"Active Directory Faqs Template"
NETCOM/9th SIGNAL COMMAND (ARMY) LANDWARNET NETOPS ARCHITECTURE (LNA) LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL X.500 DIRECTORY COMPLIANCE CHECKLIST #1 Vendors Certification of Product Meeting LNA PRODUCT CHECKLIST TO BE COMPLETED BY Name: Requirements Title: Name: VENDOR Version: Signature: FUNCTIONAL REQUIREMENTS PRODUCT COMPLIANCE MET NOT-MET SUPPORTING DOCUMENTATION TO INCLUDE: PR PR FUNCTION SYSTEM DESCRIPTION JUSTIFICATION DESCRIPTION COMMENTS IO URL, NAME OF SOURCE DOCUMENT AND O RI √ √ PAGE NUMBER TY T Administer Directory Replicas The system shall provide the capability to add, delete and change a replica on This is needed to adjust the configurations of replications 2 a directory server. between directory servers. Analyze Events By Asset The system shall provide on demand and scheduled analysis of event data. It This enables administrators to troubleshoot faulty/absent should be able to extract and produce event data based on specified reporting by sources, fine-tune their configurations, develop asset/system criteria (e.g., platform, device, application, asset type, new/more effective behavior based profiles (for agent/system failure reports, source, system performing attack. etc.) It shall firewalls/Intrusion Prevention System (IPS), and provide 2 enable administrators to query, extract/filter and report event information evaluations on the effectiveness of sources. All improve the based on the event source. It shall enable the administrator to schedule the LandWarNet’s availability, reliability, and security. analyses/queries, with the same criteria. Analyze Events by Multiple Criteria The system shall enable administrators to analyze system events by multiple This is essential to support root cause analyses, criteria. It shall enable them to analyze events relating to two or more troubleshooting, and in order to assess progress in improving administrator designated criteria, to include (but not limited to) specific times, support/services - all necessary to operate, maintain and assets (hardware, software, Agents), Command, Control, Communications, defend the LandWarNet. It also reduces the amount of time Computers, and Information Management/Information Technology (C4IM/IT) administrators will spend in isolating the underpinning cause services, users, administrators, threat signatures, behavioral profiles, of an outage. 2 asset/threat type, management system transactions/job, Capacity, Availability, Performance (CAP) data, business impact, data source, and/or configuration items. Analyze Events By Threat The system shall analyze events by threat type. It shall have the capability to This facilitates the LandWarNet's defense by providing extract and report event data by various custom threat signatures/ behavior automated tools to process large volumes of threat data in profiles, Common Vulnerabilities and Exposures signatures, or external order to rapidly identify and highlight specific threats. Threat/Neutral systems (e.g., Frequency Spectrum Manager should be able to relate interference events to Enemy/Neutral Emitters in reports provided by 1 supporting Intelligence Systems). The system shall enable administrators to specify these threats (e.g., from a pick list) and the desired information to present for subsequent automatic detection and processing/reporting/display. Assign Privileges to Administrative Groups The system shall provide the ability to assign privileges (read, write, execute, This is needed for administrators to quickly and securely add access to, restrictions from) to administrative groups. Administrative groups and remove access permissions to management platforms. 2 are composed of administrative accounts used to manage the platform. Collect Events From Log Files (Active) The system shall collect events from log files or logging systems. (Active This is needed in order for the management platform to collection). receive health, status and security posture of managed 2 systems in the LandWarNet. Configure Communication Resources The system shall have configurable communication parameters. These This is needed to securely configure communication channels parameters can be set between component-to- management consoles, between agents and management platforms ensures secure manager-to-agent and manager-to-management consoles; client-to-server, transfer of data between the two elements. 1 client-to-client, Virtual Private Network Device-to-remote user, and server-to- server components. This include configuring ports, Internet Protocol address. Enterprise NetOps Planning Division ESTA-OSC I-ENPD 2133 Cushing St. Ft. Huachuca, AZ 85613-7070 Compliance.Team@conus.army.mil 1 12/5/2010 FUNCTIONAL REQUIREMENTS PRODUCT COMPLIANCE MET NOT-MET SUPPORTING DOCUMENTATION TO INCLUDE: PR PR FUNCTION SYSTEM DESCRIPTION JUSTIFICATION DESCRIPTION COMMENTS IO URL, NAME OF SOURCE DOCUMENT AND O RI √ √ PAGE NUMBER T TY Configure Operational Data Collection The system shall enable administrators to define the particulars of operational This is required to ensure that asset statuses and other data collection and storage. These shall include the intervals of data operational data are collected to operate and maintain the collection, the specific data to be collected (e.g., system operational status, LandWarNet. 2 user actions/activities being performed, etc.), and the methods of collection. Create Directory Attribute The system shall provide the ability to create and define custom types of This is needed to customize the type of data that is stored in directory attributes. the directory. Without this functionality, the directory would 2 only be able to hold the default data types. Create Directory Class The system shall provide the ability to create or add a class to an existing This is needed to customize the groups of data that is stored Directory Schema. A directory class is a named group of attributes. When in the directory. Without this functionality, the directory would 2 you want to assign attributes to an entry, you do so by assigning to that entry only be able to hold the default data types. the object classes that hold those attributes. Create Directory Index The system shall provide capability to create Lightweight Directory Access This is needed to fine-tune the directory by adding indexes Protocol (LDAP)/X.500 indexes on a directory server. An index is a feature in and reducing access/search times. a database that allows for quick access to rows in a table. Indexes should be 2 limited as too many will require resources that will slow the performance of the directory. Create Directory Partition The system shall provide the capability to create a LDAP/X.500 partition to an This is needed in order to control the amount of data that will existing directory. A directory partition is a contiguous sub tree in the directory be replicated from one server to another. 2 that forms a unit of replication. Customize Diagnostic Routines The system should support local customization of the default diagnostic Not Applicable (N/A) 3 routines. Customize Knowledge Base The system should enable administrators to customize its digital documents N/A knowledge bases for its managed clients/agents/applications, and supported customers, organizations, or services. This enables administrators to add Army specific documents (approval to operate, tailored Standard Operating Procedure (SOP)/Tactics, Techniques, and Procedures (TTPs), Army-refined Frequently Asked Questions (FAQs), IPS Policy/Behavior-Based Rule 3 Implementation Instructions, Field Manuals (FMs)/Behavior-Based Rules, etc.) to standard Enterprise documents and links within the knowledge base. Define Access Privileges The system shall enable designated administrators to define, and This is critical for securing LandWarNet resources and subsequently enforce access privileges for other administrators, users and preventing unauthorized users from making changes that assets to the management platform its data and any managed assets. could lead to false alarms, failure of vital system functions, 2 and corruption of data used to operate, manage and defend the LandWarNet. Define Performance Thresholds The system should define performance thresholds for the managed N/A agents/systems/clients/applications. Performance is primarily tied to availability, throughput and response time. (e.g., transaction time, storage 3 read write times, authentication processing time, update times, attacks blocked, attacks blocked by signature/behavior rule, etc.). Delete Directory Attribute The system shall provide the ability to delete a X.500 attribute. Directory This will enable administrators to remove old, corrupt, or attributes are pieces of information associated with directory classes. incorrect data from the directory, which will help to reclaim 2 Example: a computer user would be specified as class and the user’s phone directory space, ensure data integrity and reduce resources would be an attribute. needed to support the service. Delete Directory Class The system should provide the ability to delete a class from an existing This is needed to customize (remove) the groups of data that Directory Schema. A directory class is a named group of attributes. When is stored in the directory. Without this functionality, there 2 you want to assign attributes to an entry, you do so by assigning to that entry would be no way to remove legacy directory classes/data. the object classes that hold those attributes. Delete Directory Index The system shall provide capability to delete a LDAP/X.500 index on a This is needed to fine-tune the directory by removing indexes directory server. An index is a feature in a database that allows for quick that maybe slowing access time. 2 access to rows in a table. Indexes should be limited as too many will require resources that will slow the performance of the directory. Detect and Report Login Credential The system shall identify when users/administrators have changed, or This is needed to track user activity and identify those types of Changes attempted to change, their login credentials (user name, password, domain) activities that may indicate unauthorized changes to accounts. 2 and report this change. Disable Directory Replication The system shall provide administrators the ability to disable the replication of This is needed in order to perform maintenance or to identify a LDAP/X.500 directory when needed. potential problems with replication of the directory. 2 Enterprise NetOps Planning Division ESTA-OSC I-ENPD 2133 Cushing St. Ft. Huachuca, AZ 85613-7070 Compliance.Team@conus.army.mil 2 12/5/2010 FUNCTIONAL REQUIREMENTS PRODUCT COMPLIANCE MET NOT-MET SUPPORTING DOCUMENTATION TO INCLUDE: PR PR FUNCTION SYSTEM DESCRIPTION JUSTIFICATION DESCRIPTION COMMENTS IO URL, NAME OF SOURCE DOCUMENT AND O RI √ √ PAGE NUMBER T TY Display Change History The system shall display information regarding historical changes to the This is needed to enable administrators to verify authorized system and its managed objects or applications. changes and identify unauthorized changes to the 1 management system and any managed devices and applications. Display Directory Partition The system should provide the capability to view LDAP/X.500 Partitions. N/A 3 Display Directory Replicas The system should provide the capability to display LDAP/X.500 replicas. N/A 3 Display Directory Schema The system should provide the ability to display attributes and classes within N/A 3 the schema. Display Events The system shall display dynamic near-real-time events based on alarm This is needed for the operation, maintenance, and defense of severity, time, hierarchical importance, client groups, etc. The system shall the Global Information Grid (GIG) and LandWarNet. 1 support drill down capabilities to display the underlying events behind larger alarms/incidents. Display Help The system should provide the ability to view help files specific to the N/A 3 application or management system. Display Knowledge Base Information The system should display requested information from a particular knowledge N/A base, in response to administrator queries. It should support information retrieval and display from authorized (administratively-linked) external knowledge bases (e.g., a vendor maintained knowledge base. This facilitates 3 rapid trouble-shooting and insightful decision making, particularly by less experienced administrators. Display Logging Information The system shall present logging information received from an asset or Enables administrators to view activity logs to identify 2 agent/sensor. unauthorized events per Army Regulation (AR) 25-2. Display Monitored Data The system shall drill down and display information about displayed devices This is essential for basic LandWarNet monitoring, and events. The information may include event/incidents/problems, troubleshooting, and maintenance - particularly at Theater operational activities, system transactions and/or CAP data. Network Operation (NetOps) and Security Centers, where 1 remote access to fault sources will be critical for security and rapid repair/problem prevention. Display Results of Diagnostics The system shall present results of diagnostic routines executed on a network This is needed to facilitate trouble shooting. 2 device. Encrypt Data Exchanges The system shall provide secure (encrypted) data exchange between a Secures NetOps management data used to control manager and clients. Certain types of data being exchanged require management platforms on the LandWarNet. encryption (e.g., logon credentials). The system shall provide the capability to encrypt data transferred between the system and assets using Secure Socket 1 Layer (SSL) and Transport Layer Security (TLS) that is Federal Information Processing Standards (FIPS) Publication 140-2 compliant. Execute Diagnostic Routines The system shall enable the user to execute the available diagnostic routines. This is needed for administrators to remotely execute routines that will help with the diagnosis of problems with the system. 2 Filter Events The system shall filter or limit the events being generated from the managed This is needed to filter events being generated from the asset. Examples of filter criteria are event name, type, identification number, managed assets the console will receive to prevent more source, and type of event (i.e., security, system, application). events that can be processed. This could cause the console 2 to lock up, and could also result in loss of pertinent event data. Identify Directory Replication Issues The system shall identify, notify the administrator, and log the event for This is needed to identify and subsequently repair problems 2 problems with replication of a Directory. with directory replication. Improve Performance The system shall enable the administrator to adjust application and system Needed to ensure assets in the LandWarNet are operating at settings so as to improve performance on the managed assets. Adjusted an optimal level, thus meeting defined service levels. 2 settings include; cache, virtual memory, Hard memory limits, and dynamic limits for replicas. Initiate Failover The system shall be able to initiate failover of its managed assets based on Needed to ensure assets/systems/services in the administratively set threshold criteria and redundant configurations. LandWarNet will continue to operate. 2 Manage Administrator Accounts The system shall provide the ability to manage (add, modify, verify, delete) This is needed to ensure that access to management systems accounts that are used to administrate the system. This also includes the is controlled and secure. 2 ability add and remove users from groups. Manage Application Configuration Settings The system shall manage application related configuration settings. This is essential to ensure Army Gold Master and other common Enterprise Applications have implemented secure 2 configuration settings as part of the LandWarNet Defense In Depth (DID) effort. Enterprise NetOps Planning Division ESTA-OSC I-ENPD 2133 Cushing St. Ft. Huachuca, AZ 85613-7070 Compliance.Team@conus.army.mil 3 12/5/2010 FUNCTIONAL REQUIREMENTS PRODUCT COMPLIANCE MET NOT-MET SUPPORTING DOCUMENTATION TO INCLUDE: PR PR FUNCTION SYSTEM DESCRIPTION JUSTIFICATION DESCRIPTION COMMENTS IO URL, NAME OF SOURCE DOCUMENT AND O RI √ √ PAGE NUMBER TY T Manage Component Grouping The system shall allow administrators to define groups of assets. Groups may This is needed to enable the administrators to perform be created using different characteristics, including hierarchical, common operations upon them (loading patches, signatures, organizational, geographical, or functional (e.g., Email Servers). Also, the profiles, access control list, etc.) - speeding implementation of system shall enable administrators to assign specific assets/components to security measures during an attack, reducing the chances of 2 defined groups. error, and reducing overall administrator workloads. Manage Configuration Profiles The system shall manage (create, modify, archive and delete) sets of This speeds asset configuration (during installation/updates), configuration profiles for specific classes of devices, agent/clients, and reduces administrator burdens, and reduces human error by applications. A configuration profile contains all the configuration information establishing standard configuration sets to apply for specific about a specific asset. It shall support both the current configuration profile of assets. It also provides a means to assess compliance to an a managed asset as well as a baseline configuration profile. approved Enterprise configuration standard for common 2 systems/devices (e.g., an Active Directory (AD) server should have specific agents, signatures and profiles loaded at any given time). Manage Diagnostic Routines The system should enable administrators to create, copy, and delete N/A tailored/unique diagnostic routines for the management system and any 3 managed devices, agents or applications. Manage Environment Specific Event The system shall enable administrators to create, copy, modify, archive and This allows administrators to refine automated responses by Actions delete Event Response/Operations rules for environment specific (local) the manager to address unique/Army mission and events or administratively defined filters. It shall allow them to create/modify environment/infrastructure needs and constraints. A pick list names for each rule, select pre-defined standard/custom filters, and specify enables administrators to predefine rules to support conditions the pre-defined responses/operations the management system shall take anticipated when an Operations Plan (OPLAN)/Concept of when the criteria are met. The system's automated response options shall Operations Plan (CONPLAN) is executed, or major support audible alarms, visual alarms, administrator defined text messaging event/policy (e.g., Brigade Combat Team exercise or (e.g., email/pager alerts), normalization of externally generated events, Information Operations policy) occurs. Pre-configured correlation/consolidation of redundant/associated events, setting event automated responses helps prevent both administrators and classification/priority data, and execution of other operations using the system from becoming overwhelmed - while speeding 2 administratively defined variable entries. It shall permit an administrator to remedial actions. create a rule set of related rules. It shall enable administrators define rules/criteria used to match specific data fields and the data entry that results from the match. It should enable them to provide a named set of these combination rules. The system shall enable administrators to manage a pick list these rules/rules sets for latter execution by administrators and authorized users. Manage Event Filter Criteria The system shall enable administrators to create, modify, archive, and delete This is needed to the effective application of the filter to the filtering criteria used to control what events are generated (sent) or permitted asset. Event filtering prevents the console from receiving (accepted) from each managed element/asset. It shall support different filters more events that can be processed. This could cause the for sending events, receiving/processing events, and alerts/notifications console to lock up, and could also result in loss of pertinent arising from events. The system shall support temporary filters, enabling event data. administrators to select default/administrator defined filters from a pick list to adjust and activate. The supported filtering criteria shall address 2 standards/Protocol based variables/thresholds (e.g., Simple Network Management Protocol (SNMP), computer input multiplexer) as well as system unique ones (e.g., vendor provided SNMP, manual input buffer extensions). Manage Failover Configuration Settings The system shall enable the administrator to define failover criteria and This is vital for the reliability, survivability and speedy recovery required configuration settings. of the LandWarNet following a critical asset/applications' 2 failure, destruction, or removal. Manage Groups The system shall manage (create, modify, delete) User Groups, with user roles The system is critical to the operations and security of this and privileges. It shall support User Group creation, data entry/modification, NetOps system and the LandWarNet. User accounts and and deletion by authorized system users. This includes the ability to remove their associated User Group(s) will be used throughout the multiple groups/super groups (groups that contain other groups) within a single Enterprise to control privilege-based access to various action. resources/assets and services, track trouble calls/service 1 requests, provide alerts/notifications, and to maintain audit/transaction logs (In Accordance With (IAW) AR 25-1 and AR 25-2). Enterprise NetOps Planning Division ESTA-OSC I-ENPD 2133 Cushing St. Ft. Huachuca, AZ 85613-7070 Compliance.Team@conus.army.mil 4 12/5/2010 FUNCTIONAL REQUIREMENTS PRODUCT COMPLIANCE MET NOT-MET SUPPORTING DOCUMENTATION TO INCLUDE: PR PR FUNCTION SYSTEM DESCRIPTION JUSTIFICATION DESCRIPTION COMMENTS IO URL, NAME OF SOURCE DOCUMENT AND O RI √ √ PAGE NUMBER TY T Manage Polling Intervals The system shall manage data collection polling intervals. Polling intervals will This is needed to ensure prop updates of the status of be adjusted to reflect the status (operational stability) of the network or the systems is received by the Management system and Network 2 current information operations condition. Common Operational Picture (NETCOP) System. Merge Directory Partition The system shall provide the capability to merge two partitions on a single This is needed in order to move information from one directory directory server. A partition is a contiguous sub tree of the directory that forms to another. 2 a unit of replication. Monitor Availability The system shall monitor for the availability of a specific service. Availability is This is the data used to determine if service meets the the ability of an Information Technology (IT) service or component to perform Service Level Management. 2 its required function at a stated instant or over a stated period of time. Monitor Capacity The system shall monitor current component capacity data against specified Monitoring of capacity provides a proactive way to identify the thresholds (e.g., from the LandWarNet Service Catalog). need for expansion of the system prior to failure of any of the 2 components, thus ensuring the continuity of the overall service. Monitor Internet Protocol Services The system shall monitor the status and health of service based IP to include; This is essential to ensure communications that rely on these LDAP, Network News Transfer Protocol, Simple Mail Transfer Protocol, Point services can occur across the LandWarNet. 2 of Presence, Internet Message Access Protocol, and Digital Audio-Video. Monitor Performance The system shall monitor current component performance data against Monitoring of performance provides a proactive way to identify specified thresholds (e.g., from the LandWarNet Service Catalog). the need for expansion of the system prior to failure of any of 2 the components, thus ensuring the continuity of the overall service. Monitor Schema Synchronization The system shall provide a capability to monitor schema synchronization. The This prevents conflicting versions of directory schemas that schema is a set of rules that defines how the data can be stored in the can lead to conflict of data, and possibly inoperability of the 2 directory. system. Monitor Server Clusters The system shall monitor servers that are clustered and represent a single This is needed to monitor the health and security of server 2 server. This includes the following: clusters within the LandWarNet and thus ensuring the a) Fail cluster to another node continuity of services provided. b) Take server cluster off line c) Bring server cluster on line d) Start server cluster e) Stop server cluster f) Move server cluster g) View cluster properties. Move Directory Index The system shall provide capability to move a predefined index configuration This is needed to fine replicate the tuning of one directory from one directory server to another. An index is a feature in a database that server to another. allows for quick access to rows in a table. Indexes should be limited as too 2 many will require resources that will slow the performance of the directory. Move Directory Partition The system shall provide the capability to move a partition on a directory This is needed in order to decommission systems/services or server. A directory partition is a contiguous sub tree in the directory that forms to increase response time of the system. 2 a unit of replication. Perform Local Authentication The system shall authenticate users, administrators, and assets from data This is needed for the authentication of users to access and stored locally within the management application or device. resources on the LandWarNet and is required by AR 25-1, 1 and AR 25-2. Perform Operations on Multiple Assets The system shall permit administrators to interact with multiple managed This is needed to save the administrators considerable time, assets on a single screen. It allows them to select and perform operations on enable central management and maintenance of large individual assets, and groups of assets (Hardware, Software, Agents), from network - enhancing overall reliability and security. administratively defined (pick) lists of available assets/asset groups and 2 operations. The system shall enable the administrator to define and save groups of assets for future pick list displays (to perform future operations upon). Perform Remote Authentication The system shall authenticate users, administrators, and assets from a remote This is the core function for the authentication of users to authentication service on the network. access and resources on the LandWarNet and is required by 1 AR 25-1, and AR 25-2. Process Requests for Capacity, Availability, The system shall process Requests For Data (polls) from the Capacity, This is needed to enable overarching NetOps management and Performance Monitoring Data Availability, and Performance Monitoring system. The system shall determine systems to function; it directly feeds the IT Metrics Program's the required information/ data, retrieve/collect it and forward it to the Capacity, data collection, which in turn provides required reports to meet 1 Availability, and Performance Monitoring system. provisions within the Clinger-Cohen Act. Enterprise NetOps Planning Division ESTA-OSC I-ENPD 2133 Cushing St. Ft. Huachuca, AZ 85613-7070 Compliance.Team@conus.army.mil 5 12/5/2010 FUNCTIONAL REQUIREMENTS PRODUCT COMPLIANCE MET NOT-MET SUPPORTING DOCUMENTATION TO INCLUDE: PR PR FUNCTION SYSTEM DESCRIPTION JUSTIFICATION DESCRIPTION COMMENTS IO URL, NAME OF SOURCE DOCUMENT AND O RI √ √ PAGE NUMBER TY T Provide Ability to Drill-Down The system shall provide in-depth detailed information about any monitored This enables rapid trouble-shooting or identification of key asset, service, or function depicted on the Graphical User Interface. This information necessary for operations, maintenance or defense enables the user to drill-down on any graphical representation (e.g., icon) to actions. 2 obtain specific relevant detailed information regarding its status. Provide Administrator Audit Log The system shall provide administrator audit log information, to include the This is required in accordance with Department of Defense administrator's identification, time stamp, the specific activity/transaction Instruction (DoDI) 8500.2, AR 25-1 and AR 25-2. performed, changes in permissions, and any other specified data of interest 2 related to administrator transactions on the system. Provide Alarm Trace Data Repository The system shall store Alarm/Event data collected and analyzed by the This is essential for retaining records of system failures and management system. Alarm data is generated based on predefined criteria security events necessary for follow-up, in-depth analysis 2 established and rules run against event/operational data received by the used to resolve problems and improve LandWarNet readiness management platform. and availability. Provide Availability Data Repository The system should store availability data collected and analyzed by the N/A management system. Availability data may include average/maximum time in service as scheduled, task/job response times, incident/problem resolution 3 times, maximum/mean times between failures, time in scheduled maintenance, time support/ service is lost while an asset is back-ordered, etc. Provide Capacity Data Repository The system should store capacity data collected and analyzed by the N/A management system. Capacity data may include used/remaining storage capacity (for disk drives, LUN, tape, drive pools, etc) , processing/CPU 3 capacity, the average/maximum number of files/applications/users and asset/service supports, transmission rate/bandwidth data, etc. Provide Capacity, Availability and The system should provide reports on CAP data. N/A 3 Performance Data Report Provide Capacity, Availability, and The system should integrate with the CAP Monitoring System. This is needed N/A Performance Monitoring System Integration in order for the CAP Monitoring System to receive data that it can then 3 analyze. Provide Command Line Interface The system shall use a command line interface for system or account This is needed to enable administrators to execute changes administration locally and remotely. on large groups of configuration items via a single command. 2 Provide Command Line Interface and The system should provide security mechanisms for Command Line Interface N/A Application Program Interface Security (CLI) and Application Program Interface access to the system. The system should enforce security for command line input that is functionally identical to 3 GUI access restrictions and controls; security for Advanced Programming Interfaces that are functionally identical to GUI access restrictions and controls. Provide Communication Ports Security The system shall provide the capability to designate a limited set of ports for This is necessary to configure management platforms to communication between management platforms and managed components. communicate across routers and switches (considering port 1 restrictions that may be applied to network devices) within the LandWarNet. Provide Configuration Management Data This system shall integrate with an external CMDB/SS system; which includes This is required to provide critical NetOps inventory and Base/Service Support Integration components such as: Service Desk, Incident Management, Problem configuration item data, health/welfare status Management, Change Management, Configuration Management, Asset information/events, and other administrative information 1 Management, Project Management, etc. This includes enabling the user to necessary to monitor and manage the health, welfare, and access the manual workflow report (Trouble Ticket) features of the CMDB/SS. operational status of the LandWarNet. Provide Data Compression and The system should provide multiple types of data compression and N/A 3 Decompression decompression for a specific job or groups of jobs. Provide Defineable Report Filters The system should provide filters that can be created and modified. Filters N/A provide a way to produce reports that provide data on a specific attribute(s). 3 Provide Device and Media Configuration The system shall store all configuration information about devices and media This is needed to maintain and defend LandWarNet systems Information Repository that is generated by the management system or its sub-systems/agents, to via their configurations. It supports restoring and include any unique communications/encryption settings. This also includes reconstitution of vital assets and applications. 2 new/staged, current, and multiple copies of historical configuration data. Provide Diagnostic Routines The system shall provide diagnostic routines. Diagnostic routines enable This is essential for the rapid trouble shooting and administrators to execute an action or set of actions intended to reveal maintenance of assets. 2 operational failures. Enterprise NetOps Planning Division ESTA-OSC I-ENPD 2133 Cushing St. Ft. Huachuca, AZ 85613-7070 Compliance.Team@conus.army.mil 6 12/5/2010 FUNCTIONAL REQUIREMENTS PRODUCT COMPLIANCE MET NOT-MET SUPPORTING DOCUMENTATION TO INCLUDE: PR PR FUNCTION SYSTEM DESCRIPTION JUSTIFICATION DESCRIPTION COMMENTS IO URL, NAME OF SOURCE DOCUMENT AND O RI √ √ PAGE NUMBER TY T Provide Directory Data Integrity The system shall ensure data integrity. Data integrity provides assurance that This is needed to ensure the stability and integrity of the data the directory information has not been corrupted. being stored in the directory, which is used to store identity, 1 configuration, and other information about assets and users on the LandWarNet. Provide Directory Schema Management The system shall provide LDAP/X.500 Schema management (add, delete, This is needed to add and remove objects in the directory. modify). The schema is the data model that describes the directory structure, 2 and defines all the objects to be stored in the database. Provide Event Aggregation The system should aggregate/fuse similar events into a single event N/A record/report. [Aggregation/Fusion is the combination of data from multiple 3 sources into a single location/report.] Provide Event Correlation The system shall correlate events. [Correlation is the establishment of This is needed to enable administrators to rapidly discern new relationships between events from various sources. The combination of these computer network attacks, installation of a bad lot of events will provide increased information about possible events.] components, or other related failures/transactions requiring 2 immediate attention to ensure the LandWarNet continues to operate. Provide Event Escalation The system shall raise the priority or severity of an event based on predefined This ensures rapid responses to events that can disrupt the 2 rules established within the system. LandWarNet if not addressed quickly. Provide Event Log Reports The system shall produce reports containing event and associated user This is needed to meet AR requirements for reporting on 2 activity logs. potential security breeches. Provide Event Reduction The system should reduce the number of events generated. [Reduction of N/A events is the process of removing duplicate and repetitive events.] It should have the ability to automatically adjust the combined timestamp information, 3 provide/update any event duration time entries, and note the number of times it had been reported. Provide External Events Repository The system shall capture and store external systems/operations events and This data is essential for the basic operation of this system's logs retrieved from external clients/repositories. It shall provide timely storage management console, which is used to operate and maintain for all operational events and/or transaction logs (e.g., Sys-logs) IT assets and services within the LandWarNet. The ability to received/polled from specific monitored clients/repositories. It shall record all query its data is essential for detailed analyses, which support reported event information, with time-stamp data, as textual data in a NetOps procedures, training, staffing, and infrastructure 2 database. It shall support queries of this data. [External systems are not part decisions. of the NetOps management system itself; these events/logs address health and welfare information of these external, but managed, LandWarNet assets). Provide Failover Monitoring The system shall monitor infrastructure operations to determine when failover This is vital for the reliability, survivability, and speedy criteria have been met. recovery of the LandWarNet following a critical 2 asset/applications' failure, destruction, or removal. Provide Frequently Asked Questions The system should support a FAQ capability, providing searchable, quick N/A Feature solutions for common problems for both administrators and customers/users. 3 Provide Graphical Interface The system shall provide a graphical user interface enabling users and/or This is needed to simplify the use of the management system. administrators to access and operate the system from their terminal or via a web-accessible Interface. The system functionality should be the same 2 whether the operator accesses the system via the terminal or at the server/system's native interface. Provide Grouping Repository The system should provide a repository for storage of groups or like N/A objects/assets. This includes the ability to store groupings of remediations, components, events, devices, managed agents/elements, and users, and any data on their associated permissions/access restrictions. It should be able to store multiple versions of this data (staged/ new, current and various historical 3 sets of information). This repository should support queries of this data (for authorized administrators/users only). Provide Help Feature The system should provide help functionality. This can be an on-line N/A functionality or provided locally on the platform. It should provide a search 3 and index capability. Provide Import Digital Documents For The system should import vendor supplied Digital Documentation Knowledge N/A 3 Knowledge Bases Base information. Enterprise NetOps Planning Division ESTA-OSC I-ENPD 2133 Cushing St. Ft. Huachuca, AZ 85613-7070 Compliance.Team@conus.army.mil 7 12/5/2010 FUNCTIONAL REQUIREMENTS PRODUCT COMPLIANCE MET NOT-MET SUPPORTING DOCUMENTATION TO INCLUDE: PR PR FUNCTION SYSTEM DESCRIPTION JUSTIFICATION DESCRIPTION COMMENTS IO URL, NAME OF SOURCE DOCUMENT AND O RI √ √ PAGE NUMBER TY T Provide Internal Events Repository The system shall provide timely storage for internally generated system This data is essential for the basic operation and maintenance log/transaction events (events/logs addressing the NetOps system's health of this system, which is used to operate, maintain, and defend and operational status). It shall record all reported event information, with time- IT assets and services within the LandWarNet. The ability to stamp data, as textual data in a database. It shall support queries of this data. query its data is essential for detailed analyses, which support 2 It shall capture and store all agent/sensor reported events/logs and all NetOps procedures, training, staffing, and infrastructure operational logs (e.g., Sys-logs) polled from specific managed assets. decisions. Provide Knowledge Base The system should provide a knowledge base. Knowledge bases are N/A searchable (via queries) repository of information about a specific topic or product. The knowledge base should contain at a minimum; frequently asked 3 questions, trouble-shooting wizards, Uniform Resource Locators (URL) for additional help/information. Provide Knowledge Base Repository The system should store NetOps Knowledge Base information. This includes This is essential for the basic operation of the NetOps all information stored in the Knowledge Base used primarily by administrators Systems Knowledge Base management capabilities. 3 in the operations and maintenance of systems and services. Provide Lightweight Directory Access The system should monitor the partitions of a LDAP/X.500 directory. N/A Protocol/X.500 Partition Monitoring Partitions are contiguous sub trees of the directory that form a unit of 3 replication and occupy a specific space on a drive. The amount of space available for that partition must be monitored for space usage. Provide Lightweight Directory Access The system shall provide monitoring of the different LDAP processes. This enables the quick identification of service failure thus 2 Protocol/X.500 Process Monitoring reducing downtime of the directory. Provide Multiple Component Access The system shall control the administrator's ability to only perform operations This is needed to enable automated administrative access Controls to those assets/asset groups they are authorized to manage. controls - enhancing overall reliability and security. 2 Provide Operational Reports The system shall provide operational NetOps reports, to include those on This is needed to allow the element manager to combine and component and aggregated asset/system utilization (or usage); failed summarize device/storage information, Job Status, Job 2 components/assets; configuration settings for all/ designated Volume, Device Utilization, media verification, job failures, job components/assets; and asset/device/storage information. schedules, report alerts. Provide Operational Status Repository The system shall store the operational status of all managed assets. [This Knowing the health/operational status of managed assets is a asset/service health and status data is received by or generated within the core NetOps function and essential to operate, maintain and 1 management system, based upon events/ other reports.] defend the LandWarNet. Provide Predefined Display Formats The system shall display predefined formats/displays to make the system This is needed for basic operation of the system out of the 2 usable immediately after the initial installation. box, reducing configuration and implementation time. Provide Predefined Reporting Filters The system should display filters to reduce displayed data based on relevancy N/A and provide predefined display filters to support analysis of reported data. 3 Provide Remote Administration The system shall provide secure, IP-based remote administration of the This is required to secure the LandWarNet and operate large 2 manager and its managed assets. networks. Provide Security Event Repository The system shall provide timely storage for security event information relating This data is essential for the basic operation of this system's to the management console and any managed assets/services. This includes management console, which is used to defend the expired passwords, user lockouts, numerous faulty log on attempts, LandWarNet. The ability to query its data is essential for transaction logs of changes to system permissions, unauthorized transactions forensic analyses on computer network attacks and others (e.g., user/administrator access escalations), and similar alarms/alerts. It shall security incidents. 2 record all reported event information, with time-stamp data, as textual data in a database. It shall support queries. It shall capture and store all managed agents/sensors reported security events/logs. Provide Signatures Profiles Repository The system shall store grouped threat signature data (profile) generated within This enables administrative tailoring of threat signatures the management system. This includes named profiles of signatures packages for specific network segments and/or Intrusion associated to a specific asset or asset category/group. Detection System (IDS)/Intrusion Protection System 2 (IPS)/firewall devices. This reduces scan/detection times and network congestion, while enhancing protection. Provide Single Component Access The system shall enable administrators to interact with a single monitored This is needed to facilitate defensive actions, maintenance, asset or service on a single screen. This includes enabling them to view and and operational management of core components and 2 manipulate the asset/ service's status, type, capacity, utilization, allocation, services underpinning the entire LandWarNet. and location. Enterprise NetOps Planning Division ESTA-OSC I-ENPD 2133 Cushing St. Ft. Huachuca, AZ 85613-7070 Compliance.Team@conus.army.mil 8 12/5/2010 FUNCTIONAL REQUIREMENTS PRODUCT COMPLIANCE MET NOT-MET SUPPORTING DOCUMENTATION TO INCLUDE: PR PR FUNCTION SYSTEM DESCRIPTION JUSTIFICATION DESCRIPTION COMMENTS IO URL, NAME OF SOURCE DOCUMENT AND O RI √ √ PAGE NUMBER T TY Provide Standard and Predefined Reports The system should predefined/ standard reports and views. The system N/A should also provide graphics within text reports (e.g., Trending Reports may contain pie charts, bar charts, line charts and other standard graphics). The system should publish reports in Hyper Text Markup Language (HTML), eXtensible Markup Language (XML), Sequential Query Language (SQL), American Standard Code for Information Interchange (ASCII), Joint 3 Photographic Experts Group (JPEG) and other standard languages/formats; be able to print and email all generated reports. The system should be able to provide displays and reports on all on the following: a) audit reports that detail modifications and upgrades to the system, b) identifying all major problems (per pre-defined Service Level Agreement (SLA)/service support program, per period), c) resolution time for incidents/ problems, d) closed incidents/problems, e) problems that result in the highest percentage of resource utilization, f) first contact to closure for incidents or problems, g) first call closure for incidents or problems, h) open incidents or problems, i) incidents or problems that violate SLA/service support program, Service Level Indicators, j) closed incidents and problems, k) resolved incidents and problems, l) escalated incidents and problems, m) based on each individual support staff for the number of incidents or problems that they turned over to other support staff during a shift change, n) based on department/group for the number of incidents or problems that are turned over to other support staff during a shift change, o) trends by agent/support staff for number of incidents and problems opened per day, week, and month, p) trends by agent/support staff for number of incidents and problems resolved per day, week, and month, q) trends by agent/support staff for number of incidents and problems escalated per day, week, and month, r) trends by agent/support staff on the average time taken for incidents and problems to move from open to resolved status, s) trends by agent/support staff on the average time spent talking to customers/users regarding an incident or problem, t) trends by agent/support staff on percent of first contact to resolution regarding incidents and problems, u) trends (daily, weekly, monthly) by agent/support staff on percent of first call resolution regarding incidents and problems, Enterprise NetOps Planning Division ESTA-OSC I-ENPD 2133 Cushing St. Ft. Huachuca, AZ 85613-7070 Compliance.Team@conus.army.mil 9 12/5/2010 FUNCTIONAL REQUIREMENTS PRODUCT COMPLIANCE MET NOT-MET SUPPORTING DOCUMENTATION TO INCLUDE: PR PR FUNCTION SYSTEM DESCRIPTION JUSTIFICATION DESCRIPTION COMMENTS IO URL, NAME OF SOURCE DOCUMENT AND O RI √ √ PAGE NUMBER TY T v) trends (daily, weekly, monthly) by agent/support staff on the average first contact to resolution regarding incidents and problems, w) trends (daily, weekly, monthly) by agent/support staff on the average first call to resolution regarding incidents and problems, x) trends by group/department for number of incidents and problems opened per day, week, and month, y) trends by group/department for number of incidents and problems resolved per day, week, and month, z) trends by group/department for number of incidents and problems escalated per day, week, and month, aa) trends by group/department on the average time taken for incidents and problems to move from open to resolved status, bb) trends by group/department on the average time spent talking to customers/users regarding an incident or problem, cc) trends by group/department on percent of first contact to resolution regarding incidents and problems, dd) trends by group/department on percent of first call to resolution regarding incidents and problems, ee) trends by group/department on the average first contact to resolution regarding incidents and problems, ff) trends (daily, weekly, monthly) by group on the average first call to resolution regarding incidents and problems, gg) Incident/Problem rollups by LandWarNet C4IM/IT service or product, hh) Users that access a specific asset, ii) users that own a specific asset, jj) operational assets which have exceeded their life-cycle (to identify equipment that needs to be replaced), kk) minimum, maximum, and averages for all time and numeric based reports, ll) number of users that access a defined service, mm) customers and their associated users, nn) specify the concentration and distribution of vendors and their related products within the enterprise (allows the organization to more clearly understand the impact of issues related to specific products or vendors), oo) life-cycle plans (projections) for an asset, pp) service or product defect status, qq) service or product enhancement request/Request For Change reports. Provide System Documentation The system should support documentation for a specific N/A technology/capabilities. This includes system design, implementation and 3 user guides. Provide User Account Repository The system shall store user and administrator account information for the This is needed to control access to the management system management system. and to support addressing for notification messages/alerts. 2 Enterprise NetOps Planning Division ESTA-OSC I-ENPD 2133 Cushing St. Ft. Huachuca, AZ 85613-7070 Compliance.Team@conus.army.mil 10 12/5/2010 FUNCTIONAL REQUIREMENTS PRODUCT COMPLIANCE MET NOT-MET SUPPORTING DOCUMENTATION TO INCLUDE: PR PR FUNCTION SYSTEM DESCRIPTION JUSTIFICATION DESCRIPTION COMMENTS IO URL, NAME OF SOURCE DOCUMENT AND O RI √ √ PAGE NUMBER T TY Provide User Activity Log The system shall create and manage the User Activity (Audit) Log, recording This is required per Army Regulatory requirements and all user transactions, and changes to permissions on the system in provides a means to verify NetOps staff actions, conduct 1 accordance with AR 25-2. rollbacks, and conduct post-mortems/After-Action-Reviews (AAR) to improve NetOps procedures. Provide User Defined Display Filters The system shall enable administrators to define filtering criteria to view a This is needed to enable administrators to quickly view all subset of the available information. data based upon specific criteria, facilitating analyses, trouble- 2 shooting, work scheduling, etc. Provide User Defined Display Formats The system should allow users to create, add, modify, or delete display N/A 3 formats. Provide User Defined Report Format The system should allow for defined presentation formats to view available N/A information. It should enable the customization of the fields in a report template or system-provided default report. The system should provide report creation tools and support ability to customize reports. The system should 3 enable the user to define output report formats in XML, Hypertext Transfer Protocol (HTTP), ASCII, SQL, and JPEG. Provide User Log Data Repository The system shall store User Activity Log data collected for analyses by the This is needed to trace user logon activity and to meet management system. AR 25-1 and AR 25-2 requirements (punitive requirement). 1 Provide Web Accessible Display The system shall interact with devices via a web-based interface. The This is needed to support Army requirements to provide web functionality shall be equivalent to the capability provided by non-web based accessible interface. 2 user interfaces. Receive Events from Log Files (Passive) The system shall receive events from log files or logging systems. (Passive This is needed in order for the management platform to listening). This includes log files created by agents residing on managed client receive health, status, and security posture of managed 2 assets. systems in the LandWarNet. Receive Events in Standard Protocols The system shall receive events via industry standard protocols (Storage This is needed to reduce the amount of time spent integrating Management Initiative - Specifications, SNMP v2/3, common information products. 2 model, XML, User Datagram Protocol, etc.). Recover From Failover Operations The system shall recover from failover operations by returning to normal Needed to revert to normal operations after a failover has settings/operations/systems. been execute, thus ensuring that assets/services in the 2 LandWarNet remain operational. Report Inactive Administrator Accounts The system shall detect and report inactive administrator accounts. Inactive This is needed for enforcing secure access controls over the administrators are those who have not accessed a specific system for a NetOps systems used to secure, operate, and manage the predefined amount of time. Inactive administrators shall be flagged for LandWarNet and its supported Army and Business systems. administrative attention and possible action (i.e., account suspension, 2 deletion, etc.). The system shall provide alert and report mechanisms to system administrators to act on flagged files. Reset Administrator Account Parameters The system shall establish the capabilities expected from a Manager to reset This is to provide the ability to lock accounts and unlock Administrator Account/Group parameters of an application. A reset is the administrative accounts allowing for the securing of the 2 ability to lock or unlock, make active or disable, or change any of the settings LandWarNet. of an account. Schedule the Production of Reports The system should support the ability schedule the production of reports. N/A Scheduling will allow for monthly, daily, and hourly configuration such that 3 reports can be run automatically. Send Asset Inventory Data The system shall transmit asset and service resource inventory data to other Supports deploying/redeploying units and sites (under Base systems, to include those escalated for expedited action/implementation. Realignment and Closure (BRAC)) to the gaining theater, Note that the content of that inventory data may change significantly, Directorate of Information Management (DOIM) and/or unit depending upon the systems passing it (IT Asset Inventory information versus Signal element for planning/management. It also enables Radio Frequency Asset Inventory Information). Program Manager/Program Executive Office (PM/PEO) and 2 tactical units to provide locally-procured asset information to the Enterprise CMDB/SS to place them under long term management and configuration control. Send Capacity, Availability, and The system should transmit capacity and availability data to the CAP N/A 3 Performance Data Monitoring system. Send Incident/Problem Data The system shall transmit Incident and Problem data. The system shall, upon This is necessary for ensuring that assets in the LandWarNet triggering of operational or security related problems, send or transmit the data are operating optimally. 1 (time of event, IP address, category of event, etc.) needed to create a workflow record. Set Event Severity The system shall set severity of events based on predefined criteria. Criteria Provides a way for administrators to quickly identify those include event type, name, source, and category. events with high priority, reducing the amount of time needed 2 to resolve security/operational issues with assets. Enterprise NetOps Planning Division ESTA-OSC I-ENPD 2133 Cushing St. Ft. Huachuca, AZ 85613-7070 Compliance.Team@conus.army.mil 11 12/5/2010 FUNCTIONAL REQUIREMENTS PRODUCT COMPLIANCE MET NOT-MET SUPPORTING DOCUMENTATION TO INCLUDE: PR PR FUNCTION SYSTEM DESCRIPTION JUSTIFICATION DESCRIPTION COMMENTS IO URL, NAME OF SOURCE DOCUMENT AND O RI √ √ PAGE NUMBER T TY Support Multiple Concurrent Administrators The system shall support multiple administrators performing management This is needed to support the ability for multiple administrators operations concurrently. to perform operations concurrently reducing the Total Cost of 2 Ownership (TCO). Suspend Directory Index The system shall provide capability to suspend for a defined amount of time a This is needed to trouble shoot potential problems with LDAP/X.500 index. An index is a feature in a database that allows for quick directory indexes by temporarily removing indexes that may access to rows in a table. Indexes should be limited as too many will require be slowing access time. 2 resources that will slow the performance of the directory. Track Logon Attempts The system shall detect and log user logon attempts (successful or otherwise). This is needed for enforcing AR 25-1 and AR 25-2 security The system shall provide alerts/reports to system administrators to act on regulations and enforcing secure access controls over the multiple failed attempts. systems used to secure, operate, and manage the 1 LandWarNet and its supported Army and Business systems. It also supports post-mortems on IT outages/attacks. Verify Agent Account Data The system shall manage agents to verify user account data, to include which This is a core functionality of the Backup and Recovery permissions, assets, services, and applications the user is authorized to system and is needed by administrators to ensure proper activate/possess. User account data may be modified and pushed back to the usage of the system. 2 platform if necessary using the Manage Agent User Accounts system function. 10/28/2009 Enterprise NetOps Planning Division ESTA-OSC I-ENPD 2133 Cushing St. Ft. Huachuca, AZ 85613-7070 Compliance.Team@conus.army.mil 12 12/5/2010 NETCOM/9TH SIGNAL COMMAND (ARMY) LANDWARNET NETOPS ARCHITECTURE (LNA) COMPLIANCE CHECKLIST #2 LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL X.500 DIRECTORY PRODUCT COMPLIANCE INTERACTION WITH OTHER LNA CAPABILITIES TO BE COMPLETED BY VENDOR SUPPORTING DOCUMENTATION COMPLIANCE TO INCLUDE: URL, SOURCE DOCUMENT FROM TO DATA FLOW TEXT DESCRIPTION DATA ELEMENT DEFINITION YES/NO NAME AND PAGE NUMBERS DESCRIPTION COMMENTS Capacity, Availability, and Lightweight Directory Access Contains a request for data sent from the Capacity, Request for Data: This is a generic request for data from one NetOps Performance Monitoring System Protocol/x.500 Management Availability and Performance system to the Lightweight system to another. The type, content, format, and frequency of the data System Directory Access Protocol (LDAP)/x.500 Management requested and/or sent is dependant on the respective unique systems. System. Lightweight Directory Access Capacity, Availability, and Contains Capacity, Availability, and Performance (CAP) Availability Data: Data relative to which resources are ready for use. Protocol/x.500 Management Performance Monitoring System data sent from the LDAP/x.500 Management System to Capacity Data: Data regarding the resource utilization, user data System the CAP Monitoring System. consumption, and allocation of resources. Performance Data: Provides graphical representations of current and historic performance information and trend analysis of the servers in the enterprise. Lightweight Directory Access Configuration Management Contains events, inventory and configuration data sent Address: Address that this protocol end point represents, for example, Protocol/x.500 Management Database/Service Support from the LDAP/x.500 Management System to the 18.104.22.168 or FE:ED:FE:ED:00:11. The address format, such as Internet System Configuration Management Database/Service Support Protocol (IP), Internetwork Packet Exchange (IPX), or Ethernet, depends (CMDB/SS). on the Protocol Type value. It can be further refined in subclasses. Alerting Managed Element: Name of the alerting computer as known by the management system. Configuration: Contains all the information on how an asset (configuration item) is presently configured (e.g., parameter settings, ports and protocols enabled, filters set, version of Internet Operating System/firmware, etc.). Description: Textual description of the instance. Event Time: Date and time of the event or occurrence within the LandWarNet. Host Name: Contains alphanumeric data reflecting the name of LandWarNet Asset. Inventory: Contains the full descriptive inventory of managed assets - to include all known/discoverable metadata about the asset. Primary Capability: Main function of the computer system. Possible values are defined in the Capability List attribute: Not Dedicated (0, default), Unknown (1), Other (2), Storage (3), Router (4), Switch (5), Layer 3 Switch (6), Central Office Switch (7), Hub (8), Access Server (9), Firewall (10), Print (11), Input/Output (I/O) (12), Web Caching (13), Server (14), Management (15), Block Server (16), File Server (17), Mobile User Device (18), Repeater (19), Enterprise NetOps Planning Division ESTA-OSC I-ENPD 2133 Cushing St. Ft. Huachuca, AZ 85613-7070 Compliance.Team@conus.army.mil 13 12/5/2010 NETCOM/9TH SIGNAL COMMAND (ARMY) LANDWARNET NETOPS ARCHITECTURE (LNA) COMPLIANCE CHECKLIST #2 LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL X.500 DIRECTORY PRODUCT COMPLIANCE INTERACTION WITH OTHER LNA CAPABILITIES TO BE COMPLETED BY VENDOR SUPPORTING DOCUMENTATION COMPLIANCE TO INCLUDE: URL, SOURCE DOCUMENT FROM TO DATA FLOW TEXT DESCRIPTION DATA ELEMENT DEFINITION YES/NO NAME AND PAGE NUMBERS DESCRIPTION COMMENTS Bridge/Extender (20), Gateway (21), LoadBalancer (22), Mainframe (23), SANSwitch (24), SANHub (25), SANBridge (26), SANRouter (27), SANDirector (28), Redundant Array of Independent Disk (RAID) StorageDevice (29), TapeLibrary (30), and JBOD (31). Typically, this attribute is set to the first item in Capability List. For example, a server that has some firewall capabilities could have Primary Capability set to Server and Capability List set to Server, Firewall. A switch device would have both Capability List and Primary Capability set to Switch. Primary Operating System: Computer system's primary operating system. Submitter: Unique account identifier of the user that created the instance. This attribute is automatically populated and can be an actual individual or a system that auto-generated instance. System Type: Type of computer system. If the computer is Windows- based, this attribute must have a value. Values are: X86-based Personal Computer (PC) (0), Millions of Instructions Per Second (MIPS) -based PC (1), Alpha-based PC (2), Power PC (3), SH-x PC (4), StrongARM PC (5), 64-bit Intel PC (6), 64-bit Alpha PC (7), Unknown (8, default), and X86-Nec98 PC (9). Enterprise NetOps Planning Division ESTA-OSC I-ENPD 2133 Cushing St. Ft. Huachuca, AZ 85613-7070 Compliance.Team@conus.army.mil 14 12/5/2010 9th SIGNAL COMMAND (ARMY) LANDWARNET NETOPS ARCHITECTURE (LNA) LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL X.5000 D TO BE COMPLETED BY ARMY REQUIRING ACTIVITY ARMY PROPONENT VENDOR PRODUCT COMPLIANCE CHECKLIST SUBMITTED TO NETCOM ORGANIZATION: COMPANY NAME: NAME: DATE: VERSION: POINT OF CONTACT: POINT OF CONTACT: INTENDED USE OF TH PHONE: PHONE: E-MAIL: E-MAIL: TARGETED ECHELON(S) FOR IMPLEMENTATION OF THIS PRODUCT (Please Check Army Area Processing Center (APC): Army CIO G-6: Army Global Network Operations and Security Center (Army-GNOSC) TOC: Army Operations Center - Pentagon: Army Strategic Command (ARSTRAT): Battalion (II) S-6: Battalion Command Assistance Team (BCAT): Brigade (X) Combat Team (BCT): Brigade (X) Signal Company: Communications-Electronics Research Development & Engineering Center (CERDEC): Corps (XXX) G-6: Corps (XXX) Signal Company: Division (XXX) G-6: Division (XX) Signal Company: Installation, Garrison, Post, Camp, Station NEC (formally DOIM): NETCOM / 9th Signal Command (Army): Regional Computer Emergency Response Team (RCERT): Regional Hub Node: Theater Network Operations (NetOps) Center (TNC) - DISA: Theater Network Operations (NetOps) Control Center (TNCC): Theater Tactical Signal Brigade (TTSB): U.S. Army National Guard NOSC: Other (Please Identify): NOTE: a) Completed LNA Compliance Checklists and supporting documentation are to be e-mailed to the NETCOM 9th Signal Command, LNA Compliance Team at the following: .- - - - - - - - - - - - - - - -- - - - - - - - - - - - - - - - - - - - - - - b) These LNA Checklists and supporting documentation will be utilized by the LNA Compliance Team in their assessment of this NetOps products compliance to the Army LNA, prior to a CoN being granted by NETCOM/9th Signal Command NAL COMMAND (ARMY) T NETOPS ARCHITECTURE (LNA) Y ACCESS PROTOCOL X.5000 DIRECTORY TED BY ARMY REQUIRING ACTIVITY COMPLIANCE CHECKLIST SUBMITTED TO NETCOM DOES THIS PRODUCT (VERSION ) HAVE A CERTIFICATE OF NETWORTHINESS (CoN) YES: CoN DATE: DATE: NO: DATE REQUEST SUBMITTED: INTENDED USE OF THIS PRODUCT LEMENTATION OF THIS PRODUCT (Please Check ( √ ) Army Computer Emergency Response Team (ACERT) Tactical Operations Center (TOC): Army Service Component Commands: Battalion (II) Signal Company: Brigade (X) S-6: Development & Engineering Center (CERDEC): Company Signal Support: Department of the Army (DA): Expeditionary Signal Battalion (ESB) BATCON: ): NSC Operations Center (OC): Signal Command (Theater) HQ and CIO: Control Center (TNCC): Theater Network Operations and Security Center (TNOSC): U.S. Strategic Command (STRATCOM): t the following: .- - - - - - - - - - - - - - - -- - - - - - - - - - - - - - - - - - - - - - - email@example.com e to the Army LNA, prior to a CoN being granted by NETCOM/9th Signal Command.