Server Based Network

Document Sample
Server Based Network Powered By Docstoc
					                                                                                                                                          NETCOM/9th SIGNAL COMMAND (ARMY)
                                                                                                                                    LANDWARNET NETOPS ARCHITECTURE (LNA

                                                                                  POLICY BASED INTERNET PROTOCOL M
                                                                                                                                               COMPLIANCE CHECKLIST #1
                                                     PRODUCT
                                                                                                                                       CHECKLIST TO BE COMPLET
Name:
                                                                                                                                                                                     VENDOR
Version:


                                                                      FUNCTIONAL REQUIREMENTS

                                                                                                                                                                                                                     MET




                                                                                                                                                                                                      PR
                                                                                                                                                                                                       RI
             FUNCTION                                              SYSTEM DESCRIPTION                                                               JUSTIFICATION




                                                                                                                                                                                                         O
                                                                                                                                                                                                         O
                                                                                                                                                                                                          RI
                                                                                                                                                                                                                     √




                                                                                                                                                                                                            TY
                                                                                                                                                                                                            T
Assign Privileges to Administrative Groups   The system shall provide the ability to assign privileges (read, write, execute,   This is needed for administrators to quickly and securely add
                                             access to, restrictions from) to administrative groups. Administrative groups      and remove access permissions to management platforms.
                                                                                                                                                                                                         2
                                             are composed of administrative accounts used to manage the platform.

Assign Privileges To User Groups             This system shall enable the administrator's to assign user privileges to          This is needed for administrators to quickly and efficiently
                                             defined user groups. This includes assigning privileges to                         assign and remove privileges from users assigned to groups.
                                                                                                                                                                                                         2
                                             ports/protocols/services, applications, modules within applications, and/or        It reduces the amount of time administrators will spend
                                             assets.                                                                            configuring access.
Configure Communication Resources            The system shall have configurable communication parameters. These                 This is needed to securely configure communication channels
                                             parameters can be set between component-to- management consoles,                   between agents and management platforms thus, ensuring
                                             manager-to-agent and manager-to-management consoles; client-to-server,             secure transfer of data between the two elements.
                                                                                                                                                                                                         1
                                             client-to-client, Virtual Private Network Device-to-remote user, and server-to-
                                             server components. This includes configuring ports, Internet Protocol (IP)
                                             address.
Configure Filter/Signature Download          The system shall provide the ability to set attributes for downloading             This is required to provide the ability to establish a hierarchical
Attributes                                   filters/signatures from a configurable download address. This includes             architecture for the automated download of filters/signatures
                                                                                                                                                                                                         2
                                             establishing authentication/access controls, and permitted                         used to limit traffic and apply policy.
                                             ports/protocols/services on the download sessions/jobs.
Configure Network Groupings                  The system shall enable the administrator to define network segments to be         This is needed for the basic configuration of the system and is
                                                                                                                                                                                                         2
                                             used in the organization of network groupings.                                     core to its functionality.




 Enterprise NetOps Planning Division
 ESTA-OSC I-ENPD
 2133 Cushing St.
 Ft. Huachuca, AZ 85613-7070
 Compliance.Team@conus.army.mil                                                                         1                                                                                                        7/8/2010
                                                                FUNCTIONAL REQUIREMENTS

                                                                                                                                                                                                           MET




                                                                                                                                                                                            PR
                                                                                                                                                                                             RI
               FUNCTION                                      SYSTEM DESCRIPTION                                                             JUSTIFICATION




                                                                                                                                                                                               O
                                                                                                                                                                                               O
                                                                                                                                                                                                RI
                                                                                                                                                                                                           √




                                                                                                                                                                                                  TY
                                                                                                                                                                                                  T
Control Access to Resource             The system, or its agents, shall permit or deny access to a network resource     This is essential for implementing LandWarNet policies - such
                                       (assets, services, network segments, etc.). This is known as the Policy          as Deny All Permit By Execption. It enables Firewalls and Host
                                       Enforcement Point. This includes controlling/limiting access to specific         and Network Intrusion Prevention Systems (HIPS/NIPS) to
                                       network resources through controlling users/application's permissions to use     control and limit access to network devices/segments to
                                       certain ports, protocols, and services.                                          known baseline systems/users, following known patterns. It             1
                                                                                                                        also enables detection and blocking of abnormal/malicious
                                                                                                                        access attempts by otherwise unknown/undetectable zero-day
                                                                                                                        threats.

Customize Knowledge Base               The system should enable administrators to customize its digital documents       N/A
                                       knowledge bases for its managed clients/agents/applications, and supported
                                       customers, organizations, or services. This enables administrators to add
                                       Army specific documents (approval to operate, tailored Standard Operating
                                       Procedure (SOP)/Tactics, Techniques, and Procedures (TTPs), Army-refined
                                       Frequently Asked Questions (FAQs), Intrusion Prevention System (IPS)                                                                                    3
                                       Policy/Behavior-Based Rule Implementation Instructions, Field Manuals
                                       (FMs)/Behavior-Based Rules, etc.) to standard Enterprise documents and
                                       links within the knowledge base.

Define Access Privileges               The system shall enable designated administrators to define, and                This is critical for securing LandWarNet resources and
                                       subsequently enforce access privileges for other administrators, users and      preventing unauthorized users from making changes that
                                       assets to the management platform its data and any managed assets.              could lead to false alarms, failure of vital system functions,          2
                                                                                                                       and corruption of data used to operate, manage and defend
                                                                                                                       the LandWarNet.
Define Network Data Collections        The system shall enable the administrator to define a collection of operational This is needed to restrict and define the amount of data that is
                                       status data from devices or device managers for collection and storage.         sent between devices and managers.                                      2

Define Switching Policies              The system shall define policies to control the operations of Spanning Tree  This is needed to manage the configurations used to control
                                       Protocol. Spanning-Tree Protocol is a link management protocol that provides the routing used by the device.
                                                                                                                                                                                               2
                                       path redundancy while preventing undesirable loops in the network.

Detect and Report Login Credential     The system shall identify when users/administrators have changed, or             This is needed to track user activity and identify those types of
Changes                                attempted to change, their login credentials (user name, password, domain)       activities that may indicate unauthorized changes to accounts.         2
                                       and report this change.
Display Change History                 The system shall display information regarding historical changes to the         This is needed to enable administrators to verify authorized
                                       system and its managed objects or applications.                                  changes and identify unauthorized changes to the
                                                                                                                                                                                               1
                                                                                                                        management system and any managed devices and
                                                                                                                        applications.
Display Events                         The system shall display dynamic near-real-time events based on alarm            This is needed for the operation, maintenance, and defense of
                                       severity, time, hierarchical importance, client groups, etc. The system shall    the Global Information Grid (GIG) and LandWarNet.
                                                                                                                                                                                               1
                                       support drill down capabilities to display the underlying events behind larger
                                       alarms/incidents.
Display Help                           The system should provide the ability to view help files specific to the         N/A
                                                                                                                                                                                               3
                                       application or management system.


 Enterprise NetOps Planning Division
 ESTA-OSC I-ENPD
 2133 Cushing St.
 Ft. Huachuca, AZ 85613-7070
 Compliance.Team@conus.army.mil                                                                   2                                                                                                    7/8/2010
                                                                 FUNCTIONAL REQUIREMENTS

                                                                                                                                                                                                               MET




                                                                                                                                                                                                PR
                                                                                                                                                                                                 RI
              FUNCTION                                       SYSTEM DESCRIPTION                                                                  JUSTIFICATION




                                                                                                                                                                                                   O
                                                                                                                                                                                                   O
                                                                                                                                                                                                    RI
                                                                                                                                                                                                               √




                                                                                                                                                                                                      TY
                                                                                                                                                                                                      T
Display Knowledge Base Information     The system should display requested information from a particular knowledge N/A
                                       base, in response to administrator queries. It should support information
                                       retrieval and display from authorized (administratively-linked) external
                                       knowledge bases (e.g., a vendor maintained knowledge base. This facilitates                                                                                 3
                                       rapid trouble-shooting and insightful decision making, particularly by less
                                       experienced administrators.

Display Monitored Data                 The system shall drill down and display information about displayed devices           This is essential for basic LandWarNet monitoring,
                                       and events. The information may include event/incidents/problems,                     troubleshooting, and maintenance - particularly at Theater
                                       operational activities, system transactions and/or CAP data.                          Network Operation and Security Centers (TNOSC), where                 1
                                                                                                                             remote access to fault sources will be critical for security and
                                                                                                                             rapid repair/problem prevention.
Display Network Operations Maps        The capability to display dynamic, near-real-time graphical maps of the               Provides quick and efficient way to visually identify potential
                                       managed network. These maps shall show graphical icons for network                    problems in the LandWarNet reducing time need to perform
                                       devices/nodes and interconnecting circuits. Map graphics shall include color          root cause analysis.
                                       coded and other visually based techniques to convey the network's
                                       configuration and operational status in an intuitive fashion. This also includes:

                                       a) Display Network Sub-Groups: The capability to display network sub-groups
                                       through the provision of a GUI. Examples of device and network sub-groups
                                       are geographical, hierarchical, and political segmentation.

                                       b) Identify Network Device Connectivity: The capability to provide
                                       identification of network device connectivity. The inter-connectivity between
                                                                                                                                                                                                   2
                                       network devices (nodes) shall be displayed on a near-real-time basis to
                                       include operational status, alarms, etc. Clicking on a graphical connectivity
                                       link shall cause a more detailed display of the circuit's identification, operation
                                       status, recent alarm history, etc.
                                       c) Display Network Status: The capability to display dynamic near-real-time
                                       network status information on the network map. This information shall be
                                       displayed for network nodes and interconnecting circuits. The status display
                                       shall include color-coded and other visually based techniques to convey the
                                       network's operational status in an intuitive fashion. The display shall have
                                       filtering and formatting options to allow presentation based on severity,
                                       hierarchical importance, network segmentation, etc.

Display Results of Diagnostics         The system shall present results of diagnostic routines executed on a network This is needed to facilitate trouble shooting.
                                                                                                                                                                                                   2
                                       device.
Distribute Configuration               The system shall distribute configuration information to managed              This is needed to set/change the configuration of an asset.
                                       components/assets.                                                            Also supports rollbacks to an authorized current baseline
                                                                                                                                                                                                   2
                                                                                                                     following an unauthorized change/information attack.




 Enterprise NetOps Planning Division
 ESTA-OSC I-ENPD
 2133 Cushing St.
 Ft. Huachuca, AZ 85613-7070
 Compliance.Team@conus.army.mil                                                                     3                                                                                                      7/8/2010
                                                                       FUNCTIONAL REQUIREMENTS

                                                                                                                                                                                                                  MET




                                                                                                                                                                                                   PR
                                                                                                                                                                                                    RI
             FUNCTION                                              SYSTEM DESCRIPTION                                                                JUSTIFICATION




                                                                                                                                                                                                      O
                                                                                                                                                                                                      O
                                                                                                                                                                                                       RI
                                                                                                                                                                                                                  √




                                                                                                                                                                                                         T
                                                                                                                                                                                                         TY
Encrypt Data Exchanges                       The system shall provide secure (encrypted) data exchange between a              Secures NetOps management data used to control
                                             manager and clients. Certain types of data being exchanged require               management platforms on the LandWarNet.
                                             encryption (e.g., logon credentials). The system shall provide the capability to
                                             encrypt data transferred between the system and assets using Secure Socket                                                                               1
                                             Layer (SSL) and Transport Layer Security (TLS) that is Federal Information
                                             Processing Standards (FIPS) Publication 140-2 compliant.

Import Vulnerability Signature Data        The system shall import and accept standard vulnerability signature data from Vulnerability Signatures are the way in which scanning devices
                                           administratively defined authoritative sources; these updates are available as are able to identify potential threats. Updating them is
                                                                                                                                                                                                      1
                                           both an on demand and scheduled downloads.                                     necessary in order to ensure assets on the LandWarNet are
                                                                                                                          secure.
Manage Administrator Accounts              The system shall provide the ability to manage (add, modify, verify, delete)   This is needed to ensure that access to management systems
                                           accounts that are used to administrate the system. This also includes the      is controlled and secure.                                                   2
                                           ability add and remove users from groups.
Manage Agent/Client Configuration Settings The system shall manage agent/client related configuration settings. To        This is needed to be able to manage any LandWarNet asset.
                                           include 'auto-install' new definitions, files to exclude, reporting criteria,                                                                              2
                                           reporting times, etc.
Manage Component Grouping                  The system shall allow administrators to define groups of assets. Groups may This is needed to enable the administrators to perform
                                           be created using different characteristics, including hierarchical,            common operations upon them (loading patches, signatures,
                                           organizational, geographical, or functional (e.g., Email Servers). Also, the   profiles, access control list, etc.) - speeding implementation of
                                                                                                                                                                                                      2
                                           system shall enable administrators to assign specific assets/components to     security measures during an attack, reducing the chances of
                                           defined groups.                                                                error, and reducing overall administrator workloads.

Manage Configuration Profiles                The system shall manage (create, modify, archive and delete) sets of                 This speeds asset configuration (during installation/updates),
                                             configuration profiles for specific classes of devices, agent/clients, and           reduces administrator burdens, and reduces human error by
                                             applications. A configuration profile contains all the configuration information     establishing standard configuration sets to apply for specific
                                             about a specific asset. It shall support both the current configuration profile of   assets. It also provides a means to assess compliance to an
                                             a managed asset as well as a baseline configuration profile.                         approved Enterprise configuration standard for common               2
                                                                                                                                  systems/devices (e.g., an Active Directory (AD) server should
                                                                                                                                  have specific agents, signatures and profiles loaded at any
                                                                                                                                  given time).

Manage Firewall Rules                        The system shall manage rule handling functions within network/computing        The ability to block unwanted traffic from entering the
                                             platform firewalls. Rules define what traffic (packets) that are allowed and/or enterprise is a Core functionality needed to protect the
                                                                                                                                                                                                      2
                                             blocked based on various criteria.                                              LandWarNet. Management of the rules helps to reduce the
                                                                                                                             amount of time spent configuring the system.
Manage Groups                                The system shall manage (create, modify, delete) User Groups, with user roles The system is critical to the operations and security of this
                                             and privileges. It shall support User Group creation, data entry/ modification, NetOps system and the LandWarNet. User accounts and
                                             and deletion by authorized system users. This includes the ability to remove their associated User Group(s) will be used throughout the
                                             multiple groups/super groups (groups that contain other groups) within a single Enterprise to control privilege-based access to various
                                             action.                                                                         resources/assets and services, track trouble calls/service               1
                                                                                                                             requests, provide alerts/notifications, and to maintain
                                                                                                                             audit/transaction logs (In Accordance With (IAW) AR 25-1 and
                                                                                                                             AR 25-2).


 Enterprise NetOps Planning Division
 ESTA-OSC I-ENPD
 2133 Cushing St.
 Ft. Huachuca, AZ 85613-7070
 Compliance.Team@conus.army.mil                                                                          4                                                                                                    7/8/2010
                                                                 FUNCTIONAL REQUIREMENTS

                                                                                                                                                                                                             MET




                                                                                                                                                                                              PR
                                                                                                                                                                                               RI
             FUNCTION                                         SYSTEM DESCRIPTION                                                              JUSTIFICATION




                                                                                                                                                                                                 O
                                                                                                                                                                                                 O
                                                                                                                                                                                                  RI
                                                                                                                                                                                                             √




                                                                                                                                                                                                    T
                                                                                                                                                                                                    TY
Manage Network Maps                     The system shall enable the administrator to define multiple graphical             This is needed for administrators to view networks and quickly
                                                                                                                                                                                                 2
                                        depictions of the network.                                                         identify any network failures.
Manage Network Organization             The system shall enable the administrator to establish rules governing the         This is needed to control the configuration of network devices
                                        grouping of network segments. This includes setting rules to control network       and is core to the functionality of the system.
                                                                                                                                                                                                 2
                                        grouping (which may be graphical), network mapping, and access privileges.

Manage Other Communication Protocols    The system shall support management of non- Simple Network Management              This is needed to configure systems that control the flow of IP
                                        Protocol (SNMP) protocols for communication. Examples include File                 Network traffic on the LandWarNet.
                                                                                                                                                                                                 1
                                        Transfer Protocol, Internet Control Message Protocol, and Common
                                        Management Information Protocol.
Manage Simple Network Management        The system shall establish the capabilities expected from a Network Manager        This is needed to configure systems that control the flow of IP
Protocol Agent Configuration            enabling the management and configuration of the system's SNMP server.             Network traffic on the LandWarNet.                                    1
                                        This includes SNMP Trap Generation.
Manage Simple Network Management        The system shall enable administrators to be able to configure a device's          This is needed to configure systems that control the flow of IP
Protocol Community Strings              SNMP agent community strings when required. Multiple read and write                Network traffic on the LandWarNet.                                    1
                                        community strings must be supported.
Manage Simple Network Management        The system shall establish the system's ability to allow the administrator to      This is needed to configure systems that control the flow of IP
Protocol Management Information Bases   manage (create, modify, and delete) SNMP Management Information Base               Network traffic on the LandWarNet.                                    1
                                        information from the Network Manager.
Manage Vulnerability Profiles           The system shall create, edit, archive and delete named vulnerability profiles.    This enables administartors to define and maintain tailored
                                        It shall enable administrators to name each profile, identify a particular         sets of vulnerability signatures to scan for in groups of assets
                                        asset/asset group it applies to, and list or link to all standard and custom       (e.g., AD Servers) or specific assets (e.g., 3ID's Defense
                                        vulnerability signatures that are applicable to that asset/asset group. It shall   Message System server), speeding scans and reducing
                                                                                                                                                                                                 2
                                        permit them to define permanent profiles and ad-hoc profiles.                      network bandwidth impacts. Support for ad-hoc profiles
                                                                                                                           enables focused scans against newly discovered
                                                                                                                           vulnerabilities, while permanent ones enable scheduled scans.

Manage Vulnerability Signatures         The system shall manage the selection/distribution of common and custom            Vulnerability signatures are the way in which compliance
                                        vulnerability signatures; assignment to specific vulnerability profiles.           devices are able to identify potential threats. The ability to
                                                                                                                           manage and distribute Vulnerability signatures is necessary in
                                        This includes the capabilities to:                                                 order to ensure assets on the LandWarNet are secure.
                                        a) Select Common Signatures - The capability to include or omit a standard
                                        signature in the set of signatures to be distributed to the appropriate
                                        vulnerability scanners. Common vulnerability signatures are received from
                                                                                                                                                                                                 2
                                        authoritative sources (e.g., vendors) and are stored in the Vulnerability
                                        Signature Repository.
                                        b) Select Custom Signatures - The capability to include or omit a custom
                                        signature in the set of signatures to be distributed to the appropriate
                                        vulnerability scanners. Custom vulnerability signatures are created by the user
                                        to implement security policy and are stored in the Vulnerability Signature
                                        Repository.
Perform Local Authentication            The system shall authenticate users, administrators, and assets from data       This is needed for the authentication of users to access and
                                        stored locally within the management application or device.                     resources on the LandWarNet and is required by AR 25-1, and              1
                                                                                                                        AR 25-2.


 Enterprise NetOps Planning Division
 ESTA-OSC I-ENPD
 2133 Cushing St.
 Ft. Huachuca, AZ 85613-7070
 Compliance.Team@conus.army.mil                                                                    5                                                                                                     7/8/2010
                                                                FUNCTIONAL REQUIREMENTS

                                                                                                                                                                                                       MET




                                                                                                                                                                                        PR
                                                                                                                                                                                         RI
              FUNCTION                                       SYSTEM DESCRIPTION                                                           JUSTIFICATION




                                                                                                                                                                                           O
                                                                                                                                                                                           O
                                                                                                                                                                                            RI
                                                                                                                                                                                                       √




                                                                                                                                                                                              T
                                                                                                                                                                                              TY
Perform Operations on Multiple Assets   The system shall permit administrators to interact with multiple managed        This is needed to save the administrators considerable time,
                                        assets on a single screen. It allows them to select and perform operations on   enable central management and maintenance of large network
                                        individual assets, and groups of assets (Hardware, Software, Agents), from      - enhancing overall reliability and security.
                                        administratively defined (pick) lists of available assets/asset groups and                                                                         2
                                        operations. The system shall enable the administrator to define and save
                                        groups of assets for future pick list displays (to perform future operations
                                        upon).
Perform Remote Authentication           The system shall authenticate users, administrators, and assets from a remote    This is the core function for the authentication of users to
                                        authentication service on the network.                                           access and resources on the LandWarNet and is required by         1
                                                                                                                         AR 25-1, and AR 25-2.
Provide Ability to Drill-Down           The system shall provide in-depth detailed information about any monitored       This enables rapid trouble-shooting or identification of key
                                        asset, service, or function depicted on the GUI. This enables the user to drill- information necessary for operations, maintenance or defense
                                                                                                                                                                                           2
                                        down on any graphical representation (e.g., icon) to obtain specific relevant    actions.
                                        detailed information regarding its status.
Provide Ability To Model                The system should provide modeling capabilities. Modeling is the use of          N/A
                                        mathematical equations to simulate and predict real events and processes. It
                                        provides a representation of the current environment and is used to support
                                        prediction capabilities.
                                        Resource Consumption Levels - System will identify the components of the
                                        application that consume the most resources. This is based on information
                                        from current environment.
                                        Provide Responsiveness Change - System will identify how adding or
                                        removing users will change the responsiveness of a server. This is based on
                                        information from current environment.
                                        Identify ideal tuning parameters - System will identify the ideal tuning
                                        parameters for removal of bottlenecks. This is based on information from
                                        current environment.                                                                                                                               3
                                        Identify Necessity for Additional Resources - System will identify the
                                        necessity for additional resources needed based on additional users. This is
                                        based on information from current environment.
                                        Project Server Degradation - System will project server degradation based
                                        on increased work load. This is based on information from current
                                        environment.
                                        Project Affect on network traffic - System will project impact on network
                                        traffic based on server utilization. This is based on information from current
                                        environment.
                                        Provide Optimal Load Balances - System will provide information load
                                        balancing across servers. This is based on information from current
                                        environment.
Provide Administrator Audit Log         The system shall provide administrator audit log information, to include the     This is required in accordance with Department of Defense
                                        administrator's identification, time stamp, the specific activity/transaction    Instruction (DoDI) 8500.2, AR 25-1 and AR 25-2.
                                        performed, changes in permissions, and any other specified data of interest                                                                        2
                                        related to administrator transactions on the system.



 Enterprise NetOps Planning Division
 ESTA-OSC I-ENPD
 2133 Cushing St.
 Ft. Huachuca, AZ 85613-7070
 Compliance.Team@conus.army.mil                                                                  6                                                                                                 7/8/2010
                                                                    FUNCTIONAL REQUIREMENTS

                                                                                                                                                                                                              MET




                                                                                                                                                                                               PR
                                                                                                                                                                                                RI
             FUNCTION                                            SYSTEM DESCRIPTION                                                             JUSTIFICATION




                                                                                                                                                                                                  O
                                                                                                                                                                                                  O
                                                                                                                                                                                                   RI
                                                                                                                                                                                                              √




                                                                                                                                                                                                     T
                                                                                                                                                                                                     TY
Provide Command Line Interface             The system shall use a command line interface (CLI) for system or account         This is needed to enable administrators to execute changes
                                           administration locally and remotely.                                              on large groups of configuration items via a single command.         2

Provide Command Line Interface and         The system should provide security mechanisms for CLI and Application            N/A
Application Program Interface Security     Program Interface access to the system. The system should enforce security
                                           for command line input that is functionally identical to GUI access restrictions
                                                                                                                                                                                                  3
                                           and controls; security for Advanced Programming Interfaces that are
                                           functionally identical to GUI access restrictions and controls.

Provide Communication Ports Security       The system shall provide the capability to designate a limited set of ports for   This is necessary to configure management platforms to
                                           communication between management platforms and managed components.                communicate across routers and switches (considering port
                                                                                                                                                                                                  1
                                                                                                                             restrictions that may be applied to network devices) within the
                                                                                                                             LandWarNet.
Provide Configuration Profile Repository   The system should store information about configuration profiles used to          N/A
                                           manage asset configurations. [Configuration profiles are a named set of
                                           configuration settings, approved protocols/services and other operational files
                                           associated to a specific class/category of IT asset and/or users. For example,
                                           an administrative assistant's baseline profile software is Office XP and
                                           Outlook, an engineer's baseline profile contains Visio and Project, and an AD                                                                          3
                                           Server's baseline profile will contain the appropriate Tivoli/SMS agent, AD
                                           version, Microsoft Server 2003, and HBSS/Host Intrusion Prevention System
                                           (HIPS) agent information.] It should store new/staged, current, and multiple
                                           historical versions of these profiles.

Provide Defineable Report Filters          The system should provide filters that can be created and modified. Filters       N/A
                                           provide a way to produce reports that provide data on a specific attribute(s).                                                                         3

Provide Device and Media Configuration     The system shall store all configuration information about devices and media      This is needed to maintain and defend LandWarNet systems
Information Repository                     that is generated by the management system or its sub-systems/agents, to          via their configurations. It supports restoring and
                                           include any unique communications/encryption settings. This also includes         reconstitution of vital assets and applications.                     2
                                           new/staged, current, and multiple copies of historical configuration data.

Provide Device Relationships Repository    The system shall store the relationships between network devices. [These          This information provides vital baseline data used to
                                           relationships define the interconnections between and hierarchy of network        determine, configure, and control authorized network
                                           devices and network nodes within the Network Manager's sphere of control.]        interactions. It is also used to restore/reconstitute networked
                                           This device inventory information is expected to be stored as textual data        following a fire/flood/physical destruction, etc
                                           within a database. It shall be able to store multiple versions of this data                                                                            1
                                           (staged/new, current and various historical sets of information). This
                                           repository should support queries of this data (for authorized
                                           administrators/users only).
Provide Event Log Reports                  The system shall produce reports containing event and associated user             This is needed to meet AR requirements for reporting on
                                                                                                                                                                                                  2
                                           activity logs.                                                                    potential security breeches.




 Enterprise NetOps Planning Division
 ESTA-OSC I-ENPD
 2133 Cushing St.
 Ft. Huachuca, AZ 85613-7070
 Compliance.Team@conus.army.mil                                                                       7                                                                                                   7/8/2010
                                                                 FUNCTIONAL REQUIREMENTS

                                                                                                                                                                                                             MET




                                                                                                                                                                                              PR
                                                                                                                                                                                               RI
             FUNCTION                                         SYSTEM DESCRIPTION                                                              JUSTIFICATION




                                                                                                                                                                                                 O
                                                                                                                                                                                                 O
                                                                                                                                                                                                  RI
                                                                                                                                                                                                             √




                                                                                                                                                                                                    TY
                                                                                                                                                                                                    T
Provide Frequently Asked Questions      The system should support a FAQ capability, providing searchable, quick           N/A
Feature                                 solutions for common problems for both administrators and customers/users.                                                                               3

Provide Graphical Diagrams              The system shall provide a GUI/Web based diagram of disks or networks,            This is required to monitor the health and security posture of
                                        along with physical and logical views of the assets. Additionally, the system     the networked infrastructure.
                                                                                                                                                                                                 2
                                        shall provide a network diagram of the assets to include switches, tape
                                        libraries, or other managed assets.
Provide Graphical Interface             The system shall provide a GUI enabling users and/or administrators to            This is needed to simplify the use of the management system.
                                        access and operate the system from their terminal or via a web-accessible
                                        Interface. The system functionality should be the same whether the operator                                                                              2
                                        accesses the system via the terminal or at the server/system's native
                                        interface.
Provide Help Feature                    The system should provide help functionality. This can be an on-line              N/A
                                        functionality or provided locally on the platform. It should provide a search                                                                            3
                                        and index capability.
Provide Import Digital Documents For    The system should import vendor supplied Digital Documentation Knowledge          N/A
                                                                                                                                                                                                 3
Knowledge Bases                         Base information.
Provide Knowledge Base                  The system should provide a knowledge base. Knowledge bases are                   N/A
                                        searchable (via queries) repository of information about a specific topic or
                                        product. The knowledge base should contain at a minimum; FAQs, trouble-                                                                                  3
                                        shooting wizards, Uniform Resource Locators (URL) for additional
                                        help/information.
Provide Knowledge Base Repository       The system should store NetOps Knowledge Base information. This includes          This is essential for the basic operation of the NetOps
                                        all information stored in the Knowledge Base used primarily by administrators     Systems Knowledge Base management capabilities.
                                                                                                                                                                                                 3
                                        in the operations and maintenance of systems and services.

Provide Manual Component Registration   The system shall accept manually entered asset and asset sub-component           This supports management, situational awareness, and
                                        registration information. This information is entered by the administrator about defense of critical LandWarNet assets and the implementation
                                        a specific asset(s) that is to be managed and is used to find and take           of urgent defensive measures and policies.
                                                                                                                                                                                                 2
                                        administrative control of the asset. The system shall enable administrators
                                        and designated users to add or remove assets as necessary.

Provide Multiple Component Access       The system shall control the administrator's ability to only perform operations   This is needed to enable automated administrative access
Controls                                to those assets/asset groups they are authorized to manage.                       controls - enhancing overall reliability and security.                 2

Provide Operational Reports             The system shall provide operational NetOps reports, to include those on          This is needed to allow the element manager to combine and
                                        component and aggregated asset/system utilization (or usage); failed              summarize device/storage information, Job Status, Job
                                                                                                                                                                                                 2
                                        components/assets; configuration settings for all/designated components/          Volume, Device Utilization, media verification, job failures, job
                                        assets; and asset/device/storage information.                                     schedules, report alerts.
Provide Predefined Display Formats      The system shall display predefined formats/displays to make the system           This is needed for basic operation of the system out of the
                                                                                                                                                                                                 2
                                        usable immediately after the initial installation.                                box, reducing configuration and implementation time.
Provide Predefined Reporting Filters    The system should display filters to reduce displayed data based on relevancy     N/A
                                        and provide predefined display filters to support analysis of reported data.                                                                             3



 Enterprise NetOps Planning Division
 ESTA-OSC I-ENPD
 2133 Cushing St.
 Ft. Huachuca, AZ 85613-7070
 Compliance.Team@conus.army.mil                                                                    8                                                                                                     7/8/2010
                                                                    FUNCTIONAL REQUIREMENTS

                                                                                                                                                                                                                 MET




                                                                                                                                                                                                  PR
                                                                                                                                                                                                   RI
             FUNCTION                                            SYSTEM DESCRIPTION                                                                JUSTIFICATION




                                                                                                                                                                                                     O
                                                                                                                                                                                                     O
                                                                                                                                                                                                      RI
                                                                                                                                                                                                                 √




                                                                                                                                                                                                        T
                                                                                                                                                                                                        TY
Provide Remote Administration             The system shall provide secure, IP-based remote administration of the                This is required to secure the LandWarNet and operate large
                                                                                                                                                                                                     2
                                          manager and its managed assets.                                                       networks.
Provide Security Information Management   This system shall integrate with the external Security Information Management         This is needed for the SIMS to get data from systems. SIMS
System Integration                        System (SIMS). This includes data received from managed assets as well as             depends upon this data in order to do it's analysis of security
                                          events generated on the security management platform itself (i.e., user               related information.                                                 2
                                          unsuccessfully tried to log onto management platform more than three times).

Provide Single Component Access           The system shall enable administrators to interact with a single monitored            This is needed to facilitate defensive actions, maintenance,
                                          asset or service on a single screen. This includes enabling them to view and          and operational management of core components and
                                                                                                                                                                                                     2
                                          manipulate the asset/service's status, type, capacity, utilization, allocation, and   services underpinning the entire LandWarNet.
                                          location.
Provide Standard and Predefined Reports   The system should predefined/standard reports and views. The system                   N/A
                                          should also provide graphics within text reports (e.g., Trending Reports may
                                          contain pie charts, bar charts, line charts and other standard graphics). The
                                          system should publish reports in Hyper Text Markup Language (HTML),
                                          eXtensible Markup Language (XML), Sequential Query Language (SQL),
                                          American Standard Code for Information Interchange (ASCII), Joint                                                                                          3
                                          Photographic Experts Group (JPEG) and other standard languages/formats;
                                          be able to print and email all generated reports. The system should be able to
                                          provide displays and reports on all on the following:

                                          a) audit reports that detail modifications and upgrades to the system,


                                          b) identifying all major problems (per pre-defined Service Level Agreement
                                          (SLA)/service support program, per period),
                                          c) resolution time for incidents/problems,


                                          d) closed incidents/problems,


                                          e) problems that result in the highest percentage of resource utilization,


                                          f) first contact to closure for incidents or problems,


                                          g) first call closure for incidents or problems,


                                          h) open incidents or problems,


                                          i) incidents or problems that violate SLA/service support program, Service
                                          Level Indicators,



 Enterprise NetOps Planning Division
 ESTA-OSC I-ENPD
 2133 Cushing St.
 Ft. Huachuca, AZ 85613-7070
 Compliance.Team@conus.army.mil                                                                       9                                                                                                      7/8/2010
                                                                FUNCTIONAL REQUIREMENTS

                                                                                                                                                          MET




                                                                                                                                           PR
                                                                                                                                            RI
            FUNCTION                                        SYSTEM DESCRIPTION                                             JUSTIFICATION




                                                                                                                                              O
                                                                                                                                              O
                                                                                                                                               RI
                                                                                                                                                          √




                                                                                                                                                 TY
                                                                                                                                                 T
                                      j) closed incidents and problems,



                                      k) resolved incidents and problems,


                                      l) escalated incidents and problems,


                                      m) based on each individual support staff for the number of incidents or
                                      problems that they turned over to other support staff during a shift change,

                                      n) based on department/group for the number of incidents or problems that are
                                      turned over to other support staff during a shift change,
                                      o) trends by agent/support staff for number of incidents and problems opened
                                      per day, week, and month,
                                      p) trends by agent/support staff for number of incidents and problems resolved
                                      per day, week, and month,
                                      q) trends by agent/support staff for number of incidents and problems
                                      escalated per day, week, and month,
                                      r) trends by agent/support staff on the average time taken for incidents and
                                      problems to move from open to resolved status,
                                      s) trends by agent/support staff on the average time spent talking to
                                      customers/ users regarding an incident or problem,                                                      3

                                      t) trends by agent/support staff on percent of first contact to resolution
                                      regarding incidents and problems,
                                      u) trends (daily, weekly, monthly) by agent/support staff on percent of first call
                                      resolution regarding incidents and problems,
                                      v) trends (daily, weekly, monthly) by agent/support staff on the average first
                                      contact to resolution regarding incidents and problems,
                                      w) trends (daily, weekly, monthly) by agent/support staff on the average first
                                      call to resolution regarding incidents and problems,
                                      x) trends by group/department for number of incidents and problems opened
                                      per day, week, and month,
                                      y) trends by group/department for number of incidents and problems resolved
                                      per day, week, and month,
                                      z) trends by group/department for number of incidents and problems escalated
                                      per day, week, and month,




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                                                    10                                                  7/8/2010
                                                                FUNCTIONAL REQUIREMENTS

                                                                                                                                                       MET




                                                                                                                                        PR
                                                                                                                                         RI
            FUNCTION                                        SYSTEM DESCRIPTION                                          JUSTIFICATION




                                                                                                                                           O
                                                                                                                                           O
                                                                                                                                            RI
                                                                                                                                                       √




                                                                                                                                              TY
                                                                                                                                              T
                                      aa) trends by group/department on the average time taken for incidents and
                                      problems to move from open to resolved status,
                                      bb) trends by group/department on the average time spent talking to
                                      customers/ users regarding an incident or problem,
                                      cc) trends by group/department on percent of first contact to resolution
                                      regarding incidents and problems,
                                      dd) trends by group/department on percent of first call to resolution regarding
                                      incidents and problems,
                                      ee) trends by group/department on the average first contact to resolution
                                      regarding incidents and problems,
                                      ff) trends (daily, weekly, monthly) by group on the average first call to
                                      resolution regarding incidents and problems,
                                      gg) Incident/Problem rollups by LandWarNet C4IM/IT service or product,


                                      hh) Users that access a specific asset,


                                      ii) users that own a specific asset,


                                      jj) operational assets which have exceeded their life-cycle (to identify
                                      equipment that needs to be replaced),
                                      kk) minimum, maximum, and averages for all time and numeric based reports,


                                      ll) number of users that access a defined service,
                                                                                                                                           3

                                      mm) customers and their associated users,


                                      nn) specify the concentration and distribution of vendors and their related
                                      products within the enterprise (allows the organization to more clearly
                                      understand the impact of issues related to specific products or vendors),

                                      oo) life cycle plans (projections) for an asset,

                                      pp) service or product defect status,

                                      qq) service or product enhancement request/Request For Change reports.




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                                                    11                                               7/8/2010
                                                                      FUNCTIONAL REQUIREMENTS

                                                                                                                                                                                                                   MET




                                                                                                                                                                                                    PR
                                                                                                                                                                                                     RI
              FUNCTION                                            SYSTEM DESCRIPTION                                                                JUSTIFICATION




                                                                                                                                                                                                       O
                                                                                                                                                                                                       O
                                                                                                                                                                                                        RI
                                                                                                                                                                                                                   √




                                                                                                                                                                                                          TY
                                                                                                                                                                                                          T
Provide System Documentation                The system should support documentation for a specific                               N/A
                                            technology/capabilities. This includes system design, implementation and                                                                                   3
                                            user guides.
Provide Threat Signatures Repository        The system shall store standard and custom threat definitions/signatures (for        This data is essential for the proper functioning of anti-
                                            viruses, worms, back doors, spyware, malicious adware, etc.). It shall be able       virus/spyware/mal-ware components/systems/applications,
                                            to store new, current and multiple historical versions of these signatures. It       used to identify known threats for subsequent defensive
                                            shall support pick-lists (e.g., for Threat Profile creation) and system queries of   blocking/repair/quarantine action prior to their attacking the
                                            this data.                                                                           LandWarNet. Storing custom signatures enable
                                                                                                                                 administrators to use Commercial-off-the-Shelf (COTS)                 1
                                                                                                                                 systems to defend Army Battle Command systems and other
                                                                                                                                 unique Department of Defense (DoD)/Government-off-the-
                                                                                                                                 Shelf (GOTS) systems.

Provide User Account Repository             The system shall store user and administrator account information for the            This is needed to control access to the management system
                                            management system.                                                                   and to support addressing for notification messages/alerts.           2

Provide User Activity Log                   The system shall create and manage the User Activity (Audit) Log, recording          This is required per AR requirements and provides a means to
                                            all user transactions, and changes to permissions on the system IAW AR 25-           verify NetOps staff actions, conduct roll-backs, and conduct
                                                                                                                                                                                                       1
                                            2.                                                                                   post-mortems/After-Action-Reviews (AARs) to improve
                                                                                                                                 NetOps procedures.
Provide User Defined Display Filters        The system shall enable administrators to define filtering criteria to view a        This is needed to enable administrators to quickly view all data
                                            subset of the available information.                                                 based upon specific criteria, facilitating analyses, trouble-         2
                                                                                                                                 shooting, work scheduling, etc.
Provide User Defined Display Formats        The system should allow users to create, add, modify, or delete display              N/A
                                                                                                                                                                                                       3
                                            formats.
Provide User Defined Report Format          The system should allow for defined presentation formats to view available   N/A
                                            information. It should enable the customization of the fields in a report
                                            template or system-provided default report. The system should provide report
                                            creation tools and support ability to customize reports. The system should                                                                                 3
                                            enable the user to define output report formats in XML, Hypertext Transfer
                                            Protocol (HTTP), ASCII, SQL, and JPEG.

Provide User Log Data Repository            The system shall store User Activity Log data collected for analyses by the          This is needed to trace user logon activity and to meet
                                            management system.                                                                   AR 25-1 and AR 25-2 requirements (punitive requirement)               1

Provide Vulnerability Profiles Repository   The system shall store Vulnerability Profile data collected for distribution to      This data is essential for the proper functioning of IP network
                                            system scanners. [Vulnerability profiles are a named set of vulnerable               vulnerability scanners, used to preemptively locate known
                                            configurations/ signatures associated to a specific class/category of network        vulnerabilities for repair/action prior to attacks to the
                                                                                                                                                                                                       1
                                            device.] This repository shall support pick lists and queries of this data (for      LandWarNet. They also support refinement of network and
                                            authorized administrators/users only).                                               computing policies used to prevent the generation/ transfer of
                                                                                                                                 malicious traffic.




 Enterprise NetOps Planning Division
 ESTA-OSC I-ENPD
 2133 Cushing St.
 Ft. Huachuca, AZ 85613-7070
 Compliance.Team@conus.army.mil                                                                        12                                                                                                      7/8/2010
                                                                       FUNCTIONAL REQUIREMENTS

                                                                                                                                                                                                                    MET




                                                                                                                                                                                                     PR
                                                                                                                                                                                                      RI
              FUNCTION                                             SYSTEM DESCRIPTION                                                                  JUSTIFICATION




                                                                                                                                                                                                        O
                                                                                                                                                                                                        O
                                                                                                                                                                                                         RI
                                                                                                                                                                                                                    √




                                                                                                                                                                                                           T
                                                                                                                                                                                                           TY
Provide Vulnerability Signature Repository   The system shall store information about vulnerability signatures [e.g.,              This data is essential for the proper functioning of IP network
                                             vulnerable network configurations/communications settings for specific assets,        vulnerability scanners, used to preemptively locate known
                                             services, and protocols). It shall store standard vulnerability signatures            vulnerabilities for repair/action prior to attacks to the
                                             downloaded or received from the scanner vendor(s) or other authoritative              LandWarNet.
                                                                                                                                                                                                        1
                                             sources. Signatures may vary by vendor or scanner type and may be
                                             segregated by type in the repository. It shall store custom vulnerability
                                             signatures that are developed to address enterprise-specific policy
                                             requirements or unique United States Army assets.
Provide Web Accessible Display               The system shall interact with devices via a web-based interface. The                 This is needed to support Army requirements to provide web
                                             functionality shall be equivalent to the capability provided by non-web based         accessible interface.                                                2
                                             user interfaces.
Receive Events in Standard Protocols         The system shall receive events via industry standard protocols (Storage              This is needed to reduce the amount of time spent integrating
                                             Management Initiative - Specifications, SNMP v2/3, common information                 products.                                                            2
                                             model, XML, User Datagram Protocol, etc.).
Receive Graphical Network Views              The system shall receive graphical network information from an external               This is needed by the Management platform in order to
                                             system.                                                                               generate enterprise level network diagrams and subsequently          1
                                                                                                                                   monitor the health of the LandWarNet.
Receive Vulnerability Profiles               The system shall receive updates to the Army standard vulnerability profiles          Provides a way to update profiles on the system with more
                                             from an authoritative source. Profiles may contain multiple signatures for a          current data. This is needed in order to scan and identify           2
                                             type of asset.                                                                        potential vulnerabilities to the LandWarNet.
Report Inactive Administrator Accounts       The system shall detect and report inactive administrator accounts. Inactive          This is needed for enforcing secure access controls over the
                                             administrators are those who have not accessed a specific system for a                NetOps systems used to secure, operate, and manage the
                                             predefined amount of time. Inactive administrators shall be flagged for               LandWarNet and its supported Army and Business systems.
                                                                                                                                                                                                        2
                                             administrative attention and possible action (i.e., account suspension,
                                             deletion, etc.). The system shall provide alert and report mechanisms to
                                             system administrators to act on flagged files.
Reset Administrator Account Parameters       The system shall establish the capabilities expected from a Manager to reset          This is to provide the ability to lock accounts and unlock
                                             Administrator Account/Group parameters of an application. A reset is the              administrative accounts allowing for the securing of the
                                                                                                                                                                                                        2
                                             ability to lock or unlock, make active or disable, or change any of the settings      LandWarNet.
                                             of an account.
Schedule Software/ Firmware Distribution     The system should allow an administrator to define a schedule for the                 N/A
                                             distribution of software (i.e., applications, patches, signatures, remediations) to
                                                                                                                                                                                                        3
                                             managed assets (e.g., sensors, agents, applications, devices, etc.).

Schedule the Production of Reports           The system should support the ability schedule the production of reports.         N/A
                                             Scheduling will allow for monthly, daily, and hourly configuration such that                                                                               3
                                             reports can be run automatically.
Send Incident/Problem Data                   The system shall transmit Incident and Problem data. The system shall, upon This is necessary for ensuring that assets in the LandWarNet
                                             triggering of operational or security related problems, send or transmit the data are operating optimally.
                                                                                                                                                                                                        1
                                             (time of event, IP address, category of event, etc.) needed to create a
                                             workflow record.




 Enterprise NetOps Planning Division
 ESTA-OSC I-ENPD
 2133 Cushing St.
 Ft. Huachuca, AZ 85613-7070
 Compliance.Team@conus.army.mil                                                                         13                                                                                                      7/8/2010
                                                                   FUNCTIONAL REQUIREMENTS

                                                                                                                                                                                                            MET




                                                                                                                                                                                             PR
                                                                                                                                                                                              RI
             FUNCTION                                           SYSTEM DESCRIPTION                                                           JUSTIFICATION




                                                                                                                                                                                                O
                                                                                                                                                                                                O
                                                                                                                                                                                                 RI
                                                                                                                                                                                                            √




                                                                                                                                                                                                   T
                                                                                                                                                                                                   TY
Support Distributed Network Manager        This system shall provide the ability to operate in a distributed management      This is needed to provide the enterprise roll up of data
Systems                                    environment (peer-to-peer, or hierarchical). Managers shall be distributed; i.e., necessary to operate manage and defend the LandWarNet.
                                           there is NOT only one centralized ubiquitous Manager System/Platform.                                                                                1
                                           Distribution may be employed for organizational, hierarchical, geographical,
                                           capacity, and/or survivability reasons.

Support Multiple Concurrent Administrators The system shall support multiple administrators performing management        This is needed to support the ability for multiple administrators
                                           operations concurrently.                                                      to perform operations concurrently reducing the Total Cost of
                                                                                                                         Ownership (TCO).                                                       2



Track Logon Attempts                       The system shall detect and log user logon attempts (successful or otherwise). This is needed for enforcing AR 25-1 and AR 25-2 security
                                           The system shall provide alerts/reports to system administrators to act on     regulations and enforcing secure access controls over the
                                           multiple failed attempts.                                                      systems used to secure, operate, and manage the
                                                                                                                                                                                                1
                                                                                                                          LandWarNet and its supported Army and Business systems.
                                                                                                                          It also supports post-mortems on IT outages/attacks.


11/2/2009




 Enterprise NetOps Planning Division
 ESTA-OSC I-ENPD
 2133 Cushing St.
 Ft. Huachuca, AZ 85613-7070
 Compliance.Team@conus.army.mil                                                                    14                                                                                                   7/8/2010
SIGNAL COMMAND (ARMY)
NETOPS ARCHITECTURE (LNA)

NET PROTOCOL MANAGEMENT
ANCE CHECKLIST #1
                                                                                  Vendors Certification of Product Meeting LNA
ST TO BE COMPLETED BY                                                        Name:
                                                                                                  Requirements
                                                                                                     Title:

     VENDOR
                                                                             Signature:


                                                                             PRODUCT COMPLIANCE

                                      SUPPORTING DOCUMENTATION TO INCLUDE:                           NOT-MET
                                        URL, NAME OF SOURCE DOCUMENT AND             DESCRIPTION                 COMMENTS
                                                                                                       √
                                                   PAGE NUMBER




       Enterprise NetOps Planning Division
       ESTA-OSC I-ENPD
       2133 Cushing St.
       Ft. Huachuca, AZ 85613-7070
       Compliance.Team@conus.army.mil                                                      15                                    7/8/2010
                                                                      PRODUCT COMPLIANCE

                               SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET
                                 URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS
                                                                                             √
                                            PAGE NUMBER




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                                   16                             7/8/2010
                                                                      PRODUCT COMPLIANCE

                               SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET
                                 URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS
                                                                                             √
                                            PAGE NUMBER




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                                   17                             7/8/2010
                                                                      PRODUCT COMPLIANCE

                               SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET
                                 URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS
                                                                                             √
                                            PAGE NUMBER




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                                   18                             7/8/2010
                                                                      PRODUCT COMPLIANCE

                               SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET
                                 URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS
                                                                                             √
                                            PAGE NUMBER




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                                   19                             7/8/2010
                                                                      PRODUCT COMPLIANCE

                               SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET
                                 URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS
                                                                                             √
                                            PAGE NUMBER




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                                   20                             7/8/2010
                                                                      PRODUCT COMPLIANCE

                               SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET
                                 URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS
                                                                                             √
                                            PAGE NUMBER




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                                   21                             7/8/2010
                                                                      PRODUCT COMPLIANCE

                               SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET
                                 URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS
                                                                                             √
                                            PAGE NUMBER




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                                   22                             7/8/2010
                                                                      PRODUCT COMPLIANCE

                               SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET
                                 URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS
                                                                                             √
                                            PAGE NUMBER




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                                   23                             7/8/2010
                                                                      PRODUCT COMPLIANCE

                               SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET
                                 URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS
                                                                                             √
                                            PAGE NUMBER




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                                   24                             7/8/2010
                                                                      PRODUCT COMPLIANCE

                               SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET
                                 URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS
                                                                                             √
                                            PAGE NUMBER




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                                   25                             7/8/2010
                                                                      PRODUCT COMPLIANCE

                               SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET
                                 URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS
                                                                                             √
                                            PAGE NUMBER




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                                   26                             7/8/2010
                                                                      PRODUCT COMPLIANCE

                               SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET
                                 URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS
                                                                                             √
                                            PAGE NUMBER




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                                   27                             7/8/2010
                                                                      PRODUCT COMPLIANCE

                               SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET
                                 URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS
                                                                                             √
                                            PAGE NUMBER




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                                   28                             7/8/2010
                                                                                                                         NETCOM/9TH SIGNAL COMMAND (ARMY)
                                                                                                                       LANDWARNET NETOPS ARCHITECTURE (LNA)
                                                                                                                                              COMPLIANCE CHECKLIST #2
                                                        POLICY BASED INTERNET PROTOCOL MANAGEMENT
                                                          INTERACTION WITH OTHER LNA CAPABILITIES

                                                                                                                                                                                                  COMPLIANCE
              FROM                                 TO              DATA FLOW TEXT DESCRIPTION                                          DATA ELEMENT DEFINITION                                      YES/NO



 Policy-Based Internet Protocol       Configuration Management   Contains Incident data sent from the Policy-Based    Address: Address that this protocol end point represents, for example,
 Network Management                   Database/Service Support   Internet Protocol Network Management system to the   171.79.6.40 or FE:ED:FE:ED:00:11. The address format, such as Internet
                                                                 Configuration Management Database/Service Support.   Protocol, Internetwork Packet Exchange, or Ethernet, depends on the
                                                                                                                      Protocol Type value. It can be further refined in subclasses.

                                                                                                                      Alerting Managed Element: Name of the alerting computer as known by
                                                                                                                      the management system.
                                                                                                                      Description: Textual description of the instance.
                                                                                                                      Event Time: Date and time of the event or occurrence within the
                                                                                                                      LandWarNet.
                                                                                                                      Host Name: Contains alphanumeric data reflecting the name of
                                                                                                                      LandWarNet Asset.
                                                                                                                      Primary Capability: Main function of the computer system. Possible
                                                                                                                      values are defined in the Capability List attribute:
                                                                                                                      Not Dedicated (default)
                                                                                                                      Unknown
                                                                                                                      Other
                                                                                                                      Storage
                                                                                                                      Router
                                                                                                                      Switch
                                                                                                                      Layer 3 Switch
                                                                                                                      Central Office Switch
                                                                                                                      Hub
                                                                                                                      Access Server
                                                                                                                      Firewall
                                                                                                                      Print
                                                                                                                      Input/Output (I/O)
                                                                                                                      Web Caching
                                                                                                                      Server
                                                                                                                      Management
                                                                                                                      Block Server
                                                                                                                      File Server
                                                                                                                      Mobile User Device
                                                                                                                      Repeater


Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                                                 29                                                                                              7/8/2010
                                                                                   NETCOM/9TH SIGNAL COMMAND (ARMY)
                                                                                 LANDWARNET NETOPS ARCHITECTURE (LNA)
                                                                                                      COMPLIANCE CHECKLIST #2
                                           POLICY BASED INTERNET PROTOCOL MANAGEMENT
                                             INTERACTION WITH OTHER LNA CAPABILITIES

                                                                                                                                                                 COMPLIANCE
              FROM                    TO           DATA FLOW TEXT DESCRIPTION                     DATA ELEMENT DEFINITION                                          YES/NO



                                                                                Bridge/Extender
                                                                                Gateway
                                                                                LoadBalancer
                                                                                Mainframe
                                                                                SANSwitch
                                                                                SANHub
                                                                                SANBridge
                                                                                SANRouter
                                                                                SANDirector
                                                                                Redundant Array of Independent Disk (RAID) StorageDevice
                                                                                TapeLibrary
                                                                                JBOD
                                                                                Typically, this attribute is set to the first item in Capability List. For
                                                                                example, a server that has some firewall capabilities could have Primary
                                                                                Capability set to Server and Capability List set to Server, Firewall. A
                                                                                switch device would have both Capability List and Primary Capability set to
                                                                                Switch.
                                                                                Primary Operating System: Computer system's primary operating
                                                                                system.
                                                                                Submitter: Unique account identifier of the user that created the instance.
                                                                                This attribute is automatically populated and can be an actual individual or
                                                                                a system that auto-generated instance.
                                                                                System Type: Type of computer system. If the computer is Windows-
                                                                                based, this attribute must have a value. Values are:
                                                                                X86-based Personal Computer (PC)
                                                                                Millions of Instructions Per Second (MIPS) -based PC
                                                                                Alpha-based PC
                                                                                Power PC
                                                                                SH-x PC
                                                                                StrongARM PC
                                                                                64-bit Intel PC
                                                                                64-bit Alpha PC
                                                                                Unknown (default)


Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                    30                                                                                          7/8/2010
                                                                                                                                       NETCOM/9TH SIGNAL COMMAND (ARMY)
                                                                                                                                     LANDWARNET NETOPS ARCHITECTURE (LNA)
                                                                                                                                                          COMPLIANCE CHECKLIST #2
                                                          POLICY BASED INTERNET PROTOCOL MANAGEMENT
                                                            INTERACTION WITH OTHER LNA CAPABILITIES

                                                                                                                                                                                                                   COMPLIANCE
              FROM                                   TO                   DATA FLOW TEXT DESCRIPTION                                               DATA ELEMENT DEFINITION                                           YES/NO



                                                                                                                                    X86-Nec98 PC
 Policy-Based Internet Protocol       Firewall Element Management      Contains configuration data sent from the Policy-Based       Configuration Profiles: Profiles are objects that contain all the
 Network Management                                                    Internet Protocol Network Management system to the           information needed to configure/reconfigure asset (configuration items).
                                                                       Firewall Element Management System                           The information stored in profiles can include parameter settings, ports and
                                                                                                                                    protocols enabled, filters set, version of Internetwork Operating
                                                                                                                                    System/firmware, etc. These profiles can then be distributed to
                                                                                                                                    configuration item's to enable changes in the configuration.

 Policy-Based Internet Protocol       Internet Protocol Network        Contains a request for data and the configuration profiles   Configuration Profiles: Profiles are objects that contain all the
 Network Management                   Management System                sent from the Policy-Based Internet Protocol Network         information needed to configure/reconfigure asset (configuration items).
                                                                       Management system to the Internet Protocol Network           The information stored in profiles can include parameter settings, ports and
                                                                       Manager.                                                     protocols enabled, filters set, version of Internetwork Operating
                                                                                                                                    System/firmware, etc. These profiles can then be distributed to
                                                                                                                                    configuration item's to enable changes in the configuration.

                                                                                                                                    Request for Data: This is a generic request for data from one NetOps
                                                                                                                                    system to another. The type, content, format, and frequency of the data
                                                                                                                                    requested and/or sent is dependant on the respective unique systems.

 Policy-Based Internet Protocol       Layer 2 Switch Element Manager   Contains Configuration Profile data sent from the Policy- Configuration Profiles: Profiles are objects that contain all the
 Network Management                                                    Based Internet Protocol Network Management system to information needed to configure/reconfigure asset (configuration items).
                                                                       the Layer 2 Switch Element Manager.                       The information stored in profiles can include parameter settings, ports and
                                                                                                                                 protocols enabled, filters set, version of Internetwork Operating
                                                                                                                                 System/firmware, etc. These profiles can then be distributed to
                                                                                                                                 configuration item's to enable changes in the configuration.

 Policy-Based Internet Protocol       Layer 4 Switch Element Manager   Contains Configuration Profile data sent from the Policy- Configuration Profiles: Profiles are objects that contain all the
 Network Management                                                    Based Internet Protocol Network Management system to information needed to configure/reconfigure asset (configuration items).
                                                                       the Layer 4 Switch Element Manager.                       The information stored in profiles can include parameter settings, ports and
                                                                                                                                 protocols enabled, filters set, version of Internetwork Operating
                                                                                                                                 System/firmware, etc. These profiles can then be distributed to
                                                                                                                                 configuration item's to enable changes in the configuration.

 Policy-Based Internet Protocol       Router Element Manager           Contains Configuration Profile data sent from the Policy- Configuration Profiles: Profiles are objects that contain all the
 Network Management                                                    Based Internet Protocol Network Management system to information needed to configure/reconfigure asset (configuration items).
                                                                       the Router Element Management System.                     The information stored in profiles can include parameter settings, ports and
                                                                                                                                 protocols enabled, filters set, version of Internetwork Operating
                                                                                                                                 System/firmware, etc. These profiles can then be distributed to
                                                                                                                                 configuration item's to enable changes in the configuration.




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                                                          31                                                                                                     7/8/2010
                                                                                                                                    NETCOM/9TH SIGNAL COMMAND (ARMY)
                                                                                                                                  LANDWARNET NETOPS ARCHITECTURE (LNA)
                                                                                                                                                       COMPLIANCE CHECKLIST #2
                                                          POLICY BASED INTERNET PROTOCOL MANAGEMENT
                                                            INTERACTION WITH OTHER LNA CAPABILITIES

                                                                                                                                                                                                                    COMPLIANCE
              FROM                                   TO                   DATA FLOW TEXT DESCRIPTION                                            DATA ELEMENT DEFINITION                                               YES/NO



 Internet Protocol Network            Policy-Based Internet Protocol   Contains Configuration, Inventory, and Network Topology   Configuration: Contains all the information on how an asset
 Management System                    Network Management               data sent from the Internet Protocol Network              (configuration item) is presently configured (e.g., parameter settings, ports
                                                                       Management System to the Policy-Based Internet            and protocols enabled, filters set, version of Internetwork Operating
                                                                       Protocol Network Management System                        System/firmware, etc.).
                                                                                                                                 Inventory: Contains the full descriptive inventory of managed assets - to
                                                                                                                                 include all known/discoverable metadata about the asset.
                                                                                                                                 Network Topology Data: This is the data about the physical and logical
                                                                                                                                 relationship of nodes within the network. It can also be configuration of the
                                                                                                                                 individual network elements.




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                                                        32                                                                                                         7/8/2010
TH SIGNAL COMMAND (ARMY)
 NETOPS ARCHITECTURE (LNA)
PLIANCE CHECKLIST #2
                                                                      PRODUCT COMPLIANCE
                                                                   TO BE COMPLETED BY VENDOR
                                                 SUPPORTING DOCUMENTATION
                                             TO INCLUDE: URL, SOURCE DOCUMENT
                                                  NAME AND PAGE NUMBERS         DESCRIPTION    COMMENTS




       Enterprise NetOps Planning Division
       ESTA-OSC I-ENPD
       2133 Cushing St.
       Ft. Huachuca, AZ 85613-7070
       Compliance.Team@conus.army.mil                                             33                      7/8/2010
TH SIGNAL COMMAND (ARMY)
 NETOPS ARCHITECTURE (LNA)
PLIANCE CHECKLIST #2
                                                                      PRODUCT COMPLIANCE
                                                                   TO BE COMPLETED BY VENDOR
                                                 SUPPORTING DOCUMENTATION
                                             TO INCLUDE: URL, SOURCE DOCUMENT
                                                  NAME AND PAGE NUMBERS         DESCRIPTION    COMMENTS




       Enterprise NetOps Planning Division
       ESTA-OSC I-ENPD
       2133 Cushing St.
       Ft. Huachuca, AZ 85613-7070
       Compliance.Team@conus.army.mil                                             34                      7/8/2010
TH SIGNAL COMMAND (ARMY)
 NETOPS ARCHITECTURE (LNA)
PLIANCE CHECKLIST #2
                                                                      PRODUCT COMPLIANCE
                                                                   TO BE COMPLETED BY VENDOR
                                                 SUPPORTING DOCUMENTATION
                                             TO INCLUDE: URL, SOURCE DOCUMENT
                                                  NAME AND PAGE NUMBERS         DESCRIPTION    COMMENTS




       Enterprise NetOps Planning Division
       ESTA-OSC I-ENPD
       2133 Cushing St.
       Ft. Huachuca, AZ 85613-7070
       Compliance.Team@conus.army.mil                                             35                      7/8/2010
TH SIGNAL COMMAND (ARMY)
 NETOPS ARCHITECTURE (LNA)
PLIANCE CHECKLIST #2
                                                                      PRODUCT COMPLIANCE
                                                                   TO BE COMPLETED BY VENDOR
                                                 SUPPORTING DOCUMENTATION
                                             TO INCLUDE: URL, SOURCE DOCUMENT
                                                  NAME AND PAGE NUMBERS         DESCRIPTION    COMMENTS




       Enterprise NetOps Planning Division
       ESTA-OSC I-ENPD
       2133 Cushing St.
       Ft. Huachuca, AZ 85613-7070
       Compliance.Team@conus.army.mil                                             36                      7/8/2010
                                                                                                                9th SIGNAL COMMAND (ARMY)
                                                                                                   LANDWARNET NETOPS ARCHITECTURE (LNA)
                                                                                   POLICY BASED INTERNET PROTOCOL MANAGEME
                                                                                                   TO BE COMPLETED BY ARMY REQUIRING ACTIVITY
                ARMY PROPONENT                                          VENDOR                           PRODUCT                     COMPLIANCE CHECKLIST SUBMITTED TO NETCOM

ORGANIZATION:                                           COMPANY NAME:                  NAME:
                                                                                                                                   DATE:
                                                                                       VERSION:

POINT OF CONTACT:                                       POINT OF CONTACT:
                                                                                                                                                                      INTENDED USE OF TH

PHONE:                                                  PHONE:


E-MAIL:                                                 E-MAIL:



                                                                                 TARGETED ECHELON(S) FOR IMPLEMENTATION OF THIS PRODUCT (Please Chec

    Army Area Processing Center (APC):                                                    Army CIO G-6:


    Army Global Network Operations and Security Center (Army-GNOSC) TOC:                  Army Operations Center - Pentagon:


    Army Strategic Command (ARSTRAT):                                                     Battalion (II) S-6:


    Battalion Command Assistance Team (BCAT):                                             Brigade (X) Combat Team (BCT):


    Brigade (X) Signal Company:                                                           Communications-Electronics Research Development & Engineering Center (CERDEC):


    Corps (XXX) G-6:                                                                      Corps (XXX) Signal Company:


    Division (XXX) G-6:                                                                   Division (XX) Signal Company:


    Installation, Garrison, Post, Camp, Station NEC (formally DOIM):                      NETCOM / 9th Signal Command (Army):


    Regional Computer Emergency Response Team (RCERT):                                    Regional Hub Node:
   Theater Network Operations (NetOps) Center (TNC) - DISA:                                                                Theater Network Operations (NetOps) Control Center (TNCC):


   Theater Tactical Signal Brigade (TTSB):                                                                                 U.S. Army National Guard NOSC:


   Other (Please Identify):




NOTE:
a) Completed LNA Compliance Checklists and supporting documentation are to be e-mailed to the NETCOM 9th Signal Command, LNA Compliance Team at the following: .- - - - - - - - - - - - - - - -- - - - - - - - - - - - - - - - - - - - - - -

b) These LNA Checklists and supporting documentation will be utilized by the LNA Compliance Team in their assessment of this NetOps products compliance to the Army LNA, prior to a CoN being granted by NETCOM/9th Signal Command
NAL COMMAND (ARMY)
T NETOPS ARCHITECTURE (LNA)
ERNET PROTOCOL MANAGEMENT
TED BY ARMY REQUIRING ACTIVITY
       COMPLIANCE CHECKLIST SUBMITTED TO NETCOM              DOES THIS PRODUCT ( VERSION ) HAVE A CERTIFICATE OF NETWORTHINESS (CoN)

                                                      YES:                                     CoN DATE:
     DATE:
                                                      NO:                                      DATE REQUEST SUBMITTED:

                                        INTENDED USE OF THIS PRODUCT




LEMENTATION OF THIS PRODUCT (Please Check ( √ )

                                                            Army Computer Emergency Response Team (ACERT) Tactical Operations Center (TOC):


                                                            Army Service Component Commands:


                                                            Battalion (II) Signal Company:


                                                            Brigade (X) S-6:


Development & Engineering Center (CERDEC):                  Company Signal Support:


                                                            Department of the Army (DA):


                                                            Expeditionary Signal Battalion (ESB) BATCON:


):                                                          NSC Operations Center (OC):


                                                            Signal Command (Theater) HQ and CIO:
Control Center (TNCC):                                                                               Theater Network Operations and Security Center (TNOSC):


                                                                                                     U.S. Strategic Command (STRATCOM):




t the following: .- - - - - - - - - - - - - - - -- - - - - - - - - - - - - - - - - - - - - - -   compliance.team@conus.army.mil

e to the Army LNA, prior to a CoN being granted by NETCOM/9th Signal Command.

				
DOCUMENT INFO
Description: Server Based Network document sample