ATOApproval to Operate

CAPconnection approval process CCTLCommon Criteria Testing Laboratory CDScross domain solution CIOChief Information Officer CJCSMChairman of the Joint Chiefs of Staff Manual CNSSICommittee on National Security Systems

DAA Designated Approving Authority: Official with the authority to formally assume responsibility for operating a system at an acceptable level of risk. This term is synonymous with designated approving authority and delegated accrediting authority. CNSS Instruction No. 4009 DCIIDefense Clearance and Investigations Index DIADefense Intelligence Agency DIIDefense Information Infrastructure DISADefense Information Systems Agency DMCADigital Millenium Copyright Act DoDDDepartment of Defense Directive DoDIDepartment of Defense Instruction DoDIISDepartment of Defense Intelligence Information Systems DSAWGDISN Security and Accreditation Working Group

FARAFederal Acquisitions Reform Act FISMAFederal Information Security Management Act FLNForeign Local National FN Foreign National FOIAFreedom of Information Act

GIGglobal information grid Gold DisksA series of operating system baseline security configuration management tools that implement the applicable Security Technical Implementation Guides (STIGs).

HBBSHost-Based Security Systems HIPAAHealth Insurance Portability and Accountability Act Host-Based Security Systems (HBSS)A DoD enterprise-wide Information Assurance (IA) tool available to support the IAVM program and ensure secure network operations. HBSS provides centralized management of host-based capabilities and enforcing standard configurations of host machines, monitors and blocks intrusions, provides automatic signature updates, and provides capability to monitor security status from centralized console. HRHuman Resources HSPDHomeland Security Presidential Directive

IA Information Assurance: Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for, restoration of information systems by incorporating protection, detection, and reaction capabilities. CNSS Instruction No. 4009 IAMInformation Assurance Manager IAOInformation Assurance Officer IATOInterim Approval to Operate IAVAInformation Assurance Vulnerabillity Alert IAVBInformation Assurance Vulnerabillity Bulletin IAVMThe Information Assurance Vulnerability Management Information Assurance Vulnerability Management (IAVM)The IAVM Program provides the ability to quickly notify services, combatant commands, defense agencies, and other DoD components of vulnerabilities and the actions needed to correct those vulnerabilities.

JTF-GNOJoint Task Force - Global Network Operations

MAC1. Mission Assurance Category (Source: DoDI 8500.2) 2. Mandatory Access Control (Source: CNSS Instruction No. 4009) MoAMemorandum of Agreement MoUMemorandum of Understanding

NACINational Agency Check with Inquiries NACLCNational Agency Check with Local Agency Check and Credit Check NIINational Information Infrastructure NIPRNETNon-secure Internet Protocol Router Network NSTISSCNational Security Telecommunications and Information Systems Security Committee

OMBOffice of Management and Budget

PDDPresidential Decision Directive POA&MPlan of Action and Milestones PPSPorts, protocols, and services

RFPRequest for Proposal

SASystem Administrator SABIsecret and below interoperability SCCVISecure Configuration Compliance Validation Initiative SCRISecure Configuration Remediation Initiative SDEPSpyware Detection, Eradication and Protection Secure Configuration Compliance Validation Initiative (SCCVI)A DoD enterprise-wide Information Assurance (IA) tool available to support the IAVM program and ensure secure network operations. SCCVI utilizes eEye Digital Security’s Retina® Network Security Scanner and its Remote Enterprise Management (REM) console to provide vulnerability assessment capability. Secure Configuration Remediation Initiative (SCRI)A DoD enterprise-wide Information Assurance (IA) tool available to support the IAVM program and ensure secure network operations. SCRI utilizes Citadel Hercules® to provide automated vulnerability remediation capability and apply patches, upgrades, fixes, or custom changes to systems affected by IAVM notices. SIISecurity/Suitability Index SIPRNETSecret Internet Protocol Router Network Spyware Detection, Eradication and Protection (SDEP)A DoD enterprise-wide Information Assurance (IA) tool available to support the IAVM program and ensure secure network operations. SDEP is an enterprise-wide anti-spyware solution that utilizes CA etrust® PestPatrol® and CleverPath™ Forest & Trees®. SDEP detects and removes spyware, adware, trojans, hacker tools, and peer-to-peer (P2P ) and provides a monitoring and reporting capability. SSBISingle Scope Background Investigation

TATechnical Advisory TASOTerminal Area Security Officer

VMSVulnerability Management System

WSUSWindows Server Update Services Windows Server Update Services (WSUS)A DoD enterprise-wide Information Assurance (IA) tool available to support the IAVM program and ensure secure network operations. WSUS is a Microsoft automated patching system that is implemented on the NIPRNet and SIPRNet.