Glossary of COMSEC–Related Terms Used in CSE's IT Security

advertisement
UNCLASSIFIED
Glossary
of
COMSEC–Related Terms
Used in CSE’s IT Security Directives
November 2014
UNCLASSIFIED
Glossary of COMSEC-Related Terms
Introduction
This glossary contains a list of the terms and definitions used in the following Information Technology Security
Directives (ITSD) published by the Communications Security Establishment (CSE):

IT Security Directive for the Application of Communications Security Using CSE-Approved Solutions
(ITSD-01A), January 2014;

IT Security Directive for the Control of COMSEC Material in the Government of Canada (ITSD-03A),
March 2014;

Directive for the Use of CSEC-Approved COMSEC Equipment and Key on a Telecommunications Network
(ITSD-04), November 2011;

Directive for Reporting and Evaluating COMSEC Incidents Involving Accountable COMSEC Material
(ITSD-05), April 2012; and

Directive for the Control of COMSEC Material in the Canadian Private Sector (ITSD-06), June 2013;
NOTE: This glossary supports also the Canadian Cryptographic Doctrine published by CSE.
November 2014
1
UNCLASSIFIED
Glossary of COMSEC-Related Terms
Glossary
Term
Definition
5-Eyes
Canada, Australia, New Zealand, United Kingdom and United States.
Access
The capability and opportunity to gain knowledge or possession of, or to
alter, information or material.
Access Control
Ensuring authorized access to assets within a facility or restricted area by
screening visitors and material at entry points by personnel, guards or
automated means and, where required, escorting visitors and monitoring
their movement within the facility or restricted access areas.
Accountability
The responsibility of an individual for the safeguard and control of
COMSEC material which has been entrusted to his or her custody.
Accountable COMSEC
Material (ACM)
Communications Security (COMSEC) material that requires control and
accountability within the National COMSEC Material Control System in
accordance with its accounting legend code and for which transfer or
disclosure could be detrimental to the national security of Canada.
Accountable COMSEC
Material Control Agreement
(ACMCA)
A binding agreement between Communications Security Establishment and
an entity (Government or Canadian private sector) not listed in Schedules I,
I.1, II, IV and V of the Financial Administration Act that will permit the
acquisition, accounting, control, management and final disposition of
communications security material.
Accounting Legend Code
(ALC)
A numeric code used to indicate the minimum accounting controls for
Communications Security (COMSEC) material within the National
COMSEC Material Control System.
Accounting Legend Code 1
(ALC 1)
A numeric code assigned to physical and electronic Accountable COMSEC
Material (ACM) that is subject to continuous accountability by serial and/or
register number to the National Central Office of Record/Central Office of
Record (NCOR/COR) within the National COMSEC Material Control
System (NCMCS).
Accounting Legend Code 2
(ALC 2)
A numeric code assigned to physical Accountable COMSEC Material
(ACM) that is subject to continuous accountability by quantity to the
National Central Office of Record/Central Office of Record (NCOR/COR)
within the National COMSEC Material Control System (NCMCS).
Accounting Legend Code 4
(ALC 4)
A numeric code assigned to physical Accountable COMSEC Material
(ACM) and traditional key in electronic format that, following initial receipt,
is locally accountable by serial and/or register number to the responsible
COMSEC Account within the National COMSEC Material Control System
(NCMCS).
Accounting Legend Code 6
(ALC 6)
A numeric code assigned to electronic key that is subject to continuous
accountability by register number(s) to the National Central Office of
Record/Central Office of Record (NCOR/COR) within the National
COMSEC Material Control System (NCMCS).
November 2014
2
UNCLASSIFIED
Glossary of COMSEC-Related Terms
Accounting Legend Code 7
(ALC 7)
A numeric code assigned to electronic key that, following initial receipt, is
subject to local accountability by register number(s) to the responsible
COMSEC Account within the National COMSEC Material Control System
(NCMCS).
Audit
The process of conducting an independent review and examination of system
records and activities in order to test the adequacy of system controls, to
ensure compliance with established policy and operational procedures, and to
recommend any changes in controls, policy, or procedures.
Audit Trail
A chronological record of system activities to enable the construction and
examination of a sequence of events or changes in an event (or both).
Authorized User
For the purpose of the IT Security Directives, an individual (other than the
Custodian, Alternate Custodian or Local Element), who is required to use
COMSEC material in the performance of assigned duties.
BLACK Key
Encrypted key.
Canadian Central Facility
(CCF)
The entity within Communications Security Establishment that provides
centralized cryptographic key management.
Canadian Cryptographic
Doctrine (CCD)
The minimum security standards for the safeguard, control and use of
Communications Security Establishment–approved cryptographic equipment
and systems.
Canadian Private Sector
Canadian organizations, companies or individuals that do not fall under the
Financial Administration Act or are not subordinate to a provincial or
municipal government.
Central Office of Record
(COR)
The office of a federal department or agency that keeps records of
accountable COMSEC material held by elements subject to its oversight.
Common Fill Device (CFD)
One of a family of cryptographic equipment developed to read-in, transfer, or
store cryptographic key (e.g. KOI-18, KYK-13 and KYX-15).
Communications Security
(COMSEC)
The application of cryptographic, transmission, emission and physical
security measures, and operational practices and controls, to deny
unauthorized access to information derived from telecommunications and to
ensure the authenticity of such telecommunications.
Compromise
The unauthorized access to, disclosure, destruction, removal, modification,
use or interruption of assets or information.
Compromising Incident
An incident that results in loss of control, unauthorized access or viewing of
accountable COMSEC material and that may have a serious negative
consequence to operational security.
COMSEC Account
An administrative entity, identified by an account number, used to maintain
accountability, custody and control of accountable COMSEC material
produced by or entrusted to the entity.
November 2014
3
UNCLASSIFIED
Glossary of COMSEC-Related Terms
COMSEC Client Services
An entity within Communications Security Establishment responsible to
provide advice, guidance and direction to the Government of Canada and
sponsored Canadian private sector, for the planning, acquisition and
operation of high assurance products, COMSEC material and services.
COMSEC Custodian
The individual designated by the departmental COMSEC authority to be
responsible for the receipt, storage, access, distribution, accounting, disposal
and destruction of all COMSEC material that has been charged to the
departmental COMSEC Account.
COMSEC Incident
Any occurrence that jeopardizes or potentially jeopardizes the security of
classified or protected Government of Canada information while it is being
stored, processed, transmitted or received.
COMSEC Material
An item designed to secure or authenticate telecommunications information.
COMSEC material includes, but is not limited to, cryptographic key,
equipment, modules, devices, documents, hardware, firmware or software
that embodies or describes cryptographic logic and other items that perform
COMSEC functions.
COMSEC Sub-Account
An administrative entity, identified by an account number, established by a
COMSEC Account to assist in the control of the COMSEC material
produced by or entrusted to the COMSEC Account.
COMSEC Sub-Account
Custodian
The individual designated by the departmental COMSEC authority to be
responsible for the receipt, storage, access, distribution, accounting, disposal
and destruction of all COMSEC material that has been charged to the
COMSEC Sub-Account.
CONFIDENTIAL
A level of classification that applies to information that, if compromised,
could reasonably be expected to cause injury to the national interest. In
capital letters “CONFIDENTIAL” indicates level of sensitivity.
Controlled Cryptographic
Item (CCI)
An unclassified secure telecommunications or information system, or
associated cryptographic component, that is governed by a special set of
control requirements within the National COMSEC Material Control System
and marked “CONTROLLED CRYPTOGRAPHIC ITEM” or, where space
is limited, “CCI”.
Controlling Authority (CA)
The entity designated to manage the operational use and control of key
assigned to a cryptographic network.
Courier Certificate
A certificate that authorizes an individual to transport classified or protected
information and assets.
CRYPTO
A caveat, as well as a marking, applied to a cryptographic item to indicate
that it is subject to specific controls governing access, distribution, storage,
accounting, disposal, and destruction.
Crypto Material Assistance
Centre (CMAC)
The entity within Communications Security Establishment responsible for all
aspects of key ordering including privilege management, the management of
the National Central Office of Record and the administration of the
Assistance Centre.
November 2014
4
UNCLASSIFIED
Glossary of COMSEC-Related Terms
Cryptographic
Pertaining to or concerned with cryptography.
NOTE:
Often abbreviated as “crypto” and used as a prefix, e.g. cryptonet.
Cryptographic Equipment
Equipment that performs encryption, decryption, authentication or key
generation functions.
Cryptographic High Value
Product (CHVP)
A product incorporating only UNCLASSIFIED components and
UNCLASSIFIED cryptographic algorithms. A Cryptographic High Value
Product is not classified nor designated as a Controlled Cryptographic Item.
Cryptographic Ignition Key
(CIK)
A device or electronic key that can be used to access the secure mode of
cryptographic equipment.
Cryptographic Key
A numerical value used to control cryptographic operations, such as
decryption, encryption, signature generation, or signature validation.
Cryptographic Logic
The embodiment of one (or more) cryptographic algorithm(s) along with
alarms, checks, and other processes essential to effective and secure
performance of the cryptographic process(es).
Cryptographic Material
All material, including documents, devices and equipment, which contain
cryptographic information and is essential to the encryption, decryption or
authentication of communications.
Cryptographic Network
(cryptonet)
Two or more pieces of cryptographic equipment connected together that
utilize cryptographic key for the protection of information.
Cryptoperiod
A specific length of time during which a cryptographic key is in effect.
CSE Industrial COMSEC
Account (CICA)
The entity at the Communications Security Establishment responsible for
developing, implementing, maintaining, coordinating and monitoring a
private sector communications security program that is consistent with the
Policy on Government Security and its related policy instruments for the
management of accountable COMSEC material.
Departmental COMSEC
Authority (DCA)
The individual designated by, and responsible to, the departmental security
officer for developing, implementing, maintaining, coordinating and
monitoring a departmental communications security program which is
consistent with the Policy on Government Security and its standards.
Departmental Security
Officer (DSO)
The individual responsible for developing, implementing, maintaining,
coordinating and monitoring a departmental security program consistent with
the Policy on Government Security and its standards.
Doctrine (IT Security
Doctrine)
The fundamental rules and procedures that govern the protection, control and
use of information technology security equipment, systems and material as
promulgated by the responsible national authority.
Electronic Key
A key that is stored on magnetic or optical media, or in electronic memory,
transferred by electronic circuitry, or loaded into cryptographic equipment.
Exception
An authorization granted by COMSEC Client Services for an agreed-upon
deviation or divergence from a specific minimum COMSEC requirement.
Government of Canada (GC)
Department
Any federal department, organization, agency or institution subject to the
Policy on Government Security.
November 2014
5
UNCLASSIFIED
Glossary of COMSEC-Related Terms
High Assurance
The demonstration of confidence that a product or system, through the
robustness of its security controls, its related policies, doctrine, processes,
procedures, and the thorough evaluation and validation of its design and
operations is able to protect Government of Canada information and
communications requiring the most stringent protection controls available.
Information Technology (IT)
The acquisition, processing, storage and dissemination of vocal, pictorial,
textual and numerical information by a combination of computing,
telecommunication and video.
Information Technology (IT)
Security
Safeguards to preserve the confidentiality, integrity, availability, intended use
and value of electronically stored, processed or transmitted information.
In-Process (IP) COMSEC
Material
Communications Security (COMSEC) material being developed, produced,
manufactured or repaired. See COMSEC Material.
Issue
The process of distributing COMSEC material from a COMSEC Account to
its COMSEC Sub-Account(s) or Local Element(s).
Key Management
The procedures and mechanisms for generating, disseminating, replacing,
storing, archiving, and destroying cryptographic key.
Key Material Support Plan
(KMSP)
A detailed description of the communication security requirements of a
cryptographic network.
Key Segment
A key that is valid for a specific cryptoperiod.
Keyed
Refers to the state of a cryptographic equipment in which cryptographic key
has been loaded for use or storage.
Keying Material
A key, code, or authentication information in physical, electronic or
magnetic form.
Local Accounting
The process by which a COMSEC Custodian records and controls, in the
National COMSEC Material Control System, COMSEC material that is not
reportable to the Central Office of Record.
Local Element
An individual registered at a COMSEC Account or COMSEC Sub-Account
who is authorized to receive COMSEC material from that account.
Local Tracking
The process used by the COMSEC Custodian to control and monitor the
movement of COMSEC-related material outside of the National COMSEC
Material Control System.
NOTE: This process does not assign an Accounting Legend Code.
Locked
Refers to the state of a cryptographic equipment in which the secure mode
has not been accessed (e.g. by means of a Cryptographic Ignition Key [CIK],
a Personal Identification Number [PIN] or a combination of CIK/PIN and
password).
Modification
Any change to the electrical, mechanical or software characteristics of a
piece of cryptographic equipment.
November 2014
6
UNCLASSIFIED
Glossary of COMSEC-Related Terms
National Central Office of
Record (NCOR)
The entity at Communications Security Establishment responsible for
overseeing the management and accounting of all accountable COMSEC
material, produced in, or entrusted to, Canada.
National COMSEC Audit
Team (NCAT)
The entity at Communications Security Establishment responsible for
conducting COMSEC audits of the COMSEC Accounts within the National
COMSEC Material Control System.
National COMSEC Incidents
Office (NCIO)
The entity at Communications Security Establishment responsible for
managing communications security incidents through registration,
investigation, assessment, evaluation and closure.
National COMSEC Material
Control System (NCMCS)
A centralized system, which includes personnel, training and procedures, that
enables Government of Canada departments to effectively control and handle
accountable COMSEC material.
National Distribution
Authority (NDA)
The entity within the Canadian Communications Security (COMSEC)
community responsible for the secure receipt, storage, distribution and
disposal of COMSEC material originating at Communications Security
Establishment or received from or destined to foreign countries.
National Interest
The security and the social, political and economic stability of Canada.
Other Levels of Government
(OLG)
Provincial, municipal and local government organizations (e.g law
enforcement agencies).
Over-The-Air Rekey
(OTAR)
The changing of traffic encryption key or transmission security key in remote
cryptographic equipment by sending new key directly to the equipment over
the communications path it secures.
Over-the-Air Transfer
(OTAT)
The electronic distribution of cryptographic key without changing the traffic
encryption key used to secure the communications path.
Permuter
Device used in cryptographic equipment to change the order in which the
contents of a shift register are used in various non-linear combining circuits.
Plik
A tamper evident, theft prevention, high security seal that is affixed to
packages before shipment.
Protective Packaging
Packaging techniques for COMSEC material, which discourage penetration,
reveal that a penetration has occurred, or inhibit viewing and copying of
COMSEC material, before the time it is exposed for use.
RED
Designation applied to an information system, and associated areas, circuits,
components, and equipment in which unencrypted information is being
processed.
RED Key
Unencrypted key.
Removable Storage Medium
(RSM)
A small device that is used to transport or store data (e.g. disks, memory
cards, flash drives).
Security Assessment
The process of verifying that the security requirements established for a
particular information system are met and that the controls are implemented
correctly, work as intended and produce the desired outcome. Synonym of
Certification.
November 2014
7
UNCLASSIFIED
Glossary of COMSEC-Related Terms
Security Authorization
The senior management decision to accept the residual risk of operating an
information system, based on the Security Authorization Package. Synonym
of Accreditation.
Short Title
An identifying combination of letters and numbers assigned to COMSEC
material to facilitate handling, accounting and control.
Sight Inventory
The physical verification of the presence of each item of COMSEC material
charged to a COMSEC Account or Sub-Account.
Supersession
The scheduled or unscheduled replacement of a cryptographic key or
COMSEC publication with a different edition.
Telecommunications
The emission, transmission or reception of electrical signals conveying data
by wire, cable, radio, optical or other electromagnetic system.
Telecommunications
Network
A collection of terminals, links and nodes which connect together to enable
telecommunications between users of the terminals.
TEMPEST
Refers to the investigation and study of Compromising Emanations (CE).
The unintentional transmission of CE results in a secondary, unwanted
communications channel known as a TEMPEST channel.
Threat and Risk Assessment
(TRA)
A process in which the objective is to identify system assets, to identify how
these assets can be compromised by threat agents, to assess the level of risk
that the threat agents pose to the assets and recommend the necessary
safeguards in order to mitigate effects of the threat agents.
Tier 3 Management Device
(T3MD)
A cryptographic equipment that securely stores, transports and transfers
(electronically) cryptographic key and that is programmable to support
modern mission systems.
Transfer
The process of distributing COMSEC material from one COMSEC Account
to another COMSEC Account.
Two-Person Integrity (TPI)
A control procedure whereby TOP SECRET key and other specified key
must not be handled by or made available to one individual only.
Unkeyed
Refers to the state of a cryptographic equipment in which no cryptographic
key has been loaded for use or storage.
Unlocked
Refers to the state of a cryptographic equipment in which the secure mode
has been accessed (e.g. by means of a Cryptographic Ignition Key [CIK], a
Personal Identification Number [PIN] or a combination of CIK/PIN and
password).
Waiver
An authorization granted by COMSEC Client Services to be excluded from
the obligation of adherence to a specific minimum COMSEC requirement.
November 2014
8
Download