD mission
support, command and control, and intelligence computers and users through
voice, data, imagery, video, and multimedia services, and (b) provides
information processing and value-added services to subscribers over the
DISN. Unique user data, information, and user applications are not considered
part of the DII (JCS 1997).
Defense Information Systems Network: 1. A sub-element of the
DII, the DISN is the DOD's consolidated worldwide enterprise level telecommunications
infrastructure that provides the end-to-end information transfer network
for supporting military operations. It is transparent to its users, facilitates
the management of information resources, and is responsive to national
security and defense needs under all conditions in the most efficient
manner (JCS 1997; ASD C311994) 2. The DISN is an information transfer
network with value-added services for supporting national defense C31
decision support requirements and CIM functional business areas. As a[n]
information transfer utility, the DISN provides dedicated point-to-point,
switched voice and data, imagery and video teleconferencing communications
services (JCS 1997).
denial: 1. The act of disowning or disavowing. 2. The refusal
to grant something. See also deception; denial of service.
denial of service: When action(s) result in the inability to
communicate and/or the inability of an AIS or any essential part to perform
its designated mission, either by loss or degradation of a signal or operational
capability (JCS 1997). detectable actions. Physical actions or whatever
can be heard, observed, imaged, or detected by human senses, or by active
and/or passive technical sensors, including emissions that can be intercepted.
DF: See Direction Finding.
DIL: See Defense Information Infrastructure.
Direction Finding: A procedure for obtaining bearings of radio
frequency emitters by using a highly directional antenna and a display
unit on an intercept receiver or ancillary equipment (DOD JP 1997a). disclosure.
The release of information through approved channels.
DISN: See Defense Information Systems Network.
economic intelligence: Intelligence regarding economic
resources, activities, and policies.
EEFL: See Essential Elements of Friendly Information.
EEL: See Essential Elements of Information.
Electronic Intelligence: Technical and geolocation intelligence
derived from foreign non-communications transmissions (e.g., radar) by
other than nuclear detonations or radioactive sources (DOD JP 1997a).
Electronic Security: Protection resulting from measures designed
to deny unauthorized persons information from the interception and analysis
of noncommunication electromagnetic emissions, such as radar (NSTISSI
Electronic Warfare: Any military action involving the use of
electromagnetic and directed energy to control the electromagnetic spectrum
or to attack the enemy. The three major subdivisions within electronic
warfare are: electronic attack, electronic protection, and electronic
warfare support (DOD JP 1994; JCS 1997).
ELINT: See Electronic Intelligence.
ELSEC: See Electronic Security.
Emissions Security: Protection resulting from measures taken
to deny unauthorized persons information derived from the intercept and
analysis of compromising emanations from crypto- equipment or an information
system (NSTISSI 1997).
EMSEC: See Emission Security.
enemy: See adversary.
espionage: 1. The act or practice of spying or of using spies
to obtain secret intelligence. 2. Overt, covert, or clandestine activity.
A term which is usually used in conjunction with the country against which
such an activity takes place. For example, espionage against the U.S.
Essential Elements of Friendly Information: In the context of
"friend or foe," these are specific pieces of information regarding friendly
(i.e., our) intentions, capabilities, and activities which are likely
to be sought by our foes (i.e., our enemies/competitors).
Essential Elements of Information: In the context of "friend
or foe," these are specific pieces of information which are likely to
be sought by friendly planners about specific adversaries' intentions,
capabilities, and activities. essential secrecy. The condition achieved
by denial of critical information to adversaries (DOD JP 1997a).
EW: See Electronic Warfare.
exploitation: The process of obtaining intelligence information
from any source and taking advantage of it.
facilities: Buildings, structures, or other real
property. Entities such as military bases, industrial sites, and office
complexes may be identified as facilities.
firewall: A system designed to prevent unauthorized access to
or from a private network. (JCS 1997).
foe: An opponent; the antithesis of friend.
FOIA: See Freedom of Information Act.
foreign intelligence service: An organization of a foreign government
that engages in intelligence activities (ICS 1989).
Freedom of Information Act: A provision that any person has a
right, enforceable in court, of access to federal agency records, except
to the extent that such records (or portions thereof) are protected from
disclosure by one of nine exemptions (DOD 1997).
friend: A country, individual, or organization with whom one
is allied in a struggle or cause.
friendly: An adjective that describes an operation or activity
that is carried out by a friend (e.g., friendly fire).
|GIL: See Global Information Infrastructure.
Global Information Infrastructure: The information systems of
all countries, international and multinational organizations and multi-international
commercial communications services (JCS 1997; CJCS 1997).
GOTS: See government-off-the-shelf.
government-off-the-shelf: An item that has been developed by
the government and produced to military or commercial standards and specifications,
is readily available for delivery from an industrial source, and may be
procured without change to satisfy a military requirement (ASD C3I1997).
hacker: An individual who gains unauthorized access
to an automated information system.
Human Intelligence: A category of intelligence derived from information
collected and/or provided by human sources (DOD JP 1997a).
HUMINT: See Human Intelligence.
IA: See Information Assurance.
1C: See Intelligence Community.
identification: See authentication.
imagery: Collectively, the representations of objects reproduced
electronically or by optical means on film, electronic display devices,
or other media (DOD JP 1997a).
Imagery Intelligence: Intelligence derived from the exploitation
of collection by visual photography, infrared sensors, lasers, electro-optics,
and radar sensors such as synthetic aperture radar wherein images of objects
are reproduced optically or electronically on film, electronic display
devices, or other media (DOD JP 1997a).
IMINT: See Imagery Intelligence.
imitative communications deception: Introduction of deceptive
messages or signals into an adversary's telecommunications signals (NSTISSI
inadvertent disclosure: Accidental exposure of information to
a person not authorized access (NSTISSI 1997).
incident: An assessed event of attempted entry, unauthorized
entry, and/or attack against a facility, operation, or an AIS (JCS 1997).
indicator: See Operations Security indicator.
industrial espionage: The act of seeking a competitive, commercial
advantage by obtaining a competitor's trade secrets and/or logistics.
The acquisition of industrial information through clandestine operations.
information: Any knowledge that can be communicated andd/or any
documentary material regardless of its physical form or characteristics
(NSC EO 1995).
Information Assurance: Information operations that proteect and
defend information an information systems by ensuring their availability,
integrity, authentication, confidentiality, and non-repudiation. This
includes providing for restoration of information systems by incorporating
protection, detection, and reaction capabilities (JCS 1997; DoDD 1996).
information integrity: The state that exists when information
is unchanged from its source and has not been accidentally or intentionally
modified, altered, or destroyed (NSC EO 1995; JCS 1997). See also integrity.
Information Operation: Any action involving the acquisition,
transmission, storage, or transformation of information that enhances
the employment of military forces (ICS 1989).
information security: The result of any system of policies and
procedures for identifying, controlling, and protecting from unauthorized
disclosure, information whose protection is authorized by executive order
or statute (ICS 1989).
Information Systems Security: The protection of information systems
against unauthorized access to or modification of information, whether
in storage, processing or transit, and against the denial of service to
authorized users, including those measures necessary to detect, document,
and counter such threats (NSTISSI 1997).
Information Warfare: 1. Actions taken to achieve information
superiority by adversely affecting an adversary's information, information-based
processes, and/or information systems while defending one's own information,
information-based processes, and/or information systems (DOD JP 1994).
2. Information operations conducted during time of crisis or conflict
to achieve or promote specific objectives over a specific adversary or
adversaries (JCS 1997; DoDD 1996).
INFOSEC: See Information Systems Security.
INFOWAR: See Information Warfare.
integrity: Absolute verification that data or information has
not been modified in transmission or during computer processing (JCS 1997).
See also information integrity.
intelligence: Information and/or knowledge about an adversary
obtained through observation, investigation, analysis, or understanding
(DOD JP 1994).
intelligence collection: The act of gathering information from
all available sources to meet an intelligence requirement.
Intelligence Community: The aggregate of the following executive
branch organizations and agencies involved in intelligence activities:
the Central Intelligence Agency; the National Security Agency; the Defense
Intelligence Agency; offices within the Department of Defense for the
collection of specialized national foreign intelligence through reconnaissance
programs; the Bureau of Intelligence and Research of the Department of
State; intelligence elements of the military services, the Federal Bureau
of Investigation, the Department of the Treasury, and the Department of
Energy; and staff elements of the Office of the Director of Central Intelligence
intelligence cycle: The steps by which information is converted
into intelligence and made available to users. The cycle has been described
as including five steps: planning and direction; collection; processing;
production; and dissemination.
intelligence data: See intelligence information.
intelligence information: Unevaluated material that may be used
in the production of intelligence.
Information of intelligence value: Synonymous with intelligence
intelligence system: Any system (formal or informal) which is
used to manage data gathering, obtain and process the data, interpret
the data, and provide analytically-sound opinions to decision makers in
order that they may make informed decisions with regard to various courses
of action. The term is not limited to intelligence organizations or services
but includes any system, in all its parts, that accomplishes the listed
tasks (DOD JP 1994).
intention: An aim or design (as distinct from a capability) to
execute a specified course of action (DOD JP 1994).
intercept: 1. Data which is obtained through the passive collection
of signals. Interrupting access, communication, or the flow of a process.
I0: See Information Operation.
IW: See Information Warfare.
Low Probability of Detection: The result of measures
used to hide or disguise intentional electromagnetic transmissions (NSTISSI
Low Probability of Intercept: Result of measures to prevent the
intercept of intentional electromagnetic transmissions (NSTISSI 1997).
LPD: See Low Probability of Detection.
LPL: See Low Probability of Intercept.
manipulative communications deception: Alteration
or simulation of friendly telecommunications for the purpose of deception
MASINT: See Measurement and Signature Intelligence.
Measurement and Signature Intelligence: Scientific and technical
intelligence obtained by quantitative and qualitative analysis of data
(metric, angle, spatial, wavelength, time dependence, modulation, plasma,
and hydromagnetic). This data is derived from specific technical sensors
for the purpose of identifying any distinctive features associated with
the source, emitter, or sender. This facilitates subsequent identification
and or measurement of the same (DOD JP 1994).
MLS: See Multilevel Security.
Multilevel Security: The concept of processing information with
different classifications and categories that simultaneously permits access
by users with different security clearances and denies access to users
who lack authorization (NSTISSI 1997).
National Information Infrastructure: 1. The nation-wide
interconnection of communications networks, computers, databases, and
consumer electronics that make vast amounts of information available to
users. It includes both public and private networks, the Internet, the
public switched network, and cable, wireless, and satellite communications
(JCS 1997- DOD JP 1997a; IITF 1995).
national security: Measures adopted by the government of a nation
in order to assure the safety of its citizens, guard against attack, and
prevent disclosure of sensitive or classified information which might
threaten or embarrass said nation.
need-to-know: A determination which is made by an authorized
holder of classified or proprietary information as to whether or not a
prospective recipient requires access to specific the information in order
to perform or assist in a lawful and authorized governmental function
(NSC EO 1995).
NIL: See National Information Infrastructure.
nonrepudiation: Assurance that the sender of data is provided
with proof of delivery and the recipient is provided with proof of the
sender's identity, so that neither can later deny having processed the
data. Digital signatures are the current non-repudiation technique of
choice for the Nil (DOD JP 1994; JCS 1997; NSTISSI 1996).
observables: Any actions that reveal indicators
which are exploitable by adversaries.
Open Source Intelligence: Information of potential intelligence
value that is available to the general public (DOD JP 1994).
Operations Security: 1. A systematic, proven process by which
a government, organization, or individual can identify, control, and protect
generally unclassified information about an operation/activity and, thus,
deny or mitigate an adversary's/competitor's ability to compromise or
interrupt said operation/activity (NSC 1988). 2. OPSEC is a process of
identifying critical information and subsequently analyzing friendly actions
attendant to military operations and other activities to (a) identify
those actions that can be observed by adversary intelligence systems,
(b) determine indicators adversary intelligence systems might obtain that
could be interpreted or pieced together to derive critical information
in time to be useful to adversaries, and select and execute measures that
eliminate or reduce to an acceptable level the vulnerabilities of friendly
actions to adversary exploitation (DOD JP 1994; JCS 1997).
Operations Security assessment: A thorough evaluation of the
effectiveness of a customer's implementation of OPSEC methodology, resources,
and tools. Assessments (a) are used to evaluate the effectiveness of the
customer's corporate level OPSEC program and (b) can be used at the program
level to determine whether or not a program is a viable candidate for
an OPSEC survey.
Operations Security indicator: Any detectable activity and/or
information that, when looked at by itself or in conjunction with something
else, allows an adversary to obtain critical or sensitive information.
Operations Security plan: A strategy that analyzes an operation
or activity and includes specific operations security measures.
Operations Security process: An analytical process that involves
five components: identification of critical information, analysis of threats,
analysis of vulnerabilities, assessment of risks, and application of appropriate
countermeasures (NSC 1988).
Operations Security program: An OPSEC program is the vehicle
by which the principles and practices of OPSEC are employed within an
Operations Security survey: The application of OPSEC methodology
at the program level. It is a detailed analysis of all activities associated
with a specific operation, project or program in order to determine what
exploitable evidence of classified or sensitive activity could be acquired
in light of the known collection capabilities of potential adversaries.
Operations Security working group A (normally formally) designated
body representing a broad range of line and staff activities within an
organization that provides OPSEC advice and support to leadership and
all elements of the organization.
OPSEC: See Operations Security.
OSINT: See Open Source Intelligence.
overt collection: The acquisition of information via the public
overt operation An operation conducted openly, without concealment.
perceived collection threat: An estimate of the
present and future resource allocations and capabilities of an adversary
to gain information. Synonymous with potential threat.
physical security: 1. The application of physical barriers and
control procedures as countermeasures against threats to resources and
sensitive information (NCSC 1994). 2. The security discipline concerned
with physical measures designed to safeguard personnel; prevent unauthorized
access to equipment, installations, material, and documents; and to safeguard
them against espionage, sabotage, damage, and theft.
potential threat: See perceived collection threat.
procurement: The process of obtaining personnel, services, supplies,
and equipment (DOD JP 1994).
profile: A collection and/or display (e.g., a written or graphical
descrription) of the signatures an patterns of an individual or organization.
proprietary information: Material and information relating to,
or associated with, a company's products, business, or activities, including
but not limited to financial information; data or statements; trade secrets;
product research and development; existing and future product designs
and performance specifications; marketing plans or techniques; schematics;
client lists; computer programs; processes; and know-how that have been
clearly identified and properly marked by the company as proprietary information,
trade secrets, or company confidential information. The information must
have been developed by the company and not be available to the government
or to the public without restriction from another source (NSTISSI 1997).
protected information: Includes sensitive, critical and/or classified
protective measures: Those actions, procedures, or designs implemented
to safeguard protected information.
Psychological Operations: Planned operations to convey selected
information and indicators to foreign audiences to influence their emotions,
motives, objective reasoning, and, ultimately, the behavior of foreign
governments, organizations, groups, and individuals. The purpose of PSYOP
is to induce or reinforce foreign attitudes and behavior favorable to
the originator's objectives. (JCS 1997; DOD JP 1993).
PSYOP: See Psychological Operations.
public domain: In open view; before the public at large and not
in private or employing secrecy or other protective measures.
risk: A measure of the potential degree to which
protected information is subject to loss through adversary exploitation.
risk analysis: A method by which individual vulnerabilities are
compared to perceived or actual security threat scenarios in order to
determine the likelihood of compromise of critical information.
risk assessment: An OPSEC process of evaluating the risks of
information loss based on an analysis of threats to, and vulnerabilities
of, a system, operation or activity.
risk avoidance: A security philosophy which postulates that adversaries
are all-knowing and highly competent, against which risks are avoided
by maximizing defenses and minimizing vulnerabilities (JSCR 1994).
risk management: A security philosophy which considers actual
threats, inherent vulnerabilities, and the availability and costs of countermeasures
as the underlying basis for making security decisions (JSCR 1994).
SAP: See Special Access Program.
security: Precautions taken to establish and maintain an acceptable
level of protection.
secure communications: Telecommunications deriving security through
use of type 1 products and/or protected distribution systems (NSTISSI
sensitive information: Information, the loss, misuse, or unauthorized
access to or modification of which could adversely affect the national
interest or the conduct of federal programs, or the privacy to which individuals
are entitled under 5 U.S.C. Section 552a (the Privacy Act), but that has
not been specifically authorized under criteria established by an Executive
Order or an Act of Congress to be kept secret in the interest of national
defense or foreign policy (NSTISSI 1997).
SIGINT: See Signals Intelligence.
Signals Intelligence: A category of intelligence comprising either
individually or in combination all communications intelligence, electronic
intelligence, and foreign instrumentation signals intelligence, however
transmitted (DOD JP 1994).
Signals Security: Generic term encompassing communications security
and electronic security (NSTISSI 1997).
SIGSEC: See Signals Security.
Special Access Program: A program established for a specific
class of classified information that imposes safeguarding and access requirements
that exceed those normally required for information at the same classification
level (NSC EO 1995).
surveillance: The systematic observation ofaerospace, surface
or subsurface areas, places, persons,, or things, by visual, aural, photographic,
or other means (DOD JP 1994).
TAISS: See Telecommunications and Automated Information
target: An individual, operation, or activity which an adversary
has determined possesses information that might prove useful in attaining
telecommunications: Preparation, transmission, communication
or related processing of information (writing, images, sounds, or other
data) by electrical, electromagnetic, electromechanical, electro-optical,
or electronic means (NSTISSI 1997).
Telecommunications and Automated Information Systems Security:
Superseded by Information Systems Security (NSTISSI 1997).
telemetry: The science and technology of automatic data measurement
and transmission, as by wire or radio, from remote sources, such as space
vehicles, to a receiving station for recording and analysis.
Telemetry Intelligence: Technical and intelligence information
derived from intercept, processing, and analysis of foreign telemetry;
a subcategory of foreign instrumentation signals intelligence (ICS 1989).
TELINT: See Telemetry Intelligence.
TEMPEST: Short name referring to investigation, study, and control
of compromising emanations from telecommunications and information systems
equipment (NSTISSI 1997).
terrorism: The calculated use of violence or threat of violence
to inculcate fear; intended to coerce or to intimidate governments or
societies in the pursuit of goals that are generally political, religious,
or ideological (DOD JP 1994).
threat: The capability of an adversary coupled with his intentions
to undertake any actions detrimental to the success of program activities
threat analysis: An OPSEC process, which examines an adversary's
technical and operational capabilities, motivation, and intentions, designed
to detect and exploit vulnerabilities.
threat assessment: An evaluation of the intelligence collection
threat to a program activity, system, or operation.
trade secret: See proprietary information.
TRANSEC See Transmission Security.
Transmission Security: Component of communications security from
the application of measures designed to protect transmissions from interception
and exploitation by means other than cryptanalysis (JCS 1997; NSTISSI
Type 1 products: Classified or controlled cryptographic item
endorsed by the National Security Agency for securing classified and sensitive
U.S. government information, when appropriately keyed. The term refers
only to products, and not to information, key, services, or controls.
They are available to U.S. government users, their contractors, and federally
sponsored non-U.S. government activities subject to export restrictions
in accordance with International Traffic in Arms Regulation (NSTISSI 1997).
unauthorized disclosure: A communication or physical
transfer to an unauthorized recipient (NSC EO 1995).
undercover operation: A phrase that is usually associated with
the law enforcement community and which describes an operation that is
so planned and executed as to conceal the identity of, or permit plausible
denial by, the sponsor (JCS 1997). Synonymous with covert operation.
vulnerability: The susceptibility of information
to exploitation by an adversary.
vulnerability analysis: A process which examines a friendly operation
or activity from the point of view of an adversary, seeking ways in which
the adversary might determine critical information in time to disrupt
or defeat the operation or activity.
vulnerability assessment: The results of vulnerability analysis
expressed as a degree of probable exploitation by an adversary.
- ACINT - Acoustic Intelligence
- AIS - Automated Information Systems
- ASD - Assistant Secretary of Defense
- CCD - Camouflage, Cover, and Deception
- CJCS - Chairman of the Joint Chiefs of Staff
- CJCSI - Chairman Joint Chief of Staff Instruction
- C3I - Command, Control, Communications, and Intelligence
- C2W - Command and Control Warfare
- COMINT - Communication Intelligence
- COMPUSEC - Computer Security
- COMSEC - Communications Security
- COTS - Commercial-off-the-shelf
- CSIL - Critical and Sensitive Information List
- DF - Direction Finding
- DII - Defense Information Infrastructure
- DISN - Defense Information System Network
- DOD - Department of Defense
- DoDD - Department of Defense Directive
- DOE - Department of Energy
- EEFI - Essential Elements of Friendly Information
- EEI - Essential Elements of Information
- ELINT - Electronics Intelligence
- ELSEC - Electronics Security
- EMSEC - Emissions Security
- EO - Executive Order
- EW - Electronic Warfare
- FOIA - Freedom of Information Act
- GIL - Global Information Infrastructure
- GOTS - Government-off-the-shelf
- HUMINT - Human Intelligence
- IA - Information Assurance
- IC - Intelligence Community
- ICS - Intelligence Community Staff
- IITF - Information Infrastructure Task Force
- IMINT - Imagery Intelligence
- INFOSEC - Information Security
- INFOWAR - Information Warfare
- IO - Information Operation
- IOSS - Interagency OPSEC Support Staff
- IW - Information Warfare
- JCS - Joints Chiefs of Staff
- JP - Joint Publication
- JSCR - Joint Security Commission Report
- LPD - Low Probability of Detection
- LPI - Low Probability of Intercept
- MASINT - Measurement and Signature Intelligence
- MLS - Multilevel Security
- NCSC - National Computer Security Center
- NII - National Information Infrastructure
- NSC - National Security Council
- NSDD 298 - National Security Decision Directive 298
- NSTISSI - National Security Telecommunications and Information Systems
- OPSEC - Operations Security
- OSINT - Open Source Intelligence
- PSYOP - Psychological Operations
- SAP - Special Access Program
- SIGINT - Signals Intelligence
- SIGSEC - Signals Security
- TAISS - Telecommunications and Automated Information Systems Security
- TELIN. - Telemetry Intelligence
- TRANSEC - Transmission Security