Glossary of Acronyms & Terms

Information Assurance

International Association of Chiefs of Police

Intelligence Community

Intelligence Community Directive

Intelligence Community Policy Guidance

Intelligence Community Standard

Intelligence Community Standards Registry

Consists of a collection of Intelligence Community (IC) Standards Registry (ICSR) web-based applications supporting the continuing evolution of the Enterprise Standards Baseline (ESB) and the automation of its governance process. It supports all aspects of the ESB from standards development to daily usage and compliance guidance using a web-based front-end. It provides general information for the IC Enterprise Standards Committee (ESC), Standards Technical Working Groups (TWGs), and other ICSR Communities of Interest (COIs), as well as access to all versions of the archived ICSR documents.

Identity and Access Management

Harmonized standards that are identical in both substance and presentation. See Harmonized Standards.

1) The process, generally employing unique machine-readable names, that enables recognition of users or resources as identical to those previously described to the computer system. 2) The assignment of a name by which an entity can be referenced. The entity may be high level (such as a user) or low level (such as a process or communication channel.

The set of attribute values (i.e., characteristics) by which an entity is recognizable and that, within the scope of an identity manager’s responsibility, is sufficient to distinguish that entity from any other entity.

An overarching term used to refer to the processes of authentication, authorization, assignment of attributes and privileges, access management, credential issuance, and the identification of a digital identity and the binding of that digital identity to an individual.

A set of otherwise independent identity providers and relying parties that agree to adhere to common rules and requirements for identity management and the use and protection of identity information.

Access control based on the identity of the user (typically relayed as a characteristic of the process acting on behalf of that user) where access authorizations to specific objects are assigned based on user identity.

Intrusion Detection System

Information Exchange Package Document

Integrated Justice Information Systems

A national nonprofit organization that brings together industry and government in an effort to improve national security and promote effective information sharing across all levels of the justice, public safety, and homeland security communities

Information Management

Provides specific information on how to implement a standard.

A document that explains the proper use of a standard for a specific business purpose.

Accidental exposure of information to a person not authorized access.

An assessed occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system; or the information the system processes, stores, or transmits; or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.

Events that, at the time of occurrence, cannot be determined to be an actual violation of law, but which are of such significance as to warrant preliminary inquiry and subsequent reporting. Examples include drug use and distribution, alcohol abuse, the discovery or possession of contraband articles in security areas, and unauthorized attempts to access classified data.

InterNational Committee for Information Technology Standards

Any communication or representation of knowledge such as facts, data, or opinions in any medium or form, including textual, numerical, graphic, cartographic, narrative, or audiovisual.

Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.

Structured information describing any or all information assurance aspects of a real object (i.e., resource) (e.g., a book, a mountain, etc.) or virtual object (e.g., a digital photograph, a service, etc.). See Metadata.

A specification for a data exchange and defines a particular data exchange. It is a set of artifacts consisting of normative exchange specifications, examples, metadata, and documentation encapsulated by a catalog that describes each artifact.

An application or protocol weakness where controlled data is inappropriately revealed to an unauthorized user or service.

The discipline that analyzes information as an organizational resource. It covers the definitions, uses, value and distribution of all data and information within an organization whether processed by computer or not. It evaluates the kinds of data/information an organization requires in order to function and progress effectively.

A condition or situation requiring knowledge or intelligence derived from received, stored, or processed facts and data.

The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.

A standard that provides classification and dissemination control metadata requirements for a virtual object (e.g., an electronic document).

Office responsible to the President for policy and oversight of the Government-wide security classification system and the National Industrial Security Program

Aggregate of directives, regulations, rules, and practices that prescribes how an organization manages, protects, and distributes information.

Formal document that provides an overview of the security requirements for an organization-wide information security program and describes the program management controls and common controls in place or planned for meeting those requirements.

Potential that a threat will exploit a vulnerability of an asset or group of assets and thereby cause harm to the organization.

A trusted environment in which capabilities may be developed and exploited to discover, fuse, share and collaborate on information from any mission into integrated and synthesized information

The identification and documentation of information needs, infrastructure support, IT and NSS interface requirements and dependencies focusing on net-centric, interoperability, supportability and sufficiency concerns (DODI 4630.8).

A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.

Protection of information systems against (INFOSEC) unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats.

Any equipment or interconnected system or subsystem of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information. The term information technology includes computers, ancillary equipment, software, firmware and similar procedures, services (including support services), and related resources.

Data, information, processes, organizational interactions, skills, and analytical expertise, as well as systems, networks, and information exchange capabilities.

Information Security

A set of interconnected structural elements that provide the framework supporting an entire structure.

Provision that conveys an action to be performed. See Provision.

Integrated Justice Information Systems

The property whereby an entity has not been modified in an unauthorized manner.

Creations of the mind such as musical, literary, and artistic works; inventions; and symbols, names, images, and designs used in commerce, including copyrights, trademarks, patents, and related rights. Under intellectual property law, the holder of one of these abstract “properties” has certain exclusive rights to the creative work, commercial symbol, or invention by which it is covered.

A federation of executive branch agencies and organizations that work separately and together to conduct intelligence activities necessary for the conduct of foreign relations and the protection of the national security of the United States.

A companion document to the Authorized Classification and Control Marking Register (CAPCO Register) that provides guidance on the syntax and use of classification and control markings.

May be based on statute, regulation, Executive Order, or other policy directives and establish policy and provide definitive direction to the IC. ICDs may: (a) define activities, systems or missions; (b) delegate authorities; (c) establish roles and responsibilities; (d) assign decision rights; (e) establish governance structures; (f) include evaluation criteria; or (g) replace or modify previous policy, or provide other such guidance as the DNI deems appropriate.

Provide further guidance required for the implementation of ICDs. ICPGs are subsidiary to ICDs and may establish subordinate responsibilities, and define procedures, processes, or methodologies that enable ICDs to be implemented effectively.

Subordinate to ICDs and ICPGs, and are fully consistent with applicable ICDs and ICPGs. ICSs are policy instruments of the IC Policy System and provide specific procedures, sets of rules, conditions, guidelines, characteristics, or specifications for intelligence or intelligence-related products, processes, or activities in support of effective and uniform implementation of laws, Executive Orders, and IC policies.

Consists of citations of standards specified through a consensus process as the minimum set of standards for the acquisition of all IC systems. The objective is to obtain integrity, interoperability and supportability among IC systems. The ICSR is sometimes referred to as "the Registry" or "the Standards Registry.” The ICSR contains the IC Enterprise Standards Baseline.

Intelligence Reform and Prevention of Terrorism Act

Inter-Agency Policy Committee

Interagency Threat Assessment and Coordination Group

Ability of one product, process or service to be used in place of another to fulfill the same requirements. NOTE: The functional aspect of interchangeability is called “functional interchangeability”, and the dimensional aspect “dimensional interchangeability”.

The linking together of interoperable systems.

Impeding or denying someone the use of system resources.

1) The functional and physical characteristics required to exist at a common boundary or connection between persons, between systems, or between persons and systems.

A standard, which defines the services available at an interface to a process.

International Association of Chiefs of Police

The primary U.S. focus of standardization in the field of Information and Communications Technologies (ICT), encompassing storage, processing, transfer, display, management, organization, and retrieval of information. INCITS is the forum of choice for information technology developers, producers and users for the creation and maintenance of formal de jure IT standards. INCITS is accredited by, and operates under rules approved by, the American National Standards Institute (ANSI).

Standard that is adopted by an international standardizing/standards organization and made available to the public.

International standard where the international standards organization is ISO or IEC.

An internationally agreed-to, harmonized document, which describes one or more profiles.

An entity which provides points of access to the internet. This may be a university, corporation, or any other entity. The means of connecting to an ISP include dial-up through a modem, broadband access via cable or DSL, or corporate networks with internet connectivity.

The ability of systems, units or forces to provide data, information, materiel and services to and accept the same from other systems, units or forces and to use the data, information, materiel and services so exchanged to enable them to operate effectively together. IT and NSS interoperability includes both the technical exchange of information and the operational effectiveness of that exchanged information as required for mission accomplishment. Interoperability is more than just information exchange. It includes systems, processes, procedures, organizations, and missions over the lifecycle and must be balanced with IA.

Unauthorized act of bypassing the security mechanisms of a system.

The process of monitoring the events occurring in a computer system or network, detecting signs of security problems.

A technical security system designed to detect an attempted or actual unauthorized entry into a secure facility or information system and alert responders.

1) Intellectual Property 2) Internet Provider

A numeric address which identifies a particular resource on an IP network such as the internet. The format of an IP address is xxx.xxx.xxx.xxx, with each xxx representing a number between 1 and 254, the decimal representations of the underlying 8-bit “octets.” For a resource to be accessible on the internet, it must have an IP address assigned to it, and no 2 devices can have the same publicly accessible IP address.

Inter-Agency Policy Committee

Intelligence Reform and Prevention of Terrorism Act

International Standard

Information Sharing and Access Inter-Agency Policy Committee

Information Sharing Environment

Information Security Marking

Information Security Oversight Office

1) Internet Service Provider 2) International Standardized Profile

Information Technology

The hardware, software, and telecommunications equipment that when combined provides the underlying foundation to support the organization’s goal.

The net mission/business impact considering (1) the probability that a particular threat source will exploit, or trigger, a particular information system vulnerability and (2) the resulting impact if this should occur. IT-related risks arise from legal liability or mission/business loss due to, but not limited to: 1) Unauthorized (malicious, non-malicious, or accidental) disclosure, modification, or destruction of information. 2) Non-malicious errors and omissions. 3) IT disruptions due to natural or man-made disasters. 4) Failure to exercise due care and diligence in the implementation and operation of the IT.

Interagency Threat Assessment and Coordination Group