As used in this part:
(a) Attribution information means information that identifies the DIB participant, whether directly or indirectly, by the grouping of information that can be traced back to the DIB participant (e.g., program description, facility locations).
(b) Compromise means disclosure of information to unauthorized persons or a violation of the security policy of a system in which unauthorized intentional, or unintentional, disclosure, modification, destruction, loss of an object, or the copying of information to unauthorized media may have occurred.
(c) Covered defense information means unclassified information that:
(1) Is:
(i) Provided by or on behalf of the DoD to the DIB participant in connection with an official DoD activity; or
(ii) Collected, developed, received, transmitted, used, or stored by the DIB participant in support of an official DoD activity; and
(2) Is:
(i) Controlled Technical Information means technical information with military or space application (see 10 U.S.C. 130(c)) that is subject to controls on the access, use, reproduction, modification, performance, display, release, disclosure, or dissemination. Controlled technical information is to be marked with one of the distribution statements B through F, in accordance with Department of Defense Instruction 5230.24, ``Distribution Statements of Technical Documents.'' The term does not include information that is lawfully publicly available without restrictions. ``Technical Information'' means technical data or computer software, as those terms are defined in Defense Federal Acquisition Regulation Supplement clause 252.227-7013, ``Rights in Technical Data--Noncommercial Items'' (48 CFR 252.227-7013). Examples of technical information include research and engineering data, engineering drawings, and associated lists, specifications, standards, process sheets, manuals, technical reports, technical orders, catalog-item identifications, data sets, studies and analyses and related information, and computer software executable code and source code;
(ii) Information subject to export control under the International Traffic in Arms Regulations (ITAR) (http://pmddtc.state.gov/regulations_laws/itar_official.html), or the Export Administration Regulations (EAR). (15 CFR part 730);
(iii) Information designated as Critical Program Information (CPI) in accordance with DoD Instruction 5200.39, ``Critical Program Information (CPI) Protection within the Department of Defense'';
(iv) Critical Information (Operations Security) includes specific facts identified through the Operations Security process about friendly intentions, capabilities, and activities vitally needed by adversaries for them to plan and act effectively so as to guarantee failure or unacceptable consequences for friendly mission accomplishment (part of Operations Security process as described in 5205.02-M, ``DoD Operations Security (OPSEC Program Manual)'';
(v) Personally Identifiable Information (PII) that can be used to distinguish or trace an individual's identity in accordance with DoD Directive 5400.11, ``DoD Privacy Program'';
(vi) Information bearing current and prior designations indicating controlled unclassified information (e.g., For Official Use Only, Sensitive But Unclassified, and Limited Official Use, DoD Unclassified Controlled Nuclear Information, Sensitive Information) that has not been cleared for public release in accordance with DoD Directive 5230.29, ``Clearance of DoD Information for Public Release'' (see also DoD 5200.01 M Volume 4, ``DoD Information Security Program: Controlled Unclassified Information (CUI)''), ; or
(vii) Any other information that is exempt from mandatory public disclosure under DoD Directive 5400.07, ``DoD Freedom of Information Act (FOIA) Program'', and DoD Regulation 5400.7-R, ``DoD Freedom of Information Program''.
(d) Covered DIB systems means an information system that is owned or operated by or for a DIB participant and that processes, stores, or transmits covered defense information.
(e) Cyber incident means actions taken through the use of computer networks that result in an actual or potentially adverse effect on an information system and/or the information residing therein.
(f) Cyber intrusion damage assessment means a managed, coordinated process to determine the effect on defense programs, defense scientific and research projects, or defense warfighting capabilities resulting from compromise of a DIB participant's unclassified computer system or network.
(g) Defense Industrial Base (DIB) means the Department of Defense, Government, and private sector worldwide industrial complex with capabilities to perform research and development, design, produce, and maintain military weapon systems, subsystems, components, or parts to satisfy military requirements.
(h) DIB participant means a DIB company that has met all of the eligibility requirements to participate in the voluntary DIB CS/IA information sharing program as set forth in this part (see Sec. 236.7).
(i) Government means the United States Government.
(j) Government Furnished Information (GFI) means information provided by the Government under the voluntary DIB CS/IA program, including but not limited to cyber threat information and information assurance practices.
(k) Information means any communication or representation of knowledge such as facts, data, or opinions in any medium or form, including textual, numerical, graphic, cartographic, narrative, or audiovisual.
(l) Information system means a discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.
(m) Threat means any circumstance or event with the potential to adversely impact organization operations (including mission, functions, image, or reputation), organization assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information and/or denial of service.
(n) U.S. based means provisioned, maintained, or operated within the physical boundaries of the United States.
(o) U.S. citizen means a person born in the United States or naturalized.