AAAccreditation Authority AS&WAttack Sensing and warning ATOApproval to Operate

CACertifying Authority CAPconnection approval process CCTLCommon Criteria Testing Laboratory CEComputing Environment: Includes local area network(s) server host and its operating system, peripherals, and applications. Source: DoD 8570.01-M, Appendix 1. CDScross domain solution CGICommon Gateway Interface CIOChief Information Officer CIFSCommon Internet File System CISACertified Information Security Auditor CISMCertified Information Security Manager CISSPCertified Information Systems Security Professional CISSP-ISSMPCertified Information Systems Security Professional-Information Systems Security Management Professional CJCSMChairman of the Joint Chiefs of Staff Manual CNDComputer Network Defense CND-AComputer Network Defense-Analyst CND-AUComputer Network Defense-Auditor CND-IRComputer Network Defense-Incident Responder CND-ISComputer Network Defense-Infrastructure Support CND-SPMComputer Network Defense-Service Provider Manager CND SPComputer Network Defense Service Provider CNSSICommittee on National Security Systems COACourses of Action COICommunity of Interest COPCommon Operational Picture CSIHComputer Security Incident Handler CVECommon Vulnerabilities Exposures

DAA Designated Approving Authority: Official with the authority to formally assume responsibility for operating a system at an acceptable level of risk. This term is synonymous with designated approving authority and delegated accrediting authority. CNSS Instruction No. 4009 DBMSData Base Management System DCIIDefense Clearance and Investigations Index DCIODefense Criminal Investigative Office DIADefense Intelligence Agency DIACAPDepartment of Defense Information Assurance Certification and Accreditation Process DIIDefense Information Infrastructure DISADefense Information Systems Agency DMCADigital Millenium Copyright Act DNIDirector of National Intelligence DoDDDepartment of Defense Directive DoDIDepartment of Defense Instruction DoDIISDepartment of Defense Intelligence Information Systems DSAWGDISN Security and Accreditation Working Group

EnclaveA collection of CE connected by one or more internal networks under the control of a single authority and security policy, including personnel and physical security. Enclaves provide standard IA capabilities such as boundary defense, incident detection and response, and key management, and also deliver common applications such as office automation and electronic mail. Enclaves are analogous to general support systems, as defined in OMB A-130 (Reference (il)). Enclaves may be specific to an organization or a mission and the CE may be organized by physical proximity or by function, independent of location. Examples of enclaves include local area networks and the applications they host, backbone networks, and data processing centers. Source: DoD 8570.01-M, Appendix 1. ETAEducation, Training and Awareness

FARAFederal Acquisitions Reform Act FISMAFederal Information Security Management Act FLNForeign Local National FN Foreign National FOIAFreedom of Information Act

GCIAGIAC Certified Intrusion Analyst GCIHGIAC Certified Incident Handler GEMGIG Enterprise Management GIACGlobal Information Assurance Certification GIGglobal information grid GNDGIG Network Defense Gold DisksA series of operating system baseline security configuration management tools that implement the applicable Security Technical Implementation Guides (STIGs). GSNAGIAC Systems and Network Auditor

HBBSHost-Based Security Systems HIDSHost-Based Intrusion Detection System HIPAAHealth Insurance Portability and Accountability Act Host-Based Security Systems (HBSS)A DoD enterprise-wide Information Assurance (IA) tool available to support the IAVM program and ensure secure network operations. HBSS provides centralized management of host-based capabilities and enforcing standard configurations of host machines, monitors and blocks intrusions, provides automatic signature updates, and provides capability to monitor security status from centralized console. HRHuman Resources HSPDHomeland Security Presidential Directive HTMLHyper Text Markup Language

IA Information Assurance: Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for, restoration of information systems by incorporating protection, detection, and reaction capabilities. CNSS Instruction No. 4009 I&Windications and Warnings IAMInformation Assurance Manager IAOInformation Assurance Officer IASAEInformation Assurance System Architect and Engineer IATInformation Assurance Technical IAT-IInformation Assurance Technical - Level 1 IATOInterim Approval to Operate IAVAInformation Assurance Vulnerabillity Alert IAVBInformation Assurance Vulnerabillity Bulletin IAVMThe Information Assurance Vulnerability Management ICIntelligence Community IDM/CSInformation Dissemination Management/Content Staging IDSIntrusion detection system IEInternet Explorer IMInstant Messaging INFOCONinformation Operations Condition Information Assurance Vulnerability Management (IAVM)The IAVM Program provides the ability to quickly notify services, combatant commands, defense agencies, and other DoD components of vulnerabilities and the actions needed to correct those vulnerabilities. IPSIntrusion Protection System ISC2International Information Systems Security Certifications Consortium ISSAPInformation Systems Security Architecture Professional ISSEPInformation Systems Security Engineering Professional ISSMPInformation Systems Security Management Professional

JTF-GNOJoint Task Force - Global Network Operations

MAC1. Mission Assurance Category (Source: DoDI 8500.2) 2. Mandatory Access Control (Source: CNSS Instruction No. 4009) MoAMemorandum of Agreement MoUMemorandum of Understanding MSMicrosoft

NACINational Agency Check with Inquiries NACLCNational Agency Check with Local Agency Check and Credit Check NIINational Information Infrastructure NENetwork Environment: The constituent element of an enclave responsible for connecting CE by providing short haul data transport capabilities, such as local or campus area networks, or long haul data transport capabilities, such as operational, metropolitan, or wide area and backbone networks that provides for the application of IA controls. Source DoD 8570.01-M, Appendix 1. NIPRNETNon-secure Internet Protocol Router Network NNTPNetwork News Transfer Protocol NSTISSCNational Security Telecommunications and Information Systems Security Committee

OMBOffice of Management and Budget

PAAPrincipal Accrediting Authority Source: Interim DoD Certification and Accreditation Guidance, 6 July 2006 PDDPresidential Decision Directive PIIPersonally Identifiable Information PIRpriority intelligence requirements POA&MPlan of Action and Milestones PPSPorts, protocols, and services P2PPeer-to-Peer

RFPRequest for Proposal RPCRemote Procedure Calls

SASystem Administrator SABIsecret and below interoperability SCCVISecure Configuration Compliance Validation Initiative SCMService Control Manager SCRISecure Configuration Remediation Initiative SDEPSpyware Detection, Eradication and Protection Secure Configuration Compliance Validation Initiative (SCCVI)A DoD enterprise-wide Information Assurance (IA) tool available to support the IAVM program and ensure secure network operations. SCCVI utilizes eEye Digital Security’s Retina® Network Security Scanner and its Remote Enterprise Management (REM) console to provide vulnerability assessment capability. Secure Configuration Remediation Initiative (SCRI)A DoD enterprise-wide Information Assurance (IA) tool available to support the IAVM program and ensure secure network operations. SCRI utilizes Citadel Hercules® to provide automated vulnerability remediation capability and apply patches, upgrades, fixes, or custom changes to systems affected by IAVM notices. SIAOSenior Information Assurance Officer SIISecurity/Suitability Index SIPRNETSecret Internet Protocol Router Network SMSShort Message Service SMTPSimple Mail Transfer Protocol SPCService Control Program Spyware Detection, Eradication and Protection (SDEP)A DoD enterprise-wide Information Assurance (IA) tool available to support the IAVM program and ensure secure network operations. SDEP is an enterprise-wide anti-spyware solution that utilizes CA etrust® PestPatrol® and CleverPath™ Forest & Trees®. SDEP detects and removes spyware, adware, trojans, hacker tools, and peer-to-peer (P2P ) and provides a monitoring and reporting capability. SQLStructured Query Language SSBISingle Scope Background Investigation SSCPSystem Security Certified Practitioner

TATechnical Advisory TASOTerminal Area Security Officer TCPTransmission Control Protocol TCP/UDPTransmission Control Protocol/ User Diagram Protocol

UDPUser Diagram Protocol UNIXUNIX System USSTRATCOMUnited States Strategic Command

VAVulnerability Assessment VLANVirtual LAN VMSVulnerability Management System

WANWide Area Network WSUSWindows Server Update Services Windows Server Update Services (WSUS)A DoD enterprise-wide Information Assurance (IA) tool available to support the IAVM program and ensure secure network operations. WSUS is a Microsoft automated patching system that is implemented on the NIPRNet and SIPRNet.

XPWindows XP