CNSSI NUMBER 4009, NATIONAL INFORMATION ASSURANCE (IA) GLOSSARY (26 APR 2010

CNSSI NUMBER 4009, NATIONAL INFORMATION ASSURANCE (IA) GLOSSARY (26 APR 2010)., 1. The Committee on National Security Systems (CNSS) Glossary Working Group convened to review and update the National Information Assurance Glossary, CNSSI 4009, dated June 2006. This revision of CNSSI 4009 incorporates many new terms submitted by the CNSS Membership. Most of the terms from the 2006 version of the Glossary remain, but a number of them have updated definitions in order to remove inconsistencies among the communities. 2. The Glossary Working Group set several overall objectives for itself in producing this version:  Resolve differences between the definitions of terms used by the DOD, IC, and Civil Agencies (NIST Glossary) to enable all three to use the same glossary (and move towards shared documentation and processes).  Accommodate the transition from Certification and Accreditation (C&A) terms in current use to the terms now appearing in documents produced by the C&A Transformation initiative. Both sets of terms have been included in this update of the glossary.  Ensure consistency among related and dependent terms.  Include terms that are important to the risk management goal of C&A transformation and to the concept of information sharing.  Review existing definitions to reflect, as appropriate a broader enterprise perspective vice a system perspective.  Strike an appropriate balance between macro terms and micro terms (i.e., include terms that are useful in writing and understanding documents dealing with IA policies, directives, instructions, and guidance, and strike terms that are useful only to specific IA subspecialties). 3. Many cyber terms are coming into vogue and the Glossary Working Group has tried to include significant examples that have a useful distinction when compared to existing Information Assurance terms. A number of terms recommended for inclusion in this version of the glossary were not added – often because they appeared to have a narrow application or they were submitted after the deadline. But the net affect has been to add quite a few new terms to the glossary. 4. When glossary terms have common acronyms, we have noted the acronym with the term and added the acronym to the acronym list. In some instances, there may be several meanings for the same acronym, and in that case we have tried to list all the common IA meanings. Note that some acronyms are self-explanatory, and so there is no definition of these acronyms in the glossary itself. 5. Some terms from the previous version were deleted because they had been previously marked as candidates for deletion (C.F.D.) and no one asked to keep them, many other terms have been updated or added, and some terms are newly identified as C.F.D. If a term that has been deleted or marked as C.F.D. is still of value and needed in your environment, please resubmit the term with a definition based on the following criteria: 1) specific relevance to Information Assurance; 2) economy of words; 3)accuracy; 4) broad applicability; and 5) clarity. Use these same criteria to recommend any changes to existing definitions or to suggest new terms (definitions must be included with any new terms). When recommending a change to an existing definition, please note how that change might affect other terms. In all cases, send your suggestions to the CNSS Secretariat via e-mail or fax at the number found below. 6. We recognize that, to remain useful, a glossary must be in a continuous state of coordination, and we encourage your review and welcome your comments as new terms become significant and old terms fall into disuse or change meaning. The goal of the Glossary Working Group is to keep the Glossary relevant and a tool for commonality among the IA community. 7. Representatives of the CNSS may obtain copies of this instruction on the CNSS Web Page www.cnss.gov.