AAAccreditation Authority AS&WAttack Sensing and warning ATOApproval to Operate AvailabilityThe property of being accessible and useable upon demand by an authorized entity. NIST SP 800-53: Ensuring timely and reliable access to and use of information. CNSS Instruction No. 4009

CACertifying Authority CAPconnection approval process CCTLCommon Criteria Testing Laboratory CDScross domain solution CGICommon Gateway Interface CIOChief Information Officer CIFSCommon Internet File System CJCSMChairman of the Joint Chiefs of Staff Manual CND SPComputer Network Defense Service Provider CNSSICommittee on National Security Systems COACourses of Action COICommunity of Interest ConfidentialityThe property that information is not disclosed to system entities (users, processes, devices) unless they have been authorized to access the information. NIST SP 800-53: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. CNSS Instruction No. 4009 COPCommon Operational Picture CVECommon Vulnerabilities Exposures

DAA Designated Approving Authority: Official with the authority to formally assume responsibility for operating a system at an acceptable level of risk. This term is synonymous with designated approving authority and delegated accrediting authority. CNSS Instruction No. 4009 DBMSData Base Management System DCIIDefense Clearance and Investigations Index DCIODefense Criminal Investigative Office DIADefense Intelligence Agency DIACAPDepartment of Defense Information Assurance Certification and Accreditation Process DIIDefense Information Infrastructure DISADefense Information Systems Agency DMCADigital Millenium Copyright Act DNIDirector of National Intelligence DoDDDepartment of Defense Directive DoDIDepartment of Defense Instruction DoDIISDepartment of Defense Intelligence Information Systems DSAWGDISN Security and Accreditation Working Group

ETAEducation, Training and Awareness

FARAFederal Acquisitions Reform Act FISMAFederal Information Security Management Act FLNForeign Local National FN Foreign National FOIAFreedom of Information Act

GEMGIG Enterprise Management GIGglobal information grid GNDGIG Network Defense Gold DisksA series of operating system baseline security configuration management tools that implement the applicable Security Technical Implementation Guides (STIGs).

HBBSHost-Based Security Systems HIDSHost-Based Intrusion Detection System HIPAAHealth Insurance Portability and Accountability Act Host-Based Security Systems (HBSS)A DoD enterprise-wide Information Assurance (IA) tool available to support the IAVM program and ensure secure network operations. HBSS provides centralized management of host-based capabilities and enforcing standard configurations of host machines, monitors and blocks intrusions, provides automatic signature updates, and provides capability to monitor security status from centralized console. HRHuman Resources HSPDHomeland Security Presidential Directive HTMLHyper Text Markup Language

IA Information Assurance: Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for, restoration of information systems by incorporating protection, detection, and reaction capabilities. CNSS Instruction No. 4009 I&Windications and Warnings IAMInformation Assurance Manager IAOInformation Assurance Officer IATOInterim Approval to Operate IAVAInformation Assurance Vulnerabillity Alert IAVBInformation Assurance Vulnerabillity Bulletin IAVMThe Information Assurance Vulnerability Management ICIntelligence Community IDM/CSInformation Dissemination Management/Content Staging IEInternet Explorer IMInstant Messaging INFOCONinformation Operations Condition Information Assurance Vulnerability Management (IAVM)The IAVM Program provides the ability to quickly notify services, combatant commands, defense agencies, and other DoD components of vulnerabilities and the actions needed to correct those vulnerabilities. IntegrityThe property whereby an entity has not been modified in an unauthorized manner. NIST SP 800-53: Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. CNSS Instruction No. 4009 IPSIntrusion Protection System

JTF-GNOJoint Task Force - Global Network Operations

MAC1. Mission Assurance Category (Source: DoDI 8500.2) 2. Mandatory Access Control (Source: CNSS Instruction No. 4009) MoAMemorandum of Agreement MoUMemorandum of Understanding MSMicrosoft

NACINational Agency Check with Inquiries NACLCNational Agency Check with Local Agency Check and Credit Check NIINational Information Infrastructure NIPRNETNon-secure Internet Protocol Router Network NISTNational Institute of Standards and Technology NNTPNetwork News Transfer Protocol NSTISSCNational Security Telecommunications and Information Systems Security Committee

OMBOffice of Management and Budget

PAAPrincipal Accrediting Authority Source: Interim DoD Certification and Accreditation Guidance, 6 July 2006 PDDPresidential Decision Directive PIIPersonally Identifiable Information PIRpriority intelligence requirements POA&MPlan of Action and Milestones PPSPorts, protocols, and services P2PPeer-to-Peer

RFPRequest for Proposal RPCRemote Procedure Calls

SASystem Administrator SABIsecret and below interoperability SCCVISecure Configuration Compliance Validation Initiative SCMService Control Manager SCRISecure Configuration Remediation Initiative SDEPSpyware Detection, Eradication and Protection Secure Configuration Compliance Validation Initiative (SCCVI)A DoD enterprise-wide Information Assurance (IA) tool available to support the IAVM program and ensure secure network operations. SCCVI utilizes eEye Digital Security’s Retina® Network Security Scanner and its Remote Enterprise Management (REM) console to provide vulnerability assessment capability. Secure Configuration Remediation Initiative (SCRI)A DoD enterprise-wide Information Assurance (IA) tool available to support the IAVM program and ensure secure network operations. SCRI utilizes Citadel Hercules® to provide automated vulnerability remediation capability and apply patches, upgrades, fixes, or custom changes to systems affected by IAVM notices. SIAOSenior Information Assurance Officer SIISecurity/Suitability Index SIPRNETSecret Internet Protocol Router Network SMSShort Message Service SMTPSimple Mail Transfer Protocol SPCService Control Program Spyware Detection, Eradication and Protection (SDEP)A DoD enterprise-wide Information Assurance (IA) tool available to support the IAVM program and ensure secure network operations. SDEP is an enterprise-wide anti-spyware solution that utilizes CA etrust® PestPatrol® and CleverPath™ Forest & Trees®. SDEP detects and removes spyware, adware, trojans, hacker tools, and peer-to-peer (P2P ) and provides a monitoring and reporting capability. SQLStructured Query Language SSBISingle Scope Background Investigation

TATechnical Advisory TASOTerminal Area Security Officer TCPTransmission Control Protocol TCP/UDPTransmission Control Protocol/ User Diagram Protocol

UDPUser Diagram Protocol UNIXUNIX System USSTRATCOMUnited States Strategic Command

VAVulnerability Assessment VLANVirtual LAN VMSVulnerability Management System

WANWide Area Network WSUSWindows Server Update Services Windows Server Update Services (WSUS)A DoD enterprise-wide Information Assurance (IA) tool available to support the IAVM program and ensure secure network operations. WSUS is a Microsoft automated patching system that is implemented on the NIPRNet and SIPRNet.

XPWindows XP