12 FAM 000
AUTHORITY, LEGAL RESPONSIBILITIES, and definitions
12 FAM 010
SCOPE AND AUTHORITY
(CT:DS-431; 12-23-2024)
(Office of Origin: DS/MGT/PPD)
12 FAM 011 MISSION
(CT:DS-431; 12-23-2024)
The mission of the Bureau of Diplomatic Security (DS) is to lead the Department's worldwide security and law enforcement efforts to advance U.S. foreign policy and safeguard national security interests.
12 FAM 012 LEGAL AUTHORITIES
(CT:DS-431; 12-23-2024)
a. The Omnibus Diplomatic Security and Antiterrorism Act of 1986 (Public Law 99-399; 22 U.S.C. 4801, et seq. (1986)), as amended.
b. The security functions of the Secretary of State, as delegated to the Assistant Secretary for Diplomatic Security, are set forth in 22 U.S.C. 4802(a) and Delegation of Authority No. 214, dated 9-20-1994.
c. The Overseas Security Policy Board (OSPB) is a subgroup of the Records Access and Information Security Policy Coordination Committee of the National Security Council (National Security Presidential Directive (NSPD) 1).
d. Special Agent authorities are found in the State Department Basic Authorities Act (Public Law 84-885, section 37; 22 U.S.C. 2709).
e. Title III of the Omnibus Diplomatic Security and Antiterrorism Act of 1986 (22 U.S.C. 4831 - 4835), as amended, provides that the Secretary of State shall convene Security Review Committees.
f. Security requirements for U.S. diplomatic facilities authorities are found in the Secure Embassy Construction and Counterterrorism Act (SECCA) of 1999 (22 U.S.C. 4865).
g. Security clearance authorities are found in Executive Order 12968, as amended.
h. Executive Order 13587.i. Executive Order 13587, Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information, October 2011
i. Presidential Memorandum re National Insider Threat Policy & Minimum Standards for Executive Branch Insider Threat Programs (Nov. 21, 2012).
j. The requirement for a construction security certification program is established by Public Law 100-204, the Foreign Relations Authorization Act for Fiscal Years 1988 and 1989, Section 160, as amended by Public Law 101- 246, the Foreign Relations Authorization Act, Fiscal Year 1990 and 1991, Section.
k. Section 7218 of the Intelligence Reform and Terrorism Prevention Act of 2004 (22 U.S.C. 4807) establishes the Visa and Passport Security Program.
12 FAM 013 definitions of diplomatic security TERMS
(CT:DS-431; 12-23-2024)
A
Access: The approved ability and the means necessary to make use of information; controlled physical facilities; and/or information systems.
Access control: The process of granting or denying specific requests to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities (e.g., Federal buildings, military establishments, and border crossing entrances).
Acoustic Conference Room (ACR): An enclosure that provides acoustic but not electromagnetic emanations shielding; ACRs are no longer procured; treated conference rooms (TCRs) are systematically replacing them.
Advisory sensitivity attributes: User-supplied indicators of file sensitivity that alert other users to the sensitivity of a file, to handle it in a manner appropriate to its defined sensitivity. Advisory sensitivity attributes are not used by the automated information system (AIS) to enforce file access controls in an automated manner.
Agency: For the purposes of access to classified information, any ‘‘Executive agency,’’ as defined in 5 U.S.C. 105; any ‘‘Military department’’ as defined in 5 U.S.C. 102; or any other component of the executive branch that comes into the possession of classified information.
Agent in Charge (AIC): The DSS special agent who is responsible for planning, administering, and supervising a protective detail.
Application system: A software program that performs a specific function directly for a user and may be executed without access to system control, monitoring, or administrative privileges.
Application System Owner: A person or organization that has responsibility for the development, procurement, integration, modification, operation and maintenance, and/or final disposition of an application system.
Areas to be accessed: Embassy areas to be accessed are defined in two ways. Controlled access areas (CAAs) are spaces where classified operations/discussions/storage may occur. Non-controlled access areas are spaces where classified operations/discussions/storage do not occur.
Assistant Regional Security Officer- Investigations (ARSO-I): This title is retired and renamed Overseas Criminal Investigator. See below.
Audit log: A chronological record of system activities. Includes records of system accesses and operations performed in a given period.
Audit trail: A record showing who has accessed an Information Technology (IT) System and what operations the user has performed during a given period.
Authenticate: To verify the identity of a user, user device, or other entity; and the integrity of data.
Authentication: Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system.
Authenticator: The means used to confirm the identity of a user, processor, or device (e.g., user password or token). (Also, see Multi-factor Authentication).
Authenticity: The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator.
Authorization: Access privileges granted to a user, program, or process or the act of granting those privileges.
Authorization boundary: All components of an information system to be authorized for operation by an authorizing official and excludes separately authorized systems to which the information system is connected.
Authorized access list: A list developed and maintained by the information systems security officer or personnel who are authorized unescorted access to the computer room.
Automated information system (AIS): An assembly of hardware, software, and firmware used to electronically input, process, store, and/or output data. Examples include mainframes, servers, desktop workstations, thin clients, and mobile devices (e.g., laptops, e-readers, smartphones, tablets). Typically, system components include, but are not limited to central processing units (CPUs), monitors, printers, switches, routers, media converters, and removable storage media, such as flash drives. An AIS may also include non-traditional peripheral equipment, such as networked digital copiers, and cameras and audio recording/playback devices used to transfer data to or from a computer. NOTE: The Department’s telework solution, e.g., one-time password generators, is an extension of the Department’s AISs.
Availability: Ensuring timely and reliable access to and use of information.
B
Backup: Copy of files and programs made to facilitate recovery, if necessary.
Baseline configuration: A documented set of specifications for a system, or a configuration item within a system, that has been formally reviewed and agreed on at a given point in time, and which can be changed only through change control procedures.
Biometrics: A measurable physical characteristic especially as used to recognize the identity or verify the claimed identity of an applicant. Facial images, fingerprints, and iris scan samples are examples of biometrics.
BLACK: Designation applied to encrypted information and the information systems, the associated areas, circuits, components, and equipment processing that information. See also RED.
Bluetooth: A wireless protocol that allows two Bluetooth enabled devices to communicate with each other within a short distance (e.g., 30 ft.)
Breach: See 5 FAM 463. A wireless protocol that allows two Bluetooth enabled devices to communicate with each other within a short distance (e.g., 30 ft.)
Boundary protection: Monitoring and control of communications at the external boundary of an information system to prevent and detect malicious and other unauthorized communications, through the use of boundary protection devices (e.g., proxies, gateways, routers, firewalls, guards, encrypted tunnels).
Boundary protection device: A device with appropriate mechanisms that:
(1) Facilitates the adjudication of different interconnected system security policies (e.g., controlling the flow of information into or out of an interconnected system); and/or
(2) Provides information system boundary protection.
Breach: See 5 FAM 463. The loss of control, compromise, unauthorized disclosure, unauthorized acquisition, or any similar occurrence where: a person other than an authorized user accesses or potentially accesses personally identifiable information; or an authorized user accesses personally identifiable information for another than authorized purpose
Bulk load control officer (BLCO): The BLCO is authorized to supervise the preparation of the container or pallet.
Bureau security officer (BSO): A Diplomatic Security professional assigned to the Office of Information Security Program Applications Division (DS/SI/APD), who is the principal security adviser on detail to one or more bureaus within the Department. Bureau executive directors within the Department may request that DS/SI/APD assign a BSO in lieu of appointing a principal unit security officer.
C
CARDS: Acronym for COMSEC Accounting and Reporting Distribution System, a name used to refer to the COMSEC Material Control System (CMCS) utilized for COMSEC recordkeeping.
“Carve-out” contract: A classified contract issued in conjunction with an approved Special Access Program (SAP) wherein the designated cognizant SAP security office retains inspection responsibility, in whole or in part. While the term carve-out technically only applies to the security function, it may also be used to designate contract administration services, audit, review, and other functions performed by groups other than those who normally accomplish these tasks.
Criminal Case (also, Full Criminal Case, Full Field Case, Full Case, General Crimes Investigation): Preliminary Inquiries are converted to a Criminal Case where facts or circumstances reasonably indicate that a federal crime or misconduct within DS's purview has been, is being, or will be committed. Criminal Cases may require more invasive investigative steps, such as mail opening, undercover operations, and nonconsensual electronic surveillance. Criminal Cases may be categorized in the Investigative Management System (IMS) as Passport Fraud (PF), Visa Fraud (VF), or other categories as defined in IMS. See also: Preliminary Inquiry.
Case Review: Supervisors are required to conduct Case reviews every 90 days to ensure entries into the Investigative Management System (IMS) are accurate, thorough, objective, timely, and focus on cases within DS authority under 22 U.S.C. 2709 and 22 U.S.C. 4802, and Department of Justice guidelines.
Central Office of Record (COR): The Department element that keeps records of accountable COMSEC material held by accounts subject to its oversight.
Classification: The determination that certain information requires protection against unauthorized disclosure in the interest of national security, coupled with the designation of the level of classification: Top Secret (TS), Secret, or Confidential.
Classification authority: The original classification authority or derivative classifier described in the classification block by the individual’s name or position who classified document. (See original classification authority.)
Classification guides: Documents issued in an exercise of authority for original classification that include determinations with respect to the proper level and duration of classification of categories of classified information.
Classified contract: Any contract that requires or will require access to classified information by the contractor or their employees in the performance of the contract is a classified contract, even though the contract document itself is not classified.
Classified diplomatic pouch: A properly documented and sealed pouch or crate pouch used by diplomatic missions to transfer classified material for official use between the Department and other posts. Pouch bags are tangerine-colored and crate pouches are burlapped, banded, and sealed. See 14 FAH-4 H 213.1-1 for a complete definition of crate pouches. Diplomatic pouches are protected under Article 27 of the Vienna Convention on Diplomatic Relations (see 12 FAM 111.2) from being searched, seized, or detained. Classified diplomatic pouches are prepared in accordance with 14 FAM/FAH and accompanied by appropriately cleared diplomatic couriers, or non-professional ("non-pro") couriers in emergency situations for cabin-carried pouches only (see 12 FAM 142).
Classified information: Information or material, herein collectively termed information, owned by, produced for or by, or under the control of the U.S. Government, and that has been determined pursuant to Executive Order 13526 or prior orders to require protection against unauthorized disclosure, coupled with the designation of the level of classification. Also referred to as national security information.
Classified information spillage: When classified data is processed or received on an information system with a lower level of classification.
Classified diplomatic pouch breach: A pouch-out-of-control situation where there is known or likely compromise of the pouch. (see 12 FAM 131) Examples include, but are not limited to, missing classified diplomatic pouches, lost classified diplomatic pouches, and/or unauthorized opening of classified diplomatic pouches (seal broken, pouch cut open making contents visible due to tear), or any other circumstance that indicates a probable compromise.
Classified diplomatic pouch incident: A pouch-out-of-control situation in which it is unknown whether a compromise occurred which (see 12 FAM 131) Examples include, but are not limited to, x-ray, canine scent detection, metal detectors, or contact explosive detection.
Classifier: An individual who makes a classification determination and applies a security classification to information or material. A classifier may either be a classification authority or may assign a security classification based on a properly classified source or a classification guide.
Clear mode: Unencrypted plain text mode.
Cleared U.S. citizen: A citizen of the United States who has undergone a background investigation by an authorized U.S. Government Agency and been issued a Confidential, Secret, or Top Secret security clearance in accordance with Executive Order 12968, as amended, and implementing guidelines and policy issued by the Security Executive Agent.
Code room: The designated and restricted area in which cryptographic operations are conducted.
Collateral information: A common reference to national security information, excluding national intelligence information, classified in accordance with Executive Order 13526, dated December 29, 2009.
Command post: A designated room, suite, or building that operates as a centralized operations management location. This center should house detail communications and information management tools, serve as locus for technical security systems, and house protective detail related records, documentation, and equipment. Agents assigned to the command post document detail movements, activities, and incidents, which becomes part of the permanent record of the protective detail. This documentation includes all visitors to the protectee's quarters.
Common carrier: In a telecommunications context, a telecommunications company that holds itself out to the public for hire to provide communications transmission services.
NOTE: In the United States, such companies are subject to regulation by Federal and state regulatory commissions.
Common criteria: A governing document created by the National Information Assurance Partnership (NIAP) that provides a comprehensive, rigorous method for specifying security function and assurance requirements for products and systems.
Communication protocols: A set of rules that govern the operation of hardware or software entities to achieve communication.
Communications security (COMSEC): The protection resulting from the proper application of physical, technical, transmission, and cryptologic countermeasures to a communications link, system, or component.
Communications system: A mix of telecommunications and/or automated information systems used to originate, control, process, encrypt, and transmit or receive information. Such a system generally consists of the following connected or connectable devices:
(1) Automated information equipment (AIS) on which information is originated;
(2) A central controller of, principally, access rights and information distribution;
(3) A telecommunications processor which prepares information for transmission; and
(4) National-level devices, which encrypt information (COMSEC/CRYPTO/CCI) prior to its transmission via Diplomatic Telecommunications Service (DTS) or commercial carrier.
Compound emergency sanctuary (CES): A protected building or room designated as a temporary shelter during an attack or other crisis for personnel unable to reach or be accommodated in a safe haven, safe area, or 15-minute forced entry/ballistic resistant (FE/BR) protected building.
Compromise: Disclosure of information to unauthorized persons, or a violation of the security policy of a system in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object may have occurred.
Compromising emanations: Intentional or unintentional intelligence-bearing signals which, if intercepted and analyzed, disclose national security information transmitted, received, handled, or otherwise processed by any information processing equipment. Compromising emanations consist of electrical or acoustical energy emitted from within equipment or systems (e.g., personal computers, workstations, facsimile machines, printers, copiers, and typewriters) which process national security information. For purposes of FAM/FAH policy, Compromising Emanations will only be applied to unintentional signals that carry National Security Information (NSI).
Computer room: A computer room, also called a server room or data center, is a facility used to house computer systems and associated components, such as telecommunications and storage systems. It generally includes redundant or backup power supplies, redundant data communications connections, environmental controls (e.g., air conditioning, fire suppression), and security devices.
COMSEC: Communications security.
COMSEC account: The administrative entity, identified by an account number, used to maintain accountability, custody, and control of COMSEC material.
COMSEC custodian: An individual designated by proper authority to be responsible for the receipt, transfer, accounting, safeguarding, and destruction of COMSEC material assigned to a COMSEC account. Only full-time Department personnel are eligible for appointment. If critical need, due to personnel shortage arises, a temporary waiver may be granted to appoint a contractor as an Alternate COMSEC Custodian.
COMSEC facility: An authorized and approved space used for generating, storing, repairing, or using COMSEC material.
COMSEC material: An item designed to secure or authenticate telecommunications. COMSEC material includes, but is not limited to key, equipment, devices, documents, firmware, or software that embodies or describes cryptographic logic and other items that perform COMSEC functions.
COMSEC Material Control System (CMCS): Logistics and accounting system through which COMSEC material marked "CRYPTO" is distributed, controlled, and safeguarded. Included are the COMSEC central offices of record, crypto logistic depots, and COMSEC accounts. COMSEC material other than key may be handled through the CMCS.
COMSEC Officer: The properly appointed individual responsible to ensure that COMSEC regulations and procedures are understood and adhered, the COMSEC facility is operated securely, that personnel are trained in proper COMSEC practices, and who advises on communications security matters. Only full-time Department direct-hire employees are eligible for appointment.
Confidential-cleared U.S. citizen: A citizen of the United States who has undergone a background investigation by an authorized U.S. Government Agency and been issued a Confidential security clearance, in accordance with Executive Order 12968, as amended, and implementing guidelines and standards issued by the Security Executive Agent.
Confidentiality: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.
Configuration control: A process for controlling modifications to hardware, firmware, software, and documentation to protect the information system against improper modifications before, during, and after system implementation.
Construction security project certification: The certification to Congress or internal Department certification required for all new construction or renovation projects in a facility under chief of mission (COM) security responsibility when the project will result in a new Department facility or building and is intended to include a controlled access area (CAA), or when the project is in an existing Department facility and includes construction activities in an existing CAA or that will penetrate the outermost plane of the CAA, or will create new CAA. See 12 FAM 360 for additional details.
Consumer electronics: Any electronic/electrical devices, either alternate current (AC) or direct current (DC) powered, which are not part of the facility infrastructure. Some examples are radios, televisions, electronic recording or playback equipment, PA systems, and paging devices.
Container: A cube shaped receptacle used for shipping classified diplomatic pouches via various modes of conveyance. A container is commonly referred to as a unit load device (ULD).
Containerize: The process of loading classified diplomatic pouches into an enclosed unit load device (ULD) (i.e., a container).
Control Officer: Maintains chain of custody of the classified diplomatic pouch through signing for the classified diplomatic pouch on form DS-7600.
Controlled access area (CAA): Per 12 FAH-6 H-021, the only area(s) within a building where classified information or materials may be handled, stored, discussed, or processed. There are two categories of CAAs: core areas and restricted areas.
Controlled cryptographic item (CCI): Secure telecommunications or information system, or associated cryptographic component, unclassified and handled through the CMCS, an equivalent material control system, or a combination of the two that provides accountability and visibility. Such items are marked “Controlled Cryptographic Item,” or, where space is limited, “CCI”.
Controlled shipment: The transport of material from the point at which the destination of the material is first identified for a site, through installation and/or use, under the continuous 24-hour control of Secret cleared U.S. citizens, or by DS-approved technical means and seal.
Core area: Those areas of a building requiring the highest levels of protection where intelligence, cryptographic and other particularly sensitive or compartmented information may be handled, stored, discussed or processed with appropriate countermeasures in place.
Counterintelligence: Information gathered, and activities conducted, to protect against espionage, other intelligence activities, sabotage, or assassinations conducted by or on behalf of foreign governments or elements thereof, foreign organizations, or foreign persons, or international terrorist activities (National Security Act of 1947, as amended, 50 U.S. § 3003). The Bureau of Diplomatic Security does not collect counterintelligence but engages in activities to protect the Department from counterintelligence-related threats and other counterintelligence-related activities to the extent such activities are authorized by the Omnibus Diplomatic Security and Antiterrorism Act of 1986 and other applicable legal authorities.
Countermeasure: Actions, devices, procedures, or techniques that reduce a known or suspected vulnerability.
Courier: See “Nonprofessional courier,” and “Professional courier.”
Courier pouch: See 14 FAH-4 H-212.2.
CRC: An abbreviation for certification and repair center. The CRC is a facility used by the Bureau of Information Resource Management, deputy chief information officer for operations/chief technology officer, Information Technology Infrastructure Office, Technical Security and Safeguards Division (IRM/FO/ITI/TSS) for program activities.
Criminal Database Manager (CDM): DS employee responsible for managing DS employees' access to law enforcement and commercial databases needed for investigations.
Crisis Communications: The strategic formulation and response to address a crisis or an anticipated crisis.
CRYPTO: A marking or designator identifying COMSEC keying material or devices used to secure or authenticate telecommunications carrying classified or sensitive national security or national security-related information.
Cryptographic access: The prerequisite to, and authorization for access to crypto information, but does not constitute authorization for use of crypto equipment and keying material issued by the Department.
Cryptographic access for use: The prerequisite to and authorization for operation, keying, and maintenance of cryptographic systems and equipment issued by the Department.
Cryptographic material: All COMSEC material bearing the marking “CRYPTO” or otherwise designated as incorporating cryptographic information.
Cryptography: The principles, means, and methods for rendering information unintelligible, and for restoring encrypted information to intelligible form.
Crypto ignition key (CIK): The device or electronic key used to unlock the secure mode of crypto equipment.
Custodian: An individual who has possession of or is otherwise charged with the responsibility for safeguarding and accounting for classified information.
Cyber Incident Response Team (CIRT): The CIRT is the central reporting point for cybersecurity incidents within the Department. CIRT maintains 24x7 monitoring of network traffic for malicious and hostile security breaches and conducts security monitoring of the Department’s unclassified and classified networks to ensure the integrity, availability, and confidentiality of the IT infrastructure. CIRT operations provide near real-time detection, collection, analysis, correlation, and reporting of cybersecurity events that pose an immediate threat to the Department’s networks.
Cyber infrastructure: Includes electronic information and communications systems and services and the information contained in these systems and services. Information and communications systems and services are composed of all hardware and software that process, store, and communicate information, or any combination of all of these elements. Processing includes the creation, access, modification, and destruction of information. Storage includes paper, magnetic, electronic, and all other media types. Communications include sharing and distribution of information. For example: computer systems; control systems (e.g., supervisory control and data acquisition–SCADA); networks, such as the Internet; and cyber services (e.g., managed security services) are part of cyber infrastructure.
D
Data center: See computer room.
Declassification: The determination that particular classified information no longer requires protection against unauthorized disclosure in the interest of national security. Such determination shall be by specific action or automatically after the lapse of a requisite period of time or the occurrence of a specified event. If such determination is by specific action, the material shall be so marked with the new designation.
Declassification event: An event that would eliminate the need for continued classification.
Decontrol: The authorized removal of an assigned administrative control designation.
Degauss: Procedure that reduces the magnetic flux to virtual zero by applying a reverse magnetizing field. Also called demagnetizing.
Denial of service: The prevention of authorized access to resources or the delaying of time-critical operations.
Department: Refers to the Department of State in Washington, DC, but not to its domestic field offices in the United States; the term “post(s)” applies to Foreign Service posts throughout the world and U.S. missions to international organizations, except those located in the United States.
Deputy regional security officer - investigations (DRSO-I): This title is retired and renamed Supervisory Overseas Criminal Investigator. See below.
Derivative classification: The incorporating, paraphrasing, restating, or generating in new form, information that is already classified, and marking the newly developed material consistent with the classification markings that apply to the source information. Derivative classification includes the classification of information based on classification guidance. The duplication or reproduction of existing classified information is not derivative classification.
Digital signature: An asymmetric key operation where the private key is used to digitally sign an electronic document and the public key is used to verify the signature. Digital signatures provide authenticity protection and integrity protection. (See electronic signature.)
Digital storage media: Flash media (e.g., universal serial bus (USB) thumb drives, digital Moving Picture Experts Group (MPEG) Audio Layer 3 (mp3) recorder/player), hard disk drives, compact disc-recordable (CD-R) disks, CD-rewritable (CD-RW) disks, digital video disc-recordable (DVD-R) disks, DVD-rewritable (DVD-RW) disks, and any other removable or non-removable items that can store information or data.
Dedicated Internet Network (DIN): see Non-enterprise Networks (NEN).
Diplomatic Courier: Direct-hire State Department employee whose primary responsibility is to safeguard and escort diplomatic pouches between the Department of State, its diplomatic missions, and across international boundaries. See also “Professional courier.”
Diplomatic pouch: See “U.S. diplomatic pouch.”
DS Field Office(s): The Bureau of Diplomatic Security operates eight DS Field Offices in Boston, Chicago, Houston, Los Angeles, Miami, New York, San Francisco, and Washington D.C. DS Field Offices are staffed by a Special-Agent-in-Charge (SAC), DS Foreign Service and Civil Service Special Agents, investigative, management, and administrative personnel. The mission of the DS Field Offices is to conduct investigations of violations of criminal statues listed in the State Department Basic Authorities Act, liaise with other federal, state, and local law enforcement agencies, and to protect U.S. and foreign dignitaries assigned by the Bureau of Diplomatic Security. There are 21 Resident Offices that fall under the regional authority and supervision of the eight Domestic Field Offices in cities throughout the United States. (See DS Resident Offices).
DS Ready: DS Ready is DSS’s Bureau-wide operational workforce management and protective detail planning tool.
DS Resident Office(s): The Bureau of Diplomatic Security operates 21 DS Resident Offices in cities throughout the United States. DS Resident Offices fall under the regional authority and supervision of the eight parent DS Domestic Field Offices. DS Resident Offices are staffed by a Resident-Agent-in-Charge (RAC), DS Foreign Service and Civil Service Special Agents, investigative, management, and administrative personnel. The mission of the DS Resident Offices is to conduct investigations of violations of criminal statues listed in the State Department Basic Authorities Act, liaise with other federal, state, and local law enforcement agencies, and to protect U.S. and foreign dignitaries assigned by the Bureau of Diplomatic Security. (See DS Field Office(s)).
Diplomatic Security Evidence and Property System (DSEPS): The network-based software program designed for the electronic management of all DS evidence storage areas and real-time processing and management of all seized property and evidence.
Diplomatic Security Identity Assurance System (DSIAS): DS biometrics program that collects biometric information to conduct checks in support of vetting locally employed staff overseas.
Disaster recovery plan: A written plan for recovering one or more information systems at an alternate facility in response to a major hardware or software failure or destruction of facilities.
Disposition report: Official written correspondence relating to the determination of a charge or other legal or management action that influences the final outcome in a pending case or action.
Distributed denial of service: A denial of service technique that uses numerous hosts to perform the attack.
Distributed system: A multi-computer (e.g., workstation, terminal, server) system where more than one computer shares common system resources. The computer systems are connected to the control unit/data storage element through communication lines.
Document: Any recorded information regardless of its physical form or characteristics, including, without limitation, written or printed material; data processing cards and tapes; maps; charts; paintings; drawings; engravings; sketches; working notes and papers; reproductions of such things by any means or process; and sound, voice, or electronic recordings in any form.
Domestic Controlled Access Area: Spaces within domestic Department of State facilities designated by DS as meeting the standards for classified storage, discussion, and processing, and then designated for that use by the space owner. Only employees with at least a Secret security clearance are authorized to work in these spaces. Visitors without a national security clearance must be escorted.
Domestic strongroom: An area approved by the DS Office of Information Security's Program Applications division chief (DS/SI/APD) for open storage of collateral-level classified national security information. Approval will be limited to cases where the volume or size of the classified information, or nature of the classified operation, precludes storage within the closed storage containers.
Downgrading: The determination that particular classified information requires a lesser degree of protection than currently provided or no protection against unauthorized disclosure. Such determination shall be by specific action or automatically after lapse of the requisite period of time or the occurrence of a specified event. If such determination is by specific action, the material shall be marked with the new designation.
Duration of visit or assignment: Duration of visit or assignment is described as short-term or long-term assignment. Short-term visits are one-time visits up to and including thirty (30) days or intermittent visits within a thirty-day period. Long-term visits are visits in excess of thirty days or short-term intermittent visits occurring beyond a thirty-day period.
E
Electronic signature: The process of applying any mark in electronic form with the intent to sign a data object. See also digital signature.
Emergency Action Committee (EAC): Generally, includes subject-matter experts designated by the chief of mission (COM) or principal officer (PO) with representation from all section heads and agency heads. The EAC collaborates to analyze risk and provide the COM/PO recommendations on preparing for and responding to emergencies and potential changes in risk that might impact the health, safety and security of a mission, U.S. government personnel and accompanying family members under COM security responsibility, and the private U.S. citizen community (see 12 FAH-1 H-230).
Emergency action plan (EAP): The resource that outlines the operating environment, post and host nation capabilities and limitations, and defines roles and responsibilities for emergency planning, preparation, and response (see 12 FAH-1 H-030). For the purpose of the EAP an emergency is defined as any situation or occurrence of a serious nature that happens suddenly and unexpectedly typically posing a threat to U.S. lives, property, or interests, and demanding immediate action. An emergency is finite and limited by scope and time (see 12 FAH-1 H-010).
Emergency Response Vehicle (ERV): A vehicle dedicated to the regional security office (RSO) for the purposes of emergency response. When approved by the COM in accordance with 14 FAM 431430, DS special agents may utilize ERVs for home-to-work transportation, when necessary, to improve emergency response and for business purposes. ERVs are recorded using ILMS Agency Code 98. (See 14 FAM 431.4).)
Encrypted text: Data encoded into an unclassified form using a nationally accepted form of encoding.
Encryption: Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.
Endorsed Cryptographic Products List: Contains products that provide electronic cryptographic coding (encrypting) and decoding (decrypting) and have been endorsed for use on classified or Sensitive But Unclassified (SBU) U.S. Government or Government-derived information during its transmission.
Engineering Security Center (ESC): ESCs are Bureau of Diplomatic Security (DS) organizational elements that apply technology to protect people, information, and property at U.S. diplomatic missions. ESC staff may include SEOs, STSs, Seabees, RSTs, Logisticians, and administrative personnel. ESCs have regional support responsibilities that may include, in addition to their home post, other embassies and consulates. ESCs typically also manage technical security subgroups such as ESOs, TSOs, and RTOs.
Engineering Security Office (ESO): ESOs are Bureau of Diplomatic Security (DS) organizational elements that operate under the management of an ESC and provide technical and information security services for U.S. diplomatic missions abroad. ESO staff may include SEOs, STSs, Seabees, RSTs, and administrative personnel. ESOs are responsible for their home post but may also support other embassies and consulates.
Enterprise information system/network: See 5 FAM 871.
Enterprise mobile devices: Devices the Department has approved to directly connect to an Enterprise network (e.g., OpenNet BlackBerry, USB drive). This does not include remote access through Global OpenNet (GO).
Evaluation assurance level (EAL): A numerical grade assigned to an information technology product or system following the completion of a Common Criteria security evaluation. EAL levels are 1-7.
Event: Any observable occurrence in a network or system.
Extension: The extension of a Department network into non-Department space (e.g., OpenNet workstations in a contractor facility).
External Communications: The strategic formulation and transmission of information to organizations or entities, including other bureaus or offices within the Department of State, outside the Bureau of Diplomatic Security.
F
Facility Access Card (FAC): Identification card issued to government and contract employees requiring facility access only. The card contains one of the four PKI enabled digital certificates (e.g., Card Authentication).
Facility/Logical Access Card (FLAC): Identification card issued to government and contract employees requiring both facility access and access to DOS information systems. The card contains four PKI enabled digital certificates (e.g., PIV Authentication, Encryption, Digital Signature and Card Authentication).
Federal Identity, Credential, and Access Management (FICAM): The Government-wide effort to provide policy and programmatic support for identity, credential, and access management business functions within the Federal Government. See FICAM Web site for more information.
Federal Information Security Modernization Act (FISMA): A statute (Title III of the E-Government Act, Public Law 107-347, as amended by Public Law 113-283) that requires agencies to assess risk to information systems and provide information security protections commensurate with the risk. FISMA also requires that agencies integrate information security into their capital planning and enterprise architecture processes, conduct annual information systems security reviews of all programs and systems, and report the results of those reviews to the Office of Management and Budget (OMB), the Department of Homeland Security (DHS), and relevant Congressional committees.
Field Office: See "DS Field Office".
Five-year moving window: The period of time in which the aggregate of valid (as adjudicated by DS/SI/APD) security incidents (see 12 FAM 550), will be referred to the GTM Office of Employee Relations (GTM/ER) for possible disciplinary action and the Office of Personnel Security (DS/SI/PS) for action relating to the employee’s security clearance. The period starts on the date of the last incident and extends backward for a period of 60 months.
Firecall password: The password to a backup user account with full administrative privileges available for use only in extenuating circumstances.
Firewall: A hardware/software capability that limits access between networks and/or systems in accordance with a specific security policy.
Firmware: Computer programs and data stored in hardware, typically in read-only memory (ROM) or programmable read-only memory (PROM), such that programs and data cannot be dynamically written or modified during execution of the programs.
Flash memory: Electronic non-volatile memory storage device that can be electrically erased and reprogrammed.
Foreign Affairs Security Training Center (FASTC): FASTC, a center of leadership and excellence, is the nation's largest law enforcement and security training and education environment for all Diplomatic Security and foreign affairs personnel. Managed by the Diplomatic Security Service (DSS), the law enforcement and security entity of the Department, FASTC is a comprehensive complex that allows DSS to train and sustain a workforce capable of effectively addressing and overcoming the law enforcement and security challenges required to support U.S. foreign policy in the global threat environment now and into the future.
Foreign Emergency Support Team (FEST): Per National Security Presidential Memorandum-36, the FEST is a State-led, rapidly deployable, interagency group designed to provide expert advice, guidance, and support to the Chief of Mission during an overseas event, including a threat or incident involving a WMD device, or in the resolution of a terrorist incident requiring the integration of multiple Federal assets.
Foreign Government Information (FGI): See 5 FAM 482.6
Foreign intelligence: Information relating to the capabilities, intentions, or activities of foreign governments or elements thereof, foreign organizations, or foreign persons, or international terrorist activities (National Security Act of 1947, as amended, 50 U.S. § 3003). The Bureau of Diplomatic Security uses, but does not collect or otherwise produce, foreign intelligence.
Foreign Intelligence Entity (FIE): Any known or suspected foreign organization, person, or group (public, private, or governmental) that conducts intelligence activities to acquire U.S. information, block or impair U.S. intelligence collection, influence U.S. policy, or disrupt U.S. systems and programs. The term includes foreign intelligence and security services as well as international terrorists.
Formerly restricted data: Information removed from the restricted data category upon determination jointly by the Department of Energy (DOE) and Department of Defense (DOD) that such information relates primarily to the military utilization of atomic weapons and that such information can be adequately safeguarded as classified defense information subject to the restrictions on transmission to other countries and regional defense organizations that apply to restricted data.
Freeware: Software available for use at no monetary cost or for an optional fee, but usually (although not necessarily) with one or more restricted usage rights (e.g., Adobe Reader, Skype).
G
Gateway: A communication interface that provides compatibility between networks by converting transmission speeds, protocols, codes, or security measures.
General Support System (GSS): Interconnected information resources under the same direct management control that shares common functionality. A GSS normally includes hardware, software, information, data, applications, communications, facilities, and people and provides support for a variety of users and/or applications.
General Work Area (GWA): Per 12 FAH-6 H-021, workspace occupied by U.S. Government employees where Sensitive But Unclassified (SBU) information may be handled, stored, discussed, or processed.
Guard: Mechanism limiting the exchange of information between systems. These devices are often used between systems of different classification levels.
H
Hardware: The physical parts of an information system and related devices. Internal hardware devices include motherboards, hard drives, and memory. External hardware devices include monitors, keyboards, mice, printers, scanners, tape drives, and external storage arrays.
High-Definition Security Video System (HDSVS): The HDSVS platform provides the Department with greater video resolution, enhanced nighttime visibility, and video analytics, to include monitoring capabilities extending beyond the perimeters of select posts. HDSVS is a networked high-definition digital security video system that produces significantly higher quality video and situational awareness than legacy analog closed circuit television (CCTV) security video systems.
High-impact system: An information system in which at least one security objective (i.e., confidentiality, integrity, or availability) in accordance with NIST publication FIPS 199 with potential impact value of high.
High value assets (HVAs): Items whose compromise or loss will severely impact post operations (personnel or payroll data, safes containing funds, Information Technology devices, etc.).
Hijacking: the unlawful seizing of an aircraft, vehicle, ship, or other conveyance in transit by force or threat of force. Hijacking is a form of hostage-taking when there are passengers seized along with the conveyance.
Hostage-taking: Per 18 USC 1203, whoever, whether inside or outside the United States, seizes or detains and threatens to kill, to injure, or to continue to detain another person in order to compel a third person or a governmental organization to do or abstain from doing any act as an explicit or implicit condition for the release of the person detained, or attempts or conspires to do so, shall be punished by imprisonment for any term of years or for life and, if the death of any person results, shall be punished by death or life imprisonment.
Hotspot: A location that offers internet access over a wireless local area network; no other services or data are provided.
I
Identification: The process of verifying the identity of a user, process, or device, usually as a prerequisite for granting access to resources in an IT system.
Identifier: Unique data used to represent a person or device’s identity and associated attributes (e.g., username).
Incident response plan: The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber-attack against an organization’s information system(s).
Information Owner: Official with statutory or operational authority for specified information and responsibility for establishing the controls for its generation, collection, processing, dissemination, and disposal. Alternatively called an Information Steward.
Information resources: The information and related resources, such as personnel, equipment, funds, and information technology, used by an organization.
Information security: The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction, to provide confidentiality, integrity, and availability.
Information system: A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.
Information system component: A discrete, identifiable information technology asset (e.g., hardware, software, firmware) that represents a building block of an information system.
Information System Owner: A person or organization having responsibility for the development, procurement, integration, modification, operation and maintenance, and/or final disposition of an information system.
Information system security: Protection of information systems against unauthorized access to or modification of information, whether in storage, processing, or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats.
Information system security controls: Security controls (i.e., safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information. Three types of security controls:
(1) Management: These controls focus on the management of risk and the management of information system security;
(2) Operational: These controls are primarily implemented and executed by people (as opposed to systems); and
(3) Technical: The controls are primarily implemented and executed by the information system through mechanisms contained in the hardware, software, or firmware components of the system.
Information system security control assessment: The testing and/or evaluation of management, operational, and technical security controls in an information/application system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.
Information systems security officer (ISSO): Individual with assigned responsibility for maintaining the appropriate operational security posture for an information system or program. See 5 FAM 824.
Information Technology Change Control Board (IT CCB): See 5 FAM 814.
Insider: Any person with authorized access to any United States Government resource to include personnel, facilities, information, equipment, networks or systems.
Insider threat: The threat that an insider will use her/his authorized access, wittingly or unwittingly, to do harm to the security of the United States. This threat can include damage to the United States through espionage, terrorism, unauthorized disclosure of national security information, or through the loss or degradation of departmental resources or capabilities.
Interconnection: The linking of two distinct networks.
Integrity: Guarding against improper information modification or destruction and includes ensuring information non-repudiation and authenticity.
Intelligence: Information gathered within or outside the U.S. that involves threats to our nation, its people, property, or interests; development, proliferation, or use of weapons of mass destruction; and any other matter bearing on the U.S. national or homeland security. Intelligence can provide insights not available elsewhere that warn of potential threats and opportunities, assess probable outcomes of proposed policy options, provide leadership profiles on foreign officials, and inform official travelers of counterintelligence and security threats. “Intelligence” may refer to "foreign intelligence,” “counterintelligence,” “national intelligence,” or “security and law enforcement intelligence,” as those terms are defined herein. below. No reference to intelligence shall be construed to authorize DS to perform functions beyond those permitted by the Omnibus Diplomatic Security and Antiterrorism Act of 1986 and other applicable legal authorities; or to authorize DS to perform functions reserved by law for the Intelligence Community. “Intelligence,” when not used to refer to activities reserved for the Intelligence Community, shall refer to security and law enforcement intelligence.
Interconnection Security Agreement (ISA): An agreement established between the organizations that own and operate connected IT systems to document the technical requirements of the interconnection. The ISA may also support a Memorandum of Understanding or Agreement (MOU/A) between the organizations.
Internal Communications: The strategic formulation and transmission of information within the Bureau of Diplomatic Security.
Internal system/network: A system/network where:
(1) The establishment, maintenance, and provisioning of security controls are under the direct control of organizational employees or contractors; or
(2) Cryptographic encapsulation or similar security technology provides the same effect.
International organization: An organization with an international membership, scope, or presence.
Interoperable CIK: In instances where the user may require access to more than one vIPer, the post’s designated COMSEC custodian may program the CIK devices to work in several vIPers simultaneously. These interoperable CIKs may be used to access up to seven STU-III terminals, depending on the model.
Investigative Management System (IMS): The digital database designed to store and preserve records supporting Insider Threat Program inquiries and DS investigations, excluding personnel security investigations.
Isolated Person: An individual who, if not recovered or assisted, is at risk of serious harm.
K
Kidnapping: The unlawful seizure, confinement, abduction or carrying away and holding for ransom, reward or otherwise of a person for any purpose.
L
Least privilege: The principle requiring that each subject be granted the minimum system resources and authorizations needed for the performance of authorized tasks. Application of this principle limits the damage that can result from accident, error, or unauthorized use of an information system.
Limited access area (LAA): Per 12 FAH-6 H-021, a secured space equipped with DS-approved locks and alarms restricted to individuals who are cleared U.S. citizens or under escort of a cleared U.S. citizen. Examples of LAAs include areas between the controlled CAA and the GWA, or rooms, such as the security interface cabinet (SIC) room.
Local Change Control Board (Local CCB): See 5 FAM 814.
Logged on but unattended: A workstation is considered logged on but unattended when the user is:
(1) Logged on but is not physically present in the area; and
(2) There is no one else present with an appropriate level of clearance safeguarding access to the workstation. Coverage must be equivalent to that which would be required to safeguard hard copy information if the same employee were away from his or her desk. Users of logged on but unattended classified workstations are subject to the issuance of security violations.
Logically disconnect: Although the physical connection between the control unit and a terminal remains intact, a system enforced disconnection prevents communication between the control unit and the terminal.
Lost pouch: Any pouch-out-of-control not recovered. (See 12 FAM 130).
Low-Impact System: An information system in which all three security objectives (i.e., confidentiality, integrity, and availability) are assigned a FIPS 199 potential impact value of low.
M
Mainframe: A high-performance information system designed to support a large organization, handle intensive computational tasks, support a large number of users, and make use of large volumes of secondary storage.
Major application: An application that requires special attention to security due to the risk and magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of the information in the application. Note: All federal applications require some level of protection. Certain applications, because of the information in them, however, require special management oversight and should be treated as major. Adequate security for other applications should be provided by security of the systems in which they operate.
Malicious code: Software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of an information system. A virus, worm, Trojan horse, or other code-based entity that infects a host; spyware and some forms of adware are also examples of malicious code.
Malware: See definition for malicious code.
Media: Physical devices (e.g., magnetic tapes, optical disks, magnetic disks) which information is stored within an information system.
Memorandum of Understanding/Agreement (MOU/MOA): A document established between two or more participants or parties to define their respective responsibilities in accomplishing a specified goal or mission.
Memory: In computing, refers to the physical devices used to store programs, data, or information on a temporary or permanent basis for use in an information system or other digital electronic device.
Message stream: The sequence of messages or parts of messages to be sent.
Missing person: An individual whose whereabouts are unknown and whose safety cannot be determined.
Mobile code: Software programs or parts of programs obtained from remote information systems, transmitted across a network, and executed on a local information system without explicit installation or execution by the recipient.
Mobile code technologies: Software technologies that provide the mechanisms for the production and use of mobile code (e.g., Java, JavaScript, ActiveX, VBScript).
Mobile device: A portable computing device that: (i) has a small form factor such that it can easily be carried by a single individual; (ii) is designed to operate without a physical connection (e.g., wirelessly transmit or receive information); (iii) possesses local, non-removable or removable data storage; and (iv) includes a self-contained power source. Mobile devices may also include voice communication capabilities, on-board sensors that allow the devices to capture information, and/or built-in features for synchronizing local data with remote locations. Examples include smart phones, tablets, and e-readers.
Moderate-impact system: An information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a FIPS 199 potential impact value of moderate, and no security objective is assigned a FIPS 199 potential impact value of high.
Modular treated conference room (MTCR): A second-generation design of the treated conference room (TCR), offering more flexibility in configuration and ease of assembly than the original TCR, designed to provide acoustic and RF emanations protection. (Also see 12 FAH-6 H-021.)
Motorcade: An organized group of motor vehicles transporting a protected person along a specified route in a controlled manner.
Multifactor Authentication (MFA): Authentication using two or more factors to achieve authentication. Factors include: (i) something you know (e.g., password/PIN); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something you are (e.g., biometric). See authenticator.
N
National Computer Security Center (NCSC): The NCSC is responsible for encouraging the widespread availability of trusted computer systems throughout the Federal Government.
National Information Assurance Partnership (NIAP): A U.S. Government initiative to meet the security testing needs of both information technology consumers and producers operated by the National Security Agency (NSA) and the National Institute of Standards and Technology (NIST). The long-term goal of NIAP is to help increase the level of trust consumers have in their information systems and networks through the use of cost-effective security testing, evaluation, and validation programs (e.g., Common Criteria).
National Intelligence: All intelligence, regardless of the source from which derived and including information gathered within or outside the United States, that pertains, as determined consistent with any guidance issued by the President, to more than one United States Government agency; and involves threats to the United States, its people, property, or interests; the development, proliferation, or use of weapons of mass destruction; or any other matter bearing on United States national or homeland security (National Security Act of 1947, as amended, 50 U.S. § 3003).
National security: The national defense or foreign relations of the United States.
National security information: Information specifically determined under executive order criteria to require protection against unauthorized disclosure.
Near field communication (NFC): A set of standards for smartphones and similar devices to establish radio communication with each other by touching them together or bringing them into close proximity, usually no more than a few centimeters.
Need-to-know: A determination made by an authorized holder of information that a prospective recipient requires access to specific information to perform or assist in a lawful and authorized governmental function.
Network: Information system(s) implemented with a collection of interconnected components. Such components may include routers, hubs, cabling, telecommunications controllers, key distribution centers, and technical control devices.
Network access: Access to an information system by a user (or a process acting on behalf of a user) communicating through a network, (e.g., local area network, wide area network, Internet).
Network device: An external device that can be connected to a network, including but not limited to a hub/concentrator, switch, router, printer, scanner or digital photocopier. (NOTE: Excludes internal network interfaces since internal network interfaces are considered part of an automated information system (AIS)).
Non-enterprise mobile devices: Devices not approved to directly connect to an enterprise network. This does not include remote access through Global OpenNet (GO).
Non-enterprise Networks (NENs): See 5 FAM 872.
Non-local (remote) maintenance: Maintenance activities conducted by individuals communicating through an external network (e.g., the Internet) or an internal network from a non-Department facility (e.g., home computer).
Non-Professional Courier: Any direct-hire, U.S. citizen employee of the U.S. Government, other than a professional diplomatic courier, who possesses a Top Secret clearance and who has been provided with official documentation (see 12 FAM 142) to transport diplomatic pouches in emergencies, or when the diplomatic courier cannot provide the required service.
Non-recorded material: Extra and/or duplicate copies only of temporary value, including shorthand notes, used carbon paper, preliminary drafts, and other material of similar nature.
Non-repudiation: Assurance the sender of information is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, so neither can later deny having processed the information.
Non-secure bulk load: A classified diplomatic pouch load in a unit load device (ULD) or other container that is not properly labeled, sealed, or built in a secure facility by appropriately cleared individuals.
Non-volatile memory: Memory that retains stored information even when not powered (e.g., hard drive, DVD, CD).
O
Object: A passive entity that contains or receives information. (See subject.)
Object reuse: Reassignment and re-use of a storage medium containing one or more objects after ensuring no residual data remains on the storage media.
Off-hook: A station or trunk is off-hook when it initializes or engages in communications with the computerized telephone switch (CTS) or with another station or trunk using a link established through the CTS.
Official information: That information or material owned by, produced for or by, or under the control of the U.S. Government.
Off-site safe area: A temporary emergency sanctuary for official U.S. personnel during a crisis situation, such as personnel unable to reach U.S. facilities or those forced to evacuate such facilities (see 12 FAH-1 H-283).
One Badge: Passes the Bureau of Diplomatic Security (DS) issues to permanent Department employees possessing a security clearance and a minimum of career-conditional status, and to DS-cleared contractors and other individuals (such as members of the press, or employee family members, etc.) with a legitimate need to enter Department facilities on a regular basis. Each pass has the holder’s photograph, an individual identification number, expiration date, and may provide access through an electronically operated gate or other entrance. One Badge is the collective term for Personal Identity Verification (PIV), Facility and Logical Access Card (FLAC), and Facility Access Card (FAC). See PIV, FLAC, and FAC.
Original classification: An initial determination that information requires protection against unauthorized disclosure in the interest of national security, and a designation of the level of classification.
Original classification authority (OCA): An individual authorized in writing, either by the President, the Vice President, or by agency heads or other officials designated by the President, to classify information. Executive Order 13526 prescribes a uniform system for classifying, safeguarding, and declassifying national security information, including information relating to defense against transnational terrorism. Officials authorized to classify information at a specified level are also authorized to classify information at a lower level. See 5 FAM 480.
Open source: Publicly available information, to include information that is published or broadcast for public consumption, available on request to the public, accessible online or otherwise to the public, available to the public by subscription or purchase, made available at a meeting open to the public, or obtainable by visiting any place or attending an event that is open to the public (e.g., public places).
Open source intelligence: Information produced from publicly available sources that is identified, evaluated, and disseminated in a timely manner to an appropriate audience in support of DS's protective, security, and law enforcement responsibilities, pursuant to the Omnibus Diplomatic Security and Antiterrorism Act of 1986 and other applicable legal authorities.
Open-source software: Software in which the source code is freely available to the general public for use and/or modification from its original design. It is typically distributed under a commonly accepted open-source license such as a GNU General Public License.
OSPB: The Overseas Security Policy Board (OSPB) is an interagency group of security professionals from the foreign affairs and intelligence communities who meet regularly to formulate security policy for U.S. missions abroad. The OSPB is chaired by the Assistant Secretary for Diplomatic Security.
Overlay: A specification of security controls, control enhancements, supplemental guidance, and other supporting information employed during the National Institute of Standards and Technology (NIST) 800-53 tailoring process, intended to complement (and further refine) security control baselines. The overlay specification may be more stringent or less stringent than the original security control baseline specification and can be applied to multiple information systems.
Overseas criminal investigator (OCI): OCIs, formerly known as Assistant Regional Security Officer - Investigations (ARSO-I), are DSS Special Agents and are assigned to protect the integrity of the global passport and visa systems and disrupt criminal and terrorist mobility, working with host nation law enforcement, post Fraud Prevention Units (FPUs), and other bureaus, offices, and agencies on international investigative matters to combat the production and use of fraudulently obtained travel and identity documents. In furtherance of DS' global criminal investigations program, OCIs perform their secondary mission of providing investigative support to Regional Security Offices. The OCI program belongs to DS/DO/INV/OCI. The OCI is rated by the Regional Security Officer, unless a Supervisory Overseas Criminal Investigator (SOCI) is assigned to the area of responsibility, and is reviewed by the Consular Chief at Post.
P
Pallet: Pallets are flat platforms, usually made of metal or wood in various sizes that conform to aircraft cargo hold dimensions. Pallets can also be referred to as a ULD. (Also see Unit Load Device.)
Palletize: The process of placing and securing classified diplomatic pouches onto a pallet in a manner that allows for handling as a single unit. Used as a base, the pallets are open and exposed. Individual classified diplomatic pouches are secured to the pallets with nets, straps, and other restraints. This process is often referred to as palletizing or building a pallet.
Paraphrasing: Restating text in different phraseology without altering its meaning.
Passport Fraud: The unlawful application, procurement, alteration, forging, or counterfeiting of a passport. Also, the unlawful possession, use, sale, or transfer of a passport.
Password: A protected character string used to authenticate the identity of a computer system user or to authorize access to system resources.
Penetration Testing: A test methodology in which assessors, typically working under specific constraints, attempt to circumvent or defeat the security features of an information system.
Peripheral device: An external device that can be connected to a computer, including but not limited to a mouse, keyboard, printer, monitor, external Zip drive, flash drive (e.g., thumb drive), digital camera, digital voice recorder, DVD drive, DVD-RW drive, keyboard-video-mouse (KVM) switch, or scanner.
Personal Identity Verification (PIV): The process of creating and using a Government-wide secure and reliable form of identification for Federal employees and contractors, in support of HSPD 12, Policy for a Common Identification Standard for Federal Employees and Contractors and OPM Memorandum for Heads of Executive Departments and Agencies regarding Credentialing Standards Procedures for Issuing Personal Identification Cards under HSPD-12 and New Requirement for Suspension or Revocation of Eligibility for Personal Identity Verification Credentials (December 15, 2020). The PIV card contains four PKI enabled digital certificates (e.g., PIV Authentication, Encryption, Digital Signature, and Card Authentication).
Personally Identifiable Information (PII): See 5 FAM 463.
Personnel Recovery: The sum of diplomatic, military, and private efforts to prepare for and recover persons who have been isolated from friendly support or held against their will.
Plain text: Information, usually classified, in unencrypted form.
Post communication center (PCC): An area within the chancery and /or consulate designed as a core area. The PCC normally includes the common transmission facility (CTF), information program center (IPC), information technical center (ITC), and the communications support activity (CSA).
Post security officer (PSO): A PSO is typically a U.S. Foreign Service officer designated by the COM or PO to manage security programs at a post with no resident RSO, or when the resident RSO temporarily departs post (see 2.612 FAM 422.6).
Pouch: See “U.S. diplomatic pouch.”
Pouch control officer (PCO): Top Secret-cleared U.S. citizen direct-hire employee who is responsible for enforcing regulations relating to the diplomatic pouch. (See 14 FAM 728.1.)
Pouch-out-of-control: Refers to any pouch over which cleared U.S. citizen control is interrupted for any period of time making outside intervention and compromise of its contents a possibility. (See 12 FAM 130) See also 'classified diplomatic pouch breach' and 'classified diplomatic pouch incident' definitions.
Preferred Products List (PPL): A U.S. Government document that identifies information processing equipment certified by the U.S. Government as meeting TEMPEST standards. Although still valid for equipment still in use and available, the PPL has been replaced by the Evaluated Products List (EPL).
Preliminary Inquiry (PQ): For investigative offices, a preliminary inquiry is initiated on an allegation or information received by DS indicating the possibility of a crime or misconduct within DS's investigative purview. PQs have a limited duration - they must be completed within 90 days of the first investigative step - and use little intrusion to assess whether a full Criminal Case is warranted. PQs may include record checks and interviews. (See also: Criminal Case.) For purposes of the Insider Threat Program, a preliminary inquiry refers to a record of anomalous activity and/or activity that warrants further consideration to support the mitigation process. (See E.O. 13587; National Insider Threat Policy & Minimum Standards.)
Presidential Appointees: Officials of the Department who hold policy positions and are appointed by the President, by and with the advice and consent of the Senate, at the level of Ambassador, Assistant Secretary of State, or above. It does not include persons who merely received assignment commissions as Foreign Service officers, Foreign Service reserve officers, Foreign Service staff officers, and employees.
Principal Officer: Principal officer is the officer in charge of a diplomatic mission, a consular mission (other than a consular agency), or other Foreign Service post.
Principal unit security officer (PUSO): A managerial-level Department employee who a bureau executive director or equivalent designated, in writing, to administer the security program in that bureau or organization and maintain liaison with DS/SI/APD. PUSOs may designate any number of unit security officers to assist in performing security duties. Bureaus with assigned BSOs are not required to designate a PUSO.
Product certification center: A facility which certifies the technical security integrity of communications equipment. The equipment is handled and used within secure channels.
Professional courier (or diplomatic courier): A person specifically employed and provided with official documentation (see 12 FAM 141) by the Department to transport properly prepared, addressed, and documented diplomatic pouches between the Department, its diplomatic missions, and across international boundaries.
Program Manager (or information system owner): Official responsible for the overall procurement, development, integration, modification, or operation and maintenance of an information system.
Protected distribution system (PDS): A wireline or fiber optic communications link with safeguards to permit its use for the distribution of unencrypted classified information.
Protectee: The individual being protected. Also known as the “principal”.
Protection schema: An outline detailing the type of access users may have to a database or application system, given a user’s need-to-know, e.g., read, write, modify, delete, create, execute, and append.
Protective detail: An individual or group of individuals assigned to protect a person. Protected persons include, for example, the Secretary of State as well as certain domestic dignitaries, visiting foreign dignitaries, and resident dignitaries. Also known as a “detail”.
Protective Intelligence: Information derived from all sources that is used in a holistic, proactive method of identifying, assessing, and mitigating possible threats to the Department in support of DS’s protective, security and law enforcement responsibilities, pursuant to the Omnibus Diplomatic Security and Antiterrorism Act of 1986 and other applicable legal authorities, within the context of DS’s security and law enforcement intelligence mission.
Public Access Area (PAA): Per 12 FAH-6 H-021, an area within the building, outside of the GWA, where services are provided to the general public; and where locally employed staff and personnel with no clearance have unrestricted access.
Public trust positions: Positions designated at either the high, moderate, or low risk level as determined by the position's potential for adverse impact to the integrity and efficiency of the Service (see 5 CFR 731.106). Positions at the high or moderate risk levels are referred to as "public trust" positions and, generally, involve policy making, major program responsibility, public safety and health, law enforcement duties, fiduciary responsibilities, or other duties/responsibilities demanding a significant degree of public trust. "Public trust" positions also involve access to, operation of, or control of proprietary systems of information (e.g., financial or personal records), with a significant risk for causing damage to people, programs or an agency, or for realizing personal gain. The “low risk” positions are, generally, referred to as “non-sensitive” positions.
Publicly available information: Information generally available to the public, including information that is published or broadcast for public consumption, available on request to the public, accessible online or otherwise to the public, available to the public by subscription or purchase, made available at a meeting open to the public, or obtainable by visiting any place or attending an event that is open to the public (e.g., public places).
R
Record material: All books, papers, maps, photographs, or other documentary materials, regardless of physical form or characteristics, made or received by the U.S. Government in connection with the transaction of public business and preserved or appropriated by an agency or its legitimate successor as evidence of the organization, functions, policies, decisions, procedures, or other activities of any agency of the U.S. Government, or because of the informational data contained therein.
Record traffic: Official written correspondence such as a letter, telegram, memorandum, email, or other permanent form that records, documents, or sets down in writing a way of preserving knowledge or information.
Recovery point objective: The point in time to which data must be recovered after an outage.
Recovery time objective: The overall length of time an information system’s components can be in the recovery phase before negatively impacting the organization’s mission or mission/business functions.
Regional diplomatic courier officer (RDCO): The supervising individual responsible for Diplomatic Courier operations of one of four Diplomatic Courier Service regional divisions located in Washington, D.C., Miami, Frankfurt, and Bangkok.
Regional cyber security officer (RCSO): Regional cybersecurity officers are Diplomatic Security (DS) Security Engineering Officers (SEOs) who serve as independent assessors and cyber subject-matter experts, both overseas and domestically. Their primary role is to conduct assessments of Department information and operational technology systems and recommend mitigations to improve the Department's respective information security programs.
Regional director for security engineering (RDSE): RDSEs are senior SEOs responsible in their regions for managing and coordinating technical security support provided by subordinate ESCs, ESOs, TSOs, RTOs, and any other DS/C/ST service provider.
Regional security office local vetting (RESOLVE) system: An application that provides RSOs and FSNIs a means of conducting standardized background investigations. RESOLVE collects, tracks, and manages all information related to these background investigations, ensures that the investigations meet Diplomatic Security guidance, and serves as the system of record for RSO security certifications, physical access, and OSHP certifications.
Regional security officer (RSO): The RSO is a member of the U.S. Foreign Service and a Diplomatic Security Service special agent serving at an overseas post. RSOs are responsible for implementing and managing the Department’s security and law enforcement programs at their assigned post and constituent post(s), if applicable. The lead officer in a regional security office is designated the RSO, and additional special agents are either deputy regional security officers (DRSOs), assistant regional security officers (ARSOs), supervisory overseas criminal investigators (SOCIs), or overseas criminal investigators (OCIs). See 12 FAM 420 for additional information related to regional security office staffing and positions.
Regional security technician (RST): RSTs are locally employed staff who work under the management and direction of an ESC or ESO. RSTs provide technical security support for equipment and in areas of U.S. diplomatic missions as appropriate for their individual level of security clearance.
Regional Technical Office (RTO): RTOs operate under the aegis of an ESC, ESO, or TSO. RTOs are located at various U.S. diplomatic missions abroad in order to provide responsive technical security support. RTOs are staffed by Regional Security Technicians (RST).
RED: In cryptographic systems, refers to information or messages that contain sensitive or classified information not encrypted. (See also BLACK.)
Red-black separation: The requirement for physical spacing between “RED” and “BLACK” processing systems, and their components, including signal and power lines.
Redundant control capability: Use of active or passive replacement, for example, throughout the network components (i.e., network nodes, connectivity, and control stations) to enhance reliability, reduce the threat of single point-of-failure, enhance survivability, and provide excess capacity.
Remote access: Refers to accessing Department SBU and/or Unclassified networks, either domestically or abroad, from Department-owned or non-Department owned systems via a Department-approved remote access program (e.g., Global OpenNet (GO), or via a Department computer located in an employee’s home).
Remote (non-local) maintenance: Maintenance activities conducted by individuals communicating through an external network (e.g., the Internet) or an internal network from a non-Department facility (e.g., home computer).
Remote diagnostic facility: An off-premise diagnostic, maintenance, and programming facility authorized to perform functions on the Department computerized telephone system via an external network trunk connection.
Remote processing: Refers to employees processing Department information on Department-owned or non-Department owned systems at non-Department facilities (e.g., home office).
Removable media: Portable electronic storage media such as magnetic, optical, and solid-state devices, which can be inserted into and removed from a computing device and used to store text, video, audio, and image information. Examples include hard disks, zip drives, compact discs, thumb drives, pen drives, and similar USB or Thunderbolt connected storage devices.
Repatriation: the act or process of restoring or returning someone or something to the country of origin, allegiance, or citizenship.
Resident Office: See "DS Resident Office".
Restricted area: A specifically designated and posted area where classified information or material is located or where sensitive functions are performed, access controlled, and only authorized personnel are admitted. (See also 12 FAH-6 H-021.)
Restricted data: All data (information) concerning:
(1) Design, manufacture, or use of atomic weapons;
(2) The production of special nuclear material; or
(3) The use of special nuclear material in the production of energy, but not to include data declassified or removed from the restricted data category pursuant to section 142 of the Atomic Energy Act (see section 11w, Atomic Energy Act of 1954, as amended; 42 U.S.C. 2014(y)).
RF shielding: The application of materials to surfaces of a building, room, or a room within a room that makes the surface largely impervious to electromagnetic energy. As a technical security countermeasure, it is used to contain or dissipate emanations from information processing equipment and to prevent interference by externally generated energy. (See also 12 FAH-6 H-021.)
Risk: A measure of the extent to which an entity is threatened by a potential circumstance or event and is typically a function of: (i) the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence.
Risk assessment: The process of identifying risks to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation, arising through the operation of an information system.
Robotic Process Automation (RPA): DS uses RPA technology to automate workflows and streamline manual business processes by mirroring human actions in interacting with systems and applications.
RON: Residence overnight.
S
Safeguard officer: A cleared person who watches classified diplomatic pouches while the courier is attending to other business.
Safeguards: Protective measures prescribed to meet the security requirements (i.e., confidentiality, integrity, and availability) specified for an information system. Safeguards may include security features, management constraints, personnel security, and security of physical structures, areas, and devices. synonymous with security controls and countermeasures.
Safe haven/area: A designated area within a building that serves as an emergency sanctuary (see 12 FAH-5 H-041). The Department's security standards for safe havens and safe areas in mission facilities are in 12 FAH-5 H-460 and 12 FAH-6 H-110.
Safekeeping: The transfer of custody of classified diplomatic pouches from a diplomatic courier for temporary storage in a secure area (such as an embassy vault). Safekeeping requires receipt of all items on form DS-7600 retained locally until custody is returned to the diplomatic courier.
Sanitization: Process to remove information from media such that information recovery is not possible. It includes removing all labels, markings, and activity logs.
SCI: The abbreviation for sensitive compartmented information, a category of highly classified information, which requires special protection governed by the director of National Intelligence (DNI). See 12 FAM 700.
Seabees: U.S. Navy personnel who serve in the Department's Naval Support Unit. Seabees assist with Department of State security programs consistent with a Memorandum of Agreement between the Navy and the Bureau of Diplomatic Security.
Secret-cleared U.S. citizen: A citizen of the United States who has undergone a background investigation by an authorized U.S. Government Agency and been issued a Secret security clearance, in accordance with Executive Orders 12968, as amended, and implementing guidelines and standards issued by the Security Executive Agent.
Secure room: Any room with floor-to-ceiling, slab-to-slab construction of some substantial material, i.e., concrete, brick, cinder block, plywood, or plaster board. Any window areas or penetrations of wall areas over 15.25 cm (96 square inches) must be covered with either grilling or substantial type material. Entrance doors must be constructed of solid wood, metal, etc., and be capable of holding a DS-approved three-way combination lock with interior extension. (See also 12 FAH-5 H-455).
Secure voice: Systems in which transmitted conversations are encrypted to make them unintelligible to anyone except the intended recipient. Within the context of Department security standards, secure voice systems must also have protective features included in the environment of the systems terminals.
Secured domestic Department of State facility: Any building or other location in the United States or its Commonwealths or Territories staffed or managed by the Department, which the Bureau of Diplomatic Security (DS) determines as warranting restricted entry.
Security and Law Enforcement Intelligence: Information relating to DS’s protective, security, and law enforcement responsibilities pursuant to the Omnibus Diplomatic Security and Antiterrorism Act of 1986 and other applicable legal authorities. Security and law enforcement intelligence includes protective intelligence, open-source intelligence, cyber intelligence, and criminal intelligence. Diplomatic Security gathers, analyzes, and disseminates this information to partner agencies, including members of the intelligence community. Intelligence, when not used to refer to functions reserved for the Intelligence Community, shall refer to security and law enforcement intelligence. Security and law enforcement intelligence covers a broad range of agency-specific policy and security needs, but the primary purpose is for the internal operations of Diplomatic Security in order to accomplish its statutory protect and prevent obligation.
Security and Law Enforcement Intelligence process: A process or cycle whereby information relating to DS’s protective, security, and law enforcement responsibilities pursuant to the Omnibus Diplomatic Security and Antiterrorism Act of 1986 and other applicable legal authorities is gathered, acquired, or collected against a list of requirements or needs and disseminated. Diplomatic Security uses this process when gathering, analyzing, and disseminating security and law enforcement intelligence.
Security anomaly: An irregularity possibly indicative of a security breach, an attempt to breach security, or of noncompliance with security standards, policy, or procedures.
Security categorization: The characterization of information or an information system based on an assessment of the potential impact that a loss of confidentiality, integrity, or availability of such information or information system would have on organizational operations, organizational assets, or individuals.
Security classification designations: Refers to Top Secret, Secret, and Confidential designations on classified information or material.
Security domain: The environment of systems for which a unique security policy is applicable.
Security engineering officer (SEO): SEOs are skilled engineers who serve as Foreign Service specialists worldwide for the Bureau of Diplomatic Security. SEOs are responsible for the technical and information security programs at diplomatic and consular posts overseas, to include technical security systems development, installation, assessment, and project management.
Security equipment: Protective devices such as intrusion alarms, safes, locks, and destruction equipment that provide physical or technical surveillance protection as their primary purpose.
Security Environment Threat List (SETL): A Department threat list intended to cover all localities operating under the authority of a chief of mission and staffed by direct-hire U.S. personnel. This list is developed in coordination with the Intelligence Community and issued annually by the Bureau of Diplomatic Security (DS). See 12 FAH-6 H-511.3.
Security Monitoring Solutions: Physical Security Information Management (PSIM) is a software platform of security applications and devices integrated into one comprehensive user interface to operate as a security monitoring solution. It collects and correlates events from disparate security devices and information systems (video, access control, sensors, analytics, networks, etc.).
Security Technical Specialist (STS): STSs are skilled technicians who serve as Foreign Service specialists worldwide for the Bureau of Diplomatic Security. STSs are trained to install, maintain, and operate equipment and systems that protect people, information, and property at U.S. diplomatic missions.
Sensitive But Unclassified (SBU) information: See 12 FAM 541541
Sensitive Compartmented Information Facility (SCIF): An area accredited to be used for the processing, storage, use, and discussion of sensitive compartmented information in accordance with Intelligence Community Directive 705. See 12 FAM 715.
Sensitive intelligence information: Such intelligence information of which unauthorized disclosure would lead to counteraction:
(1) Jeopardizing the continued productivity of intelligence sources or methods which provide intelligence vital to national security; or
(2) Offsetting the value of intelligence vital to national security.
Sensitive Personally Identifiable Information: See 5 FAM 463.
Sensitivity attributes: User-supplied indicators of file sensitivity the system uses to enforce an access control policy.
Setback: See "Standoff."
Server room: See computer room.
Shelter in Place (SIP): Taking cover and remaining in the current location during a crisis (sometimes referred to as "stand fast") until either receiving an all-clear signal, instructions to change locations, or making a decision to leave the current location based on training, experience, and/or threat analysis. Instructions on when/how to decide to remain sheltering in place or to leave for a different location is a post Emergency Action Committee (EAC) decision and can be added to the Emergency Action Plan (EAP). SIP can also apply to residences.
Significant Incident Report (SIR): Formerly known as a SPOT report, a significant incident report is a timely method of keeping DS headquarters informed of fast breaking or significant events. It is a concise narrative of essential information to document incidents impacting security or law enforcement equities under the Department's areas of responsibility. See 12 FAM 130, 12 FAM 420 and 12 FAM 800.
Small Unmanned Aircraft System (sUAS): Unmanned Aircraft Systems that are typically commercially available, improvised, or locally fabricated and employed in the operational environment. These sUAS typically weigh under 55 lbs./25kg, classified as Group 1 and 2 by the Department of Defense UAS group guide.
Software: Refers to the programs and applications that run on information systems.
Spam: The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.
Special agent: A special agent in the Diplomatic Security Service (DSS) who is a sworn officer of the Department or the Foreign Service, whose position is designated as either a GS-1811 or FS-2501 to perform those specific law enforcement duties as authorized by various federal laws including but not limited to 22 U.S.C. 2709, 4802, 4807, 3926, 3927, 4801, and 4823.
Special investigators: Contracted by the Department. Performs various non-criminal investigative functions in Diplomatic Security (DS) headquarters, field, and resident offices. They are not members of the Diplomatic Security Service (DSS) and are not authorized to conduct criminal investigations.
Special Protective Equipment Review Board: The Special Protective Equipment Review Board (SPERB) is an advisory board to the Director of the Diplomatic Security Service (DS/DSS). The SPERB serves as the primary, senior-level DS leadership forum to advise and assist the Director of DS/DSS on developing and recommending policies, procedures, and tactics on the research & development, testing & evaluation, fielding, and use of special protective equipment (SPE), personal protective equipment (PPE), and related equipment. The SPERB and its working groups evaluate SPE, PPE, and related equipment requirements through the lenses of policy and procedures, operating environments/threats, training, logistics and acquisition management, and available resources. The SPERB also provides guidance to DSS special agents and others who may be serving in a security or personal protection role in support of the DS mission. See also 12 FAM 020 and 12 FAM Exhibit 023(C).
Spherical zone of control: A volume of space in which un-cleared personnel must be escorted which extends a specific distance in all directions from TEMPEST equipment processing classified information or from a shielded enclosure. (See also 12 FAH-6 H-021.)
Significant Post Observed Threat Report "SPOT": This title is retired and renamed Significant Incident Report (SIR). See Above.
Spyware: Software secretly or surreptitiously installed into an information system to gather information on individuals or organizations without their knowledge; a type of malicious code.
Standoff: The distance measured from the attack side of the perimeter barrier (i.e., wall or fence) to the structural facade of an office building. The structural facade excludes non-structural or decorative elements that do not contribute to the blast or FE/BR protection of the building.
Storage object: A data object used in the system as a repository of information.
Subject: Generally, an individual, process, or device causing information to flow among objects or change to the system state. See object.
Supervisory overseas criminal investigator (SOCI): SOCIs, formerly known as Deputy Regional Security Officer - Investigations (DRSO-I), are supervisory positions in a limited number of missions to assist the RSO with span of control, where multiple OCIs are assigned, typically in missions with multiple consulates housing OCIs. The SOCI is responsible for all administrative, resource, operational, and investigative oversight of DS criminal investigations that involve host country or when any DS criminal investigation has an equitable nexus to host country. At the headquarters level, SOCIs are under the administrative control of the Overseas Criminal Investigations Division. SOCIs are rated by the Regional Security Officer and reviewed by the senior consular official at post.
Supply chain: Linked set of resources and processes between multiple tiers of developers that begin with the sourcing of products and services and extends through the design, development, manufacturing, processing, handling, and delivery of products and services to the acquirer.
System access: Ability and means to communicate with or otherwise interact with a system use system resources to handle information, gain knowledge of the information the system contains, or control system components and functions.
System accreditation: The official authorization granted to an information system to process sensitive information in its operational environment based on a comprehensive security evaluation of the system’s hardware, firmware, software security design, configuration and implementation, and other system procedural, administrative, physical, TEMPEST, personnel, and communications security controls.
System certification: The technical evaluation of a system’s security features that established the extent to which a particular information system’s design and implementation meets a set of specified security requirements.
System high mode: An AIS is operating in the system high mode when each user with direct or indirect access to the AIS, its peripherals, remote terminals, or remote hosts has all the following:
(1) A valid personnel clearance for all information on the AIS;
(2) Formal access approval for, and has signed nondisclosure agreements for all the information stored and/or processed; and
(3) A valid need to know for some of the information contained within the AIS.
System owner: Person or organization having responsibility for the development, procurement, integration, modification, operation and maintenance, and/or final disposition of an information or application system.
System security plan: Formal document that provides an overview of the security requirements for the information system and describes the security controls in place or planned for meeting those requirements.
T
Technical certification: A formal assurance by the Undersecretary for Management to Congress that standards are met that apply to an examination, installation, test, or other process involved in providing security for equipment, systems, or facilities. Certifications may include exceptions and are issued by the office or person performing the work in which the standards apply.
Technical penetration: An unauthorized or unintentional physical or electrical connection; an unauthorized or unintentional optical, acoustic, or RF hardware modification, implant, software driver or firmware modification, or the unauthorized collection of fortuitous information-bearing emanations from unmodified systems, from any of these sources designed to intercept and compromise information:
(1) Known to the source;
(2) Fortuitous and unknown to the source;
(3) Clandestinely established; or
(4) Those implemented or verified through detailed physical and instrumented technical inspections, such as technical surveillance countermeasures (TSCM) operation.
Technical Security Office (TSO): TSOs operate under the aegis of an ESC or ESO. TSOs are located at various U.S. diplomatic missions abroad to provide responsive technical security support. The officer-in-charge position is an STS.
Technical surveillance: The act of establishing a technical penetration and intercepting information without authorization.
Telecommunications: Any transmission, emission, or reception of signs, signals, writings, images, sounds, or information of any nature by wire, radio, visual, or other electro-magnetic, mechanical, or optical means.
Telework: See 3 FAM 2361.4.
TEMPEST: A short code name referring to the investigation, study, and control of compromising emanations from telecommunications and automated information systems.
TEMPEST equipment (or TEMPEST-approved equipment): Equipment that has been designed or modified to suppress compromising signals. Such equipment is evaluated against National TEMPEST Standards by NSA-certified personnel and laboratories. National TEMPEST approval does not, of itself, mean a device can be used within the foreign affairs community. Separate DS approval in accordance with the Overseas Security Policy Board (OSPB) is required.
TEMPEST hazard: A security anomaly that holds the potential for loss of classified information through compromising emanations.
TEMPEST test: A field or laboratory examination of the electronic signal characteristics of equipment or systems for the presence of compromising emanations.
Tenant Agency: A U.S. Government department or agency, other than the Department of State, operating abroad as part of the U.S. foreign affairs community under the authority of a chief of mission (COM). Excluded are military elements not under direct authority of the COM.
Tenant of commercial office space: An unclassified U.S. Government office space (not a chancery/consulate) located within a commercial office building with other non-U.S. Government organizations. The U.S. Government is not the sole occupant, does not occupy more than 49 percent of the usable square footage of the commercial office building, and has no control over access to the building.
The Vienna Convention on Diplomatic Relations (VCDR): The Vienna Convention on Diplomatic Relations is an international treaty on diplomatic intercourse and the privileges and immunities of a diplomatic mission. The VCDR sets forth law and practice on diplomatic rights and privileges.
Thin client: Desktop workstations that rely upon an enterprise architecture, with applications resident only on a server. The Department supports two types of thin clients:
(1) Flashless thin client, which has only random-access memory (RAM) installed; and
(2) Flash thin client, which has both RAM and non-volatile FLASH memory installed. The Department configures these devices to ensure the FLASH memory acts solely to enable booting of the workstation.
Threat: Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.
Tier 1 (T1) investigation: An investigation conducted for positions designated as low-risk, non-sensitive, and for physical and/or logical access, pursuant to Federal Information Processing Standards Publication 201 and Homeland Security Presidential Directive-12, using Standard Form 85, or its successor form.
Tier 2 (T2) investigation: An investigation conducted for non-sensitive positions designated as moderate risk public trust, using Standard Form 85P, or its successor form.
Top Secret-cleared U.S. citizen: A citizen of the United States who has undergone a background investigation by an authorized U.S. Government Agency and been issued a Top Secret security clearance, in accordance with Executive Orders 12968, as amended, and implementing guidelines and standards issued by the Security Executive Agent.
Treated conference room (TCR): A shielded enclosure that provides acoustic and electromagnetic attenuation protection.
Trusted computing base (TCB): The totality of protection mechanisms within an AIS (including hardware, firmware and software), the combination of which is responsible for enforcing a security policy. A trusted computing base consists of one or more components that together enforce a unified security policy over a product or AIS. The ability of a trusted computing base to correctly enforce a security policy depends solely on the mechanisms within the trusted computing base and on the correct input by system administrative personnel of parameters (e.g., a user’s clearance) related to the security policy.
Trusted Internet Connections (TIC) Initiative: The TIC Initiative, as outlined in OMB Memorandum M-08-05 (PDF, 1 page - 28 KB), is to optimize and standardize the security of individual external network connections currently in use by Federal agencies, including connections to the Internet.
Two factor authentication: The use of two types of authentication factors from the following:
(1) Something the user KNOWS (e.g., password) and
(2) Something the user HAS (e.g., the one-time FOB); or
(3) Something the user IS (e.g., fingerprint).
Type I: Type I products are designed to secure classified information but may also be used to protect sensitive unclassified information.
U
Unauthorized disclosure: The compromise of classified information by communication or physical transfer to an unauthorized recipient. It includes the unauthorized disclosure of classified information in a newspaper, journal, or other publication where such information is traceable to an agency because of a direct quotation, or other uniquely identifiable fact.
Unclassified controlled air pouch (UCAP): See 14 FAH-4 H-212.1-5 and 14 FAH H-223.
Unclassified Security Incident: An incident that occurs when there has been a contravention of any published Department policy, procedure or acceptable use guidelines and that contravention represents a failure to safeguard Department information or information systems, resulting in actual or elevated risk of damage to Department information systems, or actual or elevated risk of compromise or loss of control of administratively controlled Department information.
Unclassified Security Infraction: An incident involving a contravention of law or Department policy that does not result in actual damage to Department information systems, or actual compromise or loss of control of administratively controlled Department information. Infractions are often committed inadvertently, but still put the information or information system at risk. (See 12 FAM 553.1).
Unclassified Security Violation: An incident involving a contravention of law or Department policy resulting in actual or imminent damage to Department information systems, or compromise or loss of control of administratively controlled Department information. Violations are often committed knowingly, willfully, or negligently (see 12 FAM 553.2).
Unit load device (ULD): Aviation terminology referring to a pallet or container used to load freight (i.e., U.S. diplomatic pouches) on wide-body aircraft and specific narrow-body aircraft. It allows a large quantity of cargo to be bundled into a single unit that can be lifted by mechanical devices.
Unit security officer: A cleared U.S. citizen direct-hire employee, personal services contractor or commercial contractor designated by the bureau executive directors to assist the principal unit security officer or bureau security officer in carrying out security responsibilities.
United States and its territories: The 50 States; the District of Columbia; the Commonwealth of Puerto Rico; the Territories of Guam, American Samoa, the U.S. Virgin Islands; and the Possessions—Midway and Wake Islands.
Unmanned Aircraft (UA): An aircraft that does not carry a human operator and is capable of flight with or without human remote control.
Unmanned Aircraft System (UAS): The collection of devices consisting of one or more remotely operated unmanned aircraft and associated elements needed to operate the unmanned aircraft(s), such as communication links and control components. Regulations from the Federal Aviation Administration separate UAS into groups of under 55 lbs, and over 55 lbs. Small UAS (SUAS) under 55 lbs are governed by Title 14 part 107. UAS weighing greater than 55 lbs./25kg, classified as Group 3, 4, and 5 by the Department of Defense UAS group guide.
Upgrading: The determination that particular unclassified or classified information requires a higher degree of protection against unauthorized disclosure than currently provided. Such determination shall be coupled with a marking of the material with the new designation.
U.S. Diplomatic Pouch: A properly documented, sealed bag such as airfreight pouches: official, unclassified, registered or unregistered items, unclassified controlled air pouches (UCAP) and courier pouches generally limited to official classified and administratively controlled items. It is used to transmit approved correspondence, documents, publications, and other items for official use between the Department, U.S. Diplomatic posts, and between U.S. Diplomatic posts. (See 14 FAH-4 H-212.1-5 and 14 FAH-4 H-212.2).
U.S. national: a U.S. citizen, a U.S. national as set forth in 8 U.S.C. 1101(a)(22) and 8 U.S.C. 1408, or a lawful permanent resident (LPR) with significant ties to the United States. See also Section 307(2) of the Levinson Act.
User: Individual, or (system) process acting on behalf of an individual, authorized to access an information system.
User ID: Unique character string used by an information system to identify a specific user.
V
Vienna Convention: The Vienna Convention on Diplomatic Relations (see 12 FAM 111.2), which sets forth law and practice on diplomatic rights and privileges. Couriers must follow these guidelines to ensure that diplomatic rights and privileges are not infringed upon. (See 12 FAM 123.)
Visa fraud: The unlawful application, procurement, alteration, forging, or counterfeiting of a visa. Also, the unlawful possession, use, sale, or transfer of a visa.
Visitor: Any person not issued a permanent building pass, who seeks to enter any Department facility for work, consultation, or other legitimate reason.
Visitor passes: Passes of limited duration that DS issues to visitors at designated Department facilities. These also include conference or other special function passes.
Volatile memory: Memory that requires power to maintain the stored information. Volatile memory retains the information as long as there is a power supply, but when there is no power supply, the stored information is lost.
Vulnerability: Weakness in a facility, equipment, information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.
W
Weingarten rights: Rights afforded to an employee who is a member of a collective bargaining unit for which a union representative has exclusive representation rights. When the employee is to be personally interviewed and reasonably believes the interview may result in disciplinary action against him or her, the investigating official must give the employee the opportunity to be represented by the exclusive representative, if the employee so requests.
Whitelisting: The process used to identify:
(1) Software programs authorized to execute on an information system; or
(2) Authorized Universal Resource Locators (URL)/Web sites.
Wireless technology: Technology that permits the transfer of information between separated points without physical connection.
Workbag: A larger diplomatic pouch used to consolidate smaller classified diplomatic pouches. It is usually secured with a pouch seal or the courier’s personal lock. Only other diplomatic pouches may be transported inside the workbag. Personal items are not allowed.
Wrongful Detention: a case in which a foreign government has detained an individual and the United States government regards such detention as wrongful per 7 FAM-1824, Wrongful Detention of U.S. Nationals-Overview and Scope.
12 FAM 014 THROUGH 019 UNASSIGNED