Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out

Host Based Security System _HBSS_ - NETCOM - U.S. Army

VIEWS: 0 PAGES: 290

									                                                                                                                                        NETCOM/9th SIGNAL COMMAND (ARMY)
                                                                                                                                  LANDWARNET NETOPS ARCHITECTURE (LNA)

                                                                                                                     HOST BASED SECURITY SYSTEM
                                                                                                                                             COMPLIANCE CHECKLIST #1
                                                                                                                                                                                                                                                            Vendors Certification of Product Meeting LNA
                                                    PRODUCT
                                                                                                                                   CHECKLIST TO BE COMPLETED BY                                                                                        Name:
                                                                                                                                                                                                                                                                            Requirements
                                                                                                                                                                                                                                                                               Title:
Name:
                                                                                                                                                                                VENDOR
Version:                                                                                                                                                                                                                                               Signature:


                                                                    FUNCTIONAL REQUIREMENTS                                                                                                                                                            PRODUCT COMPLIANCE

                                                                                                                                                                                                          MET   SUPPORTING DOCUMENTATION TO INCLUDE:                           NOT-MET




                                                                                                                                                                                              PR
                                                                                                                                                                                               RI
              FUNCTION                                           SYSTEM DESCRIPTION                                                             JUSTIFICATION                                                     URL, NAME OF SOURCE DOCUMENT AND             DESCRIPTION                 COMMENTS




                                                                                                                                                                                                  O
                                                                                                                                                                                                  O
                                                                                                                                                                                                   RI
                                                                                                                                                                                                   R
                                                                                                                                                                                                          √                                                                      √
                                                                                                                                                                                                                             PAGE NUMBER




                                                                                                                                                                                                     TY
                                                                                                                                                                                                     T
Add, Delete and Register Agents              The system shall add and delete agents to/from managed clients/assets.         This is needed in order to perform basic management
                                             Whenever a new agent is added, the Manager triggers inventory data             functions on agent managed assets and services.
                                             collection for the affected asset/agent. Whenever an agent is removed,                                                                               1
                                             the pertinent data is removed from the Manager.

Alert on Unauthorized Configuration          The system shall provide the alerts of unauthorized configuration changes This provides fast notification of unauthorized changes to
Changes                                      on management platform(s) and the managed clients/assets.                 configurations; speeds remedial action.                                    2

Analyze Events By Asset                      The system shall provide on demand and scheduled analysis of event             This enables administrators to troubleshoot faulty/absent
                                             data. It should be able to extract and produce Event data based on             reporting by sources, fine-tune their configurations, develop
                                             specified asset/system criteria (e.g., platform, device, application, asset    new/more effective behavior based profiles (for
                                             type, agent/system failure reports, source, system performing attack. etc.).   firewalls/Intrusion Protection System (IPS)), and provide
                                                                                                                                                                                                  2
                                             It shall enable administrators to query, extract/filter and report event       evaluations on the effectiveness of sources. All improve the
                                             information based on the event source. It shall enable the administrator to    LandWarNet 's availability, reliability, and security.
                                             schedule the analyses/queries, with the same criteria.

Analyze Events by Multiple Criteria          The system shall enable administrators to analyze system events by             This is essential to support root cause analyses,
                                             multiple criteria. It shall enable them to analyze events relating to two or   troubleshooting, and in order to assess progress in improving
                                             more administrator designated criteria, to include (but not limited to)        support/services - all necessary to operate, maintain and
                                             specific times, assets (hardware, software, Agents), Command, Control,         defend the LandWarNet. It also reduces the amount of time
                                             Communications, Computers, and Information Management/Information              administrators will spend in isolating the underpinning cause
                                                                                                                                                                                                  2
                                             Technology (C4IM/IT) services, users, administrators, threat signatures,       of an outage.
                                             behavioral profiles, asset/threat type, management system
                                             transactions/job, Capacity, Availability, Performance (CAP) data, business
                                             impact, data source, and/or configuration items.

Analyze Events By Threat                     The system shall analyze events by threat type. It shall have the capability This facilitates the LandWarNet's defense by providing
                                             to extract and report event data by various custom threat                    automated tools to process large volumes of threat data in
                                             signatures/behavior profiles, Common Vulnerabilities and Exposures           order to rapidly identify and highlight specific threats.
                                             signatures, or external Threat/Neutral systems (e.g., Frequency Spectrum
                                             Manager should be able to relate interference events to Enemy/Neutral
                                                                                                                                                                                                  1
                                             Emitters in reports provided by supporting Intelligence Systems). The
                                             system shall enable administrators to specify these threats (e.g., from a
                                             pick list) and the desired information to present for subsequent automatic
                                             detection and processing/reporting/display.

Analyze Events by Time                       The system shall analyze system events by time. It shall enable                This helps administrators associate related events during
                                             administrators to extract and report event data by reception time, report      trouble-shooting, fine tune rules/profiles for alarms/Intrusion
                                             generation time, or a specific time window. It shall enable administrators     Prevention System/firewalls, and reduce administrator                 2
                                             to schedule these queries (to implement recurring time-based event             workload (e.g., produce reports to support shift-changes).
                                             analysis/reports).


              Enterprise NetOps Planning Division
              ESTA-OSC I-ENPD
              2133 Cushing St.
              Ft. Huachuca, AZ
              85613-7070
              Compliance.Team@conus.army.mil                                                                                                                                          1                                                                                                           1/15/2013
                                                                    FUNCTIONAL REQUIREMENTS                                                                                                                                                                PRODUCT COMPLIANCE

                                                                                                                                                                                                              MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                                                                                                                                  PR
                                                                                                                                                                                                   RI
             FUNCTION                                            SYSTEM DESCRIPTION                                                              JUSTIFICATION                                                        URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                                                                                                                                      O
                                                                                                                                                                                                      O
                                                                                                                                                                                                       RI
                                                                                                                                                                                                       R
                                                                                                                                                                                                              √                                                                   √
                                                                                                                                                                                                                                 PAGE NUMBER




                                                                                                                                                                                                         TY
                                                                                                                                                                                                         T
Assign Actions to Signatures                 The system shall allow the administrator to assign actions to be taken by a      This enhances the LandWarNet's defense and operations by
                                             agent/sensor (when an intrusion is detected) to each threat signature in a       tailoring IDS/IPS systems to meet local missions,
                                             profile. Within Intrusion Detection System (IDS)agents/sensors, these            infrastructure and staff capabilities. It also supports rerouting
                                             actions shall include automated alarm/reporting and/or recording the             suspect network traffic to Honey pots/Honey nets for follow on
                                                                                                                                                                                                      1
                                             suspect transactions (that match the linked signature). IPS agents/sensors       forensic analysis and/or legal action.
                                             shall also support additional actions to block/prevent or reroute those
                                             suspect transactions.

Assign Privileges to Administrative Groups   The system shall provide the ability to assign privileges (read, write,          This is needed for administrators to quickly and securely add
                                             execute, access to, restrictions from) to administrative groups.                 and remove access permissions to management platforms.
                                                                                                                                                                                                      2
                                             Administrative groups are composed of administrative accounts used to
                                             manage the platform.
Assign Privileges To User Groups             This system shall enable the administrator's to assign user privileges to        This is needed for administrators to quickly and efficiently
                                             defined user groups. This includes assigning privileges to                       assign and remove privileges from users assigned to groups.
                                                                                                                                                                                                      2
                                             ports/protocols/services, applications, modules within applications, and/or      It reduces the amount of time administrators will spend
                                             assets.                                                                          configuring access.
Change Intrusion Detection Behavior          The system shall support changing the agent's or sensor's detection              This enables administrators to control the amount of false
                                             behavior when an alert event is detected, in accord with the                     alarms, reduce overly redundant reporting, and update
                                             administratively-set parameters specified in the signature profile.              system alarms to reflect modifications of earlier threats.
                                             Supported changed detection behaviors shall include an ability to inhibit
                                             detection/reporting of the same event for specified period of time, and an
                                                                                                                                                                                                      2
                                             ability to count occurrences of the event during a specified time interval for
                                             later reporting in a single message. The system shall support other
                                             detection behavior changes, set within the signature profile, to reduce the
                                             quantity of detected/reported events.

Collect Agent Configuration Data             The system shall obtain information from managed agents about their              This is required to reduce administrative workloads and
                                             client's configuration and status. The reported data includes agent              network traffic burdens (during peak operational periods),
                                             identification, addresses, and agent/client computing platform's operational     while providing the data needed to operate, manage and
                                                                                                                                                                                                      2
                                             status data. The system enables administrators to schedule these data            defend the LandWarNet remotely.
                                             collections. The reported information is stored in the Manager.

Collect Agent Inventory                      The system shall provide the capability to query agents to obtain                This reduces administrator workloads, facilitates network
                                             information about their operational software version. The manager shall          optimization, and increases the probability and speed of
                                             include the capability to identify software changes that have occurred           detecting illicit changes and incomplete/failed updates to
                                             within an agent, based on previously collected data. The manager shall           agents; all combine to improve LandWarNet security,                     2
                                             support the definition of a schedule for the collection of information from      availability and reliability.
                                             agents. This information is stored in the Software Repository.

Collect Component Status                     This system shall be able to query devices or device managers to obtain          Status of a device is needed to ensure services/applications
                                             information about their operational status/health. Within Host Based             are working appropriately.
                                                                                                                                                                                                      2
                                             Security System (HBSS), this applies to monitoring the status of its
                                             distributed repositories.
Collect Security Events                      The system shall collect security related messages. This includes the            Defense of the LandWarNet would be greatly inhibited without
                                             ability to collect data from multiple sources (e.g., network/Host Intrusion      the ability to collect/receive security related events. These
                                             Detection Systems (HIDS) and IPS, and other managers providing security          events can provide the details of unauthorized activity                 1
                                             related events.                                                                  performed against enterprise assets.

Collect Software/ Firmware Inventory and     The system shall query manage components, agents, or sensors and            This is necessary in order to baseline, manage, and defend
Configuration Data                           obtain information about the operational software/firmware inventory on the the underlying software existing within the LandWarNet.
                                                                                                                                                                                                      1
                                             managed asset(s). This information is stored in the Software Repository.

Configure Communication Resources            The system shall have configurable communication parameters. These               This is needed to securely configure communication channels
                                             parameters can be set between component-to- management consoles,                 between agents and management platforms ensures secure
                                             manager-to-agent and manager-to-management consoles; client-to-server,           transfer of data between the two elements.
                                                                                                                                                                                                      1
                                             client-to-client, Virtual Private Network (VPN) Device-to-remote user, and
                                             server-to-server components. This includes configuring ports, Internet
                                             Protocol (IP) address.
Configure Filter/Signature Download          The system shall provide the ability to set attributes for downloading           This is required to provide the ability to establish a
Attributes                                   filters/signatures from a configurable download address. This includes           hierarchical architecture for the automated download of filters/
                                                                                                                                                                                                      2
                                             establishing authentication/access controls, and permitted                       signatures used to limit traffic and apply policy.
                                             ports/protocols/services on the download sessions/jobs.

              Enterprise NetOps Planning Division
              ESTA-OSC I-ENPD
              2133 Cushing St.
              Ft. Huachuca, AZ
              85613-7070
              Compliance.Team@conus.army.mil                                                                                                                                            2                                                                                                      1/15/2013
                                                                    FUNCTIONAL REQUIREMENTS                                                                                                                                                             PRODUCT COMPLIANCE

                                                                                                                                                                                                           MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                                                                                                                               PR
                                                                                                                                                                                                RI
             FUNCTION                                            SYSTEM DESCRIPTION                                                               JUSTIFICATION                                                    URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                                                                                                                                   O
                                                                                                                                                                                                   O
                                                                                                                                                                                                    RI
                                                                                                                                                                                                    R
                                                                                                                                                                                                           √                                                                   √
                                                                                                                                                                                                                              PAGE NUMBER




                                                                                                                                                                                                      TY
                                                                                                                                                                                                      T
Configure Local Event Queues                 The system should accept user input of the data required to configure a           Not Applicable (N/A)
                                             queue of events for a defined period of time for later collection by the
                                                                                                                                                                                                   3
                                             Manager. This includes enabling customers/users to define optimal times
                                             for non-disruptive data collection.
Configure Operational Data Collection        The system shall enable administrators to define the particulars of               This is required to ensure that asset statuses and other
                                             operational data collection and storage. These shall include the intervals        operational data are collected to operate and maintain the
                                             of data collection, the specific data to be collected (e.g., system operational   LandWarNet.                                                         2
                                             status, user actions/activities being performed, etc.) and the methods of
                                             collection.
Control Access to Resource                   The system, or its agents, shall permit or deny access to a network               This is essential for implementing LandWarNet policies - such
                                             resources (assets, services, network segments, etc.). This is known as the        as Deny All Permit By Exception. It enables Firewalls and
                                             Policy Enforcement Point. This includes controlling/limiting access to            HIPS and NIPS to control and limit access to network
                                             specific network resources through controlling users/application's                devices/segments to known baseline systems/users, following
                                                                                                                                                                                                   1
                                             permissions to use certain ports, protocols, and services.                        known patterns. It also enables detection and blocking of
                                                                                                                               abnormal/malicious access attempts by otherwise
                                                                                                                               unknown/undetectable zero-day threats.

Control Report Generation                    The system should control how and when reports are generated; It should [This facilitates early detection of potential future
                                             support ad hoc reporting capability; automated generation of all available asset/service failures and anomalies.]
                                             reports, by user request or per a schedule. The system should provide
                                                                                                                                                                                                   3
                                             statistical reports based on administrator-selected attributes/thresholds. It
                                             should generate reports based on attribute associations.

Correlate Threat Events                      The system shall identify intrusions by correlating information from multiple     This enables administrators to reduce duplicate reporting of
                                             sensors/agents or pulled from multiple protected sources. It shall provide        the same incident by sensors, while also enabling them to
                                             an ability to combine duplicate reporting of a single intrusion from a single     detect broad, distributed computer network attacks that
                                             sensor/agent, based upon rules/criteria set by the administrator. It shall        cannot be discerned form a single report or device.
                                             provide an automated ability to detect and alert the administrator to
                                             multiple intrusion reports from multiple sensors and/or agents that are
                                             potentially one overall intrusion event/attempt, based upon the                                                                                       1
                                             administrator's rules/criteria. It shall provide automated and semi-
                                             automated tools to combine these multiple intrusion reports into a
                                             consolidated report containing all pertinent data, to include the targeted
                                             assets (device and software/firmware), services, ports, protocols, time
                                             stamps, and threat signature/behavior(s) detected.

Customize Diagnostic Routines                The system should support local customization of the default diagnostic N/A
                                                                                                                                                                                                   3
                                             routines.
Customize Help Feature                       The system should support the customization of help-related system      N/A
                                             functions for its management console(s) and its managed                                                                                               3
                                             components/devices/applications/service.
Customize Knowledge Base                     The system should enable administrators to customize its digital        N/A
                                             documents knowledge bases for its managed clients/agents/applications,
                                             and supported customers, organizations, or services. This enables
                                             administrators to add Army specific documents (approval to operate,
                                             tailored Standard Operating Procedure (SOP)/Tactics, Techniques, and
                                                                                                                                                                                                   3
                                             Procedures (TTPs), Army-refined Frequently Asked Questions (FAQs), IPS
                                             Policy/Behavior-Based Rule Implementation Instructions, Field Manuals
                                             (FMs)/Behavior-Based Rules, etc.) to standard Enterprise documents and
                                             links within the knowledge base.

Define Access Privileges                     The system shall enable designated administrators to define, and             This is critical for securing LandWarNet resources and
                                             subsequently enforce access privileges for other administrators, users, and preventing unauthorized users from making changes that
                                             assets to the management platform its data and any managed assets.           could lead to false alarms, failure of vital system functions,           2
                                                                                                                          and corruption of data used to operate, manage and defend
                                                                                                                          the LandWarNet.
Define Performance Thresholds                The system should define performance thresholds for the managed              N/A
                                             agents/systems/clients/applications. Performance is primarily tied to
                                             availability, throughput and response time. (e.g., transaction time, storage
                                                                                                                                                                                                   3
                                             read write times, authentication processing time, update times, attacks
                                             blocked, attacks blocked by signature/ behavior rule, etc.).


              Enterprise NetOps Planning Division
              ESTA-OSC I-ENPD
              2133 Cushing St.
              Ft. Huachuca, AZ
              85613-7070
              Compliance.Team@conus.army.mil                                                                                                                                           3                                                                                                    1/15/2013
                                                                       FUNCTIONAL REQUIREMENTS                                                                                                                                                               PRODUCT COMPLIANCE

                                                                                                                                                                                                                MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                                                                                                                                    PR
                                                                                                                                                                                                     RI
              FUNCTION                                              SYSTEM DESCRIPTION                                                             JUSTIFICATION                                                        URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                                                                                                                                        O
                                                                                                                                                                                                        O
                                                                                                                                                                                                         R
                                                                                                                                                                                                         RI
                                                                                                                                                                                                                √                                                                   √
                                                                                                                                                                                                                                   PAGE NUMBER




                                                                                                                                                                                                           T
                                                                                                                                                                                                           TY
Define Rule Set Logic                           The system should enable the administrator to create, modify, and save         N/A
                                                the logic necessary to produce comprehensive rule sets. Rules sets are
                                                used to send messages, trigger alerts, detect events, route files/data for                                                                              3
                                                processing, sequence jobs/transactions, etc.

Delete Infected Files                           The system shall enable administrators to either remotely or locally delete    This is necessary to delete files containing malicious code in
                                                infected files from systems.                                                   order to defend the LandWarNet; infected files will then be
                                                                                                                               replaced with uncorrupted versions by Systems Management,
                                                                                                                                                                                                        2
                                                                                                                               Secure Configuration Remediation Management System
                                                                                                                               Manager, or other means.

Detect and Report Login Credential              The system shall identify when users/administrators have changed, or           This is needed to track user activity and identify those types
Changes                                         attempted to change, their login credentials (user name, password,             of activities that may indicate unauthorized changes to                  2
                                                domain) and report this change.                                                accounts.
Detect Configuration Changes                    The system shall track the changes made to component, agent/sensor,            Needed to ensure authorized changes are effected and that
                                                and/or configuration data. Messages sent to agents/sensors, along with         unauthorized changes are identified.
                                                date/time stamped responses, are logged; these are used to identify the                                                                                 2
                                                user/administrator directing the changes.

Detect External Attacks                         The system shall identify and alert an administrator of attacks originating    This is needed by administrators to quickly identify security
                                                outside of the trusted network. It shall provide the administrator with        risks to LandWarNet assets and make appropriate
                                                                                                                                                                                                        2
                                                information about the attack (i.e., type of attack. originating IP address,    adjustments to secure those assets.
                                                MAC address, system name, or user name).
Detect Hardware Changes                         The system shall identify hardware changes that have occurred within a         This enables systems to prompt administrators to validate
                                                managed asset, based on the previous collection of hardware                    authorized infrastructure modifications and to identify and
                                                configuration and version data.                                                respond to unauthorized modifications. This is key to                    2
                                                                                                                               effectively defending and maintaining the LandWarNet.

Detect Hardware Configuration Changes           The system shall track the configuration changes made to managed                N/A
                                                platforms. Configuration changes to hardware may include such things are
                                                                                                                                                                                                        3
                                                a hard drive being partitioned differently, or a NIC card having a different
                                                configuration, an EPROM being updated.
Detect Internal Attacks                         The system shall identify attacks originating inside of the trusted network. This is needed by administrators to quickly identify security
                                                                                                                                risks to LandWarNet assets and make appropriate                         1
                                                                                                                                adjustments to secure those assets.
Detect Intrusion Event                          The system shall recognize when network/host activity matches an                This enables detection of probes and information attacks,
                                                intrusion signature or violates a policy. This includes the ability to identify including advanced attacks employing multiple compromised
                                                stealthy/slow intrusions by correlating security information generated by       systems (e.g., Bot Armies) and distributed probing to avoid
                                                                                                                                                                                                        1
                                                multiple IPS/IDS sensors/agents.                                                detection at signal points; It is essential for protecting war
                                                                                                                                fighters and the LandWarNet from an increasingly capable
                                                                                                                                threats.
Detect Software/Firmware Changes                The system shall identify software/firmware changes that have occurred          This is needed to ensure authorized changes are effected and
                                                within a device, agent, or sensor, based on the previous collection of          that unauthorized changes are identified.                               2
                                                software configuration and version data.
Detect Threats                                  The system shall detect, recognize, and classify viral, spyware and adware This is needed for automatic detection and subsequent
                                                threats - to include any unauthorized and/or hostile programs that can          detailed reporting of known (Common Vulnerabilities and
                                                compromise the security of the system.                                          Exploitations and customized) threats that are a critical part of
                                                                                                                                the LandWarNet's defenses; it helps focus manual
                                                                                                                                troubleshooting and remediation efforts, while simultaneously           1
                                                                                                                                reducing human error. When coupled to prevention/blocking
                                                                                                                                features, this can substantially reduce administrative
                                                                                                                                workloads and mission disruption by preventing further
                                                                                                                                attacks.
Display Alert Events                            The system shall present alert event information collected from an              Provides the ability to view security alerts generated by
                                                                                                                                                                                                        1
                                                intrusion detection sensor or group of sensors.                                 distributed devices and agents.
Display Available Diagnostic Routines           The system should present a list of available diagnostic routines that can      N/A
                                                be executed on either the management platform or managed asset.                                                                                         3

Display Change History                          The system shall display information regarding historical changes to the       This is needed to enable administrators to verify authorized
                                                system and its managed objects or applications.                                changes and identify unauthorized changes to the
                                                                                                                                                                                                        1
                                                                                                                               management system and any managed devices and
                                                                                                                               applications.

                 Enterprise NetOps Planning Division
                 ESTA-OSC I-ENPD
                 2133 Cushing St.
                 Ft. Huachuca, AZ
                 85613-7070
                 Compliance.Team@conus.army.mil                                                                                                                                           4                                                                                                      1/15/2013
                                                                     FUNCTIONAL REQUIREMENTS                                                                                                                                                              PRODUCT COMPLIANCE

                                                                                                                                                                                                             MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                                                                                                                                 PR
                                                                                                                                                                                                  RI
               FUNCTION                                           SYSTEM DESCRIPTION                                                              JUSTIFICATION                                                      URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                                                                                                                                     O
                                                                                                                                                                                                     O
                                                                                                                                                                                                      R
                                                                                                                                                                                                      RI
                                                                                                                                                                                                             √                                                                   √
                                                                                                                                                                                                                                PAGE NUMBER




                                                                                                                                                                                                        TY
                                                                                                                                                                                                        T
Display Events                                The system shall display dynamic near-real-time events based on alarm           This is needed for the operation, maintenance, and defense
                                              severity, time, hierarchical importance, client groups, etc. The system shall   of the Global Information Grid (GIG) and LandWarNet.
                                                                                                                                                                                                     1
                                              support drill down capabilities to display the underlying events behind
                                              larger alarms/incidents.
Display Help                                  The system should provide the ability to view help files specific to the        N/A
                                                                                                                                                                                                     3
                                              application or management system.
Display Knowledge Base Information            The system should display requested information from a particular               N/A
                                              knowledge base, in response to administrator queries. It should support
                                              information retrieval and display from authorized (administratively-linked)
                                              external knowledge bases (e.g., a vendor maintained knowledge base.                                                                                    3
                                              This facilitates rapid trouble-shooting and insightful decision making,
                                              particularly by less experienced administrators.

Display Logging Information                   The system shall present logging information received from an asset or          Enables administrators to view activity logs to identify
                                                                                                                                                                                                     2
                                              agent/sensor.                                                                   unauthorized events per AR 25-2.
Display Monitored Data                        The system shall drill down and display information about displayed             This is essential for basic LandWarNet monitoring,
                                              devices and events. The information may include                                 troubleshooting, and maintenance - particularly at Theater
                                              event/incidents/problems, operational activities, system transactions and/or    Network Operation and Security Centers (TNOSC), where                  1
                                              CAP data.                                                                       remote access to fault sources will be critical for security and
                                                                                                                              rapid repair/problem prevention.
Display Results of Diagnostics                The system shall present results of diagnostic routines executed on a           This is needed to facilitate trouble shooting.
                                                                                                                                                                                                     2
                                              network device.
Distribute Configuration                      The system shall distribute configuration information to managed                This is needed to set/change the configuration of an asset.
                                              components/assets.                                                              Also supports rollbacks to an authorized current baseline
                                                                                                                                                                                                     2
                                                                                                                              following an unauthorized change/information attack.

Distribute Current Software/Firmware          The system shall distribute current baseline software releases from the         This is needed to ensure current versions of software and
Version                                       Current Software Versions (i.e., management software, applications,             patches can be installed. It also supports rapid rollbacks to an
                                              patches, etc.) area within the Software Repository.                             authorized current software/firmware baseline following an             2
                                                                                                                              unauthorized change/information attack.

Distribute Historic Software/Firmware         The system should distribute a previous version of software (i.e.,              N/A
Version                                       applications, patches, etc.) from the Historical Software Information area                                                                             3
                                              within the Software Repository.
Distribute New Software/Firmware              The system shall distribute new software releases (i.e., applications,          This is needed to ensure that those systems will not be
                                              patches, etc.) from the New Software Versions staging area within the           compromised. Remediation of systems on the LandWarNet
                                              Software Repository. Once installed and verified, the system changes the        contributes to security in depth. Retaining prior baseline data        2
                                              new release's status to current baseline status, and the previous current       as described enables rollbacks in the event of a faulty update.
                                              baseline software to historical baseline status.
Distribute Policies to Agents                 The system shall be able to distribute policies to agents managed by the        This supports rapid distribution of new and changed policies
                                              system. It shall support scheduling these updates, as well as ad-hoc            to distant agents, at times best suited for operations.
                                                                                                                                                                                                     2
                                              immediate pushes. It shall support relays via intermediate servers/consoles
                                              to agents on deployed/tactical networks.
Distribute Software/Firmware Based on         The system should distribute software (i.e., applications, patches, agents,     N/A
Profiles                                      etc.) based on client profiles and managed/defended IT assets and
                                              network segments. The system is essential for the correct software
                                                                                                                                                                                                     3
                                              installation, configuration and maintenance of NetOps devices and their
                                              managed/defended networks and IT assets.

Enable Administrator-Defined Correlation      The system shall have the capability to allow administrators to create, add,    Rule sets help to reduce the amount of data administrators
Rule Sets                                     modify, or delete new threat/event correlation rule sets. Administrators may    need to review, thus reducing the amount of time necessary
                                                                                                                                                                                                     2
                                              not delete predefined rule sets or rule sets developed by other                 to identify a potential threat.
                                              administrators.
Encrypt Data Exchanges                        The system shall provide secure (encrypted) data exchange between a             Secures NetOps management data used to control
                                              manager and clients. Certain types of data being exchanged require              management platforms on the LandWarNet.
                                              encryption (e.g., logon credentials). The system shall provide the
                                              capability to encrypt data transferred between the system and assets using                                                                             1
                                              Secure Socket Layer (SSL) and Transport Layer Security (TLS) that is
                                              Federal Information Processing Standards (FIPS) Publication 140-2
                                              compliant.



               Enterprise NetOps Planning Division
               ESTA-OSC I-ENPD
               2133 Cushing St.
               Ft. Huachuca, AZ
               85613-7070
               Compliance.Team@conus.army.mil                                                                                                                                           5                                                                                                     1/15/2013
                                                                      FUNCTIONAL REQUIREMENTS                                                                                                                                                           PRODUCT COMPLIANCE

                                                                                                                                                                                                           MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                                                                                                                               PR
                                                                                                                                                                                                RI
                FUNCTION                                           SYSTEM DESCRIPTION                                                             JUSTIFICATION                                                    URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                                                                                                                                   O
                                                                                                                                                                                                   O
                                                                                                                                                                                                    RI
                                                                                                                                                                                                    R
                                                                                                                                                                                                           √                                                                   √
                                                                                                                                                                                                                              PAGE NUMBER




                                                                                                                                                                                                      TY
                                                                                                                                                                                                      T
Filter Events                                  The system shall filter or limit the events being generated from the           This is needed to filter events being generated from the
                                               managed asset. Examples of filter criteria are event name, type,               managed assets the console will receive to prevent more
                                               identification number, source, and type of event (i.e., security, system,      events that can be processed. This could cause the console           2
                                               application).                                                                  to lock up, and could also result in loss of pertinent event
                                                                                                                              data.
Forward Infected Files                         The system shall forward infected files to the appropriate repository, central This is essential for rapid, follow on forensics analysis,
                                               console/manager, or designated expert administrator's email account.           behavior policy/signature development (giving protection until
                                                                                                                              security patches are provided), and/or to identify which file
                                                                                                                              needs to be replaced from the baseline set (recovery). This
                                                                                                                                                                                                   2
                                                                                                                              also enables the appropriate PM/vendor to develop security
                                                                                                                              patches for systems (e.g., Army Battle Command Systems)
                                                                                                                              attacked by custom threats not found on the internet.

Identify and Collect Data for Monitoring       The system shall enable an administrator to select (identify) what data toThis is necessary in order to receive information about the
                                               monitor/ report and enable the reception collection of that data.         status of an asset or service. It provides valuable information           2
                                                                                                                         used to identify failures.
Identify Trends Based On Historical Metrics The system should support the ability to identify trends based on historical N/A
                                                                                                                                                                                                   3
                                            metrics.
Initiate Failover                           The system shall be able to initiate failover of its managed assets based    Needed to ensure assets/systems/services in the
                                            on administratively set threshold criteria and redundant configurations.     LandWarNet will continue to operate.                                      2

Log Host Activity During Intrusion             The system shall log a protected GP computing platform's                         This is required per DoDI 8500.2, AR 25-1 and AR 25-2; it
                                               activities/transactions when an intrusion event is prevented. The activity       enables detailed post attack forensic analyses and
                                               log shall be associated with the intrusion event and made available to the       subsequent fine tuning of HIPS/firewalls across the                1
                                               central console and/or other monitoring NetOps/CND systems.                      LandWarNet.

Log Intrusion Event Detail                     The system's sensors/agents shall record key information of an intrusion         This enables scheduled or ad-hoc pulls to minimize reporting
                                               event, for later access/retrieval by the central manager, intermediate           impacts to networks during an actual attack, while still
                                               system components or authorized external systems (e.g., SIMS). The               retaining the detailed data needed to perform post-attack
                                               sensors/agents shall be able to record data on the intrusion source (e.g.,       evaluations and forensic analyses. This enhances
                                                                                                                                                                                                   2
                                               sending device's IP address/MAC ID), affected asset (device and                  LandWarNet defenses and availability.
                                               applications/software/firmware), time of the attack, threat type/nature (e.g.,
                                               the CVE identifier), and the alarm/prevention actions taken.

Manage Administrator Accounts              The system shall provide the ability to manage (add, modify, verify, delete)         This is needed to ensure that access to management
                                           accounts that are used to administrate the system. This also includes the            systems is controlled and secure.                                  2
                                           ability add and remove users from groups.
Manage Agent Profiles                      The system should administratively manage (create, modify, and delete)               This is needed in order to manage large numbers of agents
                                                                                                                                                                                                   2
                                           configuration profiles for different types of agents.                                via the profile functionality.
Manage Agent/Client Configuration Settings The system shall manage agent/client related configuration settings. To              This is needed to be able to manage any LandWarNet asset.
                                           include 'auto-install' new definitions, files to exclude, reporting criteria,                                                                           2
                                           reporting times, etc.
Manage Anti-Virus Client Profiles          The system shall manage (create, modify, delete, and archive) anti-virus             This is needed to greatly reduce the amount of time spent
                                           client application and configuration profiles for different types of                 administering platforms and thus increase the time spent
                                           administrators and platforms. Profiles define what baseline anti-virus client        identifying potential security threats on the LandWarNet.
                                           application, virus/threat definition, and configuration settings are assigned                                                                           2
                                           to administratively defined platform and/or user types. This data is stored
                                           in the Anti-Virus Client Profile Repository.

Manage Behavior Blocking Rules                 The system should enable administrators to manage (create, modify, and N/A
                                               delete) behavior blocking rules. It should provide a means to
                                               measure/monitor activities during initial implementation to determine
                                               normal rates and sequence patterns (heuristics) for employing specific
                                               ports, protocols, services, and/or executable files (behaviors) within the
                                               protected network/computing host. It should support generating, adjusting,                                                                          3
                                               and deleting rules used to block malicious/unauthorized behaviors, using
                                               the generated heuristics data. [Behavior blocking stops malicious or
                                               unauthorized types of behavior, even if a specific threat signature has not
                                               been matched.]




                Enterprise NetOps Planning Division
                ESTA-OSC I-ENPD
                2133 Cushing St.
                Ft. Huachuca, AZ
                85613-7070
                Compliance.Team@conus.army.mil                                                                                                                                        6                                                                                                     1/15/2013
                                                                     FUNCTIONAL REQUIREMENTS                                                                                                                                                                 PRODUCT COMPLIANCE

                                                                                                                                                                                                                MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                                                                                                                                    PR
                                                                                                                                                                                                     RI
             FUNCTION                                            SYSTEM DESCRIPTION                                                                JUSTIFICATION                                                        URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                                                                                                                                        O
                                                                                                                                                                                                        O
                                                                                                                                                                                                         R
                                                                                                                                                                                                         RI
                                                                                                                                                                                                                √                                                                   √
                                                                                                                                                                                                                                   PAGE NUMBER




                                                                                                                                                                                                           TY
                                                                                                                                                                                                           T
Manage Component Grouping                    The system shall allow administrators to define groups of assets. Groups           This is needed to enable the administrators to perform
                                             may be created using different characteristics, including hierarchical,            common operations upon them (loading patches, signatures,
                                             organizational, geographical, or functional (e.g., Email Servers). Also, the       profiles, access control list, etc.) - speeding implementation of
                                                                                                                                                                                                        2
                                             system shall enable administrators to assign specific assets/components to         security measures during an attack, reducing the chances of
                                             defined groups.                                                                    error, and reducing overall administrator workloads.

Manage Computing Platform Policies           The system shall enable administrators to create, edit, archive and delete         This enables LandWarNet administrators to quickly define
                                             computing activity and access control policies/rules for managed                   and implement access controls to services, assets and the
                                             computing platforms on the LandWarNet. It shall enable administartors to           LandWarNet, in order to prevent/block emerging computer
                                             define rules that enable or deny standard user/administrator and asset             network attacks, ensure network access to critical nodes
                                             groups access to specific types/categories of assets (devices, applications,       during a national/global crisis, and to remove prior constraints
                                             software/firmware), ports, protocols, services, and/or designated                  when an updated LandWarNet security patch has been                      2
                                             combinations of these configuration items/services. It shall be able to            distributed or the crisis ends.
                                             implement these policies through the system's components and managed
                                             software/applications programs (to include third party software).


Manage Configuration Profiles                The system shall manage (create, modify, archive and delete) sets of               This speeds asset configuration (during installation/updates),
                                             configuration profiles for specific classes of devices, agent/clients, and         reduces administrator burdens, and reduces human error by
                                             applications. A configuration profile contains all the configuration               establishing standard configuration sets to apply for specific
                                             information about a specific asset. It shall support both the current              assets. It also provides a means to assess compliance to an
                                             configuration profile of a managed asset as well as a baseline                     approved Enterprise configuration standard for common                   2
                                             configuration profile.                                                             systems/devices (e.g., an AD server should have specific
                                                                                                                                agents, signatures and profiles loaded at any given time).


Manage Custom Signature Definitions          The system shall create, modify, and delete administrator defined                  Intrusion signatures are the way in which intrusion devices
                                             signatures. Custom signatures may be created by modifying standard                 are able to identify and remediate potential threats. The ability
                                             signatures or other custom signatures. This also includes the abilities to         to manage custom signatures is necessary in order to ensure             1
                                             store these custom signatures and to make them available for distribution.         assets on the LandWarNet are secure.

Manage Diagnostic Routines                   The system should enable administrators to create, copy, and delete                N/A
                                             tailored/unique diagnostic routines for the management system and any                                                                                      3
                                             managed devices, agents or applications.
Manage Environment Specific Event            The system shall enable administrators to create, copy, modify, archive            This allows administrators to refine automated responses by
Actions                                      and delete Event Response/Operations rules for environment specific                the manager to address unique/Army mission and
                                             (local) events or administratively defined filters. It shall allow them to         environment/infrastructure needs and constraints. A pick list
                                             create/modify names for each rule, select pre-defined standard/ custom             enables administrators to predefine rules to support
                                             filters, and specify the pre-defined responses/operations the management           conditions anticipated when an Operations Plan
                                             system shall take when the criteria are met. The system's automated                (OPLAN)/Concept of Operations Plan (CONPLAN) is
                                             response options shall support audible alarms, visual alarms, administrator        executed, or major event/policy (e.g., Brigade Combat Team
                                             defined text messaging (e.g., email/pager alerts), normalization of                exercise or Information Operations policy) occurs. Pre-
                                             externally generated events, correlation/consolidation of                          configured automated responses helps prevent both
                                             redundant/associated events, setting event classification/priority data, and       administrators and the system from becoming overwhelmed -               2
                                             execution of other operations using administratively defined variable              while speeding remedial actions.
                                             entries. It shall permit an administrator to create a rule set of related rules.
                                             It shall enable administrators define rules/criteria used to match specific
                                             data fields and the data entry that results from the match. It should enable
                                             them to provide a named set of these combination rules. The system shall
                                             enable administrators to manage a pick list of these
                                             rules/rules sets for latter execution by administrators and authorized
                                             users.




              Enterprise NetOps Planning Division
              ESTA-OSC I-ENPD
              2133 Cushing St.
              Ft. Huachuca, AZ
              85613-7070
              Compliance.Team@conus.army.mil                                                                                                                                              7                                                                                                      1/15/2013
                                                                     FUNCTIONAL REQUIREMENTS                                                                                                                                                                PRODUCT COMPLIANCE

                                                                                                                                                                                                               MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                                                                                                                                   PR
                                                                                                                                                                                                    RI
             FUNCTION                                            SYSTEM DESCRIPTION                                                                 JUSTIFICATION                                                      URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                                                                                                                                       O
                                                                                                                                                                                                       O
                                                                                                                                                                                                        R
                                                                                                                                                                                                        RI
                                                                                                                                                                                                               √                                                                   √
                                                                                                                                                                                                                                  PAGE NUMBER




                                                                                                                                                                                                          T
                                                                                                                                                                                                          TY
Manage Event Filter Criteria                 The system shall enable administrators to create, modify, archive, and             This is needed to the effective application of the filter to the
                                             delete filtering criteria used to control what events are generated (sent) or      asset. Event filtering prevents the console from receiving
                                             permitted (accepted) from each managed element/asset. It shall support             more events that can be processed. This could cause the
                                             different filters for sending events, receiving/ processing events, and            console to lock up, and could also result in loss of pertinent
                                             alerts/notifications arising from events. The system shall support                 event data.
                                             temporary filters, enabling administrators to select default/administrator                                                                                2
                                             defined filters from a pick list to adjust and activate. The supported filtering
                                             criteria shall address standards/ Protocol based variables/thresholds (e.g.,
                                             SNMP, computer input multiplexer) as well as system unique ones (e.g.,
                                             vendor provided SNMP, manual input buffer extensions).

Manage Event Repository                      The system shall enable the administrator to manage event data                     This is necessary to monitor the health and/or security of
                                             storage/repositories. [Events are security alerts/reports or operational data      managed assets/services, and to perform detailed studies of
                                             reported by managed agents/sensors/adaptors and/or generated internally            their failures/performance (used to improve procedures,
                                             by the Manager.] The system shall enable authorized administrators to              training and infrastructure decisions].                                2
                                             sort, query, archive and delete events with Commercial-off-the-Shelf
                                             (COTS)/Government-off-the-Shelf (GOTS) tools.

Manage Failover Configuration Settings       The system shall enable the administrator to define failover criteria and  This is vital for the reliability, survivability, and speedy
                                             required configuration settings.                                           recovery of the LandWarNet following an critical                               2
                                                                                                                        asset/applications' failure, destruction, or removal.
Manage Firewall Rules                        The system shall manage rule handling functions within network/computing The ability to block unwanted traffic from entering the
                                             platform firewalls. Rules define what traffic (packets) that are allowed   enterprise is a Core functionality needed to protect the
                                                                                                                                                                                                       2
                                             and/or blocked based on various criteria.                                  LandWarNet. Management of the rules helps to reduce the
                                                                                                                        amount of time spent configuring the system.
Manage Groups                                The system shall manage (create, modify, delete) User Groups, with user The system is critical to the operations and security of this
                                             roles and privileges. It shall support User Group creation, data           NetOps system and the LandWarNet. User accounts and
                                             entry/modification, and deletion by authorized system users. This includes their associated User Group(s) will be used throughout the
                                             the ability to remove multiple groups/super groups (groups that contain    Enterprise to control privilege-based access to various
                                                                                                                                                                                                       1
                                             other groups) within a single action.                                      resources/assets and services, track trouble calls/service
                                                                                                                        requests, provide alerts/notifications, and to maintain
                                                                                                                        audit/transaction logs (In Accordance With (IAW) AR 25-1
                                                                                                                        and AR 25-2).
Manage Intrusion Detection/Prevention        The system shall be able to add and delete intrusion detection/prevention IPS sensors frequently do not advertise themselves on the
Sensors                                      sensors/agents in the Manager's Inventory Repository.                      network for security purposes; this enables administrators to
                                                                                                                                                                                                       2
                                                                                                                        keep the inventory of sensors/agents current.

Manage Platform Discovery Rules              The system shall provide the administrator with the ability to manage           This simplifies the process through which a management
                                             (create, edit, delete, and archive) rules sets that are used as part of the     platform will discover and eventually manage assets.
                                             discovery process. It enables administrators to define active (poll-
                                             response) and/or passive discovery rules' search criteria (i.e., IP Segment
                                                                                                                                                                                                       2
                                             range, Domain, Group, System Type, administrative group, IP message
                                             types, etc.) and identification/classification data as to the types of systems,
                                             applications and services that will be discovered/managed.

Manage Standard Intrusion Signatures         The system shall manage the standard signatures used to detect/prevent     Intrusion signatures are the way in which intrusion devices
                                             intrusions.                                                                are able to identify and remediate potential threats. The ability
                                                                                                                                                                                                       1
                                                                                                                        to manage signatures is necessary in order to ensure assets
                                                                                                                        on the LandWarNet are secure.
Monitor Processes                            The system shall be able to monitor a single process or multiple processes This is needed to ensure assets providing enterprise services,
                                             on a managed platform or group of platforms.                               security, or other support is operational and functioning within               2
                                                                                                                        acceptable behavioral patterns/norms.
Obtain Software/Firmware Updates from        The system shall obtain software/firmware (i.e., software/firmware patches,        Updates to assets in the LandWarNet are required in order to
Authoritative Source                         signature/profile updates, rules updates) updates from a specified location        prevent compromise of the assets.                                      2
                                             in either an on-demand or scheduled fashion.
Perform Data Aggregation                     The system shall have the capability to provide data aggregation at the            This is needed in order to reduce the amount of duplicative
                                             appropriate level for the System's monitored environment. This data                events that may be received by a management platform.
                                             aggregation allows for a total visualization of the monitored environment by       Reduction of events will enable administrators to more quickly         2
                                             collecting different data from disparate sources and aggregating the data          identify issues/trends of managed assets within the
                                             for a common view.                                                                 LandWarNet.



              Enterprise NetOps Planning Division
              ESTA-OSC I-ENPD
              2133 Cushing St.
              Ft. Huachuca, AZ
              85613-7070
              Compliance.Team@conus.army.mil                                                                                                                                                8                                                                                                   1/15/2013
                                                                     FUNCTIONAL REQUIREMENTS                                                                                                                                                            PRODUCT COMPLIANCE

                                                                                                                                                                                                           MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                                                                                                                               PR
                                                                                                                                                                                                RI
              FUNCTION                                           SYSTEM DESCRIPTION                                                             JUSTIFICATION                                                      URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                                                                                                                                   O
                                                                                                                                                                                                   O
                                                                                                                                                                                                    R
                                                                                                                                                                                                    RI
                                                                                                                                                                                                           √                                                                   √
                                                                                                                                                                                                                              PAGE NUMBER




                                                                                                                                                                                                      T
                                                                                                                                                                                                      TY
Perform Local Authentication                  The system shall authenticate users, administrators, and assets from data This is needed for the authentication of users to access and
                                              stored locally within the management application or device.                resources on the LandWarNet and is required by AR 25-1,                   1
                                                                                                                         and AR 25-2.
Perform Operations on Multiple Assets         The system shall permit administrators to interact with multiple managed   This is needed to save the administrators considerable time,
                                              assets on a single screen. It allows them to select and perform operations enable central management and maintenance of large
                                              on individual assets, and groups of assets (Hardware, Software, Agents), network - enhancing overall reliability and security.
                                              from administratively defined (pick) lists of available assets/asst groups                                                                           2
                                              and operations. The system shall enable the administrator to define and
                                              save groups of assets for future pick list displays (to perform future
                                              operations upon).
Perform Remote Authentication                 The system shall authenticate users, administrators, and assets from a     This is the core function for the authentication of users to
                                              remote authentication service on the network.                              access and resources on the LandWarNet and is required by                 1
                                                                                                                         AR 25-1, and AR 25-2.
Prevent Intrusion                             The system shall prevent an intrusion. The agent or sensor shall prevent   This is essential to automatically defend the LandWarNet
                                              any action deemed malicious from being performed by the applications on from malicious threats and behaviors - while enabling
                                              the protected host or network. The preventative action shall be in         administrators to coordinate other actions simultaneously.
                                                                                                                                                                                                   1
                                              accordance with the directions provided by the IPS Manager in the
                                              configuration data provided to the IPS Agent or Sensor.

Provide Ability to Drill-Down                 The system shall provide in-depth detailed information about any               This enables rapid trouble-shooting or identification of key
                                              monitored asset, service, or function depicted on the Graphical User           information necessary for operations, maintenance or defense
                                              Interface (GUI). This enables the user to drill-down on any graphical          actions.                                                              2
                                              representation (e.g., icon) to obtain specific relevant detailed information
                                              regarding its status.
Provide Access/Control Web                    The system should provide all functions needed to enable web application       N/A
                                              interfaces and access controls. For example, it should enable an expert
                                              administrator to securely log onto and operate a management console                                                                                  3
                                              from another computer (with web browsers) anywhere on the LandWarNet.

Provide Administrator Audit Log               The system shall provide administrator audit log information, to include the This is required in accordance with Department of Defense
                                              administrator's identification, time stamp, the specific activity/transaction Instruction (DoDI) 8500.2, AR 25-1 and AR 25-2.
                                              performed, changes in permissions, and any other specified data of                                                                                   2
                                              interest related to administrator transactions on the system.

Provide Agent Registration                    The system shall support the ability of agents to register with the            This significantly reduces administrator burdens and
                                              management platform. This registration could be a result of agent              enhances the LandWarNet's security by providing automated
                                              software being loaded on the assets or other method through which the          mechanisms to report and subsequently validate and update
                                              asset/agent finds the management platform.                                     asset inventory. This frees administrators for more intensive         1
                                                                                                                             monitoring and maintenance tasks - improving support to war
                                                                                                                             fighters and Army support staff.

Provide Agent/Sensor Inventory Repository The system shall store inventory information on managed                       This is essential to provide baseline data of managed
                                          agent/sensors/adaptor devices. This shall include the Agent/Sensor            agents/sensors/adaptors, used to support the management
                                          Location Catalog (the topology of agent/sensors in the managed                system's operations and processing.
                                          environment), the Asset Inventory (the known inventory of manageable
                                          devices) and any Component Groupings (Administrator-defined groupings
                                          of agents/sensors and their relationships to other assets and/or services, to                                                                            1
                                          include fail-over responsibilities between them or their management
                                          consoles). It shall be able to store multiple versions of this data (staged,
                                          current and various historical sets of information). This repository should
                                          support queries of this data (for authorized administrators/users only).

Provide Alarm Trace Data Repository           The system shall store Alarm/Event data collected and analyzed by the          This is essential for retaining records of system failures and
                                              management system. Alarm data is generated based on predefined                 security events necessary for follow-up, in-depth analysis
                                                                                                                                                                                                   2
                                              criteria established and rules run against event/operational data received     used to resolve problems and improve LandWarNet
                                              by the management platform.                                                    readiness and availability.
Provide Behavior Blocking                     The system shall provide behavior blocking based on heuristic rules and        This is needed in order to identify and block/prevent malicious
                                              pattern matching (e.g., block an executable from accessing other               activity not previously defined in signatures or profiles.
                                              executables, ports, protocols, and/or services that it is not                  Behavior blocking analyzes the actions and activities of
                                                                                                                                                                                                   2
                                              cleared/historically known to access/leverage).                                executed software looking for suspicious/malicious type
                                                                                                                             behavior, even if a specific threat signature has not been
                                                                                                                             matched.

               Enterprise NetOps Planning Division
               ESTA-OSC I-ENPD
               2133 Cushing St.
               Ft. Huachuca, AZ
               85613-7070
               Compliance.Team@conus.army.mil                                                                                                                                        9                                                                                                      1/15/2013
                                                                    FUNCTIONAL REQUIREMENTS                                                                                                                                                             PRODUCT COMPLIANCE

                                                                                                                                                                                                           MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                                                                                                                               PR
                                                                                                                                                                                                RI
             FUNCTION                                            SYSTEM DESCRIPTION                                                            JUSTIFICATION                                                       URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                                                                                                                                   O
                                                                                                                                                                                                   O
                                                                                                                                                                                                    R
                                                                                                                                                                                                    RI
                                                                                                                                                                                                           √                                                                   √
                                                                                                                                                                                                                              PAGE NUMBER




                                                                                                                                                                                                      T
                                                                                                                                                                                                      TY
Provide Configuration Management Data        This system shall integrate with an external CMDB/SS system; which             This is required to provide critical NetOps inventory and
Base/Service Support Integration             includes components such as: Service Desk, Incident Management,                configuration item data, health/welfare status
                                             Problem Management, Change Management, Configuration Management,               information/events, and other administrative information
                                                                                                                                                                                                   1
                                             Asset Management, Project Management, etc. This includes enabling the          necessary to monitor and manage the health, welfare, and
                                             user to access the manual workflow report (Trouble Ticket) features of the     operational status of the LandWarNet.
                                             CMDB/SS.
Provide Command Line Interface               The system shall use a command line interface for system or account            This is needed to enable administrators to execute changes
                                             administration locally and remotely.                                           on large groups of configuration items via a single command.           2

Provide Command Line Interface and           The system should provide security mechanisms for CLI and Application          N/A
Application Program Interface Security       Program Interface access to the system. The system should enforce
                                             security for command line input that is functionally identical to GUI access
                                                                                                                                                                                                   3
                                             restrictions and controls; security for Advanced Programming Interfaces
                                             that are functionally identical to GUI access restrictions and controls.

Provide Communication Ports Security         The system shall provide the capability to designate a limited set of ports     This is necessary to configure management platforms to
                                             for communication between management platforms and managed                      communicate across routers and switches (considering port
                                                                                                                                                                                                   1
                                             components.                                                                     restrictions that may be applied to network devices) within the
                                                                                                                             LandWarNet.
Provide Computing Policy Repository          The system shall store polcies for computing platforms generated within, or This is core to the system's functioning and supports
                                             managed by the system. It shall be able to store staged/new, current, and implementation of common computer access and secure
                                             multiple historical versions of a policy. It shall support roll-backs of faulty configuration policies across the LandWarNet and DoD.
                                                                                                                                                                                                   2
                                             policies at an administrator's request (replace the current version with a
                                             designated historical version). It shall support queries and reports on this
                                             data.
Provide Configuration Change Reports         The system should produce reports on a managed client’s configuration           N/A
                                                                                                                                                                                                   3
                                             changes based on inventory scans.
Provide Configuration Profile Repository     The system should store information about configuration profiles used to        N/A
                                             manage asset configurations. [Configuration profiles are a named set of
                                             configuration settings, approved protocols/services and other operational
                                             files associated to a specific class/category of IT asset and/or users. For
                                             example, an administrative assistant's baseline profile software is Office
                                             XP and Outlook, an engineer's baseline profile contains Visio and Project,                                                                            3
                                             and an AD Server's baseline profile will contain the appropriate Tivoli/SMS
                                             agent, AD version, Microsoft Server 2003, and HBSS/HIPS agent
                                             information.] It should store new/staged, current, and multiple historical
                                             versions of these profiles.

Provide Correlation Rule Set Configuration   The system shall have the capability to provide basic rule set configuration Rule sets help to reduce the amount of data administrators
                                             capabilities that are intuitive for analysts and not require programming     need to review, thus reducing the amount of time necessary
                                                                                                                                                                                                   2
                                             skills (i.e, providing rule in a pick list that administrators can select).  to identify a potential threat.

Provide Default Event Processing             The system shall provide basic preconfigured event consolidation,           This helps to consolidate data to speed administrator
Settings/Rules                               reduction, normalization, and escalation settings sufficient to enable      awareness and management of events, while preventing the
                                             operation after initial installation.                                       console from becoming overwhelmed, until custom
                                                                                                                         filters/rules can be configured.
Provide Defineable Report Filters            The system should provide filters that can be created and modified. Filters N/A
                                             provide a way to produce reports that provide data on a specific                                                                                      3
                                             attribute(s).
Provide Device and Media Configuration       The system shall store all configuration information about devices and      This is needed to maintain and defend LandWarNet systems
Information Repository                       media that is generated by the management system or its sub-                via their configurations. It supports restoring and
                                             systems/agents, to include any unique communications/encryption             reconstitution of vital assets and applications.                          2
                                             settings. This also includes new/staged, current, and multiple copies of
                                             historical configuration data.
Provide Diagnostic Routines                  The system shall provide diagnostic routines. Diagnostic routines enable This is essential for the rapid trouble shooting and
                                             administrators to execute an action or set of actions intended to reveal    maintenance of assets.                                                    2
                                             operational failures.
Provide Event Aggregation                    The system should aggregate/fuse similar events into a single event         N/A
                                             record/report. [Aggregation/Fusion is the combination of data from multiple                                                                           3
                                             sources into a single location/report.]



              Enterprise NetOps Planning Division
              ESTA-OSC I-ENPD
              2133 Cushing St.
              Ft. Huachuca, AZ
              85613-7070
              Compliance.Team@conus.army.mil                                                                                                                                         10                                                                                                     1/15/2013
                                                                     FUNCTIONAL REQUIREMENTS                                                                                                                                                               PRODUCT COMPLIANCE

                                                                                                                                                                                                              MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                                                                                                                                  PR
                                                                                                                                                                                                   RI
             FUNCTION                                            SYSTEM DESCRIPTION                                                              JUSTIFICATION                                                        URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                                                                                                                                      O
                                                                                                                                                                                                      O
                                                                                                                                                                                                       RI
                                                                                                                                                                                                       R
                                                                                                                                                                                                              √                                                                   √
                                                                                                                                                                                                                                 PAGE NUMBER




                                                                                                                                                                                                         TY
                                                                                                                                                                                                         T
Provide Event Correlation                    The system shall correlate events. [Correlation is the establishment of         This is needed to enable administrators to rapidly discern new
                                             relationships between events from various sources. The combination of           computer network attacks, installation of a bad lot of
                                             these events will provide increased information about possible events.]         components, or other related failures/transactions requiring             2
                                                                                                                             immediate attention to ensure the LandWarNet continues to
                                                                                                                             operate.
Provide Event Escalation                     The system shall raise the priority or severity of an event based on            This ensures rapid responses to events that can disrupt the
                                                                                                                                                                                                      2
                                             predefined rules established within the system.                                 LandWarNet if not addressed quickly.
Provide Event Log Reports                    The system shall produce reports containing event and associated user           This is needed to meet AR requirements for reporting on
                                                                                                                                                                                                      2
                                             activity logs.                                                                  potential security breeches.
Provide Event Reduction                      The system should reduce the number of events generated. [Reduction of N/A
                                             events is the process of removing duplicate and repetitive events.] It
                                             should have the ability to automatically adjust the combined timestamp                                                                                   3
                                             information, provide/update any event duration time entries, and note the
                                             number of times it had been reported.
Provide External Events Repository           The system shall capture and store external systems/operations events           This data is essential for the basic operation of this system's
                                             and logs retrieved from external clients/ repositories. It shall provide timely management console, which is used to operate and maintain
                                             storage for all operational events and/or transaction logs (e.g., Sys-logs)     IT assets and services within the LandWarNet. The ability to
                                             received/polled from specific monitored clients/repositories. It shall record query its data is essential for detailed analyses, which support
                                             all reported event information, with time-stamp data, as textual data in a      NetOps procedures, training, staffing, and infrastructure
                                                                                                                                                                                                      2
                                             database. It shall support queries of this data. [External systems are not      decisions.
                                             part of the Network Situational Awareness (NETCOP) management
                                             system itself; these events/logs address health and welfare information of
                                             these external, but managed, LandWarNet assets).

Provide Failover Monitoring                  The system shall monitor infrastructure operations to determine when          This is vital for the reliability, survivability and speedy recovery
                                             failover criteria have been met.                                              of the LandWarNet following a critical asset/applications'                 2
                                                                                                                           failure, destruction, or removal.
Provide Frequently Asked Questions           The system should support a FAQs capability, providing searchable, quick N/A
Feature                                      solutions for common problems for both administrators and                                                                                                3
                                             customers/users.
Provide Graphical Interface                  The system shall provide a GUI enabling users and/or administrators to        This is needed to simplify the use of the management system.
                                             access and operate the system from their terminal or via a web-accessible
                                             Interface. The system functionality should be the same whether the                                                                                       2
                                             operator accesses the system via the terminal or at the server/system's
                                             native interface.
Provide Grouping Repository                  The system should provide a repository for storage of groups or like          N/A
                                             objects/assets. This includes the ability to store groupings of remediations,
                                             components, events, devices, managed agents/elements, and users, and
                                             any data on their associated permissions/access restrictions. It should be
                                                                                                                                                                                                      3
                                             able to store multiple versions of this data (staged/new, current and
                                             various historical sets of information). This repository should support
                                             queries of this data (for authorized administrators/users only).

Provide Hardware Inventory Repository        The system shall store Hardware data collected and analyzed by the              This is needed to rapidly and remotely detect unauthorized
                                             management system. The system shall be capable of storing staged,               changes to hardware devices on the LandWarNet. Multiple
                                             current and multiple historical versions of hardware inventory information      versions enable administrators to prepare for new systems
                                             for each managed asset. It shall support queries against this data.             and archive inventory that is deployed/being repaired and will
                                                                                                                             return in the future; it also supports battle handovers of this          1
                                                                                                                             data to the gaining theater Network Operations and Security
                                                                                                                             Center (NOSC)/signal unit and helps to centrally identify all
                                                                                                                             assets belonging to an organization.

Provide Hardware Monitoring                  The system shall monitor hardware components of the LandWarNet                  This is needed to ensure hardware components that are part
                                                                                                                                                                                                      2
                                             infrastructure in order to obtain operational status.                           of providing an enterprise service are operational.
Provide Help Feature                         The system should provide help functionality. This can be an on-line            N/A
                                             functionality or provided locally on the platform. It should provide a search                                                                            3
                                             and index capability.
Provide Hostile Application Treatment        The system should provide the ability to quarantine or delete hostile           This is needed in order to identify and remove unauthorized
                                             applications (root kits, key loggers, trojan agents, malware, spyware). This    and potentially hostile applications intended to compromise
                                                                                                                                                                                                      2
                                             is an application and includes all files, executables, and associated           LandWarNet assets.
                                             services.


              Enterprise NetOps Planning Division
              ESTA-OSC I-ENPD
              2133 Cushing St.
              Ft. Huachuca, AZ
              85613-7070
              Compliance.Team@conus.army.mil                                                                                                                                           11                                                                                                      1/15/2013
                                                                    FUNCTIONAL REQUIREMENTS                                                                                                                                                               PRODUCT COMPLIANCE

                                                                                                                                                                                                             MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                                                                                                                                 PR
                                                                                                                                                                                                  RI
             FUNCTION                                            SYSTEM DESCRIPTION                                                              JUSTIFICATION                                                       URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                                                                                                                                     O
                                                                                                                                                                                                     O
                                                                                                                                                                                                      RI
                                                                                                                                                                                                      R
                                                                                                                                                                                                             √                                                                   √
                                                                                                                                                                                                                                PAGE NUMBER




                                                                                                                                                                                                        TY
                                                                                                                                                                                                        T
Provide Import Digital Documents For         The system should import vendor supplied Digital Documentation                  N/A
                                                                                                                                                                                                     3
Knowledge Bases                              Knowledge Base information.
Provide Internal Events Repository           The system shall provide timely storage for internally-generated system         This data is essential for the basic operation and
                                             log/transaction events (events/logs addressing the NetOps system's health       maintenance of this system, which is used to operate,
                                             and operational status). It shall record all reported event information, with   maintain, and defend IT assets and services within the
                                             time-stamp data, as textual data in a database. It shall support queries of     LandWarNet. The ability to query its data is essential for              2
                                             this data. It shall capture and store all agent/sensor reported events/logs     detailed analyses, which support NetOps procedures, training,
                                             and all operational logs (e.g., Sys-logs) polled from specific managed          staffing, and infrastructure decisions.
                                             assets.
Provide Intrusion Event Repository           The system shall store Intrusion Event data collected and analyzed by the       This is absolutely critical for the defense of the LandWarNet.
                                             management system. This includes agent/sensor security alarm/log data,          Retention of this data permits subsequent correlation and
                                             any alert/blocking/ prevention actions taken, and any suspect transaction       analysis of attacks and development of blocking rules,
                                             recording/logging data provided by the agent/sensor. This repository            network/computer defensive policies, and
                                                                                                                                                                                                     1
                                             should support queries of this data (for authorized administrators/users        signatures/malicious behavior profile refinement. The ability to
                                             only).                                                                          query its data is essential for forensic analyses on computer
                                                                                                                             network attacks and others security incidents.

Provide Job Grouping                         The system should provide job grouping for individual jobs that are similar N/A
                                             in nature or scope. Examples include grouping jobs by type of agent, client
                                             groups, location, common configuration, or logical function. Jobs are tasks
                                             or groups of scheduled tasks that can be executed in bulk at a predefined
                                             time and on a regular schedule. Examples of grouped jobs include a Unix-                                                                                3
                                             based kron job, backing up a common/standard set of files, loading
                                             updated threat signatures/behavior rules on agents for AD servers (with
                                             standard configurations), etc.

Provide Knowledge Base                       The system should provide a knowledge base. Knowledge bases are              N/A
                                             searchable (via queries) repository of information about a specific topic or
                                             product. The knowledge base should contain at a minimum; frequently                                                                                     3
                                             asked questions, trouble-shooting wizards, URL for additional
                                             help/information.
Provide Knowledge Base Repository            The system should store NetOps Knowledge Base information. This              N/A
                                             includes all information stored in the Knowledge Base used primarily by
                                                                                                                                                                                                     3
                                             administrators in the operations and maintenance of systems and services.

Provide Multiple Component Access            The system shall control the administrator's ability to only perform            This is needed to enable automated administrative access
Controls                                     operations to those assets/asset groups they are authorized to manage.          controls - enhancing overall reliability and security.                  2

Provide Operational Reports                  The system shall provide operational NetOps reports, to include those on        This is needed to allow the element manager to combine and
                                             component and aggregated asset/system utilization (or usage); failed            summarize device/storage information, Job Status, Job
                                             components/assets; configuration settings for all/designated components/        Volume, Device Utilization, media verification, job failures, job       2
                                             assets; and asset/device/storage information.                                   schedules, report alerts.

Provide Operational Status Repository        The system shall store the operational status of all managed assets. [This Knowing the health/operational status of managed assets is a
                                             asset/service health and status data is received by or generated within the core NetOps function and essential to operate, maintain and
                                                                                                                                                                                                     1
                                             management system, based upon events/other reports.]                        defend the LandWarNet.

Provide Predefined Correlation Rule Sets     The system shall provide predefined rules to establish relationships            This is needed to reduce the amount of data administrators
                                             between events received from different event sources when the events are        need to review, thus reducing the amount of time necessary
                                                                                                                                                                                                     2
                                             functionally related. Extensive tuning of the predefined rule sets should not   to identify a potential threat.
                                             be required.
Provide Predefined Display Formats           The system shall display predefined formats/displays to make the system         This is needed for basic operation of the system out of the
                                                                                                                                                                                                     2
                                             usable immediately after the initial installation.                              box, reducing configuration and implementation time.
Provide Predefined Reporting Filters         The system should display filters to reduce displayed data based on             N/A
                                             relevancy and provide predefined display filters to support analysis of                                                                                 3
                                             reported data.




              Enterprise NetOps Planning Division
              ESTA-OSC I-ENPD
              2133 Cushing St.
              Ft. Huachuca, AZ
              85613-7070
              Compliance.Team@conus.army.mil                                                                                                                                           12                                                                                                     1/15/2013
                                                                     FUNCTIONAL REQUIREMENTS                                                                                                                                                                PRODUCT COMPLIANCE

                                                                                                                                                                                                               MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                                                                                                                                   PR
                                                                                                                                                                                                    RI
             FUNCTION                                             SYSTEM DESCRIPTION                                                              JUSTIFICATION                                                        URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                                                                                                                                       O
                                                                                                                                                                                                       O
                                                                                                                                                                                                        R
                                                                                                                                                                                                        RI
                                                                                                                                                                                                               √                                                                   √
                                                                                                                                                                                                                                  PAGE NUMBER




                                                                                                                                                                                                          T
                                                                                                                                                                                                          TY
Provide Quarantined Files Repository         The system shall provide safe, queriable storage of quarantine files at the       This is necessary to prevent the spread of malicious files
                                             client and/or manager, based upon administratively-defined rules. It shall        across the LandWarNet, by enabling administrators and
                                             ensure that the quarantined files are not able to infect other files or           authorized PM/vendors to analyze suspect/malicious files in
                                             propagate themselves any further.                                                 order to update threat signature/behavior profiles,                     2
                                                                                                                               host/network filters, and eventually develop new security
                                                                                                                               patches for the attacked system/application/files (to include
                                                                                                                               those for GOTS/Battle Command Systems).
Provide Query Tools for Report Generation    The system should support queries of generated reports and in support of          N/A
                                             their generation. It should support natural language queries (Natural
                                             language search allows the administrator to type words in the same way
                                             that a person normally speaks them). The system should support search
                                             inquiries from portal(s). It should query reports and repository based on
                                             data contained in specific report fields. The system should support full text
                                             search of free text and diary type fields. It should search for documents
                                             based on stored attributes. It should support automatic suggestions for                                                                                   3
                                             administrator searches. The system should support the refinement of
                                             existing searches. It should control the amount of records returned by
                                             searches for report inclusion. It should sort data returned from a query.
                                             The system should notify administrators of failed searches. It should
                                             support standard and custom report generation from these queries.


Provide Remote Administration                The system shall provide secure, IP-based remote administration of the            This is required to secure the LandWarNet and operate large
                                                                                                                                                                                                       2
                                             manager and its managed assets.                                                   networks.
Provide Scalable Topology                    The system shall be scaleable and able to operate in a single server              This is required to ensure that management of assets can be
                                             topology (e.g., a military system/vehicle) or in a hierarchical topology (i.e.,   efficiently performed at differing echelons within the
                                             multiple servers arranged hierarchically).                                        LandWarNet. Further it supports the consolidated/correlated
                                                                                                                               of data as it is transferred from one management platform to
                                                                                                                               another. A scalable topology is the foundation of the Army's
                                                                                                                                                                                                       2
                                                                                                                               ability to management the LandWarNet as an enterprise in
                                                                                                                               that it provides a way to manage assets locally while
                                                                                                                               providing valuable data/ information forming an enterprise
                                                                                                                               view of those assets.

Provide Scanning Based on Protocol           This system shall enables virus scanning of network traffic. It includes the This is essential for the identification of viruses on systems
                                             capability to scan traffic transferred on the following protocols: HTML,     and thus the operation of all general purpose platforms on the
                                                                                                                                                                                                       2
                                             HTTP over SSL, File Transfer Protocol, Post Office Protocol 3, and SMTP. LandWarNet.

Provide Security Event Repository            The system shall provide timely storage for security event information            This data is essential for the basic operation of this system's
                                             relating to the management console and any managed assets/services.               management console, which is used to defend the
                                             This includes expired passwords, user lock outs, numerous faulty log on           LandWarNet. The ability to query its data is essential for
                                             attempts, transaction logs of changes to system permissions, unauthorized         forensic analyses on computer network attacks and others
                                             transactions (e.g., user/administrator access escalations), and similar           security incidents.
                                                                                                                                                                                                       2
                                             alarms/alerts. It shall record all reported event information, with time-
                                             stamp data, as textual data in a database. It shall support queries. It shall
                                             capture and store all managed agents/sensors reported security
                                             events/logs.

Provide Security Information Management      This system shall integrate with the external SIMS. This includes data            This is needed for the SIMS to get data from systems. SIMS
System Integration                           received from managed assets as well as events generated on the security          depends upon this data in order to do it's analysis of security
                                                                                                                                                                                                       2
                                             management platform itself (i.e., user unsuccessfully tried to log onto           related information.
                                             management platform more than three times.
Provide Security Related Reports             The system shall provide report on security issues such as improper file          Provides a way for administrators to quickly identify potentially
                                             access, security breaches, and denial of service.                                 unauthorized access assets.                                             1

Provide Signatures Profiles Repository       The system shall store grouped threat signature data (profile) generated This enables administrative tailoring of threat signatures
                                             within the management system. This includes named profiles of signatures packages for specific network segments and/or
                                             associated to a specific asset or asset category/group.                  IDS/IPS/firewall devices. This reduces scan/detection times                      2
                                                                                                                      and network congestion, while enhancing protection.




              Enterprise NetOps Planning Division
              ESTA-OSC I-ENPD
              2133 Cushing St.
              Ft. Huachuca, AZ
              85613-7070
              Compliance.Team@conus.army.mil                                                                                                                                            13                                                                                                      1/15/2013
                                                                     FUNCTIONAL REQUIREMENTS                                                                                                                                                          PRODUCT COMPLIANCE

                                                                                                                                                                                                         MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                                                                                                                             PR
                                                                                                                                                                                              RI
             FUNCTION                                             SYSTEM DESCRIPTION                                                             JUSTIFICATION                                                   URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                                                                                                                                 O
                                                                                                                                                                                                 O
                                                                                                                                                                                                  RI
                                                                                                                                                                                                  R
                                                                                                                                                                                                         √                                                                   √
                                                                                                                                                                                                                            PAGE NUMBER




                                                                                                                                                                                                    TY
                                                                                                                                                                                                    T
Provide Single Component Access              The system shall enable administrators to interact with a single monitored       This is needed to facilitate defensive actions, maintenance,
                                             asset or service on a single screen. This includes enabling them to view         and operational management of core components and
                                             and manipulate the asset/service's status, type, capacity, utilization,          services underpinning the entire LandWarNet.                       2
                                             allocation, and location.

Provide Software Inventory Repository        The system shall store software inventory data collected and analyzed by         This is needed to support baseline determinations and data
                                             the management system. This includes historic, current, and staged               restoral operations.
                                             inventory data.                                                                                                                                     2


Provide Software Repository                  The system shall provide a repository for storage of software or firmware,       This repository is essential for the operation of the
                                             by version. It shall store the current version of profiles; and store multiple   management system and in order to install, restore, and
                                             historical versions. It shall stage new versions within the repository for       trouble-shoot faulty software/firmware versions. It also
                                             subsequent distribution/ installation. Once a new version is deployed, it        provides a baseline of authorized software that may be used
                                                                                                                                                                                                 2
                                             becomes the current version and the old current version becomes a                during forensic analysis to identify unauthorized changes
                                             historical version. It shall enable administrators to control the number         arising from a computer network attack.
                                             and/or age of historical versions retained.

Provide Software/Firmware Distribution       The system should verify a software/ firmware distribution was successful. N/A
Verification                                                                                                                                                                                     3

Provide Standard and Predefined Reports      The system should predefined/standard reports and views. The system       N/A                                                                       3
                                             should also provide graphics within text reports (e.g., Trending Reports
                                             may contain pie charts, bar charts, line charts and other standard
                                             graphics). The system should publish reports in HTML, XML, SQL, ASCII,
                                             JPEG and other standard languages/formats; be able to print and email all
                                             generated reports. The system should be able to provide displays and
                                             reports on all on the following:

                                             a) audit reports that detail modifications and upgrades to the system,

                                             b) identifying all major problems (per pre-defined SLA/service support
                                             program, per period),
                                             c) resolution time for incidents/problems,

                                             d) closed incidents/problems,

                                             e) problems that result in the highest percentage of resource utilization,


                                             f) first contact to closure for incidents or problems,

                                             g) first call closure for incidents or problems,

                                             h) open incidents or problems,

                                             i) incidents or problems that violate service level agreement/service
                                             support program, Service Level Indicators,
                                             j) closed incidents and problems,

                                             k) resolved incidents and problems,

                                             l) escalated incidents and problems,

                                             m) based on each individual support staff for the number of incidents or
                                             problems that they turned over to other support staff during a shift change,


                                             n) based on department/group for the number of incidents or problems that
                                             are turned over to other support staff during a shift change,
                                             o) trends by agent/support staff for number of incidents and problems
                                             opened per day, week, and month,
                                             p) trends by agent/support staff for number of incidents and problems
                                             resolved per day, week, and month


              Enterprise NetOps Planning Division
              ESTA-OSC I-ENPD
              2133 Cushing St.
              Ft. Huachuca, AZ
              85613-7070
              Compliance.Team@conus.army.mil                                                                                                                                         14                                                                                                   1/15/2013
                                                       FUNCTIONAL REQUIREMENTS                                                                                                               PRODUCT COMPLIANCE

                                                                                                                                                MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                                                                    PR
                                                                                                                                     RI
FUNCTION                                            SYSTEM DESCRIPTION                                         JUSTIFICATION                            URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                                                                        O
                                                                                                                                        O
                                                                                                                                         RI
                                                                                                                                         R
                                                                                                                                                √                                                                   √
                                                                                                                                                                   PAGE NUMBER




                                                                                                                                           T
                                                                                                                                           TY
                               q) trends by agent/support staff for number of incidents and problems
                               escalated per day, week, and month,
                               r) trends by agent/support staff on the average time taken for incidents and
                               problems to move from open to resolved status,
                               s) trends by agent/support staff on the average time spent talking to
                               customers/ users regarding an incident or problem,
                               t) trends by agent/support staff on percent of first contact to resolution
                               regarding incidents and problems,
                               u) trends (daily, weekly, monthly) by agent/support staff on percent of first
                               call resolution regarding incidents and problems,
                               v) trends (daily, weekly, monthly) by agent/support staff on the average
                               first contact to resolution regarding incidents and problems,
                               w) trends (daily, weekly, monthly) by agent/support staff on the average
                               first call to resolution regarding incidents and problems,
                               x) trends by group/department for number of incidents and problems
                               opened per day, week, and month,
                               y) trends by group/department for number of incidents and problems
                               resolved per day, week, and month,

                               z) trends by group/department for number of incidents and problems
                               escalated per day, week, and month,
                               aa) trends by group/department on the average time taken for incidents
                               and problems to move from open to resolved status,
                               bb) trends by group/department on the average time spent talking to
                               customers/ users regarding an incident or problem,
                               cc) trends by group/department on percent of first contact to resolution
                               regarding incidents and problems,
                               dd) trends by group/department on percent of first call to resolution
                               regarding incidents and problems,
                               ee) trends by group/department on the average first contact to resolution
                               regarding incidents and problems,
                               ff) trends (daily, weekly, monthly) by group on the average first call to
                               resolution regarding incidents and problems,
                               gg) Incident/Problem rollups by LandWarNet C4IM/IT service or product,


                               hh) Users that access a specific asset,

                               ii) users that own a specific asset,

                               jj) operational assets which have exceeded their life-cycle (to identify
                               equipment that needs to be replaced),
                               kk) minimum, maximum, and averages for all time and numeric based
                               reports,
                               ll) number of users that access a defined service,

                               mm) customers and their associated users,

                               nn) specify the concentration and distribution of vendors and their related
                               products within the enterprise (allows the organization to more clearly
                               understand the impact of issues related to specific products or vendors),

                               oo) life-cycle plans (projections) for an asset,

                               pp) service or product defect status,



Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil                                                                                                 15                                                                                                1/15/2013
                                                                     FUNCTIONAL REQUIREMENTS                                                                                                                                                                 PRODUCT COMPLIANCE

                                                                                                                                                                                                                MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                                                                                                                                    PR
                                                                                                                                                                                                     RI
             FUNCTION                                             SYSTEM DESCRIPTION                                                               JUSTIFICATION                                                        URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                                                                                                                                        O
                                                                                                                                                                                                        O
                                                                                                                                                                                                         RI
                                                                                                                                                                                                         R
                                                                                                                                                                                                                √                                                                   √
                                                                                                                                                                                                                                   PAGE NUMBER




                                                                                                                                                                                                           T
                                                                                                                                                                                                           TY
                                             qq) service or product enhancement request/Request For Change reports.


Provide Suspicious IP Traffic Log            The system shall store suspect/malicious IP traffic Log data collected and        This is absolutely critical for the defense of the LandWarNet.
Repository                                   analyzed by the management system. This repository should support                 Retention of this data permits subsequent correlation and
                                             queries of this data (for authorized administrators/users only). It shall         analysis of attacks and development of blocking rules,
                                                                                                                                                                                                        1
                                             ensure this information cannot spread across the network.                         network/computer defensive policies, and
                                                                                                                               signatures/malicious behavior profile refinement.

Provide Synchronous Event Polling            The system should collect event logs based on synchronous polling.                N/A
                                                                                                                                                                                                        3
Provide System Documentation                 The system should support documentation for a specific                   N/A
                                             technology/capabilities. This includes system design, implementation and                                                                                   3
                                             user guides.
Provide System Information Repository        The system shall store asset-specific data (files, patches, etc.) collected       Configuration control of managers and managed assets
                                             and analyzed by the management system. This includes the                          requires a known/approved baseline to compare the
                                             data/information that has been applied to the system's managed assets.            current/discovered inventory against; this protects the
                                                                                                                                                                                                        2
                                                                                                                               LandWarNet from unauthorized/unmanaged devices and
                                                                                                                               applications.

Provide Threat Categorization                The system shall categorize threats with sufficient detail to automatically       This is needed to classify and subsequently correlate
                                             separate them from each other for further action. It shall be capable of          identified threats reducing the amount of time administrators
                                             matching them to the appropriate Common Vulnerabilities and                       spend in addressing LandWarNet threats.                                  2
                                             Exploitations identifier.
Provide Threat Detection                     The system shall detect viral and non-viral threats. It shall recognize           This is needed to enable follow-on automatic corrective
                                             viruses to include, trojan horses/back doors, zombies, key loggers,               actions and enables administrators to focus upon more
                                             spyware, trackware, adware, and other unauthorized and/or hostile                 complex infections and general maintenance.                              1
                                             programs that can compromise the security of the system(s).


Provide Threat Scans                         The system shall scan for virus threats. It shall be able to scan incoming     This is essential for the identification of viruses on systems
                                             files from email, downloads, external storage, floppy drives, etc. It shall be and thus the operation of all general purpose platforms on the
                                             able to scan system memory and stored files, including system files. It        LandWarNet.
                                             shall enable administrators/users to select specific files, or groups of files                                                                             2
                                             to scan. It shall enable scheduling the aforementioned scans. It shall be
                                             able to recognize authorized applications as NON-threats.


Provide Threat Signatures Repository         The system shall store standard and custom threat definitions/signatures          This data is essential for the proper functioning of anti-
                                             (for viruses, worms, back doors, spyware, malicious adware, etc.). It shall       virus/spyware/mal-ware components/systems/applications,
                                             be able to store new, current and multiple historical versions of these           used to identify known threats for subsequent defensive
                                             signatures. It shall support pick-lists (e.g., for Threat Profile creation) and   blocking/repair/quarantine action prior to their attacking the
                                             system queries of this data.                                                      LandWarNet. Storing custom signatures enable                             1
                                                                                                                               administrators to use COTS systems to defend Army Battle
                                                                                                                               Command systems and other unique DoD/GOTS systems.


Provide Threat Signatures to Clients         The system shall update virus threat signatures to clients/agents and             This is needed in order to update the clients with new threat
                                             subordinate managers.                                                             definitions thus helping to increase the security posture of the
                                                                                                                                                                                                        1
                                                                                                                               assets residing on the LandWarNet.

Provide User Account Repository              The system shall store user and administrator account information for the         This is needed to control access to the management system
                                             management system.                                                                and to support addressing for notification messages/alerts.
                                                                                                                                                                                                        2


Provide User Activity Log                    The system shall create and manage the User Activity (Audit) Log,         This is required per Army Regulatory requirements and
                                             recording all user transactions, and changes to permissions on the system provides a means to verify NetOps staff actions, conduct
                                             in accordance with AR 25-2.                                               rollbacks, and conduct post-mortems/AARs to improve                              1
                                                                                                                       NetOps procedures.

Provide User Defined Display Filters         The system shall enable administrators to define filtering criteria to view a     This is needed to enable administrators to quickly view all
                                             subset of the available information.                                              data based upon specific criteria, facilitating analyses, trouble-       2
                                                                                                                               shooting, work scheduling, etc.

              Enterprise NetOps Planning Division
              ESTA-OSC I-ENPD
              2133 Cushing St.
              Ft. Huachuca, AZ
              85613-7070
              Compliance.Team@conus.army.mil                                                                                                                                             16                                                                                                      1/15/2013
                                                                     FUNCTIONAL REQUIREMENTS                                                                                                                                                           PRODUCT COMPLIANCE

                                                                                                                                                                                                          MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                                                                                                                              PR
                                                                                                                                                                                               RI
              FUNCTION                                            SYSTEM DESCRIPTION                                                            JUSTIFICATION                                                     URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                                                                                                                                  O
                                                                                                                                                                                                  O
                                                                                                                                                                                                   R
                                                                                                                                                                                                   RI
                                                                                                                                                                                                          √                                                                   √
                                                                                                                                                                                                                             PAGE NUMBER




                                                                                                                                                                                                     T
                                                                                                                                                                                                     TY
Provide User Defined Display Formats          The system should allow users to create, add, modify, or delete display        N/A
                                              formats.                                                                                                                                            3

Provide User Defined Report Format            The system should allow for defined presentation formats to view available N/A
                                              information. It should enable the customization of the fields in a report
                                              template or system-provided default report. The system should provide
                                              report creation tools and support ability to customize reports. The system                                                                          3
                                              should enable the user to define output report formats in XML, HTTP,
                                              ASCII, SQL, and JPEG.

Provide User Log Data Repository              The system shall store User Activity Log data collected for analyses by the This is needed to trace user logon activity and to meet
                                              management system.                                                          AR 25-1 and AR 25-2 requirements (punitive requirement)                 1

Provide Vulnerability Scanner Integration     The system shall integrate with the IP Network Vulnerability Scanner as        This is needed to support vulnerability scans, prevent false
                                              needed to send and/or receive relevant NetOps data.                            alarms from IDS/IPS/Firewalls during scans, provide
                                                                                                                             software/configuration updates for scanners, and/or to               2
                                                                                                                             manage remedial taskings to correct detected vulnerabilities.

Provide Web Accessible Display                The system shall interact with devices via a web based interface. The          This is needed to support Army requirements to provide web
                                              functionality shall be equivalent to the capability provided by non-web        accessible interface.                                                2
                                              based user interfaces.

Provide Workflow Support for Common           The system (including any of its agents) should guide and coordinate           N/A
Tasks                                         multiple administrators and authorized users through common tasks. It
                                              should guide them through default processes and allow only those with
                                              proper authority to perform each task/job/transaction. The system should
                                              provide options to automate common or repetitive steps/processes (e.g.,                                                                             3
                                              field entries on forms) and to automatically route transactions/jobs, reports,
                                              and other analytic output to designated administrators, users and/or
                                              managed assets.

Quarantine Infected Files                     The system shall quarantine infected files. Quarantined files reside on the This is needed to be able to secure the LandWarNet from
                                              infected client or the manager's internal repository and are kept there until infected filed until such time as they can be deleted or              2
                                              an administrator removes or cleans them.                                      cleaned.
Quarantine of Managed Systems                 The system shall quarantine managed components in such a way as to             This is needed to be able to secure the LandWarNet from
                                              restrict their access to network resources until specified remediation         infected systems until such time as they can be remediated.
                                              baselines are met.                                                                                                                                  2


Queue Data To Send                            The system's components (e.g., Agents) shall queue events when                 This is required in order to store and forward alerts, events,
                                              communications with the manager is not possible.                               and methods.                                                         2

Receive Events from Log Files (Passive)       The system shall receive events from log files or logging systems.             This is needed in order for the management platform to
                                              (Passive listening). This includes log files created by agents residing on     receive health, status, and security posture of managed
                                                                                                                                                                                                  2
                                              managed client assets.                                                         systems in the LandWarNet.

Receive Events in Standard Protocols          The system shall receive events via industry standard protocols (Storage       This is needed to reduce the amount of time spent integrating
                                              Management Initiative - Specifications, SNMP v2/3, common information          products.                                                            2
                                              model, XML, User Datagram Protocol, etc.)
Recover From Failover Operations              The system shall recover from failover operations by returning to normal Needed to revert back to normal operations after a failover
                                              settings/operations/systems.                                             has been execute, thus ensuring that assets/services in the                2
                                                                                                                       LandWarNet remain operational.
Remove Asset                                  The system should remove an asset from the group of its managed assets N/A
                                              without sympathetic errors. This function is used when removing an asset
                                              from the network for service, for security violations, redeployment,                                                                                3
                                              reallocation, or when decommissioning a platform.

Repair Infected Files                         The system shall repair infected files. Once repaired the files should still   This is needed to remove viruses from files while leaving the
                                                                                                                                                                                                  2
                                              be readable and accessible.                                                    file intact.




               Enterprise NetOps Planning Division
               ESTA-OSC I-ENPD
               2133 Cushing St.
               Ft. Huachuca, AZ
               85613-7070
               Compliance.Team@conus.army.mil                                                                                                                                         17                                                                                                   1/15/2013
                                                                    FUNCTIONAL REQUIREMENTS                                                                                                                                                               PRODUCT COMPLIANCE

                                                                                                                                                                                                             MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                                                                                                                                 PR
                                                                                                                                                                                                  RI
              FUNCTION                                           SYSTEM DESCRIPTION                                                             JUSTIFICATION                                                        URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                                                                                                                                     O
                                                                                                                                                                                                     O
                                                                                                                                                                                                      RI
                                                                                                                                                                                                      R
                                                                                                                                                                                                             √                                                                   √
                                                                                                                                                                                                                                PAGE NUMBER




                                                                                                                                                                                                        TY
                                                                                                                                                                                                        T
Report Inactive Administrator Accounts       The system shall detect and report inactive administrator accounts.         This is needed for enforcing secure access controls over the
                                             Inactive administrators are those who have not accessed a specific system NetOps systems used to secure, operate, and manage the
                                             for a predefined amount of time. Inactive administrators shall be flagged   LandWarNet and its supported Army and Business systems.
                                             for administrative attention and possible action (i.e., account suspension,                                                                             2
                                             deletion, etc.). The system shall provide alert and report mechanisms to
                                             system administrators to act on flagged files.

Reset Administrator Account Parameters       The system shall establish the capabilities expected from a Manager to         This is to provide the ability to lock accounts and unlock
                                             reset Administrator Account/Group parameters of an application. A reset is     administrative accounts allowing for the securing of the
                                                                                                                                                                                                     2
                                             the ability to lock or unlock, make active or disable, or change any of the    LandWarNet.
                                             settings of an account.
Retrieve Policies From DoD/Army Server       The system shall be able to retreive, load, and record computing platform      This enables the United States Army to establish a
                                             policies for an external DoD/Army server.                                      hierarchical/peer-to-peer network capable of rapidly
                                                                                                                            disseminating Operations Security/Information Assurance                  2
                                                                                                                            policies and enforcing/enacting them within the system.

Schedule Configuration Information           The system shall allow the administrator to define a schedule for the          Needed in order to automate the collection of information,
Collection                                   collection of configuration information from devices or device managers.       reducing the amount of time spent by administrators in                   2
                                                                                                                            manually gathering data.
Schedule Event Collection                    The system should schedule the collection (polling) of agents/clients for      N/A
                                                                                                                                                                                                     3
                                             event logs.
Schedule Hardware Inventory Data             The system should enable an administrator to schedule for the collection of    N/A
Collection                                   hardware inventory and configuration information from managed                                                                                           3
                                             components, directly or via an agent.
Schedule Scans                               The system shall enable administrators to schedule partial and full scans      This is needed to enable administrators to support the
                                             on protected /managed general purpose computing platforms. It shall            LandWarNet's DID by enforcing periodic scans, while
                                             support scheduling partial scans of specific files, folders, systems, and/or   conducting them at non-peak hours for minimal disruption to
                                             asset groups - as well as full scans of designated assets/asset groups.        the scanned devices, services, and users. Partial scans
                                                                                                                                                                                                     2
                                                                                                                            enables tailoring the scans for specific threats/vulnerabilities -
                                                                                                                            or recurring problem' users/applications - speeding overall
                                                                                                                            scan times and speeding corrective actions.

Schedule Software/Firmware Distribution      The system should allow an administrator to define a schedule for the       N/A
                                             distribution of software (i.e., applications, patches, signatures,
                                                                                                                                                                                                     3
                                             remediations) to managed assets (e.g., sensors, agents, applications,
                                             devices, etc.).
Schedule Software/ Firmware Inventory        The system should define a schedule for the collection of                   N/A
Collection                                   software/firmware inventory information from devices, agent, adapter, or                                                                                3
                                             sensors.
Schedule Status Collection                   The system should allow the administrator to define a schedule for the      N/A
                                             collection of operational status information from assets or asset managers.                                                                             3

Schedule Synchronization With Authoritative The system should schedule synchronization of manager's software and            N/A
                                                                                                                                                                                                     3
Source                                      files with an authoritative source.
Schedule the Production of Reports          The system should support the ability schedule the production of reports.       N/A
                                            Scheduling will allow for monthly, daily, and hourly configuration such that                                                                             3
                                            reports can be run automatically.
Select Platforms for Monitoring             The system should select (identify) which platforms will be monitored           N/A
                                            based on administratively-defined criteria (IP address, domain, group,
                                                                                                                                                                                                     3
                                            threat alarm data, configuration items) and thresholds/value ranges.

Send Asset Inventory Data                    The system shall transmit asset and service resource inventory data to         Supports deploying/redeploying units and sites (under BRAC)
                                             other systems, to include those escalated for expedited action/                to the gaining theater, DOIM and/or unit Signal element for
                                             implementation. Note that the content of that inventory data may change        planning/management. It also enables PM/PEO and tactical
                                             significantly, depending upon the systems passing it (Information              units to provide locally-procured asset information to the               2
                                             technology Asset Inventory information versus Radio Frequency Asset            Enterprise CMDB/SS to place them under long term
                                             Inventory Information).                                                        management and configuration control.

Send Incident/Problem Data                   The system shall transmit Incident and Problem data. The system shall,         This is necessary for ensuring that assets in the LandWarNet
                                             upon triggering of operational or security related problems, send or           are operating optimally.
                                                                                                                                                                                                     1
                                             transmit the data (time of event, IP address, category of event, etc.)
                                             needed to create a workflow record.

              Enterprise NetOps Planning Division
              ESTA-OSC I-ENPD
              2133 Cushing St.
              Ft. Huachuca, AZ
              85613-7070
              Compliance.Team@conus.army.mil                                                                                                                                           18                                                                                                     1/15/2013
                                                                    FUNCTIONAL REQUIREMENTS                                                                                                                                                             PRODUCT COMPLIANCE

                                                                                                                                                                                                           MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                                                                                                                               PR
                                                                                                                                                                                                RI
             FUNCTION                                            SYSTEM DESCRIPTION                                                           JUSTIFICATION                                                        URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                                                                                                                                   O
                                                                                                                                                                                                   O
                                                                                                                                                                                                    R
                                                                                                                                                                                                    RI
                                                                                                                                                                                                           √                                                                   √
                                                                                                                                                                                                                              PAGE NUMBER




                                                                                                                                                                                                      TY
                                                                                                                                                                                                      T
Send Intrusion Data                          The system shall asynchronously send data to the manager and/or other         This is necessary to be aware of ongoing computer network
                                             monitoring host(s) providing details (i.e. time and nature) of an intrusion   attacks, in order to defend the LandWarNet.
                                                                                                                                                                                                   1
                                             event. The sensor should queue events when communications with the
                                             network manager is not possible.
Set Event Severity                           The system shall set severity of events based on predefined criteria.         Provides a way for administrators to quickly identify those
                                             Criteria include event type, name, source, and category.                      events with high priority, reducing the amount of time needed
                                                                                                                                                                                                   2
                                                                                                                           to resolve security/operational issues with assets.

Support Computing Platform Policy            The system should enable administrators to define the approval process        N/A
Approval                                     for computing platform policies. It should enable them to designate and
                                             remove administrators/users as approval authorities and specify the order                                                                             3
                                             to which they may access the policy for review/approval.


Support Current Security Standards           The system should support existing security event identification standards    N/A
                                             such as Common Vulnerabilities and Exposures and Open Vulnerability                                                                                   3
                                             Assessment Language.

Support Multiple Concurrent Administrators   The system shall support multiple administrators performing management        This is needed to support the ability for multiple administrators
                                             operations concurrently.                                                      to perform operations concurrently reducing the total cost of           2
                                                                                                                           ownership.
Synchronize Signatures with Authoritative    The system shall synchronize the manager's virus/threat                       This is needed to identify intrusions. Updating them is
Source                                       definitions/signatures with an authoritative source such as the anti-virus    necessary in order to ensure assets on the LandWarNet are
                                             vendor or Department of Defense server.                                       secure.                                                                 1



Track Logon Attempts                         The system shall detect and log user logon attempts (successful or            This is needed for enforcing AR 25-1 and AR 25-2 security
                                             otherwise). The system shall provide alerts/reports to system                 regulations and enforcing secure access controls over the
                                             administrators to act on multiple failed attempts.                            systems used to secure, operate, and manage the
                                                                                                                           LandWarNet and its supported Army and Business systems.                 1
                                                                                                                           It also supports post-mortems on IT outages/attacks.


Verify Agent Account Data                    The system shall manage agents to verify user account data, to include        This is a core functionality of the Backup and Recovery
                                             which permissions, assets, services, and applications the user is             system and is needed by administrators to ensure proper
                                             authorized to activate/possess. User account data may be modified and         usage of the system                                                     2
                                             pushed back to the platform if necessary using the Manage Agent User
                                             Accounts system function.

10/28/2009




              Enterprise NetOps Planning Division
              ESTA-OSC I-ENPD
              2133 Cushing St.
              Ft. Huachuca, AZ
              85613-7070
              Compliance.Team@conus.army.mil                                                                                                                                        19                                                                                                      1/15/2013
                                       FUNCTIONAL REQUIREMENTS                                                                                 PRODUCT COMPLIANCE

                                                                                                  MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                      PR
                                                                                       RI
FUNCTION                              SYSTEM DESCRIPTION         JUSTIFICATION                            URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                          O
                                                                                          O
                                                                                           RI
                                                                                           R
                                                                                                  √                                                                   √
                                                                                                                     PAGE NUMBER




                                                                                             TY
                                                                                             T




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil                                                   20                                                                                                1/15/2013
                                       FUNCTIONAL REQUIREMENTS                                                                                 PRODUCT COMPLIANCE

                                                                                                  MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                      PR
                                                                                       RI
FUNCTION                              SYSTEM DESCRIPTION         JUSTIFICATION                            URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                          O
                                                                                          O
                                                                                           RI
                                                                                           R
                                                                                                  √                                                                   √
                                                                                                                     PAGE NUMBER




                                                                                             TY
                                                                                             T




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil                                                   21                                                                                                1/15/2013
                                       FUNCTIONAL REQUIREMENTS                                                                                 PRODUCT COMPLIANCE

                                                                                                  MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                      PR
                                                                                       RI
FUNCTION                              SYSTEM DESCRIPTION         JUSTIFICATION                            URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                          O
                                                                                          O
                                                                                           RI
                                                                                           R
                                                                                                  √                                                                   √
                                                                                                                     PAGE NUMBER




                                                                                             TY
                                                                                             T




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil                                                   22                                                                                                1/15/2013
                                       FUNCTIONAL REQUIREMENTS                                                                                 PRODUCT COMPLIANCE

                                                                                                  MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                      PR
                                                                                       RI
FUNCTION                              SYSTEM DESCRIPTION         JUSTIFICATION                            URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                          O
                                                                                          O
                                                                                           RI
                                                                                           R
                                                                                                  √                                                                   √
                                                                                                                     PAGE NUMBER




                                                                                             TY
                                                                                             T




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil                                                   23                                                                                                1/15/2013
                                       FUNCTIONAL REQUIREMENTS                                                                                 PRODUCT COMPLIANCE

                                                                                                  MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                      PR
                                                                                       RI
FUNCTION                              SYSTEM DESCRIPTION         JUSTIFICATION                            URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                          O
                                                                                          O
                                                                                           RI
                                                                                           R
                                                                                                  √                                                                   √
                                                                                                                     PAGE NUMBER




                                                                                             TY
                                                                                             T




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil                                                   24                                                                                                1/15/2013
                                       FUNCTIONAL REQUIREMENTS                                                                                 PRODUCT COMPLIANCE

                                                                                                  MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                      PR
                                                                                       RI
FUNCTION                              SYSTEM DESCRIPTION         JUSTIFICATION                            URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                          O
                                                                                          O
                                                                                           RI
                                                                                           R
                                                                                                  √                                                                   √
                                                                                                                     PAGE NUMBER




                                                                                             TY
                                                                                             T




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil                                                   25                                                                                                1/15/2013
                                       FUNCTIONAL REQUIREMENTS                                                                                 PRODUCT COMPLIANCE

                                                                                                  MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                      PR
                                                                                       RI
FUNCTION                              SYSTEM DESCRIPTION         JUSTIFICATION                            URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                          O
                                                                                          O
                                                                                           RI
                                                                                           R
                                                                                                  √                                                                   √
                                                                                                                     PAGE NUMBER




                                                                                             TY
                                                                                             T




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil                                                   26                                                                                                1/15/2013
                                       FUNCTIONAL REQUIREMENTS                                                                                 PRODUCT COMPLIANCE

                                                                                                  MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                      PR
                                                                                       RI
FUNCTION                              SYSTEM DESCRIPTION         JUSTIFICATION                            URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                          O
                                                                                          O
                                                                                           RI
                                                                                           R
                                                                                                  √                                                                   √
                                                                                                                     PAGE NUMBER




                                                                                             TY
                                                                                             T




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil                                                   27                                                                                                1/15/2013
                                       FUNCTIONAL REQUIREMENTS                                                                                 PRODUCT COMPLIANCE

                                                                                                  MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                      PR
                                                                                       RI
FUNCTION                              SYSTEM DESCRIPTION         JUSTIFICATION                            URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                          O
                                                                                          O
                                                                                           RI
                                                                                           R
                                                                                                  √                                                                   √
                                                                                                                     PAGE NUMBER




                                                                                             TY
                                                                                             T




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil                                                   28                                                                                                1/15/2013
                                       FUNCTIONAL REQUIREMENTS                                                                                 PRODUCT COMPLIANCE

                                                                                                  MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                      PR
                                                                                       RI
FUNCTION                              SYSTEM DESCRIPTION         JUSTIFICATION                            URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                          O
                                                                                          O
                                                                                           RI
                                                                                           R
                                                                                                  √                                                                   √
                                                                                                                     PAGE NUMBER




                                                                                             TY
                                                                                             T




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil                                                   29                                                                                                1/15/2013
                                       FUNCTIONAL REQUIREMENTS                                                                                 PRODUCT COMPLIANCE

                                                                                                  MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                      PR
                                                                                       RI
FUNCTION                              SYSTEM DESCRIPTION         JUSTIFICATION                            URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                          O
                                                                                          O
                                                                                           RI
                                                                                           R
                                                                                                  √                                                                   √
                                                                                                                     PAGE NUMBER




                                                                                             TY
                                                                                             T




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil                                                   30                                                                                                1/15/2013
                                       FUNCTIONAL REQUIREMENTS                                                                                 PRODUCT COMPLIANCE

                                                                                                  MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                      PR
                                                                                       RI
FUNCTION                              SYSTEM DESCRIPTION         JUSTIFICATION                            URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                          O
                                                                                          O
                                                                                           RI
                                                                                           R
                                                                                                  √                                                                   √
                                                                                                                     PAGE NUMBER




                                                                                             TY
                                                                                             T




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil                                                   31                                                                                                1/15/2013
                                       FUNCTIONAL REQUIREMENTS                                                                                 PRODUCT COMPLIANCE

                                                                                                  MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                      PR
                                                                                       RI
FUNCTION                              SYSTEM DESCRIPTION         JUSTIFICATION                            URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                          O
                                                                                          O
                                                                                           RI
                                                                                           R
                                                                                                  √                                                                   √
                                                                                                                     PAGE NUMBER




                                                                                             TY
                                                                                             T




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil                                                   32                                                                                                1/15/2013
                                       FUNCTIONAL REQUIREMENTS                                                                                 PRODUCT COMPLIANCE

                                                                                                  MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                      PR
                                                                                       RI
FUNCTION                              SYSTEM DESCRIPTION         JUSTIFICATION                            URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                          O
                                                                                          O
                                                                                           RI
                                                                                           R
                                                                                                  √                                                                   √
                                                                                                                     PAGE NUMBER




                                                                                             TY
                                                                                             T




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil                                                   33                                                                                                1/15/2013
                                       FUNCTIONAL REQUIREMENTS                                                                                 PRODUCT COMPLIANCE

                                                                                                  MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                      PR
                                                                                       RI
FUNCTION                              SYSTEM DESCRIPTION         JUSTIFICATION                            URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                          O
                                                                                          O
                                                                                           RI
                                                                                           R
                                                                                                  √                                                                   √
                                                                                                                     PAGE NUMBER




                                                                                             TY
                                                                                             T




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil                                                   34                                                                                                1/15/2013
                                       FUNCTIONAL REQUIREMENTS                                                                                 PRODUCT COMPLIANCE

                                                                                                  MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                      PR
                                                                                       RI
FUNCTION                              SYSTEM DESCRIPTION         JUSTIFICATION                            URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                          O
                                                                                          O
                                                                                           RI
                                                                                           R
                                                                                                  √                                                                   √
                                                                                                                     PAGE NUMBER




                                                                                             TY
                                                                                             T




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil                                                   35                                                                                                1/15/2013
                                       FUNCTIONAL REQUIREMENTS                                                                                 PRODUCT COMPLIANCE

                                                                                                  MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                      PR
                                                                                       RI
FUNCTION                              SYSTEM DESCRIPTION         JUSTIFICATION                            URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                          O
                                                                                          O
                                                                                           RI
                                                                                           R
                                                                                                  √                                                                   √
                                                                                                                     PAGE NUMBER




                                                                                             TY
                                                                                             T




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil                                                   36                                                                                                1/15/2013
                                       FUNCTIONAL REQUIREMENTS                                                                                 PRODUCT COMPLIANCE

                                                                                                  MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                      PR
                                                                                       RI
FUNCTION                              SYSTEM DESCRIPTION         JUSTIFICATION                            URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                          O
                                                                                          O
                                                                                           RI
                                                                                           R
                                                                                                  √                                                                   √
                                                                                                                     PAGE NUMBER




                                                                                             TY
                                                                                             T




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil                                                   37                                                                                                1/15/2013
                                       FUNCTIONAL REQUIREMENTS                                                                                 PRODUCT COMPLIANCE

                                                                                                  MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                      PR
                                                                                       RI
FUNCTION                              SYSTEM DESCRIPTION         JUSTIFICATION                            URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                          O
                                                                                          O
                                                                                           RI
                                                                                           R
                                                                                                  √                                                                   √
                                                                                                                     PAGE NUMBER




                                                                                             TY
                                                                                             T




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil                                                   38                                                                                                1/15/2013
                                       FUNCTIONAL REQUIREMENTS                                                                                 PRODUCT COMPLIANCE

                                                                                                  MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                      PR
                                                                                       RI
FUNCTION                              SYSTEM DESCRIPTION         JUSTIFICATION                            URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                          O
                                                                                          O
                                                                                           RI
                                                                                           R
                                                                                                  √                                                                   √
                                                                                                                     PAGE NUMBER




                                                                                             TY
                                                                                             T




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil                                                   39                                                                                                1/15/2013
                                       FUNCTIONAL REQUIREMENTS                                                                                 PRODUCT COMPLIANCE

                                                                                                  MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                      PR
                                                                                       RI
FUNCTION                              SYSTEM DESCRIPTION         JUSTIFICATION                            URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                          O
                                                                                          O
                                                                                           RI
                                                                                           R
                                                                                                  √                                                                   √
                                                                                                                     PAGE NUMBER




                                                                                             TY
                                                                                             T




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil                                                   40                                                                                                1/15/2013
                                       FUNCTIONAL REQUIREMENTS                                                                                 PRODUCT COMPLIANCE

                                                                                                  MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                      PR
                                                                                       RI
FUNCTION                              SYSTEM DESCRIPTION         JUSTIFICATION                            URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                          O
                                                                                          O
                                                                                           RI
                                                                                           R
                                                                                                  √                                                                   √
                                                                                                                     PAGE NUMBER




                                                                                             TY
                                                                                             T




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil                                                   41                                                                                                1/15/2013
                                       FUNCTIONAL REQUIREMENTS                                                                                 PRODUCT COMPLIANCE

                                                                                                  MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                      PR
                                                                                       RI
FUNCTION                              SYSTEM DESCRIPTION         JUSTIFICATION                            URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                          O
                                                                                          O
                                                                                           RI
                                                                                           R
                                                                                                  √                                                                   √
                                                                                                                     PAGE NUMBER




                                                                                             TY
                                                                                             T




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil                                                   42                                                                                                1/15/2013
                                       FUNCTIONAL REQUIREMENTS                                                                                 PRODUCT COMPLIANCE

                                                                                                  MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                      PR
                                                                                       RI
FUNCTION                              SYSTEM DESCRIPTION         JUSTIFICATION                            URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                          O
                                                                                          O
                                                                                           RI
                                                                                           R
                                                                                                  √                                                                   √
                                                                                                                     PAGE NUMBER




                                                                                             TY
                                                                                             T




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil                                                   43                                                                                                1/15/2013
                                       FUNCTIONAL REQUIREMENTS                                                                                 PRODUCT COMPLIANCE

                                                                                                  MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                      PR
                                                                                       RI
FUNCTION                              SYSTEM DESCRIPTION         JUSTIFICATION                            URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                          O
                                                                                          O
                                                                                           RI
                                                                                           R
                                                                                                  √                                                                   √
                                                                                                                     PAGE NUMBER




                                                                                             TY
                                                                                             T




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil                                                   44                                                                                                1/15/2013
                                       FUNCTIONAL REQUIREMENTS                                                                                 PRODUCT COMPLIANCE

                                                                                                  MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                      PR
                                                                                       RI
FUNCTION                              SYSTEM DESCRIPTION         JUSTIFICATION                            URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                          O
                                                                                          O
                                                                                           RI
                                                                                           R
                                                                                                  √                                                                   √
                                                                                                                     PAGE NUMBER




                                                                                             TY
                                                                                             T




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil                                                   45                                                                                                1/15/2013
                                       FUNCTIONAL REQUIREMENTS                                                                                 PRODUCT COMPLIANCE

                                                                                                  MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                      PR
                                                                                       RI
FUNCTION                              SYSTEM DESCRIPTION         JUSTIFICATION                            URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                          O
                                                                                          O
                                                                                           RI
                                                                                           R
                                                                                                  √                                                                   √
                                                                                                                     PAGE NUMBER




                                                                                             TY
                                                                                             T




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil                                                   46                                                                                                1/15/2013
                                       FUNCTIONAL REQUIREMENTS                                                                                 PRODUCT COMPLIANCE

                                                                                                  MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                      PR
                                                                                       RI
FUNCTION                              SYSTEM DESCRIPTION         JUSTIFICATION                            URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                          O
                                                                                          O
                                                                                           RI
                                                                                           R
                                                                                                  √                                                                   √
                                                                                                                     PAGE NUMBER




                                                                                             TY
                                                                                             T




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil                                                   47                                                                                                1/15/2013
                                       FUNCTIONAL REQUIREMENTS                                                                                 PRODUCT COMPLIANCE

                                                                                                  MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                      PR
                                                                                       RI
FUNCTION                              SYSTEM DESCRIPTION         JUSTIFICATION                            URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                          O
                                                                                          O
                                                                                           RI
                                                                                           R
                                                                                                  √                                                                   √
                                                                                                                     PAGE NUMBER




                                                                                             TY
                                                                                             T




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil                                                   48                                                                                                1/15/2013
                                       FUNCTIONAL REQUIREMENTS                                                                                 PRODUCT COMPLIANCE

                                                                                                  MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                      PR
                                                                                       RI
FUNCTION                              SYSTEM DESCRIPTION         JUSTIFICATION                            URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                          O
                                                                                          O
                                                                                           RI
                                                                                           R
                                                                                                  √                                                                   √
                                                                                                                     PAGE NUMBER




                                                                                             TY
                                                                                             T




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil                                                   49                                                                                                1/15/2013
                                       FUNCTIONAL REQUIREMENTS                                                                                 PRODUCT COMPLIANCE

                                                                                                  MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                      PR
                                                                                       RI
FUNCTION                              SYSTEM DESCRIPTION         JUSTIFICATION                            URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                          O
                                                                                          O
                                                                                           RI
                                                                                           R
                                                                                                  √                                                                   √
                                                                                                                     PAGE NUMBER




                                                                                             TY
                                                                                             T




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil                                                   50                                                                                                1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        51   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        52   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        53   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        54   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        55   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        56   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        57   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        58   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        59   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        60   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        61   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        62   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        63   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        64   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        65   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        66   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        67   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        68   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        69   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        70   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        71   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        72   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        73   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        74   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        75   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        76   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        77   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        78   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        79   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        80   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        81   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        82   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        83   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        84   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        85   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        86   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        87   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        88   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        89   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        90   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        91   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        92   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        93   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        94   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        95   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        96   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        97   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        98   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        99   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        100   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        101   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        102   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        103   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        104   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        105   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        106   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        107   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        108   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        109   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        110   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        111   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        112   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        113   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        114   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        115   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        116   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        117   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        118   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        119   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        120   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        121   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        122   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        123   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        124   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        125   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        126   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        127   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        128   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        129   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        130   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        131   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        132   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        133   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        134   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        135   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        136   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        137   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        138   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        139   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        140   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        141   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        142   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        143   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        144   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        145   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        146   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        147   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        148   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        149   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ
85613-7070
Compliance.Team@conus.army.mil        150   1/15/2013
                                                                                                                               NETCOM/9TH SIGNAL COMMAND (ARMY)
                                                                                                                             LANDWARNET NETOPS ARCHITECTURE (LNA)
                                                                                                                                                  COMPLIANCE CHECKLIST #2
                                                                    HOST-BASED SECURITY SYSTEM (HBSS)                                                                                                                                            PRODUCT COMPLIANCE
                                                                 INTERACTION WITH OTHER LNA CAPABILITIES                                                                                                                                      TO BE COMPLETED BY VENDOR
                                                                                                                                                                                                                            SUPPORTING DOCUMENTATION
                                                                                                                                                                                                           COMPLIANCE   TO INCLUDE: URL, SOURCE DOCUMENT
             FROM                                   TO                 DATA FLOW TEXT DESCRIPTION                                              DATA ELEMENT DEFINITION                                       YES/NO          NAME AND PAGE NUMBERS
                                                                                                                                                                                                                                                           DESCRIPTION    COMMENTS

Active Directory                      Host Based Security System     Contains user account and group membership data sent User Account and Group Data: Contains AD user and group information
                                                                     from Active Directory (AD) to the Host Based Security needed for users to authenticate themselves to systems.
                                                                     System (HBSS).
Configuration Management              Host Based Security System     Contains data sent from the Configuration Management   Event/Trouble Ticket Status: Data regarding the status of an "Incident"
Database/Service Support                                             Database/Service Support (CMDB/SS) system to the       as reported from CMDB/SS to a management system.
                                                                     HBSS.
                                                                                                                            Request for Policy Install: This contains a request for install of a policy
                                                                                                                            within the LandWarNet. The policy contains data that can be files,
                                                                                                                            packages, profiles, etc. The request contains the data and target systems.

Host Based Security System            Firewall Element Manager       Contains data sent from the HBSS to the Firewall       Address: Address that this protocol endpoint represents, for example,
                                                                     Element Management System. This information is used    171.79.6.40 or FE:ED:FE:ED:00:11. The address format, such as Internet
                                                                     to by receiving systems to preclude false alarms.      Protocol (IP), Internet Packet eXchange (IPX), or Ethernet, depends on the
                                                                                                                            Protocol Type value. It can be further refined in subclasses.

                                                                                                                            Alerting Managed Element: Name of the alerting computer as known by
                                                                                                                            the management system.
                                                                                                                            Host Name: Contains alphanumeric data reflecting the name of
                                                                                                                            LandWarNet Asset.
                                                                                                                            Logical Networks Collection: Stores information about groups of logical
                                                                                                                            networks. Use this class to represent subsets of machines that are
                                                                                                                            physically connected to larger networks. For example, if you have ten
                                                                                                                            machines connected to the same networking backbone, you could have
                                                                                                                            five of the machines on the address range 192.168.0.x and the other five
                                                                                                                            machines on the address range 172.16.10.x. Although they are physically
                                                                                                                            connected to the same backbone, the two groups of machines are on
                                                                                                                            separate logical networks.
                                                                                                                            Port Number: Transmission Control Protocol or User Datagram Protocol
                                                                                                                            port number.
                                                                                                                            Protocol Type: Type of endpoint. Often, information in this attribute and
                                                                                                                            a subclass overlap. However, when this class is used to represent an
                                                                                                                            endpoint (for example, no subclass exists for fiber channel endpoints), this
                                                                                                                            attribute is needed to categorize the end point. Values are:


                                                                                                                            Unknown (0),
                                                                                                                            Other (1),
                                                                                                                            IPv4 (2),
                                                                                                                            IPv6 (3),
                                                                                                                            IPX (4),
                                                                                                                            AppleTalk (5),
                                                                                                                            DECnet (6),
                                                                                                                            SNA (7),
                                                                                                                            CONP (8),
                                                                                                                            CLNP (9),
                                                                                                                            VINES (10),
                                                                                                                            XNS (11),
                                                                                                                            ATM (12),
                                                                                                                            Frame Relay (13),
                                                                                                                            Ethernet (14),
                                                                                                                            TokenRing (15),
                                                                                                                            FDDI (16),
                                                                                                                            Infiniband (17),



Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                                                                                                                          151                                                                                                     1/15/2013
                                                                                                                                      NETCOM/9TH SIGNAL COMMAND (ARMY)
                                                                                                                                    LANDWARNET NETOPS ARCHITECTURE (LNA)
                                                                                                                                                         COMPLIANCE CHECKLIST #2
                                                                 HOST-BASED SECURITY SYSTEM (HBSS)                                                                                                                                                      PRODUCT COMPLIANCE
                                                              INTERACTION WITH OTHER LNA CAPABILITIES                                                                                                                                                TO BE COMPLETED BY VENDOR
                                                                                                                                                                                                                                   SUPPORTING DOCUMENTATION
                                                                                                                                                                                                                  COMPLIANCE   TO INCLUDE: URL, SOURCE DOCUMENT
             FROM                                   TO                     DATA FLOW TEXT DESCRIPTION                                              DATA ELEMENT DEFINITION                                          YES/NO          NAME AND PAGE NUMBERS
                                                                                                                                                                                                                                                                  DESCRIPTION    COMMENTS

                                                                                                                                   Fibre Channel (18),
                                                                                                                                   ISDN BRI Endpoint (19),
                                                                                                                                   ISDN B Channel Endpoint (20),
                                                                                                                                   ISDN D Channel Endpoint (21),
                                                                                                                                   IPv4/v6 (22),
                                                                                                                                   BGP (23),
                                                                                                                                   OSPF (24),
                                                                                                                                   MPLS (25),
                                                                                                                                   UDP (26), and
                                                                                                                                   TCP (27).
                                                                                                                                   No default value.
Host Based Security System            Host Based Security System        Contains data sent from the HBSS to other HBSS          Hierarchical: This is the data and control messages necessary to allow
                                                                        Management Systems. It provides an ability to           one LandWarNet NetOps Architecture management system to operate
                                                                        forward/relay designated HBSS data, policies and enable with another like system in a Hierarchical mode.
                                                                        cross-system knowledge base links.
                                                                                                                                Knowledge Base Information: Contains a set of data that was either the
                                                                                                                                entire or subset of the data within a knowledge base.

                                                                                                                                   Peer-to-Peer: This is the data and control messages necessary to allow
                                                                                                                                   one LandWarNet NetOps Architecture management system to operate
                                                                                                                                   with another like system in a Peer-to-peer mode.

                                                                                                                                   Policy Data: Comprises the name and data associated with a specific
                                                                                                                                   policy. Policies are groups of configurations or rules that are applied to a
                                                                                                                                   set of assets to achieve a specific posture.
Host Based Security System            IAVM Compliance Manager           Contains a request for data (policy updates) sent from     Request for Data: This is a generic request for data from one NetOps
                                                                        the HBSS an external Department of Defense                 system to another. The type, content, format, and frequency of the data
                                                                        (DoD)/Army policy server.                                  requested and/or sent is dependant on the respective unique systems.

Host Based Security System            Security Information Management   Contains data sent from the HBSS to the Security           Address: Address that this protocol end point represents, for example,
                                      System                            Information Management System (SIMS). HBSS                 171.79.6.40 or FE:ED:FE:ED:00:11. The address format, such as IP, IPX,
                                                                        provides information on system security events/incidents   or Ethernet, depends on the Protocol Type value. It can be further refined
                                                                        (e.g., blocked suspicious activities/known Common          in subclasses.
                                                                        Vulnerabilities and Exposures threats) to SIMS (which
                                                                                                                                   Alerting Managed Element: Name of the alerting computer as known by
                                                                        may forward attack-related information on to the Network
                                                                                                                                   the management system.
                                                                        Situational Awareness (NETCOP) for situation
                                                                        awareness/display).                                        Common Vulnerabilities and Exposures Identifier: A list of
                                                                                                                                   standardized names for vulnerabilities and other information security
                                                                                                                                   exposures. Common Vulnerabilities and Exposures Identifier aims to
                                                                                                                                   standardize the names for all publicly known vulnerabilities and security
                                                                                                                                   exposures.
                                                                                                                                   Description: Textual description of the instance.

                                                                                                                                   Event Time: Date and time of the event or occurrence within the
                                                                                                                                   LandWarNet.
                                                                                                                                   Primary Capability: Main function of the computer system. Possible
                                                                                                                                   values are defined in the Capability List attribute:
                                                                                                                                   Not Dedicated (0, default),
                                                                                                                                   Unknown (1),
                                                                                                                                   Other (2),
                                                                                                                                   Storage (3),
                                                                                                                                   Router (4),
                                                                                                                                   Switch (5),
                                                                                                                                   Layer 3 Switch (6),
                                                                                                                                   Central Office Switch (7),


Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                                                                                                                                  152                                                                                                    1/15/2013
                                                                                                                         NETCOM/9TH SIGNAL COMMAND (ARMY)
                                                                                                                       LANDWARNET NETOPS ARCHITECTURE (LNA)
                                                                                                                                              COMPLIANCE CHECKLIST #2
                                                             HOST-BASED SECURITY SYSTEM (HBSS)                                                                                                                                             PRODUCT COMPLIANCE
                                                          INTERACTION WITH OTHER LNA CAPABILITIES                                                                                                                                       TO BE COMPLETED BY VENDOR
                                                                                                                                                                                                                      SUPPORTING DOCUMENTATION
                                                                                                                                                                                                     COMPLIANCE   TO INCLUDE: URL, SOURCE DOCUMENT
             FROM                                    TO          DATA FLOW TEXT DESCRIPTION                                            DATA ELEMENT DEFINITION                                         YES/NO          NAME AND PAGE NUMBERS
                                                                                                                                                                                                                                                     DESCRIPTION    COMMENTS

                                                                                                                      Hub (8),
                                                                                                                      Access Server (9),
                                                                                                                      Firewall (10),
                                                                                                                      Print (11),
                                                                                                                      Input/Output (I/O) (12),
                                                                                                                      Web Caching (13),
                                                                                                                      Server (14),
                                                                                                                      Management (15),
                                                                                                                      Block Server (16),
                                                                                                                      File Server (17),
                                                                                                                      Mobile User Device (18),
                                                                                                                      Repeater (19), Bridge/Extender (20), Gateway (21),
                                                                                                                      LoadBalancer (22),
                                                                                                                      Mainframe (23),
                                                                                                                      SANSwitch (24),
                                                                                                                      SANHub (25),
                                                                                                                      SANBridge (26),
                                                                                                                      SANRouter (27),
                                                                                                                      SANDirector (28),
                                                                                                                      Redundant Array of Independent Disk (RAID) StorageDevice (29),
                                                                                                                      TapeLibrary (30), and
                                                                                                                      JBOD (31).
                                                                                                                      Typically, this attribute is set to the first item in Capability List. For
                                                                                                                      example, a server that has some firewall capabilities could have Primary
                                                                                                                      Capability set to Server and Capability List set to Server, Firewall. A
                                                                                                                      switch device would have both Capability List and Primary Capability set to
                                                                                                                      Switch.
                                                                                                                      Primary Operating System: Computer system's primary operating
                                                                                                                      system.
                                                                                                                      Submitter: Unique account identifier of the user that created the instance.
                                                                                                                      This attribute is automatically populated and can be an actual individual or
                                                                                                                      a system that auto-generated instance.
                                                                                                                      System Type: Type of computer system. If the computer is Windows-
                                                                                                                      based, this attribute must have a value. Values are:
                                                                                                                      X86-based Personal Computer (PC) (0),
                                                                                                                      Millions of Instructions Per Second (MIPS) -based PC (1),
                                                                                                                      Alpha-based PC (2),
                                                                                                                      Power PC (3),
                                                                                                                      SH-x PC (4),
                                                                                                                      StrongARM PC (5),
                                                                                                                      64-bit Intel PC (6),
                                                                                                                      64-bit Alpha PC (7),
                                                                                                                      Unknown (8, default), and
                                                                                                                      X86-Nec98 PC (9).
Host Based Security System            Active Directory        Contains a request for data sent from the HBSS to AD.   Request for Data: This is a generic request for data from one NetOps
                                                                                                                      system to another. The type, content, format, and frequency of the data
                                                                                                                      requested and/or sent is dependant on the respective unique systems.




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                                                                                                                    153                                                                                                     1/15/2013
                                                                                                                            NETCOM/9TH SIGNAL COMMAND (ARMY)
                                                                                                                          LANDWARNET NETOPS ARCHITECTURE (LNA)
                                                                                                                                               COMPLIANCE CHECKLIST #2
                                                                HOST-BASED SECURITY SYSTEM (HBSS)                                                                                                                                           PRODUCT COMPLIANCE
                                                             INTERACTION WITH OTHER LNA CAPABILITIES                                                                                                                                     TO BE COMPLETED BY VENDOR
                                                                                                                                                                                                                       SUPPORTING DOCUMENTATION
                                                                                                                                                                                                      COMPLIANCE   TO INCLUDE: URL, SOURCE DOCUMENT
             FROM                                  TO               DATA FLOW TEXT DESCRIPTION                                            DATA ELEMENT DEFINITION                                       YES/NO          NAME AND PAGE NUMBERS
                                                                                                                                                                                                                                                      DESCRIPTION    COMMENTS

Host Based Security System            Configuration Management   Contains data sent from the HBSS to the CMDB/SS         Address: Address that this protocol end point represents, for example,
                                      Database/Service Support   system. It provides information on HBSS inventory and   171.79.6.40 or FE:ED:FE:ED:00:11. The address format, such as IP, IPX,
                                                                 configuration items (when not provided by Systems       or Ethernet, depends on the Protocol Type value. It can be further refined
                                                                 Management), events to CMDB/SS, HBSS Agent              in subclasses.
                                                                 updates and policy-related Change Requests/task         Alerting Managed Element: Name of the alerting computer as known by
                                                                 Updates.                                                the management system.
                                                                                                                         Change Request: Contains requested changes to the infrastructure. This
                                                                                                                         includes changes to improve new systems or services or add new systems
                                                                                                                         to accommodate service requirements.

                                                                                                                         Description: Textual description of the instance.

                                                                                                                         Event Time: Date and time of the event or occurrence within the
                                                                                                                         LandWarNet.
                                                                                                                         Host Name: Contains alphanumeric data reflecting the name of
                                                                                                                         LandWarNet Asset.
                                                                                                                         Inventory: Contains the full descriptive inventory of managed assets - to
                                                                                                                         include all known/discoverable metadata about the asset.
                                                                                                                         Knowledge Base Information: Contains a set of data that was either the
                                                                                                                         entire or subset of the data within a knowledge base.
                                                                                                                         Patch Number: Internal identifier for the current application patch.
                                                                                                                         Primary Capability: Main function of the computer system. Possible
                                                                                                                         values are defined in the Capability List attribute:
                                                                                                                         Not Dedicated (0, default),
                                                                                                                         Unknown (1),
                                                                                                                         Other (2),
                                                                                                                         Storage (3),
                                                                                                                         Router (4),
                                                                                                                         Switch (5),
                                                                                                                         Layer 3 Switch (6),
                                                                                                                         Central Office Switch (7),
                                                                                                                         Hub (8),
                                                                                                                         Access Server (9),
                                                                                                                         Firewall (10),
                                                                                                                         Print (11),
                                                                                                                         Input/Output (I/O) (12),
                                                                                                                         Web Caching (13),
                                                                                                                         Server (14),
                                                                                                                         Management (15),
                                                                                                                         Block Server (16),
                                                                                                                         File Server (17),
                                                                                                                         Mobile User Device (18),
                                                                                                                         Repeater (19), Bridge/Extender (20), Gateway (21),
                                                                                                                         LoadBalancer (22),
                                                                                                                         Mainframe (23),
                                                                                                                         SANSwitch (24),
                                                                                                                         SANHub (25),
                                                                                                                         SANBridge (26),
                                                                                                                         SANRouter (27),



Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                                                                                                                      154                                                                                                    1/15/2013
                                                                                                                                 NETCOM/9TH SIGNAL COMMAND (ARMY)
                                                                                                                               LANDWARNET NETOPS ARCHITECTURE (LNA)
                                                                                                                                                      COMPLIANCE CHECKLIST #2
                                                                    HOST-BASED SECURITY SYSTEM (HBSS)                                                                                                                                              PRODUCT COMPLIANCE
                                                                 INTERACTION WITH OTHER LNA CAPABILITIES                                                                                                                                        TO BE COMPLETED BY VENDOR
                                                                                                                                                                                                                              SUPPORTING DOCUMENTATION
                                                                                                                                                                                                             COMPLIANCE   TO INCLUDE: URL, SOURCE DOCUMENT
             FROM                                   TO                  DATA FLOW TEXT DESCRIPTION                                            DATA ELEMENT DEFINITION                                          YES/NO          NAME AND PAGE NUMBERS
                                                                                                                                                                                                                                                             DESCRIPTION    COMMENTS

                                                                                                                              SANDirector (28),
                                                                                                                              Redundant Array of Independent Disk (RAID) StorageDevice (29),
                                                                                                                              TapeLibrary (30), and
                                                                                                                              JBOD (31).
                                                                                                                              Typically, this attribute is set to the first item in Capability List. For
                                                                                                                              example, a server that has some firewall capabilities could have Primary
                                                                                                                              Capability set to Server and Capability List set to Server, Firewall. A
                                                                                                                              switch device would have both Capability List and Primary Capability set to
                                                                                                                              Switch.
                                                                                                                              Primary Operating System: Computer system's primary operating
                                                                                                                              system.
                                                                                                                              Status: Contains the current status of a Work Flow Record (WFR).
                                                                                                                              Status options include open, closed, pending, working etc.
                                                                                                                              Submitter: Unique account identifier of the user that created the instance.
                                                                                                                              This attribute is automatically populated and can be an actual individual or
                                                                                                                              a system that auto-generated instance.
                                                                                                                              System Type: Type of computer system. If the computer is Windows-
                                                                                                                              based, this attribute must have a value. Values are:
                                                                                                                              X86-based Personal Computer (PC) (0),
                                                                                                                              Millions of Instructions Per Second (MIPS) -based PC (1),
                                                                                                                              Alpha-based PC (2),
                                                                                                                              Power PC (3),
                                                                                                                              SH-x PC (4),
                                                                                                                              StrongARM PC (5),
                                                                                                                              64-bit Intel PC (6),
                                                                                                                              64-bit Alpha PC (7),
                                                                                                                              Unknown (8, default), and
                                                                                                                              X86-Nec98 PC (9).
                                                                                                                              Version Number: Version number of the executable file for a specified
                                                                                                                              application. Applications are not limited to just office software but also
                                                                                                                              include agents as well.
Host Based Security System            Information Assurance          Contains data sent from the HBSS to the Information  Quarantined Notice: Contains information relative to LandWarNet assets
                                      Vulnerability Management       Assurance Vulnerability Management (IAVM) Compliance that have been quarantined because they did not meet a specific security
                                      Compliance Manager             Management System.                                   posture.

Host Based Security System            Information Assurance          Contains a request for data (policy updates) sent from   Request for Data: This is a generic request for data from one NetOps
                                      Vulnerability Management       the HBSS an external DoD/Army policy server.             system to another. The type, content, format, and frequency of the data
                                      Compliance Manager                                                                      requested and/or sent is dependant on the respective unique systems.

Host Based Security System            IP Network Management System   Contains data sent from the HBSS to the IP Network       Address: Address that this protocol end point represents, for example,
                                                                     Management System. This information is used to by        171.79.6.40 or FE:ED:FE:ED:00:11. The address format, such as IP, IPX,
                                                                     receiving systems to preclude false alarms.              or Ethernet, depends on the Protocol Type value. It can be further refined
                                                                                                                              in subclasses.

                                                                                                                              Alerting Managed Element: Name of the alerting computer as known by
                                                                                                                              the management system.
                                                                                                                              Host Name: Contains alphanumeric data reflecting the name of
                                                                                                                              LandWarNet Asset.




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                                                                                                                            155                                                                                                     1/15/2013
                                                                                                                                NETCOM/9TH SIGNAL COMMAND (ARMY)
                                                                                                                              LANDWARNET NETOPS ARCHITECTURE (LNA)
                                                                                                                                                   COMPLIANCE CHECKLIST #2
                                                                  HOST-BASED SECURITY SYSTEM (HBSS)                                                                                                                                               PRODUCT COMPLIANCE
                                                               INTERACTION WITH OTHER LNA CAPABILITIES                                                                                                                                         TO BE COMPLETED BY VENDOR
                                                                                                                                                                                                                             SUPPORTING DOCUMENTATION
                                                                                                                                                                                                            COMPLIANCE   TO INCLUDE: URL, SOURCE DOCUMENT
             FROM                                   TO                 DATA FLOW TEXT DESCRIPTION                                               DATA ELEMENT DEFINITION                                       YES/NO          NAME AND PAGE NUMBERS
                                                                                                                                                                                                                                                            DESCRIPTION    COMMENTS

                                                                                                                             Logical Networks Collection: Stores information about groups of logical
                                                                                                                             networks. Use this class to represent subsets of machines that are
                                                                                                                             physically connected to larger networks. For example, if you have ten
                                                                                                                             machines connected to the same networking backbone, you could have
                                                                                                                             five of the machines on the address range 192.168.0.x and the other five
                                                                                                                             machines on the address range 172.16.10.x. Although they are physically
                                                                                                                             connected to the same backbone, the two groups of machines are on
                                                                                                                             separate logical networks.
                                                                                                                             Port Number: Transmission Control Protocol or User Datagram Protocol
                                                                                                                             port number.
                                                                                                                             Protocol Type: Type of endpoint. Often, information in this attribute and
                                                                                                                             a subclass overlap. However, when this class is used to represent an
                                                                                                                             endpoint (for example, no subclass exists for fiber channel endpoints), this
                                                                                                                             attribute is needed to categorize the end point. Values are:

                                                                                                                             Unknown (0),
                                                                                                                             Other (1),
                                                                                                                             IPv4 (2),
                                                                                                                             IPv6 (3),
                                                                                                                             IPX (4),
                                                                                                                             AppleTalk (5),
                                                                                                                             DECnet (6),
                                                                                                                             SNA (7),
                                                                                                                             CONP (8),
                                                                                                                             CLNP (9),
                                                                                                                             VINES (10),
                                                                                                                             XNS (11),
                                                                                                                             ATM (12),
                                                                                                                             Frame Relay (13),
                                                                                                                             Ethernet (14),
                                                                                                                             TokenRing (15),
                                                                                                                             FDDI (16),
                                                                                                                             Infiniband (17),
                                                                                                                             Fibre Channel (18),
                                                                                                                             ISDN BRI Endpoint (19),
                                                                                                                             ISDN B Channel Endpoint (20),
                                                                                                                             ISDN D Channel Endpoint (21),
                                                                                                                             IPv4/v6 (22),
                                                                                                                             BGP (23),
                                                                                                                             OSPF (24),
                                                                                                                             MPLS (25),
                                                                                                                             UDP (26), and
                                                                                                                             TCP (27).
                                                                                                                             No default value.
Host Based Security System            Network Intrusion Detection   Contains data sent from the HBSS to the Network          Address: Address that this protocol endpoint represents, for example,
                                      System                        Intrusion Detection System (NIDS). This information is   171.79.6.40 or FE:ED:FE:ED:00:11. The address format, such as IP, IPX,
                                                                    used to by receiving systems to preclude false alarms.   or Ethernet, depends on the Protocol Type value. It can be further refined
                                                                                                                             in subclasses.

                                                                                                                             Alerting Managed Element: Name of the alerting computer as known by
                                                                                                                             the management system.


Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                                                                                                                           156                                                                                                     1/15/2013
                                                                                 NETCOM/9TH SIGNAL COMMAND (ARMY)
                                                                               LANDWARNET NETOPS ARCHITECTURE (LNA)
                                                                                                    COMPLIANCE CHECKLIST #2
                                              HOST-BASED SECURITY SYSTEM (HBSS)                                                                                                                    PRODUCT COMPLIANCE
                                           INTERACTION WITH OTHER LNA CAPABILITIES                                                                                                              TO BE COMPLETED BY VENDOR
                                                                                                                                                                              SUPPORTING DOCUMENTATION
                                                                                                                                                             COMPLIANCE   TO INCLUDE: URL, SOURCE DOCUMENT
             FROM                     TO         DATA FLOW TEXT DESCRIPTION                      DATA ELEMENT DEFINITION                                       YES/NO          NAME AND PAGE NUMBERS
                                                                                                                                                                                                             DESCRIPTION    COMMENTS

                                                                              Host Name: Contains alphanumeric data reflecting the name of
                                                                              LandWarNet Asset.
                                                                              Logical Networks Collection: Stores information about groups of logical
                                                                              networks. Use this class to represent subsets of machines that are
                                                                              physically connected to larger networks. For example, if you have ten
                                                                              machines connected to the same networking backbone, you could have
                                                                              five of the machines on the address range 192.168.0.x and the other five
                                                                              machines on the address range 172.16.10.x. Although they are physically
                                                                              connected to the same backbone, the two groups of machines are on
                                                                              separate logical networks.
                                                                              Port Number: Transmission Control Protocol or User Datagram Protocol
                                                                              port number.
                                                                              Protocol Type: Type of endpoint. Often, information in this attribute and
                                                                              a subclass overlap. However, when this class is used to represent an
                                                                              endpoint (for example, no subclass exists for fiber channel endpoints), this
                                                                              attribute is needed to categorize the end point. Values are:

                                                                              Unknown (0),
                                                                              Other (1),
                                                                              IPv4 (2),
                                                                              IPv6 (3),
                                                                              IPX (4),
                                                                              AppleTalk (5),
                                                                              DECnet (6),
                                                                              SNA (7),
                                                                              CONP (8),
                                                                              CLNP (9),
                                                                              VINES (10),
                                                                              XNS (11),
                                                                              ATM (12),
                                                                              Frame Relay (13),
                                                                              Ethernet (14),
                                                                              TokenRing (15),
                                                                              FDDI (16),
                                                                              Infiniband (17),
                                                                              Fibre Channel (18),
                                                                              ISDN BRI Endpoint (19),
                                                                              ISDN B Channel Endpoint (20),
                                                                              ISDN D Channel Endpoint (21),
                                                                              IPv4/v6 (22),
                                                                              BGP (23),
                                                                              OSPF (24),
                                                                              MPLS (25),
                                                                              UDP (26), and
                                                                              TCP (27).
                                                                              No default value.




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                                                                            157                                                                                                     1/15/2013
                                                                                                                            NETCOM/9TH SIGNAL COMMAND (ARMY)
                                                                                                                          LANDWARNET NETOPS ARCHITECTURE (LNA)
                                                                                                                                               COMPLIANCE CHECKLIST #2
                                                                  HOST-BASED SECURITY SYSTEM (HBSS)                                                                                                                                           PRODUCT COMPLIANCE
                                                               INTERACTION WITH OTHER LNA CAPABILITIES                                                                                                                                     TO BE COMPLETED BY VENDOR
                                                                                                                                                                                                                         SUPPORTING DOCUMENTATION
                                                                                                                                                                                                        COMPLIANCE   TO INCLUDE: URL, SOURCE DOCUMENT
             FROM                                   TO                 DATA FLOW TEXT DESCRIPTION                                           DATA ELEMENT DEFINITION                                       YES/NO          NAME AND PAGE NUMBERS
                                                                                                                                                                                                                                                        DESCRIPTION    COMMENTS

Host Based Security System            Network Intrusion Prevention   Contains data sent from the HBSS to the NIPS        Address: Address that this protocol endpoint represents, for example,
                                      System                         Management System. This information is used to by   171.79.6.40 or FE:ED:FE:ED:00:11. The address format, such as IP, IPX,
                                                                     receiving systems to preclude false alarms.         or Ethernet, depends on the Protocol Type value. It can be further refined
                                                                                                                         in subclasses.

                                                                                                                         Alerting Managed Element: Name of the alerting computer as known by
                                                                                                                         the management system.

                                                                                                                         Host Name: Contains alphanumeric data reflecting the name of
                                                                                                                         LandWarNet Asset.

                                                                                                                         Logical Networks Collection: Stores information about groups of logical
                                                                                                                         networks. Use this class to represent subsets of machines that are
                                                                                                                         physically connected to larger networks. For example, if you have ten
                                                                                                                         machines connected to the same networking backbone, you could have
                                                                                                                         five of the machines on the address range 192.168.0.x and the other five
                                                                                                                         machines on the address range 172.16.10.x. Although they are physically
                                                                                                                         connected to the same backbone, the two groups of machines are on
                                                                                                                         separate logical networks.
                                                                                                                         Port Number: Transmission Control Protocol or User Datagram Protocol
                                                                                                                         port number.

                                                                                                                         Protocol Type: Type of endpoint. Often, information in this attribute and
                                                                                                                         a subclass overlap. However, when this class is used to represent an
                                                                                                                         endpoint (for example, no subclass exists for fiber channel endpoints), this
                                                                                                                         attribute is needed to categorize the end point. Values are:

                                                                                                                         Unknown (0),
                                                                                                                         Other (1),
                                                                                                                         IPv4 (2),
                                                                                                                         IPv6 (3),
                                                                                                                         IPX (4),
                                                                                                                         AppleTalk (5),
                                                                                                                         DECnet (6),
                                                                                                                         SNA (7),
                                                                                                                         CONP (8),
                                                                                                                         CLNP (9),
                                                                                                                         VINES (10),
                                                                                                                         XNS (11),
                                                                                                                         ATM (12),
                                                                                                                         Frame Relay (13),
                                                                                                                         Ethernet (14),
                                                                                                                         TokenRing (15),
                                                                                                                         FDDI (16),
                                                                                                                         Infiniband (17),
                                                                                                                         Fibre Channel (18),
                                                                                                                         ISDN BRI Endpoint (19),
                                                                                                                         ISDN B Channel Endpoint (20),
                                                                                                                         ISDN D Channel Endpoint (21),
                                                                                                                         IPv4/v6 (22),
                                                                                                                         BGP (23),
                                                                                                                         OSPF (24),
                                                                                                                         MPLS (25),



Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                                                                                                                       158                                                                                                     1/15/2013
                                                                                                                                   NETCOM/9TH SIGNAL COMMAND (ARMY)
                                                                                                                                 LANDWARNET NETOPS ARCHITECTURE (LNA)
                                                                                                                                                      COMPLIANCE CHECKLIST #2
                                                                 HOST-BASED SECURITY SYSTEM (HBSS)                                                                                                                                                PRODUCT COMPLIANCE
                                                              INTERACTION WITH OTHER LNA CAPABILITIES                                                                                                                                          TO BE COMPLETED BY VENDOR
                                                                                                                                                                                                                             SUPPORTING DOCUMENTATION
                                                                                                                                                                                                            COMPLIANCE   TO INCLUDE: URL, SOURCE DOCUMENT
             FROM                                  TO                 DATA FLOW TEXT DESCRIPTION                                                DATA ELEMENT DEFINITION                                       YES/NO          NAME AND PAGE NUMBERS
                                                                                                                                                                                                                                                            DESCRIPTION    COMMENTS

                                                                                                                                UDP (26), and
                                                                                                                                TCP (27).
                                                                                                                                No default value.
Host Based Security System            Host Based Security System   Contains data sent from the Vendor support site to the       Knowledge Base Information: Contains a set of data that was either the
(HBSS) External Support Site                                       Army HBSS. It obtains HBSS knowledge bases,                  entire or subset of the data within a knowledge base.
                                                                   software, threat signatures, threat behavior profiles, and
                                                                   standard policy templates from an authorized vendor's        Threat Signature: Package containing a Common Vulnerabilities and
                                                                   server or repository.                                        Exposures identifier, Text description, changes to make on target system,
                                                                                                                                rules of install. Threat signatures are applied to systems to achieve a
                                                                                                                                specific security posture.

IAVM Compliance Manager               Host Based Security System   Contains data (policies) sent from a DoD/Army policy         Information Condition Level (INFOCON): Information Condition is a
                                                                   system to the HBSS.                                          defense system based primarily on the status of information systems and
                                                                                                                                is a method used by the military to defend against a computer network
                                                                                                                                attack.
IAVM Compliance Manager               Host Based Security System   Contains data sent from the IAVM system to the HBSS.         Common Vulnerabilities and Exposures Identifier: A list of
                                                                   HBSS receives notice of planned/imminent scans on            standardized names for vulnerabilities and other information security
                                                                   protected general purpose computing platforms, so the        exposures. Common Vulnerabilities and Exposures Identifier aims to
                                                                   administrator can configure HBSS Agents to permit the        standardize the names for all publicly known vulnerabilities and security
                                                                   scans/baseline updates and not send false alarms. It         exposures.
                                                                   also receives vulnerability data on the general purpose
                                                                                                                                Planned Scan Date: Attribute used by applications to specify the planned
                                                                   computing platforms, so the administrator may adjust
                                                                                                                                date and time to scanned.
                                                                   HBSS Agents firewall/blocking rules to protect the
                                                                   computers until a patch is provided. It provides
                                                                   alerts/notice on rogue/quarantined systems which may
                                                                   require additional scanning/patching.
IP Network Management System          Host Based Security System   Contains data sent from the IP Network Vulnerability         Logical Networks Collection: Stores information about groups of logical
                                                                   System to the HBSS. HBSS receives notice of                  networks. Use this class to represent subsets of machines that are
                                                                   planned/imminent scans on protected general purpose          physically connected to larger networks. For example, if you have ten
                                                                   computing platforms, so the administrator can configure      machines connected to the same networking backbone, you could have
                                                                   HBSS Agents to permit the scans/baseline updates and         five of the machines on the address range 192.168.0.x and the other five
                                                                   not send false alarms. It also receives vulnerability data   machines on the address range 172.16.10.x. Although they are physically
                                                                   on the general purpose computing platforms, so the           connected to the same backbone, the two groups of machines are on
                                                                   administrator may adjust HBSS Agents firewall/blocking       separate logical networks.
                                                                   rules to protect the computers until a patch is provided.
                                                                                                                                Planned Scan Date: Attribute used by applications to specify the planned
                                                                                                                                date and time to scanned.
Internet Protocol Network             Host Based Security System   Contains data sent from the IP Network Vulnerability         Logical Networks Collection: Stores information about groups of logical
Vulnerability Scanner                                              Scanner to the HBSS. HBSS receives notice of                 networks. Use this class to represent subsets of machines that are
                                                                   planned/imminent scans on protected general purpose          physically connected to larger networks. For example, if you have ten
                                                                   computing platforms, so the administrator can configure      machines connected to the same networking backbone, you could have
                                                                   HBSS Agents to permit the scans/baseline updates and         five of the machines on the address range 192.168.0.x and the other five
                                                                   not send false alarms. It also receives vulnerability data   machines on the address range 172.16.10.x. Although they are physically
                                                                   on the general purpose computing platforms, so the           connected to the same backbone, the two groups of machines are on
                                                                   administrator may adjust HBSS Agents firewall/blocking       separate logical networks.
                                                                   rules to protect the computers until a patch is provided.    Planned Scan Date: Attribute used by applications to specify the planned
                                                                                                                                date and time to scanned.




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                                                                                                                              159                                                                                                  1/15/2013
                                                                                NETCOM/9TH SIGNAL COMMAND (ARMY)
                                                                              LANDWARNET NETOPS ARCHITECTURE (LNA)
                                                                                        COMPLIANCE CHECKLIST #2
                                              HOST-BASED SECURITY SYSTEM (HBSS)                                                                         PRODUCT COMPLIANCE
                                           INTERACTION WITH OTHER LNA CAPABILITIES                                                                   TO BE COMPLETED BY VENDOR
                                                                                                                                   SUPPORTING DOCUMENTATION
                                                                                                                  COMPLIANCE   TO INCLUDE: URL, SOURCE DOCUMENT
             FROM                     TO         DATA FLOW TEXT DESCRIPTION          DATA ELEMENT DEFINITION        YES/NO          NAME AND PAGE NUMBERS
                                                                                                                                                                  DESCRIPTION    COMMENTS




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                                                     160                                                                                 1/15/2013
                                                                                NETCOM/9TH SIGNAL COMMAND (ARMY)
                                                                              LANDWARNET NETOPS ARCHITECTURE (LNA)
                                                                                        COMPLIANCE CHECKLIST #2
                                              HOST-BASED SECURITY SYSTEM (HBSS)                                                                         PRODUCT COMPLIANCE
                                           INTERACTION WITH OTHER LNA CAPABILITIES                                                                   TO BE COMPLETED BY VENDOR
                                                                                                                                   SUPPORTING DOCUMENTATION
                                                                                                                  COMPLIANCE   TO INCLUDE: URL, SOURCE DOCUMENT
             FROM                     TO         DATA FLOW TEXT DESCRIPTION          DATA ELEMENT DEFINITION        YES/NO          NAME AND PAGE NUMBERS
                                                                                                                                                                  DESCRIPTION    COMMENTS




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                                                     161                                                                                 1/15/2013
                                                                                NETCOM/9TH SIGNAL COMMAND (ARMY)
                                                                              LANDWARNET NETOPS ARCHITECTURE (LNA)
                                                                                        COMPLIANCE CHECKLIST #2
                                              HOST-BASED SECURITY SYSTEM (HBSS)                                                                         PRODUCT COMPLIANCE
                                           INTERACTION WITH OTHER LNA CAPABILITIES                                                                   TO BE COMPLETED BY VENDOR
                                                                                                                                   SUPPORTING DOCUMENTATION
                                                                                                                  COMPLIANCE   TO INCLUDE: URL, SOURCE DOCUMENT
             FROM                     TO         DATA FLOW TEXT DESCRIPTION          DATA ELEMENT DEFINITION        YES/NO          NAME AND PAGE NUMBERS
                                                                                                                                                                  DESCRIPTION    COMMENTS




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                                                     162                                                                                 1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil        163   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil        164   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil        165   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil        166   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil        167   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil        168   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil        169   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil        170   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil        171   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil        172   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil        173   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil        174   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil        175   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil        176   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil        177   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil        178   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil        179   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil        180   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil        181   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil        182   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil        183   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil        184   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil        185   1/15/2013
Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil        186   1/15/2013
                                                                                                               9th SIGNAL COMMAND (ARMY)
                                                                                                   LANDWARNET NETOPS ARCHITECTURE (LNA)
                                                                                                         HOST BASED SECURITY SYSTEM
                                                                                                  TO BE COMPLETED BY ARMY REQUIRING ACTIVITY
                 ARMY PROPONENT                                         VENDOR                          PRODUCT                      COMPLIANCE CHECKLIST SUBMITTED TO NETCOM

ORGANIZATION:                                           COMPANY NAME:                 NAME:
                                                                                                                                  DATE:
                                                                                      VERSION:

POINT OF CONTACT:                                       POINT OF CONTACT:
                                                                                                                                                                     INTENDED USE OF TH

PHONE:                                                  PHONE:


E-MAIL:                                                 E-MAIL:



                                                                                 TARGETED ECHELON(S) FOR IMPLEMENTATION OF THIS PRODUCT (Please Check

    Army Area Processing Center (APC):                                                   Army CIO G-6:


    Army Global Network Operations and Security Center (Army-GNOSC) TOC:                 Army Operations Center - Pentagon:


    Army Strategic Command (ARSTRAT):                                                    Battalion (II) S-6:


    Battalion Command Assistance Team (BCAT):                                            Brigade (X) Combat Team (BCT):


    Brigade (X) Signal Company:                                                          Communications-Electronics Research Development & Engineering Center (CERDEC):


    Corps (XXX) G-6:                                                                     Corps (XXX) Signal Company:


    Division (XXX) G-6:                                                                  Division (XX) Signal Company:


    Installation, Garrison, Post, Camp, Station NEC (formally DOIM):                     NETCOM / 9th Signal Command (Army):


    Regional Computer Emergency Response Team (RCERT):                                   Regional Hub Node:
   Theater Network Operations (NetOps) Center (TNC) - DISA:                                                                Theater Network Operations (NetOps) Control Center (TNCC):


   Theater Tactical Signal Brigade (TTSB):                                                                                 U.S. Army National Guard NOSC:


   Other (Please Identify):




NOTE:
a) Completed LNA Compliance Checklists and supporting documentation are to be e-mailed to the NETCOM 9th Signal Command, LNA Compliance Team at the following: .- - - - - - - - - - - - - - - -- - - - - - - - - - - - - - - - - - - - - - -

b) These LNA Checklists and supporting documentation will be utilized by the LNA Compliance Team in their assessment of this NetOps products compliance to the Army LNA, prior to a CoN being granted by NETCOM/9th Signal Command
NAL COMMAND (ARMY)
T NETOPS ARCHITECTURE (LNA)
SED SECURITY SYSTEM
TED BY ARMY REQUIRING ACTIVITY
        COMPLIANCE CHECKLIST SUBMITTED TO NETCOM              DOES THIS PRODUCT (VERSION ) HAVE A CERTIFICATE OF NETWORTHINESS (CoN)

                                                      YES:                                     CoN DATE:
     DATE:
                                                      NO:                                      DATE REQUEST SUBMITTED:

                                        INTENDED USE OF THIS PRODUCT




LEMENTATION OF THIS PRODUCT (Please Check ( √ )

                                                            Army Computer Emergency Response Team (ACERT) Tactical Operations Center (TOC):


                                                            Army Service Component Commands:


                                                            Battalion (II) Signal Company:


                                                            Brigade (X) S-6:


Development & Engineering Center (CERDEC):                  Company Signal Support:


                                                            Department of the Army (DA):


                                                            Expeditionary Signal Battalion (ESB) BATCON:


):                                                          NSC Operations Center (OC):


                                                            Signal Command (Theater) HQ and CIO:
Control Center (TNCC):                                                                               Theater Network Operations and Security Center (TNOSC):


                                                                                                     U.S. Strategic Command (STRATCOM):




t the following: .- - - - - - - - - - - - - - - -- - - - - - - - - - - - - - - - - - - - - - -   compliance.team@conus.army.mil

e to the Army LNA, prior to a CoN being granted by NETCOM/9th Signal Command.

								
To top