Automated Information System. An assembly of computer hardware, firmware, and/or software configured to collect, create, communicate, compute, disseminate, process, store, and/or control data or information.
AlS Storage Media. The physical substance(s) used by an AS system upon which data are recorded.
Clearing AIS Storage Media. Removal of sensitive data from an AS at the end of a period of processing, including from AlS storage devices and other peripheral devices with storage capacity, in such a way that there is assurance, proportional to the sensitivity of the data, that the data may not be reconstructed using normal system capabilities, i.e., through the keyboard. An AlS need not be disconnected from any external network before a clear.
Coercive Force. A negative or reverse magnetic force applied for reducing magnetic induction to zero.
Coerclvlry. The amount of applied magnetic field (of opposite polarity) required to reduce magnetic induction to zero. It is often used to represent the ease with which magnetic media can be degaussed.
Configuration Control. The process of controlling modifications to the system's hardware, firmware, software, and documentation that provide sufficient assurance that the system is protected against the introduction of improper modifications before, during, and after system implementation. Compare "configuration management."
Configuration Management. The management of security features and assurances through control of changes made to a system's hardware, software, firmware, documentation, test, test fixtures and test documentation throughout the development and operational life of the system. Compare "configuration control."
Data. A representation of facts, concepts, information, or instructions suitable for communication, interpretation, or processing by humans or by an AIS.
Declassification of AlS Storage Media. A procedure and an administrative decision to remove the security classification of the subject media.
Degausser. A device that can generate a magnetic field for degaussing magnetic storage media.
Degausslng. To reduce magnetic induction to zero by applying a reverse magnetizing field. Also called "demagnetizing."
Degausser Products List (DPL). A list of commercially produced degaussers that meet National Security Agency specifications as set forth in reference 13. The National Security Agency includes this list in their Information Systems Security Products and Services Catalogue.
Designated Approving Authority (DAA). The official who has the authority to decide to accept the security safeguards prescribed for an AlS or the official who may be responsible for issuing an accreditation statement that records the decision to accept those safeguards. The DAA must be at an organizational level such that he or she has the authority to evaluate the overall mission requirements of the AlS and provide definitive directions to AlS developers or owners relative to the risk in the security posture of the AIS.
Downgrade. A procedure and an administrative decision to reduce the security classification of the subject media.
Erasure. A process by which data recorded on storage media is removed.
Gauss. A unit mea,sure of the magnetic flux density produced by a magnetizing force.
InformatIon System Security Officer (1550). The person responsible to the DAA for ensuring that security is provided for and implemented throoghout the life cycle of an AS from the beginning of the system concept development phase through its design, development, operation, maintenance, and secure disposal.
Information Systems Security Products and Services Catalogue (INFOSEC Catalog). A catalog issued quarterly by the National Security Agency to assist in the selection of products and services that will provide an appropriate level of information security. The National Security Agency issues the DPL in this publication, which is available through the Government Printing Office.
Inter-Record Gap. The "area" between data records on a magnetic tape.
Keyboard Attack. Data scavenging through resources available to normal system users, which may include advanced software diagnostic tools.
Laboratory Attack. Data scavenging through the aid of what could be precise or elaborate equipment.
Magnetic Field Intensity. The magnetic force required to produce a desired magnetic flux, given as the symbol H (see definition of "oersted").
Magnetic Flux. Lines of force representing a magnetic field.
Magnetic Flux Density. The representation of the strength of a magnetic field, given as the symbol B (see definition of "gauss").
Magnetic Remanence. The magnetic flux density that remains in a magnetic circuit after the removal of an applied magnetic field. For discussion purposes, it is better to characterize magnetic remanence as the magnetic representation of residual information that remains on magnetic media after the media has been erased.
Magnetic Saturation. The condition in which an increase in magnetizing force will produce little or no increase in magnetization.
Object Reuse. The reassignment to some subject of a medium (e.g., page frame, disk sector, or magnetic tape) that contained one or more objects. To be securely reassigned, no residual data from the previously contained object(s) can be available to the new subject through standard system mechanisms.
Oersted. A unit of magnetic field strength.
Overwrite Procedure. A procedure to destroy data recorded on AIS storage media by recording patterns of unclassified data over the data stored on the media.
Permanent Magnet Degausser. Hand-held permanent magnet that generates a magnetic field for degaussing magnetic storage media.
Purge. The removal of sensitive data from an AIS at the end of a period of processing, including from AIS storage devices and. other peripheral devices with storage capacity, in such a way that there is assurance proportional to the sensitivity of the data that the data may not be reconstructed through open-ended laboratory techniques. An AIS must be disconnected from any external network before a purge.
Remanence. The residual information that remains on storage media after erasure.
Scavenging. Searching through object residue (file storage space) to acquire unauthorized data.
Trusted Computer System Evaluation Criteria (TCSEC). A document published by the National Computer Security Center containing a uniform set of basic requirements and evaluation classes for assessing degrees of assurance in the effectiveness of hardware and software security controls built into systems. These criteria are intended for use in the design and evaluation of systems that will process and/or store sensitive or classified data. This document is DoD 5200.28- STD and is often called The Criteria or The Orange Book.
Trusted Computing Base (TCB). The totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination of which is responsible for enforcing a security policy. A TCB consists of one or more components that together enforce a unified security policy over a product or system. The ability of a TCB to correctly enforce a security policy depends solely on the mechanisms within the TCB and on the correct input by system administrative personnel of parameters (e.g., a user's clearance) related to the security policy.
Trusted Computing System. A system that employs sufficient hardware and software integrity measures to allow its use for simultaneously processing a range of sensitive or classified information.
Type l Tape. Magnetic tape whose coercivity does not exceed 350 oersteds (also known as low-energy tape).
Type II Tape. Magnetic tape whose coercivity ranges from 351 oersteds up to 750 oersteds (also known as high-energy tape).
Type III Tape. Magnetic tape whose coercivity exceeds 750 oersteds.