A | B | C | D | E | F | G | H | I | J | K | L | M |
N | O | P | Q | R | S | T | U

C2
A level of security safeguard criteria. See also: Controlled Access Protection, TCSEC.

Caesar’s Cipher
A substitution cipher named for Julius Caesar that rotates a plain alphabet three letters in order to encrypt.

CAPI
Cryptographic Application Programming Interface.

Capstone
The U.S. Government's long-term project to develop a set of standards for publicly-available cryptography, as authorized by the Computer Security Act of 1987. The Capstone cryptographic system will consist of four major components and be contained on a single integrated circuit microchip that provides non-DoD data encryption for sensitive but unclassified information. It implements the Skipjack algorithm. See also: Clipper.

Certificate Authority (CA)
Manages digital certificate application, certification (authentication of the applicant), issuance and revocation. A CA is similar to a Key Distribution Center (KDC) which acts as a trusted third party for cryptographic keys except that a KDC is entrusted with secret keys and a CA only has to keep its private key secret in order to protect the digital certificates it issues for public keys.

Certificate Chain
A way of using digital certificates to acquire other digital certificates and thus obtain verified public keys.

Certificate Policy Statement (CPS)
Internally generated guidelines under which a certificate authority (CA) operates. The CPS details how the CA authenticates, issues, etc. and provides legal protections for the root CA.

Certificate Revocation List (CRL)
A list of revoked certificates. A certificate user/holder should check the most recent CRL just like a merchant validates a credit card before completing a transaction.

Certificate Verify Message
A message sent during Secure Socket Layer (SSL) transmissions to verify that the sender has the private key paired to the public key on the digital certificate previously sent. It is made by digesting a combination of the master secret and some previous messages followed by signing the digest with the sender’s private key.

Certification
The comprehensive analysis of the technical and nontechnical features, and other safeguards, to establish the extent to which a particular MIS meets a set of specified security requirements. Certification is part of the accreditation process and carries with it an implicit mandate for accreditation. See also: Accreditation.

Channel
An information transfer path within a system or the mechanism by which the path is affected.

Checkerboard Cipher:
An encoding cipher that converts letters to numbers created by the ancient Greek Polybius (203-120 bc); also known as a Polybius square.

Checksum
Used in error detection, a checksum is a computation done on the message and transmitted with the message; similar to using parity bits.

Cipher
An algorithm for encryption or decryption. A cipher replaces a piece of information (an element of plain text) with another object, with the intent to conceal meaning. Typically, the replacement rule is governed by a secret key. See also: Encryption, Decryption.

Ciphered Alphabet
An alphabet that has been modified in some way and used to encipher plaintext.

Ciphersuite Rollback Attack
An attack against how Secure Socket Layer version 2 (SSL v2) negotiates the cipher suite. The aim is to convince Alice and Bob to use much weaker encryption than they are capable of using.

Ciphertext
The encrypted form of the plaintext.

Classification
A systematic arrangement of information in groups or categories according to established criteria. In the interest of national security it is determined that the information requires a specific degree of protection against unauthorized disclosure together with a designation signifying that such a determination has been made. See also: Limited Official Use.

Clear or clearing (MIS Storage Media)
The removal of sensitive data from MIS storage and other peripheral devices with storage capacity, at the end of a period of processing. It includes data removal in such a way that assures, proportional to data sensitivity, it may not be reconstructed using normal system capabilities, i.e., through the keyboard. See also: Remanence, Object Reuse.

Clipper
Clipper is an encryption chip developed and sponsored by the U.S. government as part of the Capstone project. Announced by the White House in April 1993, Clipper was designed to balance competing concerns of Federal law-enforcement agencies and private citizens by using escrowed encryption keys. See also: Capstone, Skipjack.

Code
Words, numbers, letters or symbols used to replace words, letters, and phrases such as 007 for James Bond.

Commercial-Off-The-Shelf (COTS)
Products that are commercially available and can be utilized as generally marketed by the manufacturer.

Compression Function
A function that takes a fixed length input and returns a shorter, fixed length output. See also hash functions.

Compromise
The disclosure of sensitive information to persons not authorized access or having a need-to-know.

Computer Fraud and Abuse Act of 1986
This law makes it a crime to knowingly gain access to a Federal Government computer without authorization and to affect its operation.

Computer Security
Technological and managerial procedures applied to MIS to ensure the availability, integrity, and confidentiality of information managed by the MIS. See also: Information System Security.

Computer Security Act of 1987
The law provides for improving the security and privacy of sensitive information in "federal computer systems" - "a computer system operated by a Federal agency or other organization that processes information (using a computer system) on behalf of the Federal Government to accomplish a Federal function."

Confidentiality
The condition when designated information collected for approved purposes is not disseminated beyond a community of authorized knowers. It is distinguished from secrecy, which results from the intentional concealment or withholding of information. [OTA-TCT-606] Confidentiality refers to: 1) how data will be maintained and used by the organization that collected it; 2) what further uses will be made of it; and 3) when individuals will be required to consent to such uses. It includes the protection of data from passive attacks and requires that the information (in an MIS or transmitted) be accessible only for reading by authorized parties. Access can include printing, displaying, and other forms of disclosure, including simply revealing the existence of an object.

Configuration Management (CM)
The management of changes made to a MIS hardware, software, firmware, documentation, tests, test fixtures, test documentation, communications interfaces, operating procedures, installation structures, and all changes thereto throughout the development and operational life-cycle of the MIS.

Confusion
A method, often a very complex substitution method, used by cryptographers to hide the relationship between the secret key and ciphertext. So even if the cryptanalyst can find some ciphertext patterns, they won’t help in deducing the encryption key.

Contingency Plan
The documented organized process for implementing emergency response, back-up operations, and post-disaster recovery, maintained for a MIS as part of its security program, to ensure the availability of critical assets (resources) and facilitate the continuity of operations in an emergency. See also: Disaster Recovery.

Contingency Planning
The process of preparing a documented organized approach for emergency response, back-up operations, and post-disaster recovery that will ensure the availability of critical MIS resources and facilitate the continuity of MIS operations in an emergency. See also: Contingency Plan, Disaster Recovery.

Controlled Access Protection (C2)
A category of safeguard criteria as defined in the Trusted Computer Security Evaluation Criteria (TCSEC). It includes identification and authentication, accountability, auditing, object reuse, and specific access restrictions to data. This is the minimum level of control for SBU information.

Conventional Encryption
A form of cryptosystem in which encryption and decryption are performed using the same key. See also: Symmetric Encryption.

COTS
See: Commercial-Off-The-Shelf.

Countermeasures
See: Security Safeguard.

Cracker
See: Hacker.

Critical Assets
Those assets, which provide direct support to the organization's ability to sustain its mission. Assets are critical if their absence or unavailability would significantly degrade the ability of the organization to carry out its mission, and when the time that the organization can function without the asset is less than the time needed to replace the asset.

Critical processing
Any applications, which are so important to an organization, that little or no loss of availability is acceptable; critical processing must be defined carefully during disaster and contingency planning. See also: Critical Asset.

CRL
Certificate Revocation List.

Cryptanalysis
The branch of cryptology dealing with the breaking of a cipher to recover information, or forging encrypted information what will be accepted as authentic.

Cryptography
The branch of cryptology dealing with the design of algorithms for encryption and decryption, intended to ensure the secrecy and/or authenticity of messages.

Cryptology
The study of secure communications, which encompasses both cryptography and cryptanalysis.

Cryptosystem
An encryption decryption algorithm (cipher), together with all possible plaintexts, ciphertexts and keys.