Military Security Acronyms

Aviation Operational Threat Response (AOTR) — the coordinated interagency framework for responding to aviation threats in U.S. airspace, integrating Department of Defense, Department of Homeland Security, Federal Aviation Administration, and law enforcement actions against suspect aircraft, including identification, intercept, and (as a last resort) engagement procedures.

"The interagency framework for handling suspect aircraft in U.S. airspace."

AOTR is the playbook the U.S. government uses when an aircraft inside the homeland is doing something it shouldn't — entering restricted airspace around DC, dropping comms over the FIR, deviating off a flight plan in a way that triggers concern. The framework knits together NORAD (the fighters), FAA (the controllers), DHS/CBP/AMOC (the trackers), TSA, and law enforcement; the AOTR procedures define who calls the intercept, who has shoot authority, and how the chain runs from "track of interest" up to the President if it ever has to go that far. To an F-15 or F-16 pilot on Aerospace Control Alert, AOTR is the procedure the controller is running when the scramble call comes in. The framework was forged in the post-9/11 review and has been refined repeatedly since.

A formal declaration by a designated Authorizing Official authorizing operation of an information system and explicitly accepting the residual risk to organizational operations, assets, individuals, other organizations, and the nation.

"Official authorization to operate a system on DoD networks."

An ATO is a senior official (the Authorizing Official, or AO) signing a document that accepts the residual risk of running your system in production. No ATO, no production — that is the rule the network operators enforce. ATOs come in flavors: full ATO (typically three years), ATO with conditions, and the now-rare interim ATO. When an ATO expires and is not renewed, the system gets disconnected; "ATO cliff" is a budget and program-management problem, not a technical one. (Aviation uses "ATO" for Air Tasking Order — entirely different concept.)

Biometric-Enabled Watchlist (BEWL) — a watchlist of individuals identified through biometric enrollment and intelligence linkage as warranting screening, interest, or interdiction, used at base entry control points, port-of-entry screening locations, and operational checkpoints to identify individuals encountered against the enrolled population of interest and to trigger appropriate response procedures.

"The biometric watchlist used at entry points to flag enrolled persons of interest."

BEWL is what makes a biometric collection at an ECP actually useful — without a watchlist to compare against, a fingerprint scan is just a fingerprint. The BEWL is built from BEI analysis (detainee biometric enrollments, latent prints from IEDs and evidence, intelligence-derived identifications) and pushed to field collection devices (HIIDE, SEEK, BAT) so that an MP at a base ECP or a SOF team at a checkpoint gets a hit when a person of interest swipes a finger or has their iris scanned. To an MP company commander running base ECPs in CENTCOM, BEWL is the daily target-deck for ECP enforcement; to the analyst inside the targeting cell, BEWL is one of the outputs that justifies the BEI workflow. Privacy, retention, and sharing rules apply heavily — BEWL data is heavily restricted and lawyer-reviewed.

The area surrounding and immediately adjacent to a military installation in which security measures, force protection actions, and access controls are coordinated to defend the installation against external threats, as defined in the DoD Dictionary of Military and Associated Terms.

"The security perimeter around an installation where force-protection rules apply."

BSZ is the doctrinal name for the buffer around an installation where force-protection measures extend beyond the fence line — host-nation liaison for off-base patrols, traffic control measures on the inbound roads, no-fly or restricted airspace overhead, and the coordination with civil law enforcement (CONUS) or host-nation security forces (OCONUS) that makes it all hang together. For the soldier on FP duty at an overseas installation (Camp Humphreys, Ramstein, Aviano, Naval Station Rota), the BSZ is the area where ECP procedures, vehicle inspection, and stand-off distance matter — the IED threat at the front gate is what made FPCON, BSZ standoff, and access-control architecture serious in the first place. The acronym shows up most in OCONUS and contingency-base doctrine; CONUS installations call most of the same concept "force protection" without the formal BSZ label.

Credibility Assessment Program Manager (CAPM) — the designated individual responsible for managing a Department of Defense or service-level credibility assessment program, which includes polygraph examinations and other approved credibility-assessment techniques used in personnel security, counterintelligence, and law enforcement contexts; operates under DoD Instruction 5210.91 and component CI/security policy.

"The person running the polygraph program for a DoD component — personnel security and CI use."

CAPM is the program-management role behind the polygraph and other credibility-assessment work — running the examiner cadre, maintaining accreditation, tracking quality control of examinations, and coordinating with DoD-level oversight at the Department's credibility-assessment authority. Most service members encounter the program from the other side: as the examinee for an initial or periodic polygraph during a TS/SCI clearance process, a CI scope review, or a law-enforcement investigation. The examiner sits across from them; the CAPM is a layer up, ensuring the program follows the regulation. The work has high stakes and recurring controversy — polygraph science is contested, and DoD policy on credibility assessment has evolved as the technique has been studied. The role exists at most components with a significant cleared population.

A Department of Defense Risk Management Framework authorization construct, formalized in the February 2022 DoD Chief Information Officer memorandum, that permits an information system to operate under continuous monitoring of security controls rather than periodic point-in-time reauthorization, when the system meets specified prerequisites for ongoing visibility, automated control assessment, and security operations response capability.

"A continuous-monitoring ATO model replacing periodic reauthorization."

cATO is the institutional answer to the static-ATO pattern — instead of producing a thick package every three years and treating the system as authorized in between, cATO requires continuous security-control monitoring, automated assessment, and a security-operations response capability. Programs that achieve cATO can operate without the periodic disruption of full reauthorization. The prerequisites are real: continuous monitoring tooling, mature security operations, and ongoing investment. cATO is the destination for many DevSecOps programs.

A secure telecommunications or information-handling equipment, or its associated cryptographic component, that is unclassified but governed by special accountability and handling requirements.

"Crypto-bearing equipment requiring formal accountability."

A CCI is a piece of crypto-bearing gear — a SIPR-capable laptop, a KG-series inline encryptor, a key fill device — that requires hand-receipt accountability and continuous physical control even when unkeyed. Loss or compromise triggers a CCI incident report (often handled as a COMSEC incident), with an investigation, a re-key of affected systems, and potential UCMJ exposure for negligence. The "CCI" sticker on the device is not decorative; the receipt for it follows you until you sign it over.

Command Counterintelligence Coordinating Authority (CCICA) — the senior counterintelligence officer designated to a combatant command or joint task force responsible for coordinating, prioritizing, and integrating counterintelligence activities conducted by service counterintelligence elements within the command's area of responsibility; ensures unity of effort across Army (USAINSCOM), Navy (NCIS), Air Force (OSI), and Marine Corps CI activities.

"The senior CI officer who coordinates Army, Navy, AF, and Marine CI activities inside a combatant command."

CCICA is the institutional answer to the question "who deconflicts when Army INSCOM, NCIS, OSI, and Marine CI are all running operations in the same AOR?" — a senior CI officer assigned to the CCMD whose job is to coordinate, prioritize, and integrate the four service CI enterprises into a single CI effort under the CCDR. The CCICA does not command the service CI elements (each service keeps its own chain), but they coordinate operations, deconflict targets, and report the integrated CI picture to the CCMD J2. To an Army CI agent at a forward unit, the CCICA is the headquarters that has to bless certain operations and the staff that owns the AOR-wide CI threat picture. The role exists because counterintelligence is service-stovepiped by statute, but the threat doesn't care about service boundaries.

Commerce Control List Item (CCLI) — a category of dual-use goods, software, or technology controlled for export by the US Department of Commerce under the Export Administration Regulations (EAR); the Commerce Control List (CCL) enumerates controlled items and assigns each an Export Control Classification Number (ECCN), which drives licensing requirements based on item, destination, end-user, and end-use.

"A dual-use technology, software, or item on the Commerce export-control list — needs a license to ship overseas."

CCLI is the export-control category that catches the dual-use stuff — items, software, and technology that have both commercial and military applications and that Commerce controls for export under the EAR (separate from the State Department's ITAR-controlled defense articles). Every CCLI gets an ECCN that determines which destinations need a license and which don't. To a program manager at a DoD acquisition office, CCLI status matters because the moment a system's technical data or components fall under a CCL classification, every foreign partner conversation has to route through the licensing process. To a contractor's export-compliance officer, the CCL is the day-job document. The dual-use category exists because much of modern military capability — semiconductors, encryption, sensors — also has civilian use, and the government tries to control diffusion without strangling US industry.

A controlled interface that provides the ability to manually or automatically access or transfer information between different security domains, accredited under national-level policy.

"Technology that lets you move data safely between classification levels."

A CDS is the accredited, audited bridge between two networks of different classification — typically SIPR to NIPR or NIPR to SIPR — and every transfer is a recorded event. Approval to stand up a CDS is famously slow: months to years through the cross-domain support office and the authorizing official. Trying to move data between domains without one (a flash drive, a personal email, "I will just retype it") is a spillage by definition.

Coast Guard Counterintelligence Service (CGCIS) — the United States Coast Guard counterintelligence organization, established to detect, identify, assess, exploit, counter, and neutralize foreign intelligence and international terrorist threats to Coast Guard personnel, operations, information, and equities; coordinates with the broader US counterintelligence community and the Department of Homeland Security.

"The Coast Guard's counterintelligence service — detects and counters foreign intel and terror threats to CG equities."

CGCIS is the small but real CI capability the Coast Guard runs for its own equities — protecting CG personnel, cutters, shore facilities, and operational information from foreign-intelligence and terrorist collection. The Service is much smaller than NCIS or AFOSI, but the mission profile is similar at the conceptual level: defensive briefings, threat-awareness training for CG members, investigation of suspected foreign-intelligence approaches, and coordination with the broader US CI community and DHS components. To a CG officer or petty officer briefed at a sensitive billet, the CI briefing comes from CGCIS; to a CG civilian working with allied partners, the foreign-contact reporting goes there. The Coast Guard's position in DHS (rather than DoD in peacetime) means CGCIS lives at an interesting bureaucratic intersection.

Information gathered and activities conducted to identify, deceive, exploit, disrupt, or protect against espionage, other intelligence activities, sabotage, or assassinations conducted for or on behalf of foreign powers, organizations, or persons, or their agents, or international terrorist organizations or activities.

"Intelligence activities aimed at countering foreign espionage and sabotage."

CI is the discipline of protecting against foreign intelligence threats — detecting espionage, defeating recruitment efforts targeting cleared personnel, hardening sensitive programs, and conducting offensive CI operations against adversary services. FBI is the lead inside the US; military CI organizations (Army INSCOM, NCIS for the Navy and Marines, AFOSI for Air Force, OSI for Space Force) handle service members. DCSA runs DoD CI for the cleared contractor workforce. The threat is real, the metrics are hard, and a successful CI program is one where you do not learn what would have happened.

A pair of software development practices in which code changes are continuously integrated into a shared mainline (Continuous Integration) and continuously delivered or deployed to production-like environments (Continuous Delivery / Continuous Deployment) through automated build, test, and release pipelines, as a foundational DevSecOps practice.

"Software practices for automated continuous code integration and release."

CI/CD is the technical foundation of any serious DevSecOps program — the automated pipeline that takes a developer's commit, runs unit and integration tests, security scans, and build steps, and produces a deployable artifact. The DoD-context CI/CD pipelines run on enterprise tooling (Platform One's Iron Bank container registry, Big Bang reference architecture) or on service-specific factories (Kessel Run, Space CAMP, Black Pearl, etc.). The maturity gap between teams running mature CI/CD and teams running periodic manual builds is one of the largest contributors to actual software delivery velocity.

Critical Infrastructure and Key Resources (CI/KR) — the systems and assets, whether physical or virtual, that are so vital to the United States that their incapacitation or destruction would have a debilitating impact on national security, economic security, public health or safety, or any combination thereof; organized into 16 critical infrastructure sectors under the National Infrastructure Protection Plan, with DoD designated as Sector-Specific Agency for the Defense Industrial Base.

"The federal framework for protecting infrastructure whose loss would cripple national security or economy."

CI/KR is the federal framework for critical-infrastructure protection that the Department of Homeland Security stewards across 16 sectors (Defense Industrial Base, Energy, Water, Transportation, Communications, IT, Financial Services, Healthcare and Public Health, others) — and DoD is the Sector-Specific Agency for the Defense Industrial Base, meaning DoD owns the cyber and physical security relationship with the contractor base that makes weapons, ships, aircraft, and information systems. To a DCMA contracting officer or a DCSA industrial security specialist, CI/KR is the doctrinal frame for the cybersecurity-maturity-model work, the facility-clearance work, and the supply-chain risk-management work. To a National Guard joint force headquarters running a DSCA mission, CI/KR is the list of sites the Guard might be supporting during a domestic contingency. The framework predates many of the cyber-era programs but has been reshaped by them.

The civilian foreign intelligence service of the federal government, responsible for collecting, analyzing, and disseminating foreign intelligence and conducting covert action at the direction of the President.

"The federal civilian foreign intelligence service."

CIA was established by the National Security Act of 1947 from the bones of the wartime OSS. Its work spans four directorates: Operations (clandestine HUMINT collection and covert action), Analysis (finished intelligence production), Science and Technology (collection systems and tradecraft engineering), and Support. CIA is not a domestic agency — its statutory mandate is foreign intelligence; FBI is the lead for foreign-intelligence activities inside the US. The relationship between CIA and DoD on covert action and overseas operations is governed by Title 10 / Title 50 boundaries that operators learn early.

Counterintelligence Coordinating Authority (CICA) — a designated joint counterintelligence position within a combatant command or joint task force that coordinates the activities of all assigned and supporting CI elements in the joint operations area to deconflict operations, integrate source vetting, and provide unity of effort across Service CI organizations and supporting national CI capabilities.

"The joint CI deconflicter — coordinates Army, Navy, AF, and supporting CI in a joint operating area."

CICA is the joint deconfliction role that keeps Service counterintelligence elements from tripping over each other in the same operating area — a designated officer or NCO at a CCMD or JTF J2X who coordinates Army INSCOM/MI CI, NCIS, AFOSI, MCIA, Coast Guard CGCIS, and supporting national-level CI (DIA, FBI legat) into one operational picture. Without CICA, two Services can recruit the same source, two investigations can hit the same target, or one Service's defensive operation can blow another Service's offensive collection. To a 35L CI special agent or an OSI agent forward at a CJTF, the CICA's SOPs determine what operations clear, who you brief on what, and the deconfliction window required before contact. The role traces to the post-9/11 lessons about CI fragmentation in the joint force; JP 2-01.2 codified it.

Counterintelligence Collection Requirement (CICR) — a formal, validated information requirement levied on counterintelligence collection assets to obtain information about a foreign intelligence threat, an international terrorist threat, or other CI-relevant threat to DoD personnel, operations, information, or equities; managed through the CI collection management process and tracked against CI Production Requirements.

"A validated CI tasking — what CI collectors are supposed to find out about a specific threat."

CICR is the CI analog to a SIGINT or HUMINT collection requirement — a formally-stated and validated tasking that drives what CI agents and analysts go look for, scoped to a specific foreign-intelligence threat, terrorism threat, insider-threat indicator, or other CI-relevant question. To a 35L special agent at a forward detachment, the CICR is the document that says "here is the named threat actor, here is the priority, here is what we need to know" — and the agent's collection plan and source-handling decisions tie back to the CICR. The CI collection management process tracks CICRs the way a SIGINT collection management cycle tracks SIGINT requirements. The product feeds CI Production Requirements (CIPRs), which produce the analytical reports that consumers actually read. Without disciplined CICRs, CI collection drifts into low-value busy-work — which has been a recurring criticism of the CI enterprise.

Critical Information List (CIL) — a commander-approved list of specific facts about friendly intentions, capabilities, or activities vitally needed by an adversary to plan and act effectively against the friendly mission; developed as part of the operations security (OPSEC) process to focus countermeasures and discipline information protection across the staff and supporting elements.

"The commander-approved list of facts the enemy must not know — the OPSEC focus document."

CIL is the OPSEC officer's most useful product — a short, commander-signed list of the specific facts about friendly forces, intentions, and activities whose disclosure would damage the mission, used to focus all OPSEC countermeasures (procedures, training, monitoring) on the things that actually matter. The list is concrete: not "everything about the operation," but "the specific date of execution, the location of the FARP, the identity of the assault force, the cyber capability being employed." To a brigade S2 or an OPSEC officer at any echelon, building the CIL is the first OPSEC step, and getting the commander to sign it is the act that legitimizes everything downstream — the EEFI list, the OPSEC vulnerability assessment, the briefings to supporting contractors. The CIL is also one of the things every service member should know about their own mission, because the discipline of "do not discuss CIL items" is what makes OPSEC actually work.

Counterintelligence Operations Cell (CIOC) — a joint or component staff element established to plan, coordinate, deconflict, and oversee counterintelligence operations within a commander's area of responsibility; functions as the operational nerve center for CI activities under the senior CI officer and integrates with the J2X (Joint Intelligence Support Element CI/HUMINT staff).

"The CI operations nerve center inside a joint headquarters — plans and deconflicts CI activity."

CIOC is the cell on a joint or combatant-command staff where counterintelligence operations actually get coordinated — the J2X (the CI/HUMINT staff element under the J2) owns the desk, and CI agents from the Service CI elements (Army MI 35L/35M, NCIS, AFOSI, Marine CID/CI) work the cases through it. Without a functioning CIOC, two Service CI elements can run unwitting on the same target in the same AOR, which has happened often enough that the structure exists to prevent it. The cell handles operational deconfliction, tasking of source operations, the threat picture briefed to the commander, and the linkage back to the Defense Counterintelligence and Security Agency and the FBI for cases that touch the homeland. The work is dry on paper and high-consequence in practice.

Counterintelligence Operational Tasking Authority (CIOTA) — the authority delegated to a commander to direct counterintelligence operations within the commander's area of responsibility, including the assignment of CI assets, prioritization of CI tasks, and operational control over CI activity in support of the commander's mission; distinct from technical control, which remains with the Service CI authority.

"The authority a commander holds to direct CI operations in their AOR — operational, not technical."

CIOTA is the tasking-authority language that lets a combatant commander or JTF commander actually direct counterintelligence work in their AOR without having to ask the Service CI HQ for permission on every operation. It's the operational handle; the technical handle (tradecraft standards, case file ownership, source vetting) stays with the parent CI organization. The split matters because CI is one of the few intelligence disciplines where technical and operational authority don't collapse to the same chain — the JTF commander gets to say "run a CI screen on the local national workforce" but doesn't get to say "skip the polygraph on this source." CIOTA delegations are spelled out in EXORDs and the J2X charter; getting them wrong is one of the recurring frictions on combined and joint task forces.

Critical Infrastructure Protection (CIP) — a DoD and interagency program to identify, assess, and protect physical and cyber infrastructure essential to the conduct of national defense and the functioning of the homeland, including defense industrial base, energy, transportation, communications, and water sectors; coordinated across DoD, DHS, sector-specific agencies, and private-sector partners.

"Identifying and protecting the infrastructure the joint force absolutely cannot lose."

CIP is the program that asks the unglamorous question — what would actually break the joint force if it went down? — and then tries to do something about it. The targets aren't the tanks and ships; they're the substations powering Norfolk, the rail lines into the SDDC ports, the undersea cables carrying SATCOM traffic, the natural-gas pipeline keeping Joint Base Lewis-McChord warm, the handful of foundries that pour Abrams armor. CIP work splits between DoD (the Defense Critical Infrastructure Program at OSD), DHS CISA (the homeland side), and the sector-specific agencies. The structure has been politically and bureaucratically contested for decades because it crosses public and private ownership lines, and because nobody likes being told their plant is on a target list. In a peer-adversary contingency, CIP is one of the seams everyone worries about.

Computer Intrusion Technical Exploitation (CITE) — the technical and forensic exploitation of computer intrusion events to identify the actor, methods, tools, and infrastructure used in the intrusion, in support of counterintelligence and law enforcement attribution and operational response; conducted by Service CI elements, DC3 (Defense Cyber Crime Center), and partner agencies.

"The forensic work of turning a computer intrusion into attribution and an actor profile."

CITE is the work of taking a confirmed computer intrusion on a DoD network and walking it backward — the malware sample, the C2 infrastructure, the lateral-movement artifacts, the timing — until you have a defensible attribution picture and the operational case can move. The Defense Cyber Crime Center (DC3) at Linthicum runs much of the heavy forensic capability, with Service CI elements (Army MI 35-series cyber CI, NCIS Cyber, AFOSI Cyber, CGIS Cyber) pushing cases in and out. The deliverable is usually a victim notification, a referral to DOJ or a foreign partner, or input to the CI operational picture in the relevant CIOC. The discipline sits at the seam of CI, cyber operations, and law enforcement, which is why the authorities are complicated and the tradecraft is closely held.

Counter-Improvised Explosive Device Targeting Program (CITP) — a DoD program established under JIEDDO (later the Joint Improvised-Threat Defeat Organization, JIDO/JIDA, now subsumed under DTRA) to provide fused multi-source intelligence analysis on IED networks, supporting attack-the-network operations against bomb-makers, financiers, and facilitators in the global counter-IED fight.

"The fusion-intel program built to attack IED networks — bomb-makers, financiers, facilitators."

CITP was the intelligence-fusion engine inside the broader counter-IED enterprise — JIEDDO/JIDA pulled together signals intelligence, human intelligence, biometrics, weapons technical intelligence, financial intelligence, and forensic exploitation into network packages on IED facilitators, with the deliverable feeding targeting at the JSOTF, CJSOTF, and combatant-command levels. The analysts (many of them contractors with cleared experience from CENTCOM) became one of the deeper benches of network-targeting tradecraft of the GWOT era. The counter-IED organizational structure has shifted multiple times — JIEDDO to JIDA to JIDO and into DTRA — and the question of what survived the drawdown into the great-power-competition era is real. The methodology, however, traveled into counter-UAS, counter-fentanyl, and other network-targeting work.

Collection Management Authority (CMA) — the authority delegated to a commander to establish requirements, plan, task, and coordinate the collection of intelligence within the commander's area of responsibility, exercised through the J2 collection management section to translate the commander's intelligence requirements into specific collection requirements and tasking of organic and supporting collection assets.

"The commander's authority to direct intelligence collection in their area of responsibility."

CMA is the authority that lets a combatant commander, a JTF commander, or a component commander actually direct intelligence collection in their area — translate the commander's critical information requirements into PIRs (priority intelligence requirements), translate PIRs into specific collection requirements, and task organic and supporting assets (UAS, signals intelligence, human intelligence, geospatial, partner-nation collection) accordingly. The J2 collection management section runs the daily mechanics under the commander's authority. CMA is a key seam: organic assets the commander owns directly, supporting assets that belong to national agencies (NGA, NSA, CIA) where the commander has tasking authority for some categories and only requesting authority for others, and partner-nation assets where the authority depends on the operating agreement. Getting the CMA picture right is the work of the J2 collection manager.

The Department of Defense's operational cyberspace force, organized under US Cyber Command, consisting of teams aligned to national mission, combat mission, and DODIN defense roles across the services.

"The DoD operational force structure for cyberspace operations."

CMF was built out in phases beginning in 2013 and reached full operational capability across the planned team structure in 2018. The force is roughly 6,200 personnel organized into 133 teams across three categories: National Mission Teams supporting CYBERCOM's national-defense mission, Combat Mission Teams supporting the geographic and functional combatant commands, and Cyber Protection Teams defending the DODIN. The services man, train, and equip; CYBERCOM employs.

A DoD framework requiring defense contractors to demonstrate cybersecurity practices and processes at one of several maturity levels, depending on the sensitivity of information they handle. Implementation is phased.

"A cybersecurity certification framework for the defense industrial base."

CMMC certification is becoming a precondition for many DoD contracts. The cost of compliance falls heavily on small and mid-tier defense suppliers; CMMC has been criticized as a barrier to entry for innovative small companies. The implementation timeline has slipped multiple times. If you are a contractor, track DFARS 252.204-7012 (current baseline) and the rollout of CMMC requirements in specific solicitations — not all contracts require all levels.

A Cyber Mission Force team type that conducts cyberspace operations in support of a specific combatant command, integrating cyberspace effects into the supported command's operations and plans.

"A CMF team type that supports a specific combatant command."

CMTs are aligned to combatant commands — CENTCOM has CMTs, INDOPACOM has CMTs, and so on. Their work integrates cyberspace effects into the broader joint operations of the supported command, planning operations alongside the J-3/J-5 staff at the CCMD and coordinating execution authorities back through CYBERCOM. They are the visible cyber face of joint operations at the theater level.

A defined group of users and information systems that share common information needs, missions, or business processes — within DoD information sharing and cybersecurity architectures, COIs are organized to enable information sharing across organizational boundaries with appropriate access controls — a foundational concept in the Joint Information Environment and broader DoD information-sharing architectures.

"Community of interest — a defined group sharing data and access across organizational boundaries."

COI is the information-sharing-architecture term for a group of users and systems organized around a common mission or information need — the construct DoD uses to manage cross-organizational data sharing with appropriate access controls. In practice, the COI concept underlies a lot of the federated identity, attribute-based access, and information-sharing arrangements that let intelligence analysts from different agencies see the same data, let coalition partners see what they're authorized to see (and nothing else), and let operators on different networks share situational awareness. The Joint Information Environment, Zero Trust Reference Architecture, and broader DoD information-sharing frameworks all depend on the COI concept. Outside of the IT and intel community, "community of interest" is used more loosely to refer to any stakeholder group with shared interest.

A Defense Intelligence Agency system for managing intelligence collection requirements across the intelligence community — provides the workflow for analysts to register intelligence needs, for collection managers to route those needs against available collection capabilities, and for the system to track production against requirements — the system of record for many years for collection requirements management at DIA and across DoD intelligence consumers.

"COLISEUM — the intel community collection-requirements management system at DIA."

COLISEUM is the system intelligence analysts and collection managers have used for years to formally submit, route, and track intelligence collection requirements — the system of record at DIA (Defense Intelligence Agency) and across DoD intelligence consumers for getting a question to the collectors who can answer it. Junior all-source analysts (35F at Army, equivalents at other services and DIA) learn COLISEUM as part of the basic workflow of how an information need becomes a tasking against an intelligence-collection asset and how the resulting production is tracked. The system has been replaced or augmented by various modernization efforts (the broader Intelligence Planning, Programming, and Execution efforts and successor systems), but the COLISEUM workflow concepts — requirement registered, routed, prioritized, satisfied — remain the basic model for intelligence requirements management.

A sub-discipline of signals intelligence consisting of technical and intelligence information derived from foreign communications by other than the intended recipients.

"Intelligence derived from intercepted foreign communications."

COMINT is the older and more familiar half of SIGINT — intercepted foreign communications (voice, text, data) processed and analyzed for content. NSA is the lead. COMINT is heavily regulated by EO 12333 and FISA when US persons are involved; the minimization and dissemination rules around US-person information in COMINT are extensive and trained. Service cryptologic personnel work COMINT analytic positions across the IC.

Measures and controls taken to deny unauthorized persons information derived from telecommunications and to ensure the authenticity of such telecommunications, including cryptographic, transmission, emission, and physical security.

"The discipline of keeping military communications protected."

COMSEC covers the crypto itself plus all the keying material, fill devices (SKL, KIK), and the procedures around them. The COMSEC custodian role is a thankless full-time job buried inside another full-time job — every key, every load, every audit traceable. A lost or compromised CCI is a serious incident with formal reporting, a re-key of every affected device, and an investigation that often ends in administrative action. Take the inventory seriously the first time.

Continuity of operations — the policy and capability that ensures the continued performance of essential functions of Department of Defense components and the federal government during a wide range of emergencies that disrupt normal operations, including natural disasters, terrorist attacks, accidents, technological events, and military actions — implemented through alternate facilities, devolution of authority, and pre-positioned communications capabilities.

"COOP — keeping essential functions running through disaster or attack."

COOP is the policy and capability for keeping essential government functions running through a wide range of emergencies — natural disasters, terrorist attacks, accidents, technological failures, military actions. Every DoD component and federal department maintains a COOP plan that identifies the essential functions that must continue, the alternate facilities where those functions can be relocated, the devolution of authority that transfers decision-making if primary leadership becomes unavailable, and the pre-positioned communications capabilities that connect dispersed elements. Mount Weather (FEMA), Raven Rock Mountain Complex (DoD alternate), Cheyenne Mountain (NORAD-NORTHCOM alternate), and other alternate facilities exist for exactly this purpose. The Cold War origin of COOP was nuclear-attack survivability; the post-9/11 evolution broadened to pandemic and terrorism scenarios; COVID-19 was the most recent broad COOP-relevant event with significant lessons learned.

A Cyber Mission Force team type, organized at the service level, that defends Department of Defense Information Network terrain and conducts internal defensive measures and response actions to defeat malicious cyberspace activity.

"A CMF team type that defends DoD networks."

CPTs are the largest team type in the CMF (the majority of CMF personnel are on CPTs). They are organized by service (Army CPTs, Navy/Marine CPTs, Air Force CPTs, etc.) and aligned to particular DODIN terrain — combatant commands, services, joint task forces. The CPT mission set is DCO: hunt for adversary presence on friendly networks, harden, drive remediation. It is unglamorous compared to NMTs, but it is the work that keeps the day-to-day DoD enterprise defensible.

The military element of the National Security Agency, providing cryptologic support to the Department of Defense and partnering with the Service Cryptologic Components of each military service.

"NSA's military cryptologic service component."

CSS was established in 1972 by Presidential Memorandum and is led, by tradition, by the Director of NSA dual-hatted as the Chief of CSS. CSS partners with the Service Cryptologic Components — Army's INSCOM cryptologic elements, Navy's 10th Fleet/Fleet Cyber Command, Air Force's 16th Air Force, Marine Corps Intelligence Activity (cryptologic side), Coast Guard CSE, and the Space Force cryptologic element. The arrangement is how uniformed personnel serve in cryptologic billets while staying in their parent services.

Per the DoD Dictionary, cybersecurity service provider — a DoD-accredited organization that delivers cybersecurity services (protect, detect, respond, sustain) to a defined subscriber base under DoD instruction, with formal scope, manning, and audit requirements established under the DoD Information Network (DODIN) operations framework.

"A formally accredited cyber defense provider — runs SOC functions for a subscriber base."

CSSP is the DoD framework for who is actually allowed to operate a cybersecurity operations center on a given network — accredited under DoDI 8530.01, audited against the Protect/Detect/Respond/Sustain function model, with defined subscribers and a defined scope. Services have tier-1 CSSPs (the Service NOSCs and CERTs), and major commands or agencies may have their own subordinate CSSPs. For the actual cyber operator on shift, working at a CSSP-accredited SOC means audited tickets, formal reporting up to USCYBERCOM and JFHQ-DODIN, and the periodic CCRI/CSSP-inspection cycle. The accreditation is what makes the SOC's findings authoritative across the rest of the joint enterprise.

Per the DoD Dictionary, the Comprehensive Nuclear Test-Ban Treaty — the 1996 multilateral treaty that would prohibit all nuclear explosive testing for any purpose; opened for signature 1996, signed by the United States but never ratified by the US Senate, and not in force globally because several Annex 2 states have not ratified. The Comprehensive Test Ban Treaty Organization (CTBTO) Preparatory Commission in Vienna operates the International Monitoring System.

"The CTBT — 1996 nuclear test ban treaty. US signed, never ratified."

CTBT sits in the unusual diplomatic category of a treaty the United States signed (1996) but the Senate never ratified, and that has not entered into force globally because several Annex 2 states (including the US, China, India, Pakistan, Israel, Iran, Egypt, North Korea at various points) have not ratified. The US has held to a self-imposed testing moratorium since 1992 and supports the CTBTO's International Monitoring System for detecting clandestine tests. For service members in the nuclear enterprise (Air Force ICBM and bomber communities, Navy SSBN, USSTRATCOM, NNSA labs), the CTBT context shapes the stockpile stewardship program — the entire scientific apparatus exists in part because the US has not tested in decades and doesn't plan to. The political situation around CTBT has been contested across multiple administrations.

Per the DoD Dictionary, Cooperative Threat Reduction — the DoD program (established by the 1991 Nunn-Lugar Act and successor authorities, now codified in 50 USC) that funds projects with partner nations to secure, dismantle, or destroy weapons of mass destruction stockpiles, delivery systems, and related materials and infrastructure, and to prevent proliferation.

"CTR — the Nunn-Lugar successor program securing WMD materials with partners."

CTR is the descendant of the original 1991 Nunn-Lugar program — DoD-funded work to secure or destroy WMD materials, delivery systems, and related infrastructure in partner nations, plus prevention work against proliferation. The original work in the 1990s in the former Soviet states (warhead transport, ICBM silo destruction, fissile-material consolidation) is historic; the program has since broadened geographically (former Yugoslavia, Africa, Southeast Asia) and topically (biological materials, dual-use detection equipment, border security against radiological smuggling). DTRA is the principal executor; CTR work is one of the more distinctive parts of a DTRA assignment. The program has been politically contested over the years (especially around Russia engagement after 2014); the doctrinal mission and the threat picture have remained constant.

A category of unclassified information requiring safeguarding or dissemination controls pursuant to law, regulation, or government-wide policy. Largely replaces the older "FOUO" handling caveat.

"A unified standard for unclassified information that still requires protection."

CUI consolidated dozens of agency-specific caveats (FOUO, LES, SBU, Sensitive But Unclassified, etc.) under one framework. Marking is consequential — incorrect CUI marking can trigger handling violations, and overclassification consumes resources. The CUI Registry at the National Archives lists categories; if your information does not fit a registered category, it probably is not CUI.

The full range of US Government activities — typically interagency, with State Department, USAID, DHS, FBI, and Department of Defense roles — to prevent the radicalization, recruitment, and mobilization of individuals to engage in violent extremism, including preventive engagement with at-risk communities, counter-messaging, capacity building with partner nations, and addressing the underlying conditions that contribute to radicalization.

"Countering violent extremism — the interagency preventive side of counterterrorism."

CVE is the preventive, upstream side of the counterterrorism mission — the activities aimed at preventing radicalization and recruitment rather than capturing or killing already-mobilized terrorists. The work is mostly civilian-led (State and USAID overseas, DHS and FBI domestically) with DoD playing a supporting role through partner-nation capacity building, security cooperation, and selected information operations. The acronym has gone in and out of fashion across administrations — sometimes called CVE, sometimes Targeted Violence and Terrorism Prevention (TVTP), sometimes other labels — but the underlying mission of addressing the conditions that produce violent extremists predates any particular administration and outlasts them. DoD components supporting CVE typically operate under interagency direction rather than as the lead agency.

A risk-assessment methodology used in antiterrorism, force protection, and critical-infrastructure-protection planning to evaluate assets, comprising three component assessments: criticality (the importance of the asset to mission accomplishment), vulnerability (the asset's susceptibility to attack or disruption), and threat (the likelihood and capability of adversary action against the asset) — the underlying logic of most joint and Service force-protection risk matrices.

"Criticality-vulnerability-threat — the three-factor risk methodology behind force protection planning."

CVT is the three-factor risk methodology that sits underneath most antiterrorism and force-protection planning: how important is this asset (criticality), how easy is it to attack (vulnerability), and how likely and capable is an adversary to attack it (threat). The product of the three is the risk score that drives prioritization of protective measures. The methodology shows up across joint antiterrorism doctrine (JP 3-07.2), Service-specific force-protection guidance, and the Defense Critical Infrastructure Program. CVT works well as a planning aid and badly as a substitute for judgment — every force-protection officer has stories about scores that produced absurd prioritization until human review intervened. The framework is one of those tools that's essential to know and dangerous to apply mechanically.

A standing or ad hoc joint or interagency working group convened to identify, analyze, and counter foreign deception efforts directed against US and allied forces — typically operating within the J-2 (intelligence) directorate of a combatant command or joint task force, with participation from intelligence-community and operational planning staffs as required.

"The counterdeception working group — the J-2 forum that hunts for adversary deception efforts."

CWG is the intelligence-side working group that gets analysts and operators in the same room to identify foreign deception efforts directed against US and allied forces — the institutional response to the recognition that if you don't actively look for adversary deception, you'll be deceived. The group typically lives under the J-2 (intelligence directorate) of a combatant command or joint task force, with all-source analysts, collection managers, MILDEC planners (from the operations side, on the receiving end of the analysis), and selected intelligence-community partners. Counterdeception is a quiet specialty: it requires comparing what the adversary is doing visibly against what the underlying capability and intent appear to be, and flagging the gaps. CWG outputs feed indications and warning, intelligence assessments, and the commander's decision-making.

The full range of activities to ensure the United States, its allies, and partners are neither attacked nor coerced by actors possessing weapons of mass destruction (chemical, biological, radiological, nuclear) — comprising prevention (nonproliferation, counterproliferation), protection (defense, consequence management), and response (offensive operations, elimination), with US Strategic Command and the Defense Threat Reduction Agency as principal DoD components.

"Countering weapons of mass destruction — the full prevent, protect, respond mission set against CBRN threats."

CWMD is the DoD framework for the entire CBRN-threat mission set — preventing actors from acquiring WMD (nonproliferation, counterproliferation), protecting the force and the homeland against WMD attack (CBRN defense, consequence management), and responding when prevention fails (offensive operations to eliminate WMD, render-safe missions, elimination operations). US Strategic Command has the global CWMD synchronization role; the Defense Threat Reduction Agency is the principal technical organization; combatant commands execute regional CWMD activities; and a long list of supporting commands (CBRN brigades, technical-escort units, nuclear-disablement teams, SOF elements) provide specialized capability. The doctrinal home is JP 3-40. CWMD is one of the higher-stakes mission areas because the consequences of failure are categorically different from most other operational outcomes.

In the counterdrug context, the Department of Defense detection and monitoring mission established under 10 USC §124 — the statutory authority under which DoD serves as the lead federal agency for detecting and monitoring aerial and maritime transit of illegal drugs into the United States, providing intelligence, surveillance, reconnaissance, and tracking support to the law-enforcement agencies that retain interdiction and arrest authority.

"Detection and monitoring — DoD's lead-agency counterdrug authority under 10 USC 124."

D&M is the statutory counterdrug authority that makes DoD the lead federal agency for detecting and monitoring aerial and maritime drug-trafficking movements into the United States — 10 USC §124, originally enacted in the late 1980s as part of the broader expansion of DoD support to drug-law-enforcement agencies. The mission gets executed primarily through US Northern Command, US Southern Command, and Joint Interagency Task Force South (JIATF-S) in Key West, with assets from the Air Force, Navy, Coast Guard, and contracted aerial surveillance providing the detection-and-monitoring capability. DoD does not have arrest authority in the counterdrug context — the law-enforcement agencies (DEA, FBI, CBP, ICE, Coast Guard in its law-enforcement role) execute the interdiction and arrest piece. The line between D&M and interdiction is a Posse Comitatus consideration, not just doctrine.

The authority exercised by a combatant commander, under SecDef-delegated authority, to direct subordinate forces in the planning and execution of cyberspace operations within the commander's area of responsibility — including the authority to direct defensive cyberspace operations on assigned DoD information networks and to coordinate with US Cyber Command for offensive cyberspace operations as authorized.

"Directive authority for cyberspace operations — the COCOM's authority to direct cyber ops in theater."

DACO is the SecDef-delegated authority that lets a combatant commander direct cyberspace operations within the commander's AOR — the cyberspace equivalent of the directive authority for logistics (DAFL) that combatant commanders exercise over logistics functions. DACO covers defensive cyberspace operations (DCO) on assigned DoD information networks within the AOR and the coordination role for offensive cyberspace operations (OCO) that flow through US Cyber Command. The authority is established in DoD policy and exercised through the combatant command's J-6 / J-3 cyber elements and the supporting Joint Force Headquarters-Cyber elements that USCYBERCOM provides. JP 3-12 (Cyberspace Operations) is the doctrinal home. The directive-authority structure is one of the institutional answers to the question of who can direct what in the cyber domain across geographic and functional command boundaries.

The Department of Defense installation access control system used at DoD installations worldwide to register and validate personnel for access, comprising biometric enrollment (fingerprints, photograph) and credentialing of authorized installation visitors and contractors — operated by the Defense Manpower Data Center (DMDC) and integrated with the broader DoD personnel identity infrastructure.

"DBIDS — the installation access system that enrolls and validates visitors and contractors at the gate."

DBIDS is the installation access control system the joint force uses to register and validate non-CAC-holding personnel — contractors, vendors, family members of cardholders, occasional visitors — at installation gates worldwide. The system enrolls fingerprints and photograph, prints a DBIDS credential, and checks the credential against access lists at the gate. Operated by the Defense Manpower Data Center (DMDC), DBIDS is the institutional answer to the problem of installation access control for the very large population of authorized people who don't hold a Common Access Card. Gate guards scan DBIDS credentials alongside CACs as part of normal access procedures; contracted security and military police personnel run the day-to-day enrollment and validation. The system replaced earlier post-specific access control systems over the 2010s and has continued to expand globally.

Department of Defense and Defense Industrial Base assets, systems, and networks — physical and cyber — whose incapacitation or destruction would have a debilitating effect on the security, economic security, public health, or safety of the United States or significantly impair the DoD's ability to execute the National Defense Strategy — the protected-infrastructure scope addressed by the Defense Critical Infrastructure Program (DCIP).

"Defense Critical Infrastructure — the protected assets DCIP exists to defend."

DCI is the DoD term of art for the infrastructure that has to keep working for the National Defense Strategy to be executable — DoD-owned bases and facilities, but also Defense Industrial Base companies, key transportation nodes, power and communications infrastructure that the joint force depends on, and the cyber infrastructure underneath all of it. The point of identifying something as DCI is to bring it into the Defense Critical Infrastructure Program (DCIP) for protection assessment, hardening, and resilience planning. The list itself is sensitive — naming the assets publicly creates targeting risk — but the underlying concept is that protecting a finite set of truly critical assets is more achievable than trying to protect everything equally. The term coexists with the broader civilian Critical Infrastructure (CI) framework that DHS owns.

The Department of Defense program responsible for identifying, prioritizing, assessing, and protecting Defense Critical Infrastructure (DCI) — including DoD-owned and Defense Industrial Base assets — through risk assessment, mitigation planning, and coordination with civilian critical infrastructure protection efforts under DHS and CISA — codified in DoD Directive 3020.40 and supporting issuances.

"DCIP — the DoD program that protects Defense Critical Infrastructure."

DCIP is the institutional program that turns the concept of Defense Critical Infrastructure into actual protection work — identifying the DCI inventory, running risk assessments, developing mitigation plans for the most consequential vulnerabilities, and coordinating with DHS and CISA on the civilian-infrastructure dependencies the joint force relies on. The program lives under the Office of the Assistant Secretary of Defense for Homeland Defense (OASD-HD&HA in the legacy structure) and engages combatant commands, Services, and Defense Agencies on their portions of the DCI inventory. For installation-level security and safety professionals, DCIP is the program that drives the deeper assessments beyond standard antiterrorism vulnerability assessment — a Tier 1 DCI asset gets a different level of attention than a non-DCI facility.

A Department of Defense capability operated by the DoD Cyber Crime Center (DC3) that enables bidirectional sharing of cybersecurity threat information between the Department and Defense Industrial Base companies — providing DIB partners with threat indicators, vulnerability information, and incident response support while facilitating DIB reporting of cyber incidents to DoD for analysis and broader DIB community defense.

"DCISE — DoD's cyber threat sharing environment with Defense Industrial Base companies."

DCISE is the operational mechanism that DoD uses to share cyber threat information with the Defense Industrial Base — the cleared defense contractors that build weapons systems, hold sensitive program information, and are persistent targets for nation-state cyber adversaries. The environment runs out of the DoD Cyber Crime Center (DC3) and provides both inbound (DIB reports incidents) and outbound (DoD shares indicators) flows. DIB companies that participate get access to threat intelligence and incident-response support they couldn't generate independently; DoD gets a clearer picture of adversary activity against the DIB attack surface. The program is part of the broader DIB Cybersecurity (DIB-CS) framework and continues to expand as CMMC and related DIB-cyber requirements mature.

Missions to preserve the ability to utilize blue cyberspace capabilities and protect data, networks, cyberspace-enabled devices, and other designated systems by defeating on-going or imminent malicious cyberspace activity.

"Cyberspace operations focused on protecting friendly networks and data."

DCO splits into two sub-categories: internal defensive measures (DCO-IDM) on your own networks, and response actions (DCO-RA) that take action outside your network boundary to defeat an attack. DCO is the part of cyberspace operations most service members touch through their daily security hygiene; the CMF teams running DCO at scale are organized into Cyber Protection Teams across the services.

The Department of Defense agency that conducts federal background investigations, provides industrial security oversight, runs counterintelligence and insider-threat programs, and operates the personnel security adjudication systems for DoD.

"The agency that runs DoD background investigations and industrial security."

DCSA stood up in 2019 from the merger of NBIB (the investigation function inherited from OPM) and DSS (the industrial-security oversight function). They do the background investigation behind your clearance, oversee cleared contractors under NISPOM, run continuous evaluation, and operate DISS (with NBIS following). If your clearance hits a snag, the people looking at it almost certainly work for DCSA.

A software development and delivery methodology that integrates security practices and tools into the continuous-integration and continuous-delivery pipeline from the start of development, treating security as a built-in property of the development workflow rather than a downstream review gate — formalized for DoD use in the DoD CIO DevSecOps Reference Design and supporting documents.

"A software methodology integrating security into the development pipeline from the start."

DevSecOps in the DoD context is both a software philosophy and an institutional reform program — the philosophy ("shift security left," automate security checks, build secure pipelines) and the institutional structure (the DoD CIO Reference Design, Platform One enterprise tooling, Kessel-Run-style software factories). The pattern works when programs adopt the practice substantively; it fails when programs adopt the label and the tools but keep waterfall development and gate-driven security review behind the rebrand. The DoD CIO published the DevSecOps Fundamentals and the Reference Design as the operational definitions.

The Department of Defense combat support agency that provides military intelligence to warfighters, defense policymakers, and force planners, and serves as the principal manager of DoD all-source intelligence.

"The DoD agency for all-source military intelligence."

DIA was established in 1961 to consolidate the service intelligence functions that had been duplicating effort across the Army, Navy, and Air Force. It runs the Defense Clandestine Service (DoD-side HUMINT), the Defense Attaché System (uniformed military attachés posted to US embassies), and the National Center for Medical Intelligence at Fort Detrick. DIA also operates Joint Worldwide Intelligence Communications System (JWICS) for the IC, runs the Defense Counterintelligence and HUMINT Center, and is one of four defense IC agencies.

The DoD enterprise system of record for personnel security clearance information, including eligibility, access, investigations, and incident reporting, operated by DCSA.

"The system that tracks DoD clearance eligibility and access."

DISS replaced JPAS in 2021. Your clearance status, investigation history, access records, and any incident reports live here — visible to your facility security officer (FSO) and the adjudicators. If something gets flagged in DISS, you usually find out from your FSO long before any formal letter arrives. NBIS (National Background Investigation Services) is the next-generation replacement, rolling out in stages.

The head of the Intelligence Community, principal advisor to the President, National Security Council, and Homeland Security Council on intelligence matters related to national security, and head of the Office of the Director of National Intelligence.

"The Senate-confirmed head of the US Intelligence Community."

The DNI was created by IRTPA in 2004 (effective 2005) in response to the 9/11 Commission's finding that the CIA Director had been simultaneously running CIA and serving as the IC head — a conflict the Commission judged unworkable. The DNI's actual authorities are narrower than the title suggests: budget oversight of the National Intelligence Program, IC-wide policy, presidential briefings, and analytic standards. The DNI cannot command CIA, NSA, or any other element to do specific operations; those flow through cabinet-secretary chains.

A Department of Defense program managed by the Defense Threat Reduction Agency (DTRA) that prepares DoD facilities, units, and personnel for international arms-control treaty inspections — including New START, Open Skies (historical), Chemical Weapons Convention, and other treaty regimes — providing training, mock inspections, facility surveys, and inspection-response procedures so that when foreign inspectors arrive on US soil, units know how to comply with treaty obligations while protecting non-treaty information.

"DTIRP — the program that trains DoD units to handle foreign treaty inspections without leaking secrets."

DTIRP is the DTRA-run program that gets facilities and units ready for the day a foreign arms-control inspection team actually shows up — New START Russian inspectors at an ICBM wing, CWC inspectors at a chemical-demilitarization site, historical Open Skies overflights. The work is treaty law translated into facility procedures: which buildings inspectors can enter, which equipment can be photographed, what counts as a "shroud" over a non-declared system, how to escort foreign nationals through cleared spaces without compromising what they're not supposed to see. For unit security officers, treaty compliance officers, and facility commanders, DTIRP mobile training teams and mock inspections are how the institutional knowledge gets transferred. The political environment for inspection regimes has shifted significantly since 2022 but the readiness mission continues.

A criminal organization engaged in the production, transportation, distribution, or sale of illicit drugs — used in the DoD counter-drug and counter-transnational-organized-crime context to identify the targets of US Government interdiction, intelligence, and partner-nation capacity-building efforts, particularly in SOUTHCOM's Joint Interagency Task Force South (JIATF-South) operations and similar counter-drug architectures elsewhere.

"DTO — the doctrinal label for cartels and trafficking networks in counter-drug operations."

DTO is the analytic and operational label for the cartels, trafficking networks, and criminal organizations that US Government counter-drug operations target — most prominently in SOUTHCOM's area of responsibility where JIATF-South coordinates interagency interdiction against drug flow from South and Central America. The term is doctrinally neutral but the underlying work spans military detection-and-monitoring, partner-nation capacity-building, law-enforcement coordination (DEA, Coast Guard, HSI), and intelligence sharing. The military piece is bounded by Posse Comitatus and the statutory framework for counter-drug support (10 USC 124, 10 USC 271-284), so DoD personnel typically support law-enforcement leads rather than executing arrests. The DTO designation matters because it defines who is and isn't a legitimate target of counter-drug authorities and resources.

A Department of Defense field activity under the Under Secretary of Defense for Policy that administers DoD review of proposed transfers of US defense technology, services, and goods to foreign entities — chairs and supports interagency export-control review (State Department licensing under ITAR, Commerce Department licensing under EAR) on cases with national-security implications — provides DoD technology-security policy advice to the Secretary of Defense.

"DTSA — the DoD shop that reviews foreign export licenses for defense-technology implications."

DTSA is the OSD field activity that gives DoD a voice in foreign export-license reviews — when State (under ITAR) or Commerce (under EAR) gets a license application that touches defense-relevant technology, DTSA is the DoD reviewer that assesses national-security implications and recommends a position. The shop handles weapons-system technology, dual-use goods with military applications, foreign military sales packages with sensitive components, and the broader question of which technologies can leave the US and to whom. The work matters because export-control disagreements between DoD and State or Commerce play out through DTSA's case reviews; the shop is small but its positions get attention. The China and Russia technology-competition environment has put DTSA-relevant cases in front of senior decision-makers more often.

A US Government policy category for life-sciences research that, based on current understanding, can be reasonably anticipated to provide knowledge, information, products, or technologies that could be directly misapplied to pose a significant threat with broad potential consequences to public health and safety, agricultural crops, animals, the environment, materiel, or national security — subject to institutional review and federal oversight under the US Government Policy for Oversight of DURC.

"DURC — the policy label for biology research that could be repurposed into a weapon."

DURC is the life-sciences policy label for research that has legitimate scientific purposes but could be repurposed to do significant harm — gain-of-function work on pathogens, dual-use synthetic biology, enhanced-transmissibility studies, and similar lines of research. The US Government Policy for Oversight of Dual Use Research of Concern requires institutional and federal review before such work proceeds at federally-funded institutions; for DoD, the policy touches DARPA programs, USAMRIID work at Fort Detrick, and intersections with the BWC (Biological Weapons Convention) framework. The category has been politically contested across the COVID-era investigations into research origins; the underlying policy structure predates the controversy and has been progressively tightened. For biodefense planners and biosecurity professionals, DURC review is one of the institutional brakes on accidental weaponization.

The federal regulations, codified at 15 CFR 730-774, administered by the Department of Commerce Bureau of Industry and Security (BIS), that govern the export, re-export, and transfer of "dual-use" items (items with both commercial and military applications) on the Commerce Control List (CCL), with license requirements determined by item characteristics, destination, end-user, and end-use.

"The Commerce Department regulations governing dual-use export controls."

EAR controls the broader dual-use universe — everything from advanced semiconductors and cryptographic software to specific chemicals, certain biological agents, and specialized industrial equipment. EAR licensing is destination- and end-use-driven (the Country Chart determines license requirements by item and destination). The line between ITAR and EAR has moved over time (export control reform in the 2010s moved many items from USML to CCL); the practical compliance question for any controlled item is which list applies. The dual-use scope means EAR touches commercial industry far beyond traditional defense contractors.

The sub-discipline of electronic warfare, now generally referred to as Electronic Protection (EP), comprising actions taken to protect personnel, facilities, and equipment from any effects of friendly or enemy use of the electromagnetic spectrum.

"Electronic-warfare techniques that protect friendly systems from jamming."

ECCM is the legacy term; modern doctrine has folded it into Electronic Protection (EP). The techniques cover frequency hopping, spread spectrum, anti-jam modulation, emission control (EMCON), and the operator procedures (low-probability-of-intercept tactics) that keep friendly systems usable when the adversary is trying to disrupt them. Pilots, naval officers, and SOF teams all train in EMCON and EP discipline — the radio you do not transmit on at the wrong moment is one that does not give your position away.

A sub-discipline of signals intelligence consisting of technical and geolocation intelligence derived from foreign non-communications electromagnetic radiations emanating from other than nuclear detonations or radioactive sources — typically radar and other electronic emitters.

"Intelligence derived from foreign radar and other non-communications emitters."

ELINT is the radar end of SIGINT — characterizing the emissions of foreign radar systems (operating frequency, pulse repetition, scan pattern, etc.), identifying the radar by signature, and supporting electronic warfare and threat-system analysis. The work is essential to keeping aircraft and ships survivable: knowing what an emitter is, where it is, what it can detect, and how to defeat or evade it is the foundation of every survival-mode flight plan and emissions-control protocol.

The Department of Defense Risk Management Framework (RMF) governance, risk, and compliance system of record used to register information systems, document security controls, manage ATO packages, track authorization status, and provide visibility for Authorizing Officials and program offices across DoD components, operated by DISA.

"The DoD system of record for RMF authorization packages and ATO management."

eMASS is where every DoD information system's RMF documentation lives — the System Security Plan, Security Assessment Report, Plan of Action and Milestones (POA&M), inheritance relationships, and authorization-decision documentation. The system has a reputation for being slow, frustrating, and document-heavy; the package-build cycle is the dominant work of many RMF practitioners. The 2020s movement toward cATO and continuous monitoring tools is partly a response to the static-package-update pattern that eMASS reinforces.

A specialized airlift mission category for the emergency movement of nuclear weapons, nuclear weapon components, or nuclear materials by US Air Force airlift assets — conducted under the Personnel Reliability Program and the broader nuclear security and surety architecture — distinguished from routine nuclear logistics by its expedited timeline and elevated command, security, and safety procedures.

"ENAO — the no-kidding emergency airlift of nuclear weapons or components when normal channels can't."

ENAO is the mission set that exists for the day a nuclear weapon or component has to move on a short timeline that the routine logistics chain can't support — equipment failures requiring immediate replacement, security incidents requiring relocation, contingency operations requiring redistribution. The mission lives inside the broader nuclear weapons logistics framework with PRP-certified aircrews, dedicated security forces, and the surety controls that surround every nuclear material movement. The procedural overhead is enormous because the safety, security, and accountability requirements stack on top of normal airlift execution, which is the point — the only acceptable failure mode in nuclear logistics is the one that doesn't happen. Active-duty C-17 wings with the appropriate certifications carry these missions when tasked.

The Executive Order, signed by President Reagan in 1981 and amended several times (most significantly in 2008 by EO 13470), that establishes the foundational authorities, roles, and limits for the conduct of US intelligence activities.

"The foundational executive order governing US intelligence activities."

EO 12333 is the legal framework underneath every IC activity not specifically governed by statute. It establishes the roles of each IC element, the limits on collection of information about US persons, the procedures for sensitive activities, and the role of the Attorney General in approving certain activities. The 2008 amendment by EO 13470 incorporated IRTPA changes. Most disputes about IC authorities ultimately ground out in an interpretation of EO 12333 or its implementing Attorney General-approved procedures.

Dual-meaning DoD Dictionary entry: (1) the United States Environmental Protection Agency, the federal regulator with which DoD environmental compliance programs interact across installation operations, training ranges, hazardous-material management, and environmental cleanup; and (2) Evasion Plan of Action, a personnel recovery (PR) document prepared by aircrew or other isolated-personnel-risk personnel before a mission describing intended evasion routes, recovery rendezvous points, and authentication procedures should the individual become isolated.

"EPA — either the Environmental Protection Agency or the personnel-recovery evasion plan of action, depending on context."

EPA is one of the more head-snapping dual-meaning entries in the DoD Dictionary because the two meanings come from completely different worlds. In the environmental and installation-management context, EPA is the federal regulator the installation environmental office works with on CERCLA cleanups, RCRA hazardous-waste compliance, Clean Water Act stormwater permits, and the long tail of environmental rules that touch every base. In the personnel-recovery context (the SERE world, the aircrew survival world, the special-operations isolation world), EPA is the document a service member fills out before a mission describing what they will do if isolated — intended evasion route, recovery rendezvous points, signaling plan, authentication challenges and responses. The EPA in the second sense is sometimes the difference between getting recovered and not, which is why the SERE community treats the document with the seriousness it does.

A captured enemy combatant entitled to prisoner-of-war status and protections under Geneva Convention III (Relative to the Treatment of Prisoners of War, 1949) — the doctrinal label used by US military forces for captured uniformed combatants of a recognized state party — distinguished from "detainee" (broader, including categories that may not qualify for full EPW protections) and from civilian internee (Geneva IV) — handled under specific reception, processing, evacuation, and internment procedures.

"EPW — captured enemy combatants entitled to Geneva III prisoner-of-war protections."

EPW is the doctrinal label for captured enemy combatants entitled to full Geneva Convention III protections — uniformed members of a recognized state-party armed force, captured while engaged in lawful combatant activity. The protections are extensive: humane treatment, identification only of name, rank, service number, and date of birth (the "big four"), no coercion in interrogation, protection from public curiosity, repatriation at the cessation of hostilities. The distinction between EPW and the broader "detainee" category matters because the protections differ — detainees in irregular conflicts may not qualify for full EPW status under treaty law, which has been one of the harder operational-legal questions across the post-9/11 conflicts. The doctrinal EPW handling chain (5 S's — Search, Silence, Segregate, Speed to the rear, Safeguard — and the broader 5T's framework) is taught at every basic-training cycle and remains the baseline for capturing-unit responsibilities.

A specialized survival, evasion, resistance, and escape (SERE) navigation product — typically printed on durable, water-resistant material — that combines topographic and political-geographic information for a region of operational interest with evasion-relevant overlays (border crossings, friendly contact points, hazards, communications layouts) — carried by aircrews, SOF teams, and other personnel at elevated isolation risk to support evasion movement and link-up with recovery forces.

"EVC — the SERE evasion chart, durable, water-resistant, marked up with evasion-relevant overlays."

EVC is the durable, water-resistant chart that aircrews and SOF operators carry in case they end up on the ground and unaccounted for. It is not a regular map — it is built specifically for evasion: the political geography of borders and crossing points, the natural terrain features that support concealment and movement, friendly contact points where applicable, hazards (mined areas, hostile populations, environmental risks), and communications overlay information that aligns with the recovery force's SOPs. The chart is one of the deliberate artifacts of personnel recovery planning — the J3-PR / J9 / SERE shop builds the EVC for the operational area, and aircrews and operators carry it in their survival kit. For the SERE instructor cadre, teaching how to actually use an EVC under stress is one of the harder pieces of the syllabus, because the chart only helps if the evader knows how to read it without panicking.

A specialized US Marine Corps security force unit assigned to Marine Corps Security Force Regiment under Navy operational control, providing limited-duration, expeditionary security augmentation to protect vital naval and national security assets — primarily naval nuclear weapons facilities, certain embassies, and other designated high-value assets in response to increased threat levels or specific contingencies.

"FAST — the Marine antiterrorism team that augments embassy and naval-asset security on short notice."

FAST is the Marine Corps quick-response security force that flies into an embassy or a naval facility when threat reporting spikes or a specific incident demands more security than the resident detachment can provide. Three FAST companies (Europe, Pacific, CONUS) under Marine Corps Security Force Regiment maintain rotational ready-platoons that can be on a plane in hours and on the ground in a day or two. The Marines who go FAST are infantry Marines who screened for the duty, ran the security-force course, and accepted a deployment tempo that is brutal — short-notice contingency response on top of scheduled rotations for nuclear weapons security at Bangor and Kings Bay. FAST got significant operational attention after the 2012 Benghazi attack drove a hard look at embassy reinforcement capability; the unit's role in embassy reinforcement and crisis response continues.

The intelligence discipline that exploits forensic materials (latent fingerprints, DNA, ballistic evidence, document and media exploitation, biometrics) recovered from operational sites, captured equipment, detainees, and crime scenes to generate identity intelligence, attribution, and predictive intelligence in support of operations against terrorist networks, insurgencies, and other threats.

"FEI — the intelligence discipline that turns fingerprints, DNA, and forensic evidence into actionable identity intelligence."

FEI is the intelligence discipline that grew out of the Iraq and Afghanistan biometric and forensic boom and stuck around because it works. Latent fingerprints lifted off an IED component, DNA from a captured fighter, ballistic matches between weapons recovered at multiple sites, exploited digital media — forensic-enabled intelligence takes that physical evidence and runs it against biometric databases, identity records, and previous-incident files to produce attribution, network linkages, and watchlist updates. The mission lives at the intersection of military intelligence (operational tempo), law enforcement (chain of custody and admissibility), and identity management (who is this person and have we seen them before). For the analysts and operators inside the special operations and counterterrorism communities, FEI is one of the disciplines that turned the post-9/11 fight from kinetic to network-targeting.

Any known or suspected foreign organization, person, or group (public, private, or governmental) that conducts intelligence activities to acquire US information, block or impair US intelligence collection, influence US policy, or disrupt US systems and programs — the counterintelligence community's umbrella term for the adversaries that the DoD CI enterprise is built to detect, deter, and defeat.

"FIE — the counterintelligence community's umbrella term for any foreign threat to US information and personnel."

FIE is the counterintelligence community's deliberately broad umbrella for "the people on the other side" — foreign intelligence services, terrorist organizations, criminal groups working for state sponsors, insider-recruitment networks, and the influence campaigns that don't fit neatly into any of those categories. The reason the term is broad is that the threat space is broad: a Chinese intelligence officer recruiting a defense contractor employee, a Russian GRU cyber team conducting reconnaissance against a critical infrastructure target, an Iranian network running social-media recruitment of personnel with clearances, and a transnational criminal organization moving counterfeit electronic parts into the DoD supply chain are all FIE activity for CI purposes. The training every cleared service member gets — report foreign contact, report suspicious behavior, report attempted elicitation — is downstream of the FIE framework. Counterintelligence support to force protection is built around early detection of FIE activity targeting installations, personnel, and capabilities.

Intelligence derived from the analysis of financial transactions, networks, and patterns to identify the funding, movement, and use of money supporting threats to national security, including terrorism, proliferation, and transnational organized crime.

"Intelligence derived from analyzing financial transactions and networks."

FININT became a major IC discipline after 9/11 with Treasury's Office of Intelligence and Analysis (TFI/OIA — a Treasury element, but part of the IC) leading the work alongside FBI and CIA. The Bank Secrecy Act reports — SARs and CTRs filed by financial institutions to FinCEN — are the foundational data, paired with classified collection. The tradecraft of follow-the-money is now central to counterterrorism, counterproliferation, and sanctions enforcement.

The 1978 federal law (codified at 50 USC Chapter 36) that establishes the procedures for the physical and electronic surveillance and collection of foreign intelligence information between or among foreign powers and agents of foreign powers.

"The federal law governing foreign-intelligence surveillance in the US."

FISA is the framework that allows electronic surveillance, physical search, pen register/trap-and-trace, and the production of business records for foreign-intelligence purposes — with judicial approval by the Foreign Intelligence Surveillance Court (FISC). Section 702 (added by the FISA Amendments Act of 2008 and reauthorized periodically) is the heavily-used authority for targeting non-US persons reasonably believed to be located abroad. FISA has been amended repeatedly; the current authorities are reauthorized on a recurring cycle that draws sustained legislative attention.

The federal court established by FISA to review applications for foreign-intelligence surveillance, composed of eleven federal district court judges designated by the Chief Justice of the United States.

"The federal court that approves foreign-intelligence surveillance applications."

The FISC reviews FISA applications submitted by DOJ on behalf of the IC. Hearings are ex parte and generally classified; the court rarely publishes opinions, though significant ones have been declassified since 2013. The FISA Court of Review hears appeals. Critics have argued the court functions as a rubber stamp given the high approval rate; the court and its defenders note the substantial back-and-forth in the application process before formal submission. The FISC is one of the few unclassified-but-rarely-visible institutions in the IC.

A subcategory of signals intelligence consisting of technical information and intelligence derived from the intercept of foreign electromagnetic emissions associated with the testing and operational deployment of non-US aerospace, surface, and subsurface systems — including telemetry, beacon, transponder, and command-link signals from missiles, satellites, and weapon systems that reveal performance characteristics and operational parameters.

"FISINT — the SIGINT discipline that listens to foreign weapons systems while they're being tested."

FISINT is the SIGINT discipline that turns a missile test into intelligence about the missile. When a foreign adversary fires a ballistic missile, a hypersonic glide vehicle, or a satellite into orbit, the system itself emits telemetry — performance data the engineers need to evaluate the test — and that telemetry, intercepted by national technical means or by deployed collection platforms, tells US intelligence what the system can actually do as opposed to what the adversary advertises it can do. Beacon, transponder, and command-link signals around foreign weapon systems are also in the FISINT bucket. The discipline is technically demanding, heavily classified, and dominated by NSA and the Service cryptologic elements; the tactical operator never sees the raw take but lives downstream of the assessments that come out of it. FISINT is one of the cleanest cases of US technical intelligence advantage and one of the targets foreign denial-and-deception campaigns work hardest to defeat.

The federal law requiring each agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support agency operations and assets.

"The federal law that drives information-security programs across the government."

FISMA (originally 2002, modernized in 2014) is the statute that created the apparatus everyone in DoD security lives inside — RMF, NIST 800-53, agency CIOs, the annual FISMA reporting cycle, the FISMA scorecard that goes to Congress. In DoD it flows through DoDI 8500.01 and 8510.01. Most service members never read FISMA, but every mandatory training, every STIG scan, and every ATO traces back to it.

The process of acquiring foreign weapons systems, equipment, and technology for exploitation, technical intelligence analysis, threat replication, and training — conducted by the Service intelligence centers and the Defense Intelligence Agency's foreign materiel program to inform US capability development, electronic warfare planning, and threat representation in training and testing.

"FMA — the program that buys foreign weapons systems so US forces can study and replicate them."

FMA is the intelligence and acquisitions discipline that gets a Russian air-defense radar, a Chinese cruise missile component, or an Iranian drone into a hangar at Wright-Patterson, China Lake, or one of the Service intelligence center exploitation facilities. The collected material feeds technical intelligence assessments, electronic warfare countermeasures development, threat-replication for the joint training enterprise (the aggressor squadrons, the OPFOR at the combat training centers, the Red air at Nellis), and the threat-emulation hardware that goes into US weapons-system testing. The pipeline runs through DIA's foreign materiel program, the Service intelligence centers (NASIC for air and space, ONI for maritime, NGIC for ground), and the foreign disclosure officer apparatus that determines what can be shared with allies. FMA is a slow, expensive, high-payoff line of work that most of the operating force never sees but lives downstream of every day.

Continuous video imagery — typically infrared and/or visual spectrum — collected by airborne and unmanned platforms and disseminated to operational users for surveillance, targeting, and battle damage assessment.

"Live or recorded video from airborne and unmanned sensors."

FMV is the live and recorded video that ground commanders watch from RPAs and manned ISR platforms — the "drone feed" in popular shorthand, though the same product comes from manned aircraft sensors. The ROVER (Remotely Operated Video Enhanced Receiver) family of ground terminals lets ground commanders pull the feed in tactical settings. FMV analysis is a full-time discipline; the volume of recorded FMV from CENTCOM operations alone is measured in years of video.

A legacy handling caveat for unclassified information that may be withheld from public release under one of several FOIA exemptions. Largely superseded by the Controlled Unclassified Information (CUI) program.

"A traditional marking for unclassified information not for public release."

FOUO is being retired in favor of CUI, but legacy FOUO-marked documents will exist for years. Some agencies and offices remain inconsistent in their transition. The handling rules for FOUO and CUI are similar in spirit but the CUI framework is more legally specific. If you are creating new documents that need protection, mark them under CUI, not FOUO.

A Department of Defense system describing the threat level posed by terrorist or asymmetric threats to DoD personnel and facilities, expressed in five levels (Normal, Alpha, Bravo, Charlie, Delta) that drive a corresponding set of protective measures.

"A DoD posture system describing terrorist threat levels."

FPCON levels drive concrete actions at every DoD installation: FPCON Normal is baseline; Alpha indicates increased general threat; Bravo indicates increased predictable threat; Charlie indicates an incident or specific threat; Delta is in response to a specific threat in the immediate area. ID checks at the gate, vehicle inspections, perimeter setbacks, and personnel restrictions tighten through the levels. FPCON sets at the regional, installation, and (in rare cases) building level — commanders own setting it for their AOR.

In force protection usage, the force protection detachment — a small counterintelligence and force protection element forward-deployed to an embassy or country team to provide threat assessment, criminal threat analysis, and force protection support to DoD personnel transiting or operating in the country; in personnel usage, the foreign post differential — the additional compensation paid to federal civilian employees serving at overseas posts where conditions of environment differ substantially from those in CONUS.

"FPD — the small CI/FP team at an embassy, or the overseas hardship pay for federal civilians."

FPD in force protection is the small two- to six-person counterintelligence and force protection element that lives in an embassy or attached to a security cooperation office, working the threat picture for DoD personnel transiting or operating in country. The team produces force protection assessments for distinguished visitor travel, supports the antiterrorism program for the DoD elements in country, and is the liaison between US intelligence and the host-nation security services for force protection purposes. In federal civilian personnel usage, FPD is foreign post differential — the percentage pay differential (5 to 35 percent of base salary, depending on the post hardship rating set by State Department) that compensates a federal civilian for serving at a hardship overseas location. The civilian linguist working at an embassy in a hardship post is receiving FPD; the CI team at the same embassy is the FPD detachment. Same letters, different parts of the personnel system.

An installation- or command-level standing committee that coordinates force protection planning, threat assessment, vulnerability reduction, antiterrorism program execution, and emergency response across the staff functions and tenant organizations — chaired by the senior commander or designated force protection officer and used as the integrating venue for the antiterrorism program required by DoD policy.

"FPWG — the installation working group that coordinates force protection across staff and tenant units."

FPWG is the staff-coordination venue every installation and command of any size runs under DoD antiterrorism program guidance. The working group typically meets monthly, is chaired by the installation commander or the designated force protection officer, and includes the antiterrorism officer (ATO), the intelligence/CI representative, the provost marshal or security officer, the emergency management staff, the engineer for physical security, the medical and CBRN representatives, and the tenant commanders' representatives. The forcing function is the DoD antiterrorism program — the FPCON system, the vulnerability assessments, the higher-headquarters inspections — but the practical output is the coordination across stovepipes that prevents a gap between, for example, the gate guards, the perimeter sensor system, the mass-notification system, and the medical first-response plan. FPWG is unglamorous and important; when force protection works, it's because the FPWG ran consistently.

A foreign organization designated by the US Secretary of State under section 219 of the Immigration and Nationality Act as a foreign terrorist organization — the designation triggering material-support criminal liability under 18 USC §2339B, asset freezes, visa ineligibility for members, and serving as a doctrinal trigger for various DoD targeting, intelligence-sharing, and security cooperation restrictions and authorities.

"FTO — the State Department designation that brings material-support liability, asset freezes, and DoD targeting authorities."

FTO is a State Department designation with very real DoD consequences. State, after coordination with Treasury and Justice, designates a foreign organization as an FTO under INA Section 219; the designation triggers the material-support statute (18 USC §2339B) that creates criminal liability for anyone in US jurisdiction providing material support to the named group, freezes US-jurisdiction assets, makes members visa-ineligible, and shapes how DoD can target the group, share intelligence with allies about it, and conduct security cooperation with partners fighting it. For the targeting community, an FTO designation can be the legal hook for kinetic action; for the security cooperation community, it shapes which partner forces can be supported in counter-FTO operations; for service members deploying or traveling, the FTO list interacts with travel restrictions and foreign-contact reporting. The list is publicly maintained by the State Department.

A deployable forensic facility — typically organized around latent print examination, DNA analysis, firearms and toolmark examination, document and media exploitation, and biometrics — that exploits forensic material recovered from operations to generate identity intelligence and forensic-enabled intelligence in support of operational and law-enforcement requirements.

"FXL — the deployable forensic lab that turns operational forensic recoveries into identity intelligence and attribution."

FXL is the forward end of the forensic-enabled intelligence enterprise covered in the previous batch under FEI. Where FEI is the discipline, the FXL is the actual laboratory that does the work — a containerized or facility-based lab pushed forward to a combatant command, a joint task force, or a major operational headquarters with latent print examiners, DNA analysts, firearms and toolmark examiners, document and media exploitation analysts, and biometrics operators. Material recovered from an objective comes in — IED components, captured small arms, detainee phones, documents — and identity intelligence, attribution, and watchlist updates go out. The institutional home runs through the Defense Forensic Science Center on the Army side and equivalent capability inside the joint special operations forensics community. The FXL was a counterterrorism-era growth area; the capability is being adapted for the multi-domain operations fight against state and non-state actors.

The exploitation and analysis of imagery and geospatial information to describe, assess, and visually depict physical features and geographically referenced activities on the Earth — encompassing imagery, imagery intelligence, and geospatial information.

"Intelligence combining imagery with geospatial analysis."

GEOINT is the discipline NGA was created to manage — the layered fusion of imagery, geospatial information, and analysis to answer "what is happening where." It supersedes the older standalone "IMINT" framing by integrating imagery with the geospatial context that makes it operationally useful: terrain, hydrography, infrastructure, change detection. Tactical GEOINT cells embed at brigade and CCMD levels; the NGA core production sites at Fort Belvoir and St. Louis support the strategic side.

A position (high-risk billet) designated by the cognizant authority as having elevated risk of terrorist, criminal, or hostile intelligence service targeting because of the position's prominence, access to sensitive information, or operating environment — drives additional force protection, training, and security measures for the incumbent.

"A position designated as carrying elevated targeting risk for the incumbent."

HRB is the designation that triggers a different set of force protection requirements around a specific position — typically applied to senior commanders in high-threat overseas locations, attachés in adversarial or unstable countries, intelligence officers under non-official cover or sensitive cover, and other roles where the position itself makes the person a target. The designation drives additional security training (often AT/FP Level III or higher), security details where warranted, residence vetting, alternate routes-to-work planning, and family member training. For the incumbent the practical effect is a layered awareness of what could go wrong on a given day, and a set of habits — vary your route, vary your timing, brief your spouse on duress signals — that the rest of the force does not have to internalize.

Personnel (high-risk personnel) whose grade, assignment, travel itinerary, symbolic value, or specific threat reporting places them at elevated risk of terrorist or criminal targeting — drives heightened personal security measures, protective service detail consideration, and tailored antiterrorism awareness training.

"Personnel designated as elevated targeting risks driving heightened protective measures."

HRP is the personnel-side counterpart to HRB — instead of a position carrying the risk, the person carries the risk. Senior flag officers, certain Senate-confirmed civilians, and specific individuals named in threat reporting can be designated HRP either persistently or for a specific trip. The designation can trigger a protective service detail (PSD) tasking, advance work for travel, a different routing for movement, or simply elevated personal security awareness training. The line between HRB (position-driven) and HRP (person-driven) blurs in practice — a four-star combatant commander is both — but the doctrinal distinction matters for which organization picks up the security tab and how the protective requirements are framed.

A category of intelligence derived from information collected and provided by human sources, including liaison officers, military attachés, debriefers, and clandestine collectors.

"Human intelligence remains essential — relationships, language, and cultural knowledge."

HUMINT is the most relationship-driven intel discipline and the one most prone to source-credibility problems. Strong HUMINT operations require linguists, cultural fluency, and patience that institutional turnover rarely supports. Most "HUMINT" in tactical units is patrol debriefs and tip-line collection — useful, but not the cinematic version.

A US person (homegrown violent extremist) who has been radicalized primarily in the United States, who is inspired by but not necessarily directed by a foreign terrorist organization, and who engages in or seeks to engage in terrorism-related activity — distinguished doctrinally and operationally from foreign-directed terrorist operatives and from purely domestic terrorism categories.

"A US-radicalized violent extremist — inspired by but not directed by foreign groups."

HVE is the analytical category that captures a particular threat profile that emerged starkly after the 2008-2015 wave of inspired (rather than directed) attacks tied to ISIS and AQ messaging — US persons radicalized largely online and through US-based networks, acting individually or in small cells, often without direct operational guidance from the foreign organization whose ideology motivated them. The category sits in tension with domestic terrorism categories that have grown in operational importance more recently; HVE specifically anchors to foreign terrorist organization inspiration even where direction is absent. For NORTHCOM, the FBI, DHS I&A, and the NCTC, the HVE threat picture is one of the persistent counterterrorism analytic lines.

An authorization issued under the DoD Risk Management Framework (RMF) by an Authorizing Official permitting an information system to operate in a test environment, with specified limitations on scope and duration, before a full Authority to Operate is issued — used to support development and integration testing of systems whose security controls are not yet at the final ATO posture.

"A temporary RMF authorization permitting an information system to operate in test."

IATT is the RMF construct that bridges the gap between "developing" and "fielded" — an Authorizing Official issues IATT for a defined period (typically 90 to 180 days, sometimes extended) so the system can operate in test with real-but-bounded users and real-but-bounded data while the full ATO documentation matures. IATT abuses are well-known to RMF practitioners — programs use IATT extensions as a substitute for properly completing ATO, sometimes for years. The Authorizing Official has the authority to allow or block this pattern.

A notification issued by USCYBERCOM (executed through DISA) directing remediation of a specific information assurance vulnerability across DoD networks within a fixed timeline.

"A mandatory DoD vulnerability-patching directive."

When a serious vulnerability is published and patched upstream, DISA issues an IAVA with a mandatory remediation date — your operations team scrambles, your compliance dashboard turns red, and the system administrators work nights and weekends to clean it up. IAVB (bulletin) and IAVT (technical advisory) are the lower-priority versions of the same machinery. Non-compliance is briefed up the chain; chronic non-compliance pulls system ATOs.

The federation of eighteen executive-branch agencies and organizations that work separately and together to conduct intelligence activities necessary for the conduct of foreign relations and the protection of the national security of the United States.

"The federation of eighteen US intelligence agencies."

The IC includes the Office of the DNI itself, the CIA, the four defense intelligence agencies (NSA, DIA, NGA, NRO), service intelligence components (Army INSCOM, Navy ONI, Marine MCIA, Air Force 16AF, Coast Guard Intelligence, Space Force Intelligence), and the intelligence elements of the FBI, DHS, DEA, Treasury, State, and Energy. Each was added or absorbed at different times; the IC is a coalition, not a hierarchy. The DNI coordinates but does not command — a friction designed by Congress in 2004 and felt every day.

A directive issued by the Director of National Intelligence establishing IC-wide policy, doctrine, or procedures in areas of DNI authority, binding on the components of the Intelligence Community.

"DNI-issued policy directives for the Intelligence Community."

ICDs are the DNI's main policy instrument. ICD 1 establishes the directive system itself; ICD 203 establishes analytic standards; ICD 705 governs SCIF construction; ICD 704 governs personnel security in the IC; ICD 901 covers safeguarding of NIP-funded intelligence. Each ICD goes through coordination with IC elements and is binding once signed by the DNI. Subordinate Intelligence Community Standards (ICS) implement specific ICDs at the technical level.

A DoD counterintelligence and human intelligence administrative system (Integrated Defense Source Registration System) used to register, deconflict, and track human intelligence and counterintelligence sources across DoD components — provides the central deconfliction backbone that prevents multiple services or agencies from unknowingly running the same source.

"The DoD registration and deconfliction system for HUMINT and CI sources."

IDSRS is the back-end system that exists because without it the Army would run a source the Navy was already running who was also reporting to a DIA case officer, with all the operational, security, and analytical chaos that produces. The system registers source identifiers (compartmented appropriately), tracks which DoD organization owns the relationship, and deconflicts new source approaches against existing operations. For HUMINT collectors (Army 35M, Marine 0211, Air Force 1N4 / OSI), counterintelligence agents (Army 35L / 351L, NCIS, AFOSI), and the broader Defense HUMINT enterprise, IDSRS is one of the foundational administrative tools that turns individual case officer activity into an enterprise-deconflicted operation. The system sits inside compartmented spaces and is not visible outside the HUMINT/CI community.

A category of joint operations (integrated joint special technical operations) involving extraordinarily sensitive capabilities, methods, and effects that require special access controls, restricted dissemination, and dedicated planning and execution channels — typically integrated at the combatant command level with national-level oversight.

"The compartmented joint operations category — special access, restricted dissemination, COCOM-level integration."

IJSTO is the doctrinal label for the category of joint operations that don't get discussed in ordinary J3 staff meetings — the capabilities and methods sit behind special access programs, the planning channels are restricted to read-on personnel, and the integration happens through dedicated structures at the combatant command and national level. For the vast majority of service members IJSTO is something they'll never see, never be briefed on, and shouldn't ask about. For staff officers in joint operations centers who hold the right accesses, IJSTO planning is a parallel track that runs alongside conventional operations planning, with its own deconfliction, its own approval chain, and its own integration challenges. The construct exists because some capabilities and effects only retain their utility if their existence, methods, and use remain protected.

Intelligence derived from the exploitation of imagery — visible spectrum, infrared, radar, and other electromagnetic forms — collected by visual photography, electro-optical, infrared, radar, and other sensors.

"Intelligence derived from imagery and overhead collection."

IMINT is photographs and their modern descendants — electro-optical imagery, synthetic-aperture radar, infrared, multispectral, hyperspectral. It is a foundational intelligence discipline, the visible end of the IC's overhead collection. NGA is the IMINT functional manager; NRO builds and operates the satellite collectors; tactical IMINT comes from manned and unmanned aircraft sensors. IMINT product ranges from finished analytic reports to time-sensitive support for forces in contact.

A Department of Defense system describing the level of threat to Department of Defense information systems and the corresponding defensive posture, structured in graduated levels analogous to FPCON for the cyberspace domain.

"A DoD posture system describing cyberspace threat levels."

INFOCON adjusts the DoD information-systems posture in response to threats observed or anticipated against the DODIN. Higher INFOCONs increase logging, restrict outbound traffic, tighten authentication, and reduce attack surface in ways that trade operational convenience for defense. Setting authority is held at the appropriate command echelon for the systems and area affected. The system has evolved alongside the maturation of DoD cyberspace defense.

The Army major command responsible for providing intelligence, security, and information operations support to Army forces and to national-level intelligence agencies, headquartered at Fort Belvoir, Virginia.

"The Army's intelligence and security command."

INSCOM is the Army's service cryptologic component (working with NSA), service intelligence element (working with DIA), and the parent organization for theater intelligence brigades supporting each Army Service Component Command. Major subordinate units include the National Ground Intelligence Center (NGIC) at Charlottesville, the Army Operations Group, military intelligence brigades, and the Intelligence and Security Command Brigades operating at NSA. INSCOM's force runs from analysts at Fort Meade to MI brigades deployed worldwide.

The pre-deployment guidance issued to personnel at risk of isolation (capture, evasion, separation from friendly forces) that specifies authentication, communication, behavior, and recovery-coordination protocols — companion document to the ISOPREP (isolated personnel report) — listed in the DoD Dictionary of Military and Associated Terms (November 2021) within the personnel-recovery vocabulary in JP 3-50.

"The IPG — pre-deployment guidance for personnel at risk of isolation and capture."

IPG is the pre-deployment guidance package that personnel at risk of isolation receive — it specifies how to authenticate to a recovery force, what communication procedures to use, what behavior is expected during isolation, and how recovery coordination works. The document is the operational complement to the ISOPREP (the personnel-data card the individual fills out so recovery forces can authenticate them). Aircrew, special operations forces, and others with elevated isolation risk receive IPG and ISOPREP briefings as a baseline. Personnel recovery (PR) doctrine in JP 3-50 frames the relationship: ISOPREP is the data the isolated person carries; IPG is the instructions they've been taught; recovery forces use both to execute a successful recovery. SERE training is the broader skills foundation.

The 2004 federal law that restructured the US Intelligence Community in response to the 9/11 Commission's findings, creating the Director of National Intelligence, the National Counterterrorism Center, and the Privacy and Civil Liberties Oversight Board.

"The 2004 law that created the DNI and restructured the Intelligence Community."

IRTPA (PL 108-458) is the most significant restructuring of the IC since the 1947 National Security Act that created CIA. It created the DNI, NCTC, the PCLOB, and the National Intelligence University; it also set the basic terms of the post-9/11 information-sharing environment. The compromises in IRTPA — particularly the DNI's authorities over CIA, NSA, and the military components — are still being lived with two decades later.

The Army-specific pre-deployment guidance issued to Soldiers at risk of isolation, paralleling the joint Isolated Personnel Guidance (IPG) — specifies authentication, communication, behavior, and recovery-coordination protocols for isolated Soldiers — listed in the DoD Dictionary of Military and Associated Terms (November 2021) within the personnel-recovery vocabulary.

"The ISG — Army version of IPG, isolated Soldier guidance for personnel-recovery scenarios."

ISG is the Army-specific cousin of the joint IPG — pre-deployment guidance issued to Soldiers at risk of isolation that specifies authentication procedures, communication protocols, expected behavior, and recovery-coordination steps. The distinction between IPG (joint) and ISG (Army-specific) is mostly administrative — both serve the same operational function for the individual at risk of isolation. Soldiers in units with elevated isolation risk (Special Forces, certain aviation roles, certain reconnaissance specialties, EOD in some operational contexts) receive ISG briefings as part of pre-deployment certification. The ISOPREP (the personnel-data card the Soldier carries so recovery forces can authenticate them) complements the ISG just as it complements IPG for joint personnel. SERE-trained personnel work from a deeper foundation; the ISG is the operational-deployment refresh.

The personnel-data form completed by personnel at risk of isolation that captures authentication data (statements, codewords, personal information) usable by recovery forces to verify identity during a personnel-recovery event — combined with the Isolated Personnel Guidance (IPG) and ISG forms the foundation of individual personnel-recovery preparation — listed in the DoD Dictionary of Military and Associated Terms (November 2021) within the JP 3-50 personnel-recovery vocabulary.

"The ISOPREP — the data card isolated personnel carry so recovery forces can authenticate them."

ISOPREP is the personnel-data form that an individual at risk of isolation completes ahead of deployment — it captures authentication data (personal statements only the individual knows, codewords agreed to in advance, physical identifying information) that recovery forces use to verify the individual's identity during a personnel-recovery event. The form sits with the unit's personnel-recovery officer (and at higher echelons in the PR architecture) so that when an isolating event occurs, recovery planners have the data they need to authenticate the isolated person. ISOPREP is the data complement to IPG (joint Isolated Personnel Guidance) and ISG (Army Isolated Soldier Guidance) — the trained behavior is the IPG/ISG, the data the recovery force needs to verify the person is the ISOPREP. Aircrew, SOF, and other elevated-risk personnel maintain current ISOPREPs as a baseline requirement.

The intelligence-discipline function that supports personnel-recovery operations — including locating isolated personnel, characterizing the threat environment around the isolation site, identifying recovery-force routes and hazards, and supporting authentication and post-recovery debriefing — listed in the DoD Dictionary of Military and Associated Terms (November 2021) within the JP 3-50 personnel-recovery vocabulary.

"ISPR — intelligence support to personnel recovery, finds the isolated person, characterizes threats."

ISPR is the intelligence side of personnel recovery — the analytical and collection effort that finds the isolated person, characterizes the threat environment around them (adversary forces, terrain, populated-area considerations), identifies routes and hazards for recovery forces, and supports authentication and post-recovery debriefing. The function pulls from SIGINT, IMINT, HUMINT, and OSINT depending on the situation; the J2/G2/S2 intelligence-shop personnel-recovery cell is where ISPR work concentrates. JP 3-50 frames PR as a joint function with multiple supporting disciplines; ISPR is the intelligence-supporting-PR thread. For aircrew and SOF in high-threat environments, ISPR is the discipline that makes the difference between a recovery-force mission with adequate situational awareness and one going in blind. Joint Personnel Recovery Centers (JPRCs) integrate ISPR into the broader recovery effort.

The federal regulations, codified at 22 CFR 120-130, administered by the Department of State Directorate of Defense Trade Controls under the Arms Export Control Act, that govern the export and temporary import of defense articles and services on the United States Munitions List (USML) — including license requirements, registration requirements, and significant criminal and civil penalties for violations.

"The State Department regulations governing the export of defense articles and services."

ITAR controls anything on the USML — combat aircraft, certain electronics, satellites, encryption above specified strength thresholds, certain machine tools, and a long list of other defense-related items. ITAR compliance is enormous for defense industry — registration with DDTC, license applications for each export, technology-control plans for foreign-person access, and significant criminal exposure for violations. The "deemed export" doctrine (release of controlled technical data to a foreign person in the US counts as an export) creates compliance burden far beyond physical shipments. Military members and contractors handling ITAR-controlled material need explicit training on the regime.

A joint counterintelligence organization (joint counterintelligence unit) that integrates Service counterintelligence (CI) capabilities at a combatant command, joint task force, or named-area-of-interest level — coordinates Army CI (35-series), Naval Criminal Investigative Service (NCIS), Air Force Office of Special Investigations (AFOSI), and Marine Corps CI to provide unified CI support to the supported commander against foreign-intelligence-entity threats.

"The joint CI unit — Army CI, NCIS, AFOSI, USMC CI integrated at a JTF or COCOM."

JCIU is how the joint force integrates the four Services' counterintelligence elements at a deployed task force or theater — Army CI from the 35-series MOS, Naval Criminal Investigative Service (NCIS), Air Force Office of Special Investigations (AFOSI), and Marine Corps counterintelligence — into a unified CI apparatus that supports the joint commander. The work is foreign-intelligence-entity (FIE) threat focused: detecting and neutralizing efforts by adversary intelligence services to penetrate US forces, recruit US personnel, conduct technical collection against US capabilities, or otherwise threaten the operational security of the force. The institutional friction between the four CI cultures (Army CI agents, NCIS special agents, OSI special agents, Marine CI) makes the integration work harder than the doctrinal diagram suggests; the JCIU model is the answer.

A joint activity (joint communications security monitoring activity) that conducts authorized monitoring of DoD telecommunications and information systems to assess COMSEC posture, identify operations security (OPSEC) indicators bleeding into unprotected channels, and provide commanders feedback on the security of their own communications — operates under strict legal authorities that limit collection to friendly-force communications for the explicit purpose of force-protection assessment.

"The joint activity that monitors friendly DoD comms to check COMSEC and OPSEC posture."

JCMA is the friendly-force-monitoring activity that listens to your own unit's radios, phones, and email — not to spy, but to assess whether your COMSEC and OPSEC are actually holding. The team produces reports that show what an adversary SIGINT collector could pull from the channels you're using: the commander's frequency that's being talked over in the clear, the unencrypted cell phone calls discussing the upcoming exercise, the email distribution list that leaks the JTF order of battle. Authorities are tightly bounded — JCMA is authorized to monitor friendly traffic only, for the explicit purpose of force-protection assessment, and the products are caveated to keep them in the COMSEC/OPSEC lane. For a J6 or unit COMSEC custodian, the JCMA report is a humbling document.

A joint office (joint communications security management office) that exercises COMSEC account-management authority over cryptographic material, key, and associated equipment within a combatant command or joint task force — responsible for accountability, distribution, destruction, and audit of CCI (Controlled Cryptographic Item) holdings under the broader NSA-overseen COMSEC Material Control System (CMCS).

"The joint COMSEC management office — accountability, distribution, and destruction of crypto."

JCMO is the office that holds the joint command's COMSEC account — the people who sign for the cryptographic key, distribute it down to subordinate units, track every Controlled Cryptographic Item by serial number, and ensure destruction happens correctly when material rolls over. The work is unglamorous and unforgiving: a lost piece of key is a COMSEC incident report, a missing CCI is a PRP-level event, and the audit trail has to stand up to NSA inspection through the COMSEC Material Control System. For a J6 staff, JCMO is the function that lets every other communications capability actually work — without keyed crypto the SATCOM, the data link, the secure phone, and the tactical radio are all just plastic. The custodians who run JCMO accounts are some of the most procedurally disciplined people in the joint command.

A joint intelligence facility established to conduct interrogation of enemy prisoners of war, detainees, and other detained personnel, and to debrief returnees and other sources of human intelligence — staffed by joint HUMINT and counterintelligence personnel from across the Services, the JIDC consolidates interrogation operations under joint command and integrates with the broader joint intelligence enterprise.

"The joint interrogation and debriefing facility — consolidated HUMINT collection from detainees and returnees."

JIDC is the joint facility where interrogations and source debriefings happen under joint command — HUMINT operators from the Services and (depending on the operation) interagency partners working off the same collection requirements against detainees, EPWs, and returnees. The construct exists because parallel Service interrogation efforts produce duplicative collection and gaps; consolidation under joint command tightens the operational picture. The JIDC has historically been one of the more legally and ethically scrutinized parts of joint operations — every interrogation must comply with the Geneva Conventions, US law, DoD policy, and the Army Field Manual on interrogation (FM 2-22.3), with no exceptions. For HUMINT operators, JIDC duty is among the most consequential and most carefully governed work in the intelligence enterprise.

The combatant command intelligence center that produces, integrates, and disseminates intelligence to support the combatant commander, subordinate joint force commanders, components, and other consumers — JIOCs consolidate intelligence operations under the combatant command J-2 and serve as the principal node in the joint intelligence enterprise for that command, with the Defense Intelligence Agency providing reachback support.

"The COCOM intelligence center — the J-2's production house, all-source analysis, theater-wide."

JIOC is the combatant command intelligence operations center — the J-2's production house and the principal node in the joint intelligence enterprise for that command. Each geographic and functional COCOM has a JIOC: EUCOM's in Molesworth, INDOPACOM's in Hawaii, CENTCOM's in Tampa, AFRICOM's in Stuttgart, and so on. The JIOC integrates all-source analysis — HUMINT, SIGINT, GEOINT, MASINT, OSINT — produces theater intelligence assessments, supports campaign planning, and provides current intelligence to the commander. DIA provides reachback to JIOCs. For an intel analyst at a JIOC, daily work is the production cycle: requests for information come in from the components and the J-3, assessments go out, the current-intel brief gets built, and the long-term analytical workstreams continue in parallel. JIOC is where joint intel actually happens.

The intelligence operations center supporting US Transportation Command (USTRANSCOM), located at Scott Air Force Base, Illinois — JIOC-TRANS provides all-source intelligence support to global mobility operations, including air, sea, and surface transportation planning and execution; threat assessments along strategic mobility routes; and analytical support to the broader Defense Transportation System.

"TRANSCOM's JIOC — intelligence support to global mobility operations from Scott AFB."

JIOC-TRANS is the JIOC at TRANSCOM — the intel center at Scott Air Force Base supporting US Transportation Command's global mobility mission. The mission is unlike most other JIOCs: rather than focusing on a geographic AOR, JIOC-TRANS supports the worldwide movement of forces and sustainment, which means threat analysis along strategic mobility routes (port security, sea lines of communication, air corridors), assessment of foreign airfield and port infrastructure, and intelligence support to the Defense Transportation System more broadly. For a global movement that crosses three COCOM AORs, JIOC-TRANS is often the center that maintains the integrated route intelligence picture. The product set is one of the more specialized in the joint intelligence enterprise.

The prioritized list of joint intelligence collection requirements developed by the joint force commander to drive intelligence collection across all collection disciplines (HUMINT, SIGINT, GEOINT, MASINT, OSINT) and across all collection assets organic to or in support of the joint force — the JIPCL is the principal tool for synchronizing joint collection against the commander's priority intelligence requirements (PIRs).

"The prioritized joint collection requirements list — what intel assets are looking for and in what order."

JIPCL is the prioritized list of joint collection requirements — the list that translates the JFC's priority intelligence requirements (PIRs) into specific collection tasks against specific targets and information needs. The J-2 collection manager owns the JIPCL: requirements come in from the components, the J-3, the J-5, and the analytical sections; the requirements get evaluated, deconflicted, and prioritized; and the resulting list drives tasking of HUMINT teams, SIGINT collection, GEOINT collection, ISR sortie planning, and the broader collection enterprise. For a collection manager, JIPCL maintenance is the daily work that keeps intel collection focused on what the commander actually needs versus what is interesting but not decision-relevant. JIPCL parallels the JIPTL (targets) on the operations side.

The analytical process used by joint intelligence organizations to produce intelligence assessments, estimates, and other intelligence products in support of the joint force commander's decisionmaking process — JIPOE is the joint-level analog of the Army IPB process, integrating analysis of the operational environment, adversary forces and capabilities, and the joint force across the physical, informational, and human dimensions.

"The joint analytical process for understanding the operational environment — joint analog of IPB."

JIPOE is the joint analytical process — the joint-level cousin of the Army's IPB (Intelligence Preparation of the Battlefield) — that builds the foundational understanding of the operational environment for the commander. Step 1 defines the OE; Step 2 describes the impact on operations; Step 3 evaluates adversary capabilities; Step 4 develops adversary courses of action. JIPOE is the intelligence input to mission analysis and the foundation on which the J-3's operational planning gets built. For an intel analyst on a JTF staff, JIPOE production is the major analytical workstream during the JOPP — the long-cycle analytical effort that produces the OE assessment, the adversary COA development, the high-value target identification, and the broader intel picture the J-3 will plan against. JP 2-01.3 is the doctrinal home for the process.

An intelligence cell formed to provide direct intelligence support to a joint task force or other subordinate joint headquarters that does not have an organic JIOC — typically formed from the J-2 staff of the parent combatant command and augmented by Service component, interagency, and coalition personnel as required — provides the JTF commander with all-source intelligence analysis, collection management, and dissemination services.

"The JTF-level intel cell — provides all-source intel support when the JTF doesn't have its own JIOC."

JISE is the intelligence cell stood up to support a JTF or subordinate joint headquarters that doesn't rate its own JIOC. The JISE is typically built from the parent COCOM's J-2 (drawing intel personnel forward to support the JTF) and augmented by Service component, interagency, and (where applicable) coalition intelligence personnel. The functions parallel a JIOC at a smaller scale: all-source analysis, collection management, target development, dissemination, and current intelligence production. For an intel officer assigned to a deploying JTF, JISE billets are where you live during a contingency — the deployed J-2 forward, working PIRs, JIPCL, JIPOE, and current intel for the JTF commander. JISE is one of the principal ways joint intel scales to support contingency operations.

Per the DoD Dictionary, a joint mission assurance assessment — a comprehensive assessment of a joint installation, facility, or mission to identify vulnerabilities and risks across antiterrorism, physical security, operations security, information security, critical infrastructure protection, continuity of operations, and emergency management disciplines, conducted to inform the commander's risk decisions.

"The joint vulnerability assessment — finds the gaps across AT, OPSEC, infrastructure, and continuity."

JMAA is the multi-discipline vulnerability assessment a joint installation gets every few years (and that any base commander dreads on the front end and learns to use on the back end). An assessment team from the combatant command or a designated agency shows up for a couple of weeks and walks the perimeter, tests the access control, audits the AT plan, looks at OPSEC indicators, checks the critical infrastructure (power, water, fuel, comms), reviews the continuity of operations plan, and rates the emergency management posture. The out-brief comes with a list of findings the commander has to either fix, accept the risk on (with proper signature authority), or mitigate. JMAAs replaced and consolidated the alphabet soup of separate AT, force protection, and infrastructure assessments that used to overlap and confuse installation staffs.

The Joint Overhead Persistent Infrared Center (JOPC) is the joint organization responsible for managing and exploiting overhead persistent infrared (OPIR) sensor data from space-based missile-warning and characterization systems — the center processes OPIR signatures for missile warning, technical intelligence, and battlespace awareness across the joint force.

"The joint OPIR center — exploits space-based infrared sensors for missile warning."

JOPC is the joint shop that processes the overhead persistent infrared signal — the OPIR data stream off SBIRS and the next-generation OPIR satellites that detect heat signatures from missile launches, large fires, and other infrared events visible from orbit. For a missile warning operator at NORAD or USSPACECOM, JOPC is where the technical exploitation lives that turns raw OPIR data into the cued warning that goes out to the joint force. The center also supports battlespace awareness applications beyond the strategic missile-warning mission. OPIR data is one of the more sensitive sensor feeds in the inventory; access is tightly controlled and the JOPC tasking process reflects that. The transition from legacy SBIRS to Next Generation OPIR is one of the major space modernization tracks.

The Joint Operations Security Support Element (JOSE) is the Joint Staff-controlled element that provides operations security (OPSEC) support to combatant commands, JTFs, and other DoD organizations — offering OPSEC assessments, vulnerability analysis, training, and program development to identify and mitigate critical-information disclosure risks across joint operations.

"The Joint Staff OPSEC support team — assessments, vulnerability analysis, training."

JOSE is the Joint Staff's OPSEC support team — the element that conducts OPSEC assessments at combatant commands, JTFs, and supported DoD organizations, identifies how critical information is leaking through routine activities (open-source signatures, predictable patterns, contractor relationships, social media), and helps the supported organization build a stronger OPSEC program. The element does training, vulnerability analysis, and program assessments. For a J3 OPSEC officer at a JTF, JOSE is the team that comes in for a multi-week assessment when the command needs an outside look at its OPSEC posture. The OPSEC program is one of the joint functions that gets uneven emphasis depending on the command climate; JOSE assessments tend to produce the longest lists of findings against commands that thought they were doing well.

The Department of Defense's legacy joint security clearance and access management system, used from the early 2000s through the 2021 transition to track personnel security clearances, access authorizations, and adjudication decisions for DoD service members, civilians, and contractors — replaced by the Defense Information System for Security (DISS).

"The legacy joint clearance tracking system replaced by DISS in 2021."

JPAS was the joint clearance system every security manager learned to navigate from the early 2000s through the DISS transition that finally completed in 2021 — clearance levels, in-scope/out-of-scope status, SCI eligibility, indoctrination records, separation actions. The interface was ancient and the workflows were brittle, but everyone with a clearance had a JPAS record. JPAS was retired and replaced by DISS, which absorbed the data and migrated workflows; security managers carry institutional memory of both systems through any extended career.

A consolidated suite of network security tools deployed at regional security stacks across the Department of Defense Information Network, providing perimeter defense, intrusion detection, and network monitoring as a shared service.

"A consolidated DoD network security stack at regional points."

JRSS consolidated dozens of base- and service-level security stacks into a smaller number of regional stacks operated by DISA, on the theory that fewer better-managed perimeters would defend better than many independently-managed ones. The program drew sustained criticism from the IG and Congress for performance and effectiveness shortfalls and is being progressively replaced by Zero Trust architectures that defend the data, not just the perimeter. JRSS is still operationally relevant during the transition.

The Department of Defense enterprise cloud computing contract, awarded in December 2022 to four cloud service providers (Amazon Web Services, Google Cloud, Microsoft Azure, and Oracle Cloud Infrastructure) as a multiple-award IDIQ vehicle with a five-year base period and option years, providing classified and unclassified cloud services across DoD, replacing the cancelled JEDI single-award contract.

"The DoD multi-vendor enterprise cloud contract providing classified and unclassified cloud services."

JWCC is what DoD bought after the JEDI single-source contract collapsed amid litigation — a multi-award framework letting DoD components choose among four major cloud providers based on workload requirements rather than locking in a single provider. The contract supports unclassified through TS/SCI environments and is the primary acquisition vehicle for DoD cloud services. Individual programs and components issue task orders against JWCC; the actual cloud usage and migration pace varies enormously across components. Cloud is now a foundational dependency for most DevSecOps and JADC2-related programs.

A Department of the Air Force software development organization, headquartered in Boston, Massachusetts, that builds and operates software products for Air Force operations using modern DevSecOps practices, named after the smuggling route in the Star Wars film franchise and originally established to deliver targeting cycle software for the air operations center.

"An Air Force software development organization in Boston using DevSecOps practices."

Kessel Run is one of the most visible "DoD software factory" experiments — built deliberately outside traditional acquisition structures, with deliberate cultural distance from the standard program office (different dress code, different language, different cadence). The original product was a replacement for legacy ATO targeting cycle tools; the portfolio has expanded across multiple operational software lines. Whether Kessel Run-style factories are a model that scales, or a model that works only at small scale with intense leadership protection, is an open institutional question across DoD.

A formal assessment of a facility, installation, or mission-essential function's ability to perform its mission in the face of identified threats and hazards, examining physical security, antiterrorism, continuity of operations, critical infrastructure, and other mission-assurance functions (DoD Dictionary, November 2021).

"An MAA — formal review of whether a facility can still execute its mission under threat."

MAA is the inspection that asks a hard question: if this installation lost power, if a vehicle bomb hit the gate, if the cyber network went down, if the water source got contaminated — could the mission-essential functions still run, and for how long. The assessment team walks the installation, reads the COOP plan, looks at the antiterrorism vulnerability assessment, tests physical security, examines critical infrastructure dependencies, and writes a report with findings and recommendations. The MAA is graded against the Mission Assurance Strategy and the DoDD 3020.40 framework. The honest version drives investment in resilience; the version-of-record can become a checklist exercise depending on the command climate. Findings are tracked in mission assurance databases and feed the higher headquarters' risk picture.

Intelligence obtained by quantitative and qualitative analysis of data — including metric, angle, spatial, wavelength, time dependence, modulation, plasma, and hydromagnetic — derived from technical sensors for the purpose of identifying any distinctive features associated with the source, emitter, or sender.

"Intelligence derived from the unique signatures of sensors and emitters."

MASINT is the discipline that infers from physical signatures — the spectral fingerprint of a paint job, the acoustic signature of a particular submarine, the seismic signature of an underground test, the radiation signature of a weapons program. DIA is the MASINT functional manager. The discipline is less famous than SIGINT or IMINT because the products are often unglamorous technical assessments, but MASINT has historically delivered some of the more consequential WMD-program judgments in the IC.

The Marine Corps service-level intelligence production center, providing intelligence support to the Commandant of the Marine Corps, Marine Air-Ground Task Forces, and other military and national consumers.

"The Marine Corps service-level intelligence center."

MCIA, headquartered at Marine Corps Base Quantico, provides expeditionary-focused intelligence with an emphasis on littoral and amphibious environments, urban operations, and irregular warfare. It is the smallest of the service intelligence components but provides distinctive expertise in the operational environments Marines actually fight in. MCIA serves the Marine Corps as both a service intelligence center and a national-level producer in its areas of expertise.

The portion of the DoD intelligence budget that funds programs supporting tactical and operational military missions, managed by the Secretary of Defense and not part of the National Intelligence Program.

"The DoD-managed portion of the intelligence budget."

MIP funds the tactical and service-component intelligence activities — service cryptologic components, theater intelligence brigades, DIA elements supporting CCMDs, military service intelligence operations, and the embedded intelligence functions on platforms. SECDEF (through USD(I&S)) manages the MIP; the DNI consults on the budget. The MIP top-line is also published annually (in the same range and structure as NIP); the line between MIP and NIP is set by category, not always by the agency.

Per the DoD Dictionary of Military and Associated Terms (November 2021), a voluntary multilateral export control regime established in 1987 to limit the proliferation of unmanned delivery systems capable of carrying weapons of mass destruction, including missiles, rockets, unmanned aerial vehicles, and related technologies above defined range and payload thresholds.

"The international missile and UAV export control regime — limits proliferation of MTCR-class systems."

MTCR is the multilateral export control framework — 35-plus partner nations — that governs whether a given missile, large unmanned aerial vehicle, or related technology can be sold to a particular foreign customer. The Category I threshold (roughly 300 km range and 500 kg payload) carries a strong presumption of denial; Category II is subject to case-by-case review. For program offices and foreign military sales planners, MTCR is the reason a partner nation that wants a particular US capability sometimes gets a derated variant or a denial entirely. The regime is voluntary and not a treaty, which means it has gaps — particularly with non-member states and with newer drone categories — but it remains the principal international control on the systems that put a warhead a long way from where it was launched.

Per the DoD Dictionary of Military and Associated Terms (November 2021), the consolidated DoD procedures governing response to nuclear weapon accidents or incidents, including initial response, characterization, containment, recovery, and consequence management actions.

"NARP — the DoD nuclear weapon accident response procedures, from first response through consequence management."

NARP is the DoD-wide manual for what happens when a nuclear weapon is involved in an accident or incident — the Broken Arrow / Bent Spear / Dull Sword / Faded Giant event categories, the initial response sequence, the on-site command relationships, the technical response from the Accident Response Group and DOE/NNSA, the consequence management coordination with the affected civil community, and the recovery operations that follow. The historical incidents that drove the procedures — Palomares 1966, Thule 1968, the Damascus Titan II accident, the 1980 Damascus incident, more recent inadvertent transfers — each refined a piece of the framework. For the small community of nuclear weapons-qualified personnel (the 21W/21R-equivalent across services, the security forces at nuclear-capable sites, the ARG members), NARP is the doctrinal source they train against. For everyone else it is invisible, which is the entire point.

A National Security Agency representative role (national cryptologic representative defense) deployed to combatant commands, service component commands, and major joint task forces to represent NSA, integrate signals intelligence and cybersecurity support, and provide the senior cryptologic voice in command planning and operations — the senior NSA face at a DoD headquarters.

"The senior NSA representative at a combatant command — the cryptologic face at the COCOM."

NCRDEF is the NSA officer (uniformed or civilian) who sits in a combatant command headquarters as the senior cryptologic representative — the person who walks the J2 / J3 / commander through what SIGINT can and cannot do for the current problem, brokers tasking back to NSA, and represents Fort Meade in command planning. The role exists because COCOMs need a single accountable cryptologic point of contact; without it, signals intelligence support gets fragmented across service cryptologic elements (NSA/CSS Texas, Georgia, Hawaii, etc.) and the command does not get a coherent answer. For a senior cryptologic professional, NCRDEF and equivalent roles are some of the most consequential joint billets — small in number, high in responsibility.

The US Government policy framework (National Disclosure Policy) that governs the disclosure of classified military information to foreign governments and international organizations — sets the criteria, categories, and approval authorities for releasing classified information to foreign partners in support of policy, operational, and security cooperation objectives.

"The US policy that controls what classified info can be shared with which foreign partners."

NDP is the framework that decides what classified US military information can be released to which foreign government, at what level, and under what conditions. It is the policy a Foreign Disclosure Officer at a service component or COCOM uses every time a partner liaison officer asks to see a product, sit in on a brief, or receive a copy of an assessment. The categories are doctrinal (organization, training, equipment, operational, etc.), the approval authorities are layered, and the criteria are real — "is it consistent with US policy, does the recipient need it, can they protect it, is the sharing reciprocated." For a service member working with allied partners (FAOs, security cooperation officers, exchange officers, multinational headquarters staff), NDP shapes every "yes you can see this / no you cannot" decision.

The interagency committee (National Disclosure Policy Committee) chaired by the Department of Defense with State Department, intelligence community, and other agency participation that develops, interprets, and oversees implementation of the National Disclosure Policy — adjudicates exceptions to policy and resolves interagency disagreements on foreign disclosure decisions.

"The interagency committee that writes and interprets US foreign disclosure policy."

NDPC is where the National Disclosure Policy actually gets made and refined. The committee is DoD-chaired with State, the intelligence community, and other relevant agencies sitting — the body that decides hard cases, approves exceptions to policy, and updates the categories and criteria as alliances and threats change. For most service members NDPC is invisible; for a Foreign Disclosure Officer, a senior Foreign Area Officer, a policy desk at OSD or the Joint Staff, or a security cooperation planner at a COCOM, NDPC determinations and exception-to-policy decisions show up in the daily inbox. The committee is one of the unglamorous pieces of plumbing that makes the alliance system actually function.

Per the DoD Dictionary of Military and Associated Terms (November 2021), the national-level system for the exploitation and dissemination of geospatial intelligence (GEOINT) and imagery products to authorized intelligence community and operational consumers — operated under the National Geospatial-Intelligence Agency (NGA) and supporting national, joint, and combatant command requirements.

"NES — the national-level GEOINT exploitation and dissemination system under NGA."

NES is the back-end production and dissemination architecture for national-level geospatial intelligence — the NGA-operated system that takes overhead imagery from the NRO collection enterprise, processes and exploits it into intelligence products, and pushes those products to authorized consumers across the IC, the combatant commands, and the deployed joint force. The system is part of how a tactical imagery request from a JTF actually gets fulfilled and how a national-level intelligence product reaches a deploying air wing intelligence shop. For a service member working in the GEOINT enterprise — Army 35G, Air Force IS specialty, Navy IS rate, Marine 0241 — NES is the production architecture that sits behind their workstation; for an operational consumer it is invisible until the product shows up in the intelligence channel.

Per the DoD Dictionary of Military and Associated Terms (November 2021), intelligence on the capabilities, intentions, and activities of foreign powers, organizations, or persons collected and produced under national-level authorities and resourced through the National Intelligence Program (NIP) — distinguished from Military Intelligence Program (MIP) collection that supports DoD tactical and operational requirements.

"NFI — national foreign intelligence, NIP-resourced national-level intelligence on foreign actors."

NFI is the umbrella category for the foreign intelligence collected and produced under national-level authorities and paid for through the National Intelligence Program — the body of intelligence work that supports the President, the National Security Council, and the broader policy community on what foreign powers, governments, and entities are doing. The distinction from Military Intelligence Program (MIP) work matters because the two budget lines fund different things: NIP funds national-level collection systems (NRO satellites, NSA cryptologic, CIA HUMINT) and analytical centers (CIA, DIA, NSA, NGA); MIP funds the service intelligence components and tactical/operational collection capabilities. The IC and DoD have argued the NIP-MIP boundary for decades because some collection systems serve both communities and the resource allocation has real consequences.

Per the DoD Dictionary of Military and Associated Terms (November 2021), the senior advisory body to the Director of National Intelligence on the production, review, and coordination of national foreign intelligence — comprises senior representatives of the principal IC agencies and provides the formal coordination mechanism for National Intelligence Estimates and other community-coordinated assessments.

"NFIB — the senior IC advisory board to the DNI for national foreign intelligence coordination."

NFIB is the formal coordination body where the senior leaders of the IC sit down — DNI as chair, plus the heads of CIA, DIA, NSA, NGA, NRO, and the departmental intelligence leads — to coordinate the National Intelligence Estimates, the major community assessments, and the production priorities under the National Intelligence Program. The board is the modern descendant of the United States Intelligence Board lineage and it is the venue where dissents from the community-coordinated line get formally recorded and where the analytical disagreements between agencies show up in print as alternative judgments. For an analyst working on a community-coordinated assessment the NFIB process is the formal review path; for a deployed consumer it is invisible except that the NIE arriving in the intel channel has been through that coordination.

The Department of Defense combat support agency that provides geospatial intelligence (GEOINT) — the exploitation and analysis of imagery and geospatial information to describe, assess, and visually depict physical features and geographically referenced activities on the Earth.

"The DoD agency responsible for geospatial intelligence."

NGA was created in 1996 as the National Imagery and Mapping Agency (NIMA) by consolidating defense and civilian mapping and imagery organizations. It was renamed NGA in 2003. The agency runs commercial imagery acquisition (the National Geospatial Strategy), provides imagery analysis to combatant commands, produces aeronautical and maritime navigation products, and supports the GEOINT functional manager role for the IC. Headquartered at Fort Belvoir, Virginia, with a major facility in St. Louis.

Per the DoD Dictionary of Military and Associated Terms (November 2021), the net-centric service-oriented architecture providing discovery, access, and dissemination of geospatial intelligence (GEOINT) products across the IC and DoD — operated under the National Geospatial-Intelligence Agency (NGA) — enables authorized consumers to find and retrieve GEOINT products in the distributed common ground / surface system environment.

"NGDS — the NGA net-centric discovery layer for GEOINT products across the IC and DoD."

NGDS is the NGA-operated service layer that lets a GEOINT consumer find and pull the imagery, geospatial data, and analytical products they need without knowing in advance which production line owns the file — the discovery-and-access architecture that sits on top of the underlying NES production environment. The DCGS family on the service side (DCGS-A for Army, DCGS-N for Navy, DCGS-AF for Air Force, DCGS-MC for Marines) is what an end user touches; NGDS is part of the back end that makes the GEOINT catalog actually searchable across the enterprise. For an Army 35G geospatial analyst, a Navy IS, or a Marine 0241, the discovery experience is what NGDS is providing even when the user does not see the service name; for a national-level consumer the same architecture supports IC-wide access.

Per the DoD Dictionary of Military and Associated Terms (November 2021), the US Army intelligence center, based at Charlottesville, Virginia, responsible for foreign ground forces threat analysis — including foreign armor, anti-armor systems, artillery, infantry weapons, ground-based air defense, and ground-force-relevant counter-terrorism analysis — in support of national-level decision makers, force planning, and combatant command operations.

"NGIC — Army foreign ground forces threat intelligence center at Charlottesville."

NGIC is the Army's service-level intelligence center for foreign ground forces threats — the deep-technical-intelligence shop that characterizes foreign armor (tank protection, mobility, firepower), anti-armor systems (ATGMs, RPGs, the evolution of top-attack threats), artillery (gun systems, ammunition, fire control), small arms and infantry weapons, ground-based air defense systems (SHORAD threats, MANPADS proliferation), and ground-force-relevant counter-terrorism analysis. The center at Charlottesville feeds Army acquisition with the threat picture against which programs are designed (NGCV portfolio, M-SHORAD, future protection systems), feeds combatant commands with theater-specific ground threat assessments, and feeds national-level decision makers on the broader foreign ground forces picture. For an Army analyst in the 35F / 35G tracks or the FAO community focused on a foreign army, NGIC is the deep-expertise hub.

Per the DoD Dictionary of Military and Associated Terms (November 2021), a directive issued by the National HUMINT Manager (CIA, under DNI authority) that establishes policy, priorities, and standards for the national HUMINT enterprise across the intelligence community.

"A National HUMINT Manager Directive — sets community-wide policy and priorities for HUMINT."

NHMD is the policy instrument the National HUMINT Manager uses to push standards, priorities, and authorities across the IC HUMINT enterprise — DIA's defense HUMINT, the military service HUMINT efforts, FBI national security HUMINT, and the CIA's own clandestine service. The National HUMINT Manager role lives at CIA under the DNI's authority (per ICD 304), which means an NHMD carries weight across organizational boundaries that the services would otherwise jealously guard. For a defense HUMINT collector or case officer the NHMD is rarely seen directly, but it shapes which targets get worked, which tradecraft standards apply, and how reporting is coordinated across collectors who otherwise would not know each other existed. The directive series is one of the quieter mechanisms by which the post-9/11 IC actually integrates HUMINT.

The DNI's most authoritative written judgment concerning a specific national-security issue, representing the collective view of the Intelligence Community, drafted by the National Intelligence Council and coordinated across the IC.

"The IC's most authoritative written intelligence judgment on a specific issue."

NIEs are produced by the National Intelligence Council under the DNI, usually in response to a request from senior policymakers or Congress. They aggregate the views of the relevant IC elements, with dissenting agency views captured in footnotes — the famous "INR thinks otherwise" footnotes from State's Bureau of Intelligence and Research are part of the institution. NIEs are classified by default; some have been declassified after substantial review (the 2002 Iraq WMD NIE being the most-studied example).

The portion of the Intelligence Community budget that funds programs not embedded in specific military service intelligence activities — including most of the IC's "national" collection and analytic capabilities — managed by the DNI.

"The DNI-managed portion of the IC budget."

The NIP funds the national-mission elements: most of NSA, NGA, NRO, CIA, ODNI itself, and the national-side components of DIA. The DNI submits the NIP top-line; the Office of Management and Budget integrates it into the President's Budget; Congress appropriates it. The total NIP number is published annually (currently the unclassified top-line is in the $70-80B range per the public DNI release each fall); program details are classified.

Per the DoD Dictionary of Military and Associated Terms (November 2021), the Director of National Intelligence-approved framework that establishes US intelligence priorities by topic and country, providing a unified set of guidance against which the intelligence community plans collection, analysis, and resource allocation.

"The National Intelligence Priorities Framework — DNI's ranking of intelligence topics by country and issue."

NIPF is the master priority matrix the DNI signs out that ranks intelligence issues against countries on a tiered scale, giving the IC a single document against which to align collection, analysis, and resources. The framework drives what NSA targets, what NGA images, what CIA HUMINT works hardest on, and what NIC analysis prioritizes. For a J2 staff or a combatant command intelligence director, the NIPF is the document that explains why a particular regional issue is getting community-level support and another isn't — the answer is usually because of where it sits in the NIPF tiers. ICD 204 governs the framework; the NICC operationalizes it for collection. The NIPF is updated periodically and reflects the administration's strategic intelligence priorities filtered through IC professional judgment.

Per the DoD Dictionary of Military and Associated Terms (November 2021), a plan developed under the auspices of the Director of National Intelligence that identifies and allocates national intelligence community capabilities to support a specific combatant commander campaign plan, operation plan, or contingency.

"A National Intelligence Support Plan — community capabilities aligned against a specific COCOM plan."

NISP is the planning artifact the IC produces to align national-level intelligence capabilities (NSA SIGINT, NGA GEOINT, CIA HUMINT, NRO collection, NIC analysis) against a specific combatant commander's OPLAN, CONPLAN, or campaign plan. For a J2 staff building an OPLAN, the NISP is the cross-IC backbone underneath the intelligence annex (Annex B) — it lays out which national capabilities will be brought to bear, in what sequence, against which intelligence requirements. The plan is developed under ODNI auspices with the NIM for the relevant region or function in the lead, and it survives the change of administration far better than the policy decisions that float above it. NISPs are highly classified and rarely seen outside the IC and the COCOM intelligence directorates that consume them.

The federal regulation prescribing the requirements, restrictions, and safeguards necessary to prevent unauthorized disclosure of classified information released to contractors, licensees, and grantees of the US Government.

"The rulebook for contractors handling classified information."

NISPOM is now codified at 32 CFR Part 117 (it lived as a DoD manual for decades before that). It governs cleared defense contractors — facility clearances, personnel clearances, classified storage, visit authorization, foreign ownership, control, and influence (FOCI). If you work at a contractor on a cleared program, the facility security officer (FSO) is the person whose job is to keep NISPOM compliance — and the person you want as a friend.

Per the DoD Dictionary of Military and Associated Terms (November 2021), the US Department of Commerce non-regulatory agency responsible for promoting US innovation and industrial competitiveness by advancing measurement science, standards, and technology — including the cybersecurity, cryptographic, and risk-management frameworks adopted across the federal government.

"NIST — Commerce's standards body whose cybersecurity and cryptographic frameworks DoD adopts."

NIST is the Commerce Department standards body whose work shapes DoD far more than most service members realize — the NIST Cybersecurity Framework underlies the Risk Management Framework (RMF) that every DoD system goes through for authorization; NIST Special Publications (800-53, 800-171, 800-37) are the document set behind every ATO package; NIST FIPS standards govern the cryptography that DoD systems are required to use; and the NIST Post-Quantum Cryptography standardization process is what will eventually replace the public-key crypto across DoD. For an information system security officer, NIST 800-53 controls are the daily working vocabulary. NIST is also the agency behind the official US time standard and the standards underlying GPS positioning accuracy. The work is unglamorous; almost everything secure in DoD touches it.

The NIST catalog of security and privacy controls for federal information systems and organizations, used as the basis for selecting controls under the Risk Management Framework.

"The federal catalog of security and privacy controls."

NIST SP 800-53 is the master list — roughly a thousand controls in the current revision, grouped into families (AC for access control, AU for audit, CM for configuration management, IA for identification and authentication, and so on). RMF picks a baseline from it (Low, Moderate, or High impact); DoD then adds overlays. The catalog reads dry, but every security finding in every assessment ultimately traces to a specific 800-53 control someone did not meet.

A Cyber Mission Force team type that conducts cyberspace operations in support of US Cyber Command's national-mission requirements, including defending the nation against significant cyberspace threats.

"A CMF team type focused on national-level cyberspace missions."

NMTs are organized under the Cyber National Mission Force (CNMF), a sub-unified command under CYBERCOM. They conduct the cyber operations the public reads about months or years later — defense of US critical infrastructure against named adversary campaigns, "hunt forward" operations on partner-nation networks, and other national-level missions. Personnel on NMTs hold high clearances and operate under tightly scoped authorities granted at the national level.

The Department of Defense classification handling category for information related to the Naval Nuclear Propulsion Program — covers technical details of naval reactor design, operation, materials, fuel, plant performance, and supporting infrastructure — handled under specific NR-controlled procedures distinct from the general DoD classification system, with restrictions on access, distribution, and destruction that apply across both classified and unclassified-but-NNPI information.

"NNPI — Naval Nuclear Propulsion Information, the NR classification handling category."

NNPI is the program-wide information-handling category for anything related to naval nuclear propulsion — reactor design, plant operations, materials, fuel, performance data, and the supporting infrastructure. The handling is distinct from the general DoD classification system: NNPI applies even to information that isn't classified in the standard sense, with restrictions on access (need-to-know within the program), distribution (NR-controlled), and destruction (specific procedures). Every nuke encounters NNPI on day one of the pipeline and lives with it through their entire career — the qualifications cards, the system drawings, the plant procedures, the chemistry logs, the radcon documentation, the ORSE reports are all NNPI-controlled. The discipline around NNPI handling is part of how the program's culture transfers to every individual nuke; loose handling is one of the more reliable ways to end a nuke career.

The Department of Defense agency, jointly staffed by DoD and CIA personnel, responsible for the design, build, launch, and operation of US reconnaissance satellites and the support of intelligence collection from space.

"The agency that builds and operates US reconnaissance satellites."

NRO was established in 1961 but its existence remained classified until 1992. It develops and operates the overhead reconnaissance constellation — SIGINT, IMINT, MASINT, and communications satellites — supporting the entire IC and DoD. NRO has its own budget line in the National Intelligence Program. The Office is co-located with NGA at Westfields, Chantilly, Virginia; NRO Operations Centers run the on-orbit assets that feed NSA, NGA, and tactical users globally.

The Department of Defense agency responsible for signals intelligence (SIGINT) and information assurance, providing intelligence to military commanders and national policymakers and protecting US information systems and networks.

"The DoD agency responsible for signals intelligence and cybersecurity."

NSA is dual-tasked: foreign signals intelligence collection and analysis (the older mission, going back to NSA's 1952 creation), and information assurance/cybersecurity for national security systems (the modern Cybersecurity Directorate role). The Director of NSA has historically also commanded USCYBERCOM and led the Central Security Service — the "dual hat" arrangement that has resisted multiple proposed splits. Headquartered at Fort Meade, Maryland, alongside CYBERCOM and the four military service cryptologic elements.

Missions intended to project power in and through foreign cyberspace through actions taken in support of combatant commander or national objectives.

"Cyberspace operations that project power in foreign cyberspace."

OCO requires authorities that flow down from the national level — there is no field-grade OCO, no impromptu action. Authorities for OCO are layered through SECDEF, CYBERCOM, and the supported combatant commander, with the relevant legal review at each step. Few service members are in OCO billets; almost none talk about specific operations. Public reporting and DoD policy documents acknowledge that OCO is conducted; the details remain classified for obvious reasons.

The federal organization headed by the Director of National Intelligence, established to integrate the activities of the Intelligence Community, oversee the National Intelligence Program, and coordinate intelligence support across the executive branch.

"The DNI's coordinating office for the Intelligence Community."

ODNI sits in Liberty Crossing in McLean, Virginia. The office runs the National Counterterrorism Center (NCTC), the National Counterintelligence and Security Center (NCSC), the National Counterproliferation and Biosecurity Center (NCPBC), and the Cyber Threat Intelligence Integration Center (CTIIC). ODNI's tension is structural — it has the mission to integrate the IC but limited line authority to enforce that integration, which is a feature, not a bug, of IRTPA's compromise.

The Navy's intelligence service, providing maritime intelligence to the Navy, Marine Corps, naval combatant commanders, and national policymakers, headquartered at the National Maritime Intelligence Center in Suitland, Maryland.

"The Navy's intelligence service."

ONI is the oldest US intelligence service, established in 1882. It runs four main analytical centers (Nimitz Center for maritime intelligence, Kennedy Center for technical intelligence, Hopper Center for information warfare intelligence, Farragut Center for technical and scientific intelligence) at the National Maritime Intelligence Center. ONI is the Navy's service intelligence element, providing the maritime intelligence backbone to fleet commanders and the National Maritime Intelligence Integration Office.

A risk-management process used to identify critical information, analyze threats and vulnerabilities, and apply countermeasures to deny adversaries the ability to exploit it.

"Don't post unit movements. Use your common sense online."

Your phone broadcasts more than your mouth ever will. The Strava heatmap exposed forward operating bases. Your spouse's "missing my deployed soldier" Facebook post just told strangers four useful things. Common sense is not enough — you have to learn what is actually collectable.

Intelligence produced from publicly available information that is collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement.

"Intelligence derived from publicly available sources."

OSINT covers everything from foreign newspapers and academic journals to commercial satellite imagery and social-media content. The CIA's Open Source Enterprise (formerly Open Source Center, formerly Foreign Broadcast Information Service) is the IC-wide OSINT executor. OSINT has gone from a niche to a central discipline in the past two decades as commercial imagery, geolocation tools, and open data feeds have closed gaps that previously required classified collection. The hard part is curation, not collection.

The classified daily intelligence product produced by the Intelligence Community for the President of the United States, principal cabinet officials, and senior White House staff, summarizing the most significant intelligence judgments on issues of immediate national-security importance.

"The President's daily classified intelligence summary."

The PDB has been produced for the President since the Kennedy administration. CIA produces the bulk of it with contributions across the IC; the DNI now formally accountable for its content. The recipients have varied across administrations — sometimes a tight circle, sometimes a broader set of cabinet officials and senior staff. The Briefer (a senior CIA officer who personally walks through the day's product with the President when the President takes the brief in person) is one of the most consequential positions inside the IC because of the access it confers.

Any portable electronic device capable of receiving, storing, processing, or transmitting information — including phones, tablets, wearables, and removable media — subject to restriction in secure or sensitive areas.

"Personal electronics must be secured in classified spaces."

PED rules are stricter than most realize and the definition keeps growing. Phones, smartwatches, fitness trackers, bluetooth earbuds, vape pens with wireless features, and certain medical devices all count. SCIFs and other secure areas require them to stay outside, often in a numbered locker. Violations are a security incident — at best a counseling and a re-brief, at worst a hit on your access and a referral to the special security officer.

Individually identifiable health information held or transmitted by a covered entity or its business associate, protected under HIPAA and, within the Military Health System, additional DoD privacy rules.

"Medical information protected by HIPAA and DoD privacy rules."

PHI is a subset of PII tied to medical care. Inside the MHS it is governed by both HIPAA and DoD privacy policy. Discussing a soldier's mental-health diagnosis in formation is a PHI violation; pulling their LES to verify employment is a PII issue. Leadership routinely confuses the two and creates real problems when medical information leaks back into command channels — talk to the MTF privacy officer before passing anything along.

Information that can be used to distinguish or trace an individual's identity, either alone or combined with other information that is linked or linkable to the individual.

"Personal information protected under privacy law."

SSN plus name plus date of birth is the classic trifecta, but PII is broader — anything that singles a person out. Mishandling it (unencrypted email, an unattended printout, a lost thumb drive) is a security incident, a Privacy Act matter, and in some cases a criminal one. The annual training is mandatory and the rules are real: even your own PII has to be handled correctly on DoD systems.

The federal standard for a secure, interoperable identity credential for federal employees and contractors, established under Homeland Security Presidential Directive 12.

"A standardized federal identity card with strong cryptographic protections."

PIV is the government-wide HSPD-12 credential. CAC is the DoD's PIV-compliant version with extras (Geneva Conventions identification, multiple certificates). PIV-I (interoperable) is the version contractors and non-federal partners can carry. The distinction matters in practice when a system insists on a specific token type, when reciprocity questions come up between agencies, or when a contractor is told they need "a PIV" and assumes that means a CAC.

The framework of policies, hardware, software, and procedures that issues, manages, and revokes digital certificates used for authentication, encryption, and digital signature within the Department of Defense.

"The cryptographic backbone that authenticates DoD users and systems."

The DoD PKI is the reason your CAC has a chip. Certificates expire on a fixed schedule, get revoked when something goes wrong, and need re-issue when your CAC is replaced — and almost every "my CAC is not working" call is a PKI problem. The PKI is operated by DISA and underlies CAC login, signed/encrypted email (S/MIME), code signing, and machine-to-machine authentication across DoD networks. When the PKI has a bad day, nothing logs in.

The Department of the Air Force enterprise DevSecOps platform, established at Hanscom Air Force Base, that provides authorized container imagery (Iron Bank), reference DevSecOps architecture (Big Bang), CI/CD pipeline services, and Kubernetes-based application hosting infrastructure for DoD software programs, with adoption extending across services.

"A DAF enterprise DevSecOps platform providing authorized containers and pipeline services."

Platform One is the AF-led but DoD-adopted DevSecOps backbone — Iron Bank is the central trusted container registry (hardened images with cATO-supporting provenance), Big Bang is the open-source reference DevSecOps stack, and the platform offers managed Kubernetes hosting for programs that need it. Adoption has been substantial across services. The platform's value is the inheritance: programs that build on Iron Bank images and Big Bang patterns get a substantial portion of their security work done by the platform rather than re-engineered per program.

A document that identifies tasks needing to be accomplished to remediate weaknesses found in an information system, including resources required, milestones for meeting tasks, and scheduled completion dates.

"A tracked remediation plan for outstanding security findings."

A POA&M is your written IOU to the authorizing official for security findings you could not fix before the ATO was issued. Each finding gets an owner, a milestone, and a completion date. The unspoken truth is that POA&Ms tend to become permanent — items added at ATO often slide for years, and the next ATO frequently inherits the same list with refreshed dates. Closing POA&Ms is unglamorous work; opening them rarely is.

The structured process used by the federal government and the Department of Defense to integrate security, privacy, and supply-chain risk management activities into the system development life cycle: Categorize, Select, Implement, Assess, Authorize, and Monitor.

"A structured federal process for authorizing information systems."

RMF replaced DIACAP as the DoD process for getting a system approved to run. Six steps — Categorize, Select, Implement, Assess, Authorize, Monitor — and a body of artifacts (System Security Plan, Security Assessment Report, POA&M) that travel together to the authorizing official. In practice, RMF is a long paperwork exercise to earn an ATO; the "Monitor" step is where security actually lives but where attention usually dies once the ATO is signed.

A program established for a specific class of classified information that imposes safeguarding and access requirements that exceed those normally required for information at the same classification level.

"A classified program with protections beyond standard classification rules."

SAPs sit above ordinary classification — separate access lists, dedicated facilities, separate adjudication, separate cover. They come in three flavors: acknowledged (ASAP), unacknowledged (USAP), and waived (the most sensitive, with reduced congressional reporting). Read-in and read-out are formal events with paperwork that follows you for life. Many SAP-cleared people cannot tell their family what they do for a living, only where they work; treat the bright line accordingly.

An accredited area, room, group of rooms, building, or installation where SCI may be stored, used, discussed, or processed, constructed to standards set by the Director of National Intelligence.

"A secure space accredited for handling classified intelligence."

A SCIF is a room (or whole building) accredited to ICD 705. No personal electronics, no unshielded windows, vault-style doors with controlled access, and in some cases full RF shielding. You build to spec, the accrediting agency inspects, and once accredited every modification — moving a wall, swapping a door, even some furniture changes — can require re-inspection. The SCIF rules feel paranoid until you read the threat models they were built against.

The standard-form nondisclosure agreement executed by every individual granted access to classified information, acknowledging the legal obligations and penalties for unauthorized disclosure.

"A standard form signed when you receive a clearance."

You sign the SF-312 before you get your first classified read-in. It acknowledges criminal liability under 18 USC 793, 794, 798, and 952 for unauthorized disclosure — citations printed directly on the form. The obligations do not end when you leave service; they are lifetime, and pre-publication review applies to writing about classified topics later. Read what you sign — the form is short, but the consequences are not.

The standard-form questionnaire used to collect personal history information from individuals applying for or holding national-security positions requiring access to classified information.

"The questionnaire used to start a security clearance investigation."

The SF-86 is roughly one hundred pages of every job, address, foreign contact, relative, drug use, financial issue, and arrest from the past seven to ten years, depending on the question. It is submitted through eApp (the replacement for eQIP). Lying or omitting is a felony under 18 USC 1001, and the most common reason a clearance gets denied is the omission, not the underlying issue — investigators find the gap and the lack of candor becomes the problem.

The Army's program to prevent sexual harassment and sexual assault, train soldiers, and support victims through restricted and unrestricted reporting channels. Sister programs: SAPR (Navy/AF/MC), CGIO (Coast Guard).

"We have zero tolerance. Every soldier knows the resources and how to report."

The program exists. The annual training is mandatory. Whether reporting at your specific unit is actually safe — or actually does anything — depends on command climate, and the DoD's own surveys say it varies wildly. Restricted reporting is a real option that preserves access to medical care and counseling without triggering an investigation.

Intelligence derived from electronic signals and systems used by foreign targets, including communications intelligence (COMINT) and electronic intelligence (ELINT).

"We collect, analyze, and act on signals to maintain decision advantage."

SIGINT is the largest US intelligence discipline by budget and personnel. Most service members never see SIGINT product directly — it gets sanitized and pushed as cued indicators or as "tearline" reports. If your job touches SIGINT, you also live with the clearance, polygraph, and lifelong reporting requirements that come with it.

A formal written notice that a service member's security clearance is proposed for denial, suspension, or revocation, listing the specific concerns and giving the member an opportunity to respond.

"A formal notice when there are concerns about your security clearance."

The clock starts when you receive the SOR — typically 20 to 30 days to respond, with appeal options that vary by service. The response is your one structured opportunity to provide context, evidence of mitigation, and rebuttal to the adjudicator. Do not respond emotionally. Get help — TDS or civilian security clearance counsel — before drafting. A rushed or pro-se response can confirm rather than refute the concern.

A configuration standard published by DISA for the secure installation, configuration, and maintenance of a specific operating system, application, or device on Department of Defense networks.

"Configuration baselines for hardening DoD systems."

STIGs are DISA's hardening checklists — hundreds of them, one per operating system, application, or product family. On DoD networks, STIG compliance is treated as binary: either you meet a control or you document a finding with a justification. Compliance is checked through automated scanning (SCAP, Nessus with the DISA template). The gap between "as-deployed" and "as-STIGged" is where reality always lives, and where assessors always look first.

Intelligence derived from the exploitation of foreign materiel and the assessment of adversary scientific and technical capabilities, including the technical characteristics, performance, vulnerabilities, and operational use of foreign weapons systems and equipment.

"Intelligence on adversary weapons systems and technical capabilities."

TECHINT covers the analysis of captured or otherwise acquired foreign equipment — what it is, how it works, how to counter it, how to exploit weaknesses, what its existence implies about the adversary's broader capability. The National Ground Intelligence Center (NGIC, under INSCOM), the Navy's Office of Naval Intelligence centers, and the Air Force's National Air and Space Intelligence Center (NASIC) are the major TECHINT producers. The field is unglamorous but is what lets forces know whether the threat radar can actually see them.

A short name referring to investigations, studies, and control of compromising emanations from telecommunications and information-processing equipment, including the standards for shielding such equipment.

"Protection against information leaking through electromagnetic emissions."

Electronics radiate. With the right gear at the right distance, an adversary can reconstruct what is on a monitor or what is being typed by capturing the EM emissions. TEMPEST is the body of standards and shielding designed to defeat that — and it shapes SCIF construction, equipment selection, and the red/black separation rules that keep classified and unclassified gear physically apart. Mostly invisible to the user but very real to the people who build the spaces and certify the gear.

The component of communications security that results from the application of measures designed to protect transmissions from interception and exploitation by means other than cryptanalysis.

"Protecting the signal itself from detection or jamming."

COMSEC protects the content; TRANSEC protects the fact that you are transmitting at all. Frequency hopping, spread spectrum, low-probability-of-intercept waveforms, anti-jam features — these are TRANSEC. Most radio operators interact with it through hopping plans, waveform selection, and the load procedures for both. Done well, an adversary cannot tell you are on the air; done poorly, your call signs and locations leak before your first word does.

A clearance combination granting eligibility for access to Top Secret information together with one or more SCI compartments controlled under Director of National Intelligence authority.

"The highest-tier clearance most service members will hold."

TS is a level; SCI is a set of compartments built on top of it. Plenty of people have a TS without SCI. SCI access requires a separate read-in for each compartment, brings polygraph and continuous-evaluation requirements, and limits where you can work and what you can disclose. The investigation can take twelve to eighteen months in good periods and longer when the backlog grows; do not plan a job change around it being fast.

A cybersecurity paradigm that assumes no implicit trust based on network location and continuously authenticates and authorizes every access to data and resources, codified for the Department of Defense in the DoD Zero Trust Strategy published in November 2022.

"A cybersecurity model that authenticates every access rather than trusting the network."

Zero Trust is the response to a generation of breaches that showed perimeter-only defense is insufficient — once inside, attackers had broad lateral movement across "trusted" networks. The DoD Zero Trust Strategy (November 2022) sets a target Zero Trust architecture for DoD by FY2027, organized around seven pillars (users, devices, applications and workloads, data, network, automation and orchestration, visibility and analytics). The implementation will take years and runs alongside the JRSS-to-replacement transition.