Glossary of COMSEC–Related Terms Used in CSE's IT Security
advertisement
UNCLASSIFIED Glossary of COMSEC–Related Terms Used in CSE’s IT Security Directives November 2014 UNCLASSIFIED Glossary of COMSEC-Related Terms Introduction This glossary contains a list of the terms and definitions used in the following Information Technology Security Directives (ITSD) published by the Communications Security Establishment (CSE): IT Security Directive for the Application of Communications Security Using CSE-Approved Solutions (ITSD-01A), January 2014; IT Security Directive for the Control of COMSEC Material in the Government of Canada (ITSD-03A), March 2014; Directive for the Use of CSEC-Approved COMSEC Equipment and Key on a Telecommunications Network (ITSD-04), November 2011; Directive for Reporting and Evaluating COMSEC Incidents Involving Accountable COMSEC Material (ITSD-05), April 2012; and Directive for the Control of COMSEC Material in the Canadian Private Sector (ITSD-06), June 2013; NOTE: This glossary supports also the Canadian Cryptographic Doctrine published by CSE. November 2014 1 UNCLASSIFIED Glossary of COMSEC-Related Terms Glossary Term Definition 5-Eyes Canada, Australia, New Zealand, United Kingdom and United States. Access The capability and opportunity to gain knowledge or possession of, or to alter, information or material. Access Control Ensuring authorized access to assets within a facility or restricted area by screening visitors and material at entry points by personnel, guards or automated means and, where required, escorting visitors and monitoring their movement within the facility or restricted access areas. Accountability The responsibility of an individual for the safeguard and control of COMSEC material which has been entrusted to his or her custody. Accountable COMSEC Material (ACM) Communications Security (COMSEC) material that requires control and accountability within the National COMSEC Material Control System in accordance with its accounting legend code and for which transfer or disclosure could be detrimental to the national security of Canada. Accountable COMSEC Material Control Agreement (ACMCA) A binding agreement between Communications Security Establishment and an entity (Government or Canadian private sector) not listed in Schedules I, I.1, II, IV and V of the Financial Administration Act that will permit the acquisition, accounting, control, management and final disposition of communications security material. Accounting Legend Code (ALC) A numeric code used to indicate the minimum accounting controls for Communications Security (COMSEC) material within the National COMSEC Material Control System. Accounting Legend Code 1 (ALC 1) A numeric code assigned to physical and electronic Accountable COMSEC Material (ACM) that is subject to continuous accountability by serial and/or register number to the National Central Office of Record/Central Office of Record (NCOR/COR) within the National COMSEC Material Control System (NCMCS). Accounting Legend Code 2 (ALC 2) A numeric code assigned to physical Accountable COMSEC Material (ACM) that is subject to continuous accountability by quantity to the National Central Office of Record/Central Office of Record (NCOR/COR) within the National COMSEC Material Control System (NCMCS). Accounting Legend Code 4 (ALC 4) A numeric code assigned to physical Accountable COMSEC Material (ACM) and traditional key in electronic format that, following initial receipt, is locally accountable by serial and/or register number to the responsible COMSEC Account within the National COMSEC Material Control System (NCMCS). Accounting Legend Code 6 (ALC 6) A numeric code assigned to electronic key that is subject to continuous accountability by register number(s) to the National Central Office of Record/Central Office of Record (NCOR/COR) within the National COMSEC Material Control System (NCMCS). November 2014 2 UNCLASSIFIED Glossary of COMSEC-Related Terms Accounting Legend Code 7 (ALC 7) A numeric code assigned to electronic key that, following initial receipt, is subject to local accountability by register number(s) to the responsible COMSEC Account within the National COMSEC Material Control System (NCMCS). Audit The process of conducting an independent review and examination of system records and activities in order to test the adequacy of system controls, to ensure compliance with established policy and operational procedures, and to recommend any changes in controls, policy, or procedures. Audit Trail A chronological record of system activities to enable the construction and examination of a sequence of events or changes in an event (or both). Authorized User For the purpose of the IT Security Directives, an individual (other than the Custodian, Alternate Custodian or Local Element), who is required to use COMSEC material in the performance of assigned duties. BLACK Key Encrypted key. Canadian Central Facility (CCF) The entity within Communications Security Establishment that provides centralized cryptographic key management. Canadian Cryptographic Doctrine (CCD) The minimum security standards for the safeguard, control and use of Communications Security Establishment–approved cryptographic equipment and systems. Canadian Private Sector Canadian organizations, companies or individuals that do not fall under the Financial Administration Act or are not subordinate to a provincial or municipal government. Central Office of Record (COR) The office of a federal department or agency that keeps records of accountable COMSEC material held by elements subject to its oversight. Common Fill Device (CFD) One of a family of cryptographic equipment developed to read-in, transfer, or store cryptographic key (e.g. KOI-18, KYK-13 and KYX-15). Communications Security (COMSEC) The application of cryptographic, transmission, emission and physical security measures, and operational practices and controls, to deny unauthorized access to information derived from telecommunications and to ensure the authenticity of such telecommunications. Compromise The unauthorized access to, disclosure, destruction, removal, modification, use or interruption of assets or information. Compromising Incident An incident that results in loss of control, unauthorized access or viewing of accountable COMSEC material and that may have a serious negative consequence to operational security. COMSEC Account An administrative entity, identified by an account number, used to maintain accountability, custody and control of accountable COMSEC material produced by or entrusted to the entity. November 2014 3 UNCLASSIFIED Glossary of COMSEC-Related Terms COMSEC Client Services An entity within Communications Security Establishment responsible to provide advice, guidance and direction to the Government of Canada and sponsored Canadian private sector, for the planning, acquisition and operation of high assurance products, COMSEC material and services. COMSEC Custodian The individual designated by the departmental COMSEC authority to be responsible for the receipt, storage, access, distribution, accounting, disposal and destruction of all COMSEC material that has been charged to the departmental COMSEC Account. COMSEC Incident Any occurrence that jeopardizes or potentially jeopardizes the security of classified or protected Government of Canada information while it is being stored, processed, transmitted or received. COMSEC Material An item designed to secure or authenticate telecommunications information. COMSEC material includes, but is not limited to, cryptographic key, equipment, modules, devices, documents, hardware, firmware or software that embodies or describes cryptographic logic and other items that perform COMSEC functions. COMSEC Sub-Account An administrative entity, identified by an account number, established by a COMSEC Account to assist in the control of the COMSEC material produced by or entrusted to the COMSEC Account. COMSEC Sub-Account Custodian The individual designated by the departmental COMSEC authority to be responsible for the receipt, storage, access, distribution, accounting, disposal and destruction of all COMSEC material that has been charged to the COMSEC Sub-Account. CONFIDENTIAL A level of classification that applies to information that, if compromised, could reasonably be expected to cause injury to the national interest. In capital letters “CONFIDENTIAL” indicates level of sensitivity. Controlled Cryptographic Item (CCI) An unclassified secure telecommunications or information system, or associated cryptographic component, that is governed by a special set of control requirements within the National COMSEC Material Control System and marked “CONTROLLED CRYPTOGRAPHIC ITEM” or, where space is limited, “CCI”. Controlling Authority (CA) The entity designated to manage the operational use and control of key assigned to a cryptographic network. Courier Certificate A certificate that authorizes an individual to transport classified or protected information and assets. CRYPTO A caveat, as well as a marking, applied to a cryptographic item to indicate that it is subject to specific controls governing access, distribution, storage, accounting, disposal, and destruction. Crypto Material Assistance Centre (CMAC) The entity within Communications Security Establishment responsible for all aspects of key ordering including privilege management, the management of the National Central Office of Record and the administration of the Assistance Centre. November 2014 4 UNCLASSIFIED Glossary of COMSEC-Related Terms Cryptographic Pertaining to or concerned with cryptography. NOTE: Often abbreviated as “crypto” and used as a prefix, e.g. cryptonet. Cryptographic Equipment Equipment that performs encryption, decryption, authentication or key generation functions. Cryptographic High Value Product (CHVP) A product incorporating only UNCLASSIFIED components and UNCLASSIFIED cryptographic algorithms. A Cryptographic High Value Product is not classified nor designated as a Controlled Cryptographic Item. Cryptographic Ignition Key (CIK) A device or electronic key that can be used to access the secure mode of cryptographic equipment. Cryptographic Key A numerical value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature validation. Cryptographic Logic The embodiment of one (or more) cryptographic algorithm(s) along with alarms, checks, and other processes essential to effective and secure performance of the cryptographic process(es). Cryptographic Material All material, including documents, devices and equipment, which contain cryptographic information and is essential to the encryption, decryption or authentication of communications. Cryptographic Network (cryptonet) Two or more pieces of cryptographic equipment connected together that utilize cryptographic key for the protection of information. Cryptoperiod A specific length of time during which a cryptographic key is in effect. CSE Industrial COMSEC Account (CICA) The entity at the Communications Security Establishment responsible for developing, implementing, maintaining, coordinating and monitoring a private sector communications security program that is consistent with the Policy on Government Security and its related policy instruments for the management of accountable COMSEC material. Departmental COMSEC Authority (DCA) The individual designated by, and responsible to, the departmental security officer for developing, implementing, maintaining, coordinating and monitoring a departmental communications security program which is consistent with the Policy on Government Security and its standards. Departmental Security Officer (DSO) The individual responsible for developing, implementing, maintaining, coordinating and monitoring a departmental security program consistent with the Policy on Government Security and its standards. Doctrine (IT Security Doctrine) The fundamental rules and procedures that govern the protection, control and use of information technology security equipment, systems and material as promulgated by the responsible national authority. Electronic Key A key that is stored on magnetic or optical media, or in electronic memory, transferred by electronic circuitry, or loaded into cryptographic equipment. Exception An authorization granted by COMSEC Client Services for an agreed-upon deviation or divergence from a specific minimum COMSEC requirement. Government of Canada (GC) Department Any federal department, organization, agency or institution subject to the Policy on Government Security. November 2014 5 UNCLASSIFIED Glossary of COMSEC-Related Terms High Assurance The demonstration of confidence that a product or system, through the robustness of its security controls, its related policies, doctrine, processes, procedures, and the thorough evaluation and validation of its design and operations is able to protect Government of Canada information and communications requiring the most stringent protection controls available. Information Technology (IT) The acquisition, processing, storage and dissemination of vocal, pictorial, textual and numerical information by a combination of computing, telecommunication and video. Information Technology (IT) Security Safeguards to preserve the confidentiality, integrity, availability, intended use and value of electronically stored, processed or transmitted information. In-Process (IP) COMSEC Material Communications Security (COMSEC) material being developed, produced, manufactured or repaired. See COMSEC Material. Issue The process of distributing COMSEC material from a COMSEC Account to its COMSEC Sub-Account(s) or Local Element(s). Key Management The procedures and mechanisms for generating, disseminating, replacing, storing, archiving, and destroying cryptographic key. Key Material Support Plan (KMSP) A detailed description of the communication security requirements of a cryptographic network. Key Segment A key that is valid for a specific cryptoperiod. Keyed Refers to the state of a cryptographic equipment in which cryptographic key has been loaded for use or storage. Keying Material A key, code, or authentication information in physical, electronic or magnetic form. Local Accounting The process by which a COMSEC Custodian records and controls, in the National COMSEC Material Control System, COMSEC material that is not reportable to the Central Office of Record. Local Element An individual registered at a COMSEC Account or COMSEC Sub-Account who is authorized to receive COMSEC material from that account. Local Tracking The process used by the COMSEC Custodian to control and monitor the movement of COMSEC-related material outside of the National COMSEC Material Control System. NOTE: This process does not assign an Accounting Legend Code. Locked Refers to the state of a cryptographic equipment in which the secure mode has not been accessed (e.g. by means of a Cryptographic Ignition Key [CIK], a Personal Identification Number [PIN] or a combination of CIK/PIN and password). Modification Any change to the electrical, mechanical or software characteristics of a piece of cryptographic equipment. November 2014 6 UNCLASSIFIED Glossary of COMSEC-Related Terms National Central Office of Record (NCOR) The entity at Communications Security Establishment responsible for overseeing the management and accounting of all accountable COMSEC material, produced in, or entrusted to, Canada. National COMSEC Audit Team (NCAT) The entity at Communications Security Establishment responsible for conducting COMSEC audits of the COMSEC Accounts within the National COMSEC Material Control System. National COMSEC Incidents Office (NCIO) The entity at Communications Security Establishment responsible for managing communications security incidents through registration, investigation, assessment, evaluation and closure. National COMSEC Material Control System (NCMCS) A centralized system, which includes personnel, training and procedures, that enables Government of Canada departments to effectively control and handle accountable COMSEC material. National Distribution Authority (NDA) The entity within the Canadian Communications Security (COMSEC) community responsible for the secure receipt, storage, distribution and disposal of COMSEC material originating at Communications Security Establishment or received from or destined to foreign countries. National Interest The security and the social, political and economic stability of Canada. Other Levels of Government (OLG) Provincial, municipal and local government organizations (e.g law enforcement agencies). Over-The-Air Rekey (OTAR) The changing of traffic encryption key or transmission security key in remote cryptographic equipment by sending new key directly to the equipment over the communications path it secures. Over-the-Air Transfer (OTAT) The electronic distribution of cryptographic key without changing the traffic encryption key used to secure the communications path. Permuter Device used in cryptographic equipment to change the order in which the contents of a shift register are used in various non-linear combining circuits. Plik A tamper evident, theft prevention, high security seal that is affixed to packages before shipment. Protective Packaging Packaging techniques for COMSEC material, which discourage penetration, reveal that a penetration has occurred, or inhibit viewing and copying of COMSEC material, before the time it is exposed for use. RED Designation applied to an information system, and associated areas, circuits, components, and equipment in which unencrypted information is being processed. RED Key Unencrypted key. Removable Storage Medium (RSM) A small device that is used to transport or store data (e.g. disks, memory cards, flash drives). Security Assessment The process of verifying that the security requirements established for a particular information system are met and that the controls are implemented correctly, work as intended and produce the desired outcome. Synonym of Certification. November 2014 7 UNCLASSIFIED Glossary of COMSEC-Related Terms Security Authorization The senior management decision to accept the residual risk of operating an information system, based on the Security Authorization Package. Synonym of Accreditation. Short Title An identifying combination of letters and numbers assigned to COMSEC material to facilitate handling, accounting and control. Sight Inventory The physical verification of the presence of each item of COMSEC material charged to a COMSEC Account or Sub-Account. Supersession The scheduled or unscheduled replacement of a cryptographic key or COMSEC publication with a different edition. Telecommunications The emission, transmission or reception of electrical signals conveying data by wire, cable, radio, optical or other electromagnetic system. Telecommunications Network A collection of terminals, links and nodes which connect together to enable telecommunications between users of the terminals. TEMPEST Refers to the investigation and study of Compromising Emanations (CE). The unintentional transmission of CE results in a secondary, unwanted communications channel known as a TEMPEST channel. Threat and Risk Assessment (TRA) A process in which the objective is to identify system assets, to identify how these assets can be compromised by threat agents, to assess the level of risk that the threat agents pose to the assets and recommend the necessary safeguards in order to mitigate effects of the threat agents. Tier 3 Management Device (T3MD) A cryptographic equipment that securely stores, transports and transfers (electronically) cryptographic key and that is programmable to support modern mission systems. Transfer The process of distributing COMSEC material from one COMSEC Account to another COMSEC Account. Two-Person Integrity (TPI) A control procedure whereby TOP SECRET key and other specified key must not be handled by or made available to one individual only. Unkeyed Refers to the state of a cryptographic equipment in which no cryptographic key has been loaded for use or storage. Unlocked Refers to the state of a cryptographic equipment in which the secure mode has been accessed (e.g. by means of a Cryptographic Ignition Key [CIK], a Personal Identification Number [PIN] or a combination of CIK/PIN and password). Waiver An authorization granted by COMSEC Client Services to be excluded from the obligation of adherence to a specific minimum COMSEC requirement. November 2014 8
