Computer Template Power Oint by kzv94213

VIEWS: 18 PAGES: 17

Computer Template Power Oint document sample

More Info
									                                                                                                                                               NETCOM/9th SIGNAL COMMAND (ARMY)
                                                                                                                                         LANDWARNET NETOPS ARCHITECTURE (LNA)

                                                        ORGANIZATIONAL MESSAGING SERVICE (DMS-ARMY) MANAGEMENT
                                                                                                                                                     COMPLIANCE CHECKLIST #1
                                                                                                                                                                                                                                                                     Vendors Certification of Product Meeting LNA
                                                        PRODUCT
                                                                                                                                            CHECKLIST TO BE COMPLETED BY                                                                                         Name:
                                                                                                                                                                                                                                                                                     Requirements
                                                                                                                                                                                                                                                                                         Title:
Name:
                                                                                                                                                                                         VENDOR
Version:                                                                                                                                                                                                                                                         Signature:


                                                                          FUNCTIONAL REQUIREMENTS                                                                                                                                                                PRODUCT COMPLIANCE

                                                                                                                                                                                                                    MET                                                                  NOT-MET
                                                                                                                                                                                                                          SUPPORTING DOCUMENTATION TO INCLUDE:




                                                                                                                                                                                                         PR
                                                                                                                                                                                                          RI
              FUNCTION                                                SYSTEM DESCRIPTION                                                                 JUSTIFICATION                                                      URL, NAME OF SOURCE DOCUMENT AND             DESCRIPTION                COMMENTS




                                                                                                                                                                                                            O
                                                                                                                                                                                                            O
                                                                                                                                                                                                             R
                                                                                                                                                                                                             RI
                                                                                                                                                                                                                    √                                                                      √
                                                                                                                                                                                                                                       PAGE NUMBER




                                                                                                                                                                                                               TY
                                                                                                                                                                                                               T
Administer Local Directory System Agent         The system shall enable users to administer the Local Directory System               This is essential to enable the Defense Messaging System's
                                                Agent. This shall include the ability to add, change, delete and archive user        (DMS) encryption, message distribution, user authentication,
                                                and system certificates of authority and users' FORTEZZA information                 and message generation/prioritization control mechanisms to
                                                                                                                                                                                                            2
                                                entered directly to the local directory system. It shall also include pushing this   function.
                                                information to update the Global Directory System.

Assign Privileges to Administrative Groups      The system shall provide the ability to assign privileges (read, write, execute,     This is needed for administrators to quickly and securely add
                                                access to, restrictions from) to administrative groups. Administrative groups        and remove access permissions to management platforms.
                                                                                                                                                                                                            2
                                                are composed of administrative accounts used to manage the platform.

Configure Communication Resources               The system shall have configurable communication parameters. These                   This is needed to securely configure communication channels
                                                parameters can be set between component-to- management consoles,                     between agents and management platforms thus, ensuring
                                                manager-to-agent and manager-to-management consoles; client-to-server,               secure transfer of data between the two elements.
                                                                                                                                                                                                            1
                                                client-to-client, Virtual Private Network Device-to-remote user, and server-to-
                                                server components. This includes configuring ports, Internet Protocol (IP)
                                                address.
Configure Operational Data Collection           The system shall enable administrators to define the particulars of operational      This is required to ensure that asset statuses and other
                                                data collection and storage. These shall include the intervals of data               operational data are collected to operate and maintain the
                                                collection, the specific data to be collected (e.g., system operational status,      LandWarNet.                                                            2
                                                user actions/activities being performed, etc.), and the methods of collection.

Correlate Resource Use to Performance           The system should provide an administrator-controlled ability to correlate the       Not Applicable (N/A)
                                                assets and/or underpinning services used to determine/measure the
                                                                                                                                                                                                            3
                                                performance of a LandWarNet system or service.

Create Directory Attribute                      The system shall provide the ability to create and define custom types of            This is needed to customize the type of data that is stored in
                                                directory attributes.                                                                the directory. Without this functionality, the directory would
                                                                                                                                                                                                            2
                                                                                                                                     only be able to hold the default data types.

Create Directory Class                          The system shall provide the ability to create or add a class to an existing         This is needed to customize the groups of data that is stored
                                                Directory Schema. A directory class is a named group of attributes. When             in the directory. Without this functionality, the directory would
                                                                                                                                                                                                            2
                                                you want to assign attributes to an entry, you do so by assigning to that entry      only be able to hold the default data types.
                                                the object classes that hold those attributes.
Create Directory Index                          The system shall provide capability to create Lightweight Directory Access           This is needed to fine-tune the directory by adding indexes
                                                Protocol (LDAP)/X.500 indexes on a directory server. An index is a feature in        and reducing access/search times.
                                                a database that allows for quick access to rows in a table. Indexes should be                                                                               2
                                                limited as too many will require resources that will slow the performance of the
                                                directory.
Create Directory Partition                      The system shall provide the capability to create a LDAP/X.500 partition to an       This is needed in order to control the amount of data that will
                                                existing directory. A directory partition is a contiguous sub tree in the            be replicated from one server to another.                              2
                                                directory that forms a unit of replication.
Customize Diagnostic Routines                   The system should support local customization of the default diagnostic              Not Applicable (N/A)
                                                                                                                                                                                                            3
                                                routines.

          Enterprise NetOps Planning Division
          ESTA-OSC I-ENPD
          2133 Cushing St.
          Ft. Huachuca, AZ 85613-7070
          Compliance.Team@conus.army.mil                                                                                                                                                  1                                                                                                               1/11/2011
                                                                          FUNCTIONAL REQUIREMENTS                                                                                                                                                             PRODUCT COMPLIANCE

                                                                                                                                                                                                                 MET                                                               NOT-MET
                                                                                                                                                                                                                       SUPPORTING DOCUMENTATION TO INCLUDE:




                                                                                                                                                                                                      PR
                                                                                                                                                                                                       RI
               FUNCTION                                               SYSTEM DESCRIPTION                                                                 JUSTIFICATION                                                   URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                                                                                                                                         O
                                                                                                                                                                                                         O
                                                                                                                                                                                                          RI
                                                                                                                                                                                                          R
                                                                                                                                                                                                                 √                                                                   √
                                                                                                                                                                                                                                    PAGE NUMBER




                                                                                                                                                                                                            TY
                                                                                                                                                                                                            T
Customize Knowledge Base                        The system should enable administrators to customize its digital documents           N/A
                                                knowledge bases for its managed clients/agents/applications, and supported
                                                customers, organizations, or services. This enables administrators to add
                                                Army specific documents (approval to operate, tailored Standard Operating
                                                Procedure (SOP)/Tactics, Techniques, and Procedures (TTPs), Army-refined
                                                Frequently Asked Questions (FAQs), Intrusion Prevention System (IPS)                                                                                     3
                                                Policy/Behavior-Based Rule Implementation Instructions, Field Manuals
                                                (FMs)/Behavior-Based Rules, etc.) to standard Enterprise documents and
                                                links within the knowledge base.

Define Access Privileges                        The system shall enable designated administrators to define, and                     This is critical for securing LandWarNet resources and
                                                subsequently enforce access privileges for other administrators, users and           preventing unauthorized users from making changes that
                                                assets to the management platform its data and any managed assets.                   could lead to false alarms, failure of vital system functions,      2
                                                                                                                                     and corruption of data used to operate, manage and defend
                                                                                                                                     the LandWarNet.
Define Performance Thresholds                   The system should define performance thresholds for the managed                      N/A
                                                agents/systems/clients/applications. Performance is primarily tied to
                                                availability, throughput and response time. (e.g., transaction time, storage                                                                             3
                                                read write times, authentication processing time, update times, attacks
                                                blocked, attacks blocked by signature/behavior rule, etc.).
Delete Directory Attribute                      The system shall provide the ability to delete a X.500 attribute. Directory          This will enable administrators to remove old, corrupt, or
                                                attributes are pieces of information associated with directory classes.              incorrect data from the directory, which will help to reclaim
                                                                                                                                                                                                         2
                                                Example: a computer user would be specified as class and the user’s phone            directory space, ensure data integrity and reduce resources
                                                would be an attribute.                                                               needed to support the service.
Delete Directory Class                          The system should provide the ability to delete a class from an existing             This is needed to customize (remove) the groups of data that
                                                Directory Schema. A directory class is a named group of attributes. When             is stored in the directory. Without this functionality, there
                                                                                                                                                                                                         2
                                                you want to assign attributes to an entry, you do so by assigning to that entry      would be no way to remove legacy directory classes/data.
                                                the object classes that hold those attributes.
Delete Directory Index                          The system shall provide capability to delete a LDAP/X.500 index on a                This is needed to fine-tune the directory by removing indexes
                                                directory server. An index is a feature in a database that allows for quick          that maybe slowing access time.
                                                                                                                                                                                                         2
                                                access to rows in a table. Indexes should be limited as too many will require
                                                resources that will slow the performance of the directory
Detect and Report Login Credential              The system shall identify when users/administrators have changed, or                 This is needed to track user activity and identify those types
Changes                                         attempted to change, their login credentials (user name, password, domain)           of activities that may indicate unauthorized changes to             2
                                                and report this change.                                                              accounts.
Disable Directory Replication                   The system shall provide administrators the ability to disable the replication of    This is needed in order to perform maintenance or to identify
                                                an LDAP/X.500 directory when needed.                                                 potential problems with replication of the directory.               2

Display Change History                          The system shall display information regarding historical changes to the             This is needed to enable administrators to verify authorized
                                                system and its managed objects or applications.                                      changes and identify unauthorized changes to the
                                                                                                                                                                                                         1
                                                                                                                                     management system and any managed devices and
                                                                                                                                     applications.
Display Directory Partition                     The system should provide the capability to view LDAP/X.500 Partitions.              N/A
                                                                                                                                                                                                         3
Display Directory Replicas                      The system should provide the capability to display LDAP/X.500 replicas.             N/A
                                                                                                                                                                                                         3
Display Directory Schema                        The system should provide the ability to display attributes and classes within       N/A
                                                                                                                                                                                                         3
                                                the schema.
Display Events                                  The system shall display dynamic near-real-time events based on alarm                This is needed for the operation, maintenance, and defense
                                                severity, time, hierarchical importance, client groups, etc. The system shall        of the Global Information Grid (GIG) and LandWarNet.
                                                                                                                                                                                                         1
                                                support drill down capabilities to display the underlying events behind larger
                                                alarms/incidents.
Display Help                                    The system should provide the ability to view help files specific to the             N/A
                                                                                                                                                                                                         3
                                                application or management system.
Display Knowledge Base Information              The system should display requested information from a particular knowledge          N/A
                                                base, in response to administrator queries. It should support information
                                                retrieval and display from authorized (administratively-linked) external
                                                knowledge bases (e.g., a vendor maintained knowledge base). This                                                                                         3
                                                facilitates rapid trouble-shooting and insightful decision making, particularly by
                                                less experienced administrators.

Display Logging Information                     The system shall present logging information received from an asset or               Enables administrators to view activity logs to identify
                                                                                                                                                                                                         2
                                                agent/sensor.                                                                        unauthorized events per Army Regulation (AR) 25-2.

          Enterprise NetOps Planning Division
          ESTA-OSC I-ENPD
          2133 Cushing St.
          Ft. Huachuca, AZ 85613-7070
          Compliance.Team@conus.army.mil                                                                                                                                                 2                                                                                                       1/11/2011
                                                                         FUNCTIONAL REQUIREMENTS                                                                                                                                                            PRODUCT COMPLIANCE

                                                                                                                                                                                                               MET                                                               NOT-MET
                                                                                                                                                                                                                     SUPPORTING DOCUMENTATION TO INCLUDE:




                                                                                                                                                                                                    PR
                                                                                                                                                                                                     RI
              FUNCTION                                                SYSTEM DESCRIPTION                                                              JUSTIFICATION                                                    URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                                                                                                                                       O
                                                                                                                                                                                                       O
                                                                                                                                                                                                        R
                                                                                                                                                                                                        RI
                                                                                                                                                                                                               √                                                                   √
                                                                                                                                                                                                                                  PAGE NUMBER




                                                                                                                                                                                                          T
                                                                                                                                                                                                          TY
Display Monitored Data                          The system shall drill down and display information about displayed devices      This is essential for basic LandWarNet monitoring,
                                                and events. The information may include event/incidents/problems,                troubleshooting, and maintenance - particularly at Theater
                                                operational activities, system transactions and/or Capacity, Availability,       Network Operation and Security Centers (TNOSC), where                 1
                                                Performance (CAP) data.                                                          remote access to fault sources will be critical for security and
                                                                                                                                 rapid repair/problem prevention.
Display Results of Diagnostics                  The system shall present results of diagnostic routines executed on a network This is needed to facilitate trouble shooting.
                                                                                                                                                                                                       2
                                                device.
Encrypt Data Exchanges                          The system shall provide secure (encrypted) data exchange between a              Secures NetOps management data used to control
                                                manager and clients. Certain types of data being exchanged require               management platforms on the LandWarNet.
                                                encryption (e.g., logon credentials). The system shall provide the capability to
                                                encrypt data transferred between the system and assets using Secure Socket                                                                             1
                                                Layer (SSL) and Transport Layer Security (TLS) that is Federal Information
                                                Processing Standards (FIPS) Publication 140-2 compliant.

Execute Diagnostic Routines                     The system shall enable the user to execute the available diagnostic routines. This is needed for administrators to remotely execute routines
                                                                                                                               that will help with the diagnosis of problems with the system.          2

Identify Directory Replication Issues           The system shall identify, notify the administrator, and log the event for        This is needed to identify and subsequently repair problems
                                                                                                                                                                                                       2
                                                problems with replication of a Directory.                                         with directory replication.
Identify Resource Consumption Based on          The system should identify resource consumption based upon a specific             N/A
Applications                                    Application. It should specify (disk/Random Access Memory
                                                (RAM)/bandwidth/Central Processing Unit (CPU)) capacity and/or any
                                                underpinning/supporting assets used by an specific application (asset), or
                                                group of applications, to provide a service or underpinning IT support. It                                                                             3
                                                should enable the administrator to select one or more applications to
                                                collect/determine this resource consumption information.

Identify Resource Consumption Based on          The system should identify resource consumption based upon specific           N/A
Systems                                         systems/assets. It should specify (disk/RAM/bandwidth/CPU) capacity and/or
                                                any underpinning/supporting assets used by an specific system/device
                                                (asset), or group of systems/devices, to provide a service or underpinning IT                                                                          3
                                                support. It should enable the administrator to select one or more
                                                systems/devices to collect/determine this resource consumption information.

Identify Resource Consumption Based On          The system should provide the ability to identify resource consumption based      N/A
Users And Groups                                on predefined user groups/roles. It should specify disk/RAM/bandwidth
                                                capacity and/or any underpinning/supporting assets used by an specific user,
                                                or group of users (roles/organizations). It should enable the administrator to                                                                         3
                                                select one or more users or user groups to collect/determine this resource
                                                consumption information.

Identify Trends Based On Historical Metrics The system should support the ability to identify trends based on historical          N/A
                                                                                                                                                                                                       3
                                            metrics.
Improve Performance                         The system shall enable the administrator to adjust application and system            Needed to ensure assets in the LandWarNet are operating at
                                            settings so as to improve performance on the managed assets. Adjusted                 an optimal level, thus meeting defined service levels.
                                                                                                                                                                                                       2
                                            settings include; cache, virtual memory, hard memory limits, and dynamic
                                            limits for replicas.
Initiate Failover                           The system shall be able to initiate failover of its managed assets based on          Needed to ensure assets/systems/services in the
                                            administratively set threshold criteria and redundant configurations.                 LandWarNet will continue to operate.                                 2

Manage Administrator Accounts                   The system shall provide the ability to manage (add, modify, verify, delete)      This is needed to ensure that access to management
                                                accounts that are used to administrate the system. This also includes the         systems is controlled and secure.                                    2
                                                ability add and remove users from groups.
Manage Agent/ Client Configuration              The system shall manage agent/client related configuration settings. To           This is needed to be able to manage any LandWarNet asset.
Settings                                        include 'auto-install' new definitions, files to exclude, reporting criteria,                                                                          2
                                                reporting times, etc.
Manage Application Configuration Settings       The system shall manage application related configuration settings.               This is essential to ensure Army Gold Master and other
                                                                                                                                  common Enterprise Applications have implemented secure
                                                                                                                                                                                                       2
                                                                                                                                  configuration settings as part of the LandWarNet Defense In
                                                                                                                                  Depth (DID) effort.




          Enterprise NetOps Planning Division
          ESTA-OSC I-ENPD
          2133 Cushing St.
          Ft. Huachuca, AZ 85613-7070
          Compliance.Team@conus.army.mil                                                                                                                                              3                                                                                                        1/11/2011
                                                                          FUNCTIONAL REQUIREMENTS                                                                                                                                                                PRODUCT COMPLIANCE

                                                                                                                                                                                                                    MET                                                               NOT-MET
                                                                                                                                                                                                                          SUPPORTING DOCUMENTATION TO INCLUDE:




                                                                                                                                                                                                         PR
                                                                                                                                                                                                          RI
              FUNCTION                                                SYSTEM DESCRIPTION                                                                 JUSTIFICATION                                                      URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                                                                                                                                            O
                                                                                                                                                                                                            O
                                                                                                                                                                                                             R
                                                                                                                                                                                                             RI
                                                                                                                                                                                                                    √                                                                   √
                                                                                                                                                                                                                                       PAGE NUMBER




                                                                                                                                                                                                               TY
                                                                                                                                                                                                               T
Manage Component Grouping                       The system shall allow administrators to define groups of assets. Groups             This is needed to enable the administrators to perform
                                                may be created using different characteristics, including hierarchical,              common operations upon them (loading patches, signatures,
                                                organizational, geographical, or functional (e.g., Email Servers). Also, the         profiles, access control list, etc.) - speeding implementation of
                                                                                                                                                                                                            2
                                                system shall enable administrators to assign specific assets/components to           security measures during an attack, reducing the chances of
                                                defined groups.                                                                      error, and reducing overall administrator workloads.

Manage Configuration Profiles                   The system shall manage (create, modify, archive and delete) sets of                 This speeds asset configuration (during installation/updates),
                                                configuration profiles for specific classes of devices, agent/clients, and           reduces administrator burdens, and reduces human error by
                                                applications. A configuration profile contains all the configuration information     establishing standard configuration sets to apply for specific
                                                about a specific asset. It shall support both the current configuration profile of   assets. It also provides a means to assess compliance to an
                                                a managed asset as well as a baseline configuration profile.                         approved Enterprise configuration standard for common                  2
                                                                                                                                     systems/devices (e.g., an Active Directory (AD) server should
                                                                                                                                     have specific agents, signatures and profiles loaded at any
                                                                                                                                     given time).

Manage Diagnostic Routines                      The system should enable administrators to create, copy, and delete                  N/A
                                                tailored/unique diagnostic routines for the management system and any                                                                                       3
                                                managed devices, agents or applications.
Manage Environment Specific Event               The system shall enable administrators to create, copy, modify, archive and          This allows administrators to refine automated responses by
Actions                                         delete Event Response/Operations rules for environment specific (local)              the manager to address unique/Army mission and
                                                events or administratively defined filters. It shall allow them to create/modify     environment/infrastructure needs and constraints. A pick list
                                                names for each rule, select pre-defined standard/ custom filters, and specify        enables administrators to predefine rules to support
                                                the pre-defined responses/operations the management system shall take                conditions anticipated when an Operations Plan
                                                when the criteria are met. The system's automated response options shall             (OPLAN)/Concept of Operations Plan (CONPLAN) is
                                                support audible alarms, visual alarms, administrator defined text messaging          executed, or major event/policy (e.g., Brigade Combat Team
                                                (e.g., email/pager alerts), normalization of externally generated events,            exercise or Information Operations policy) occurs. Pre-
                                                correlation/consolidation of redundant/associated events, setting event              configured automated responses helps prevent both
                                                classification/priority data, and execution of other operations using                administrators and the system from becoming overwhelmed -              2
                                                administratively defined variable entries. It shall permit an administrator to       while speeding remedial actions.
                                                create a rule set of related rules. It shall enable administrators define
                                                rules/criteria used to match specific data fields and the data entry that results
                                                from the match. It should enable them to provide a named set of these
                                                combination rules. The system shall enable administrators to manage a pick
                                                list of these
                                                rules/rules sets for latter execution by administrators and authorized
                                                users.

Manage Failover Configuration Settings          The system shall enable the administrator to define failover criteria and            This is vital for the reliability, survivability and speedy
                                                required configuration settings.                                                     recovery of the LandWarNet following an critical                       2
                                                                                                                                     asset/applications' failure, destruction, or removal.
Manage Groups                                   The system shall manage (create, modify, delete) User Groups, with user              The system is critical to the operations and security of this
                                                roles and privileges. It shall support User Group creation, data                     NetOps system and the LandWarNet. User accounts and
                                                entry/modification, and deletion by authorized system users. This includes           their associated User Group(s) will be used throughout the
                                                the ability to remove multiple groups/super groups (groups that contain other        Enterprise to control privilege-based access to various
                                                groups) within a single action.                                                      resources/assets and services, track trouble calls/service             1
                                                                                                                                     requests, provide alerts/notifications, and to maintain
                                                                                                                                     audit/transaction logs (In Accordance With (IAW) AR 25-1
                                                                                                                                     and AR 25-2).
Merge Directory Partition                       The system shall provide the capability to merge two partitions on a single          This is needed in order to move information from one
                                                directory server. A partition is a contiguous sub tree of the directory that         directory to another.                                                  2
                                                forms a unit of replication.
Monitor Availability                            The system shall monitor for the availability of a specific service. Availability    This is the data used to determine if service meets the
                                                is the ability of an IT service or component to perform its required function at     Service Level Management.                                              2
                                                a stated instant or over a stated period of time.
Monitor Capacity                                The system shall monitor current component capacity data against specified       Monitoring of capacity provides a proactive way to identify the
                                                thresholds (e.g., from the LandWarNet Service Catalog).                          need for expansion of the system prior to failure of any of the
                                                                                                                                                                                                            2
                                                                                                                                 components, thus ensuring the continuity of the overall
                                                                                                                                 service.
Monitor Email Server Health                     The system shall monitor the health of the server. It includes the monitoring of This ensures that the basic components of the email service
                                                server availability, event logs, mail flow status, mail queues, active           are operational.                                                           2
                                                connections, and undelivered messages.
Monitor Email Usage                             The system should provide the ability to monitor the overall use of the email    N/A
                                                                                                                                                                                                            3
                                                service. This can be done based on users, folders or groups.

          Enterprise NetOps Planning Division
          ESTA-OSC I-ENPD
          2133 Cushing St.
          Ft. Huachuca, AZ 85613-7070
          Compliance.Team@conus.army.mil                                                                                                                                                 4                                                                                                          1/11/2011
                                                                          FUNCTIONAL REQUIREMENTS                                                                                                                                                                PRODUCT COMPLIANCE

                                                                                                                                                                                                                    MET                                                               NOT-MET
                                                                                                                                                                                                                          SUPPORTING DOCUMENTATION TO INCLUDE:




                                                                                                                                                                                                         PR
                                                                                                                                                                                                          RI
              FUNCTION                                                SYSTEM DESCRIPTION                                                                 JUSTIFICATION                                                      URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                                                                                                                                            O
                                                                                                                                                                                                            O
                                                                                                                                                                                                             RI
                                                                                                                                                                                                             R
                                                                                                                                                                                                                    √                                                                   √
                                                                                                                                                                                                                                       PAGE NUMBER




                                                                                                                                                                                                               TY
                                                                                                                                                                                                               T
Monitor Internet Protocol Services              The system shall monitor the status and health of service based IP to include; This is essential to ensure communications that rely on these
                                                LDAP, Network News Transfer Protocol, Simple Mail Transfer Protocol, Point services can occur across the LandWarNet.
                                                                                                                                                                                                            2
                                                of Presence, Internet Message Access Protocol, and Digital Audio-Video.

Monitor Inter-site Message Traffic              The system shall provide the ability to monitor the traffic between computer         This is needed to ensure the proper flow of email through the
                                                systems that have been configured as part of a site. Sites provide for               LandWarNet.
                                                groupings of servers within a topology. There are benefits to have sites within
                                                                                                                                                                                                            2
                                                email to include the reduction of replication and reduced bandwidth
                                                consumption. Messages sent between servers in a site are not sent outside
                                                the site thus reducing replication.
Monitor Performance                             The system shall monitor current component performance data against                  Monitoring of performance provides a proactive way to
                                                specified thresholds (e.g., from the LandWarNet Service Catalog).                    identify the need for expansion of the system prior to failure of
                                                                                                                                                                                                            2
                                                                                                                                     any of the components, thus ensuring the continuity of the
                                                                                                                                     overall service.
Monitor Schema Synchronization                  The system shall provide a capability to monitor schema synchronization.             This prevents conflicting versions of directory schemas that
                                                The schema is a set of rules that defines how the data can be stored in the          can lead to conflict of data, and possibly inoperability of the        2
                                                directory.                                                                           system.
Monitor Server Clusters                         The system shall monitor servers that are clustered and represent a single           This is needed to monitor the health and security of server
                                                server. This includes the following:                                                 clusters within the LandWarNet and thus ensuring the
                                                     a)    Fail cluster to another node                                              continuity of services provided.
                                                     b)    Take server cluster off line
                                                     c)    Bring server cluster on line                                                                                                                     2
                                                     d)    Start server cluster
                                                     e)    Stop server cluster
                                                     f)     Move server cluster
                                                     g)    View cluster properties.
Monitor Subsystem Performance                   The system shall provide monitoring of subsystem components of email                 This ensures that the basic components of the email service
                                                systems. This includes but is not limited to Name Service provider, Email            are operational.
                                                                                                                                                                                                            2
                                                store drivers, information store, address lists, Object Linking and
                                                Embedding/Database events, database kernel, IP servers.
Monitor Total External Message Traffic          The system shall provide the ability to monitor traffic that is routing to or        Monitoring of this traffic often reveal unexpected increases or
                                                coming from outside of the LandWarNet enterprise. This may be traffic to             decreases of traffic that may be due to other operational
                                                another Department of Defense (DoD) service (Marines, Air Force, etc.) or a          issues (configuration issues, System having been hacked,               2
                                                commercial site (Microsoft, AOL, etc.).                                              distributed denial of service attacks, etc.).

Monitor Total Intra-site Message Traffic        The system shall provide the ability to monitor the total intra-site message         This is needed to ensure the proper flow of email through the
                                                traffic to determine operational status and isolate operational irregularities       LandWarNet from one Army unit to the next - to include those
                                                                                                                                                                                                            2
                                                (e.g. abnormally low or high message flows) relating to the replication of traffic   within a single post.
                                                within a site.
Move Directory Index                            The system shall provide capability to move a predefined index configuration         This is needed to fine replicate the tuning of one directory
                                                from one directory server to another. An index is a feature in a database that       server to another.
                                                allows for quick access to rows in a table. Indexes should be limited as too                                                                                2
                                                many will require resources that will slow the performance of the directory.

Move Directory Partition                        The system shall provide the capability to move a partition on a directory           This is needed in order to decommission systems/services or
                                                server. A directory partition is a contiguous sub tree in the directory that         to increase response time of the system.                               2
                                                forms a unit of replication.
Perform Local Authentication                    The system shall authenticate users, administrators, and assets from data     This is needed for the authentication of users to access and
                                                stored locally within the management application or device.                   resources on the LandWarNet and is required by AR 25-1,                       1
                                                                                                                              and AR 25-2.
Perform Operations on Multiple Assets           The system shall permit administrators to interact with multiple managed      This is needed to save the administrators considerable time,
                                                assets on a single screen. It allows them to select and perform operations on enable central management and maintenance of large
                                                individual assets, and groups of assets (Hardware, Software, Agents), from    network - enhancing overall reliability and security.
                                                administratively defined (pick) lists of available assets/asset groups and                                                                                  2
                                                operations. The system shall enable the administrator to define and save
                                                groups of assets for future pick list displays (to perform future operations
                                                upon).
Perform Remote Authentication                   The system shall authenticate users, administrators, and assets from a        This is the core function for the authentication of users to
                                                remote authentication service on the network.                                 access and resources on the LandWarNet and is required by                     1
                                                                                                                              AR 25-1, and AR 25-2.




          Enterprise NetOps Planning Division
          ESTA-OSC I-ENPD
          2133 Cushing St.
          Ft. Huachuca, AZ 85613-7070
          Compliance.Team@conus.army.mil                                                                                                                                                 5                                                                                                          1/11/2011
                                                                        FUNCTIONAL REQUIREMENTS                                                                                                                                                           PRODUCT COMPLIANCE

                                                                                                                                                                                                             MET                                                               NOT-MET
                                                                                                                                                                                                                   SUPPORTING DOCUMENTATION TO INCLUDE:




                                                                                                                                                                                                  PR
                                                                                                                                                                                                   RI
              FUNCTION                                              SYSTEM DESCRIPTION                                                             JUSTIFICATION                                                     URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                                                                                                                                     O
                                                                                                                                                                                                     O
                                                                                                                                                                                                      RI
                                                                                                                                                                                                      R
                                                                                                                                                                                                             √                                                                   √
                                                                                                                                                                                                                                PAGE NUMBER




                                                                                                                                                                                                        T
                                                                                                                                                                                                        TY
Predict Performance Impact                   The system should predict performance impact of an administratively defined        N/A
                                             increase in application use. This can be done based on calculation or                                                                                   3
                                             modeling.
Process Requests for Capacity, Availability, The system shall process Requests For Data (polls) from the CAP Monitoring         This is needed to enable overarching NetOps management
and Performance Monitoring Data              system. The system shall determine the required information/data,                  systems to function; it directly feeds the IT Metrics Program's
                                             retrieve/collect it and forward it to the CAP Monitoring system.                   data collection, which in turn provides required reports to          1
                                                                                                                                meet provisions within the Clinger-Cohen Act.

Provide Administrator Audit Log                The system shall provide administrator audit log information, to include the     This is required in accordance with Department of Defense
                                               administrator's identification, time stamp, the specific activity/transaction    Instruction (DoDI) 8500.2, AR 25-1 and AR 25-2.
                                               performed, changes in permissions, and any other specified data of interest                                                                           2
                                               related to administrator transactions on the system.

Provide Availability Data Repository           The system should store availability data collected and analyzed by the          This data enables managers to monitor services, discern
                                               management system. Availability data may include average/maximum time in         bottlenecks and initiate pre-emptive
                                               service as scheduled, task/job response times, incident/problem resolution       reallocations/maintenance actions prior to service outages
                                                                                                                                                                                                     2
                                               times, maximum/mean times between failures, time in scheduled                    and significant disruptions to the LandWarNet.
                                               maintenance, time support/service is lost while an asset is back-ordered, etc.

Provide Capacity Data Repository               The system should store capacity data collected and analyzed by the              N/A
                                               management system. Capacity data may include used/remaining storage
                                               capacity (for disk drives, logical unit number, tape, drive pools, etc.),
                                                                                                                                                                                                     3
                                               processing/CPU capacity, the average/maximum number of
                                               files/applications/users and asset/service supports, transmission
                                               rate/bandwidth data, etc.
Provide Capacity, Availability and             The system should provide reports on CAP data.                                   N/A
                                                                                                                                                                                                     3
Performance Data Report
Provide Capacity, Availability, and       The system should integrate with the CAP Monitoring System. This is needed            N/A
Performance Monitoring System Integration in order for the CAP Monitoring System to receive data that it can then                                                                                    3
                                          analyze.
Provide Command Line Interface            The system shall use a Command Line Interface (CLI) for system or account             This is needed to enable administrators to execute changes
                                          administration locally and remotely.                                                  on large groups of configuration items via a single command.         2

Provide Command Line Interface and             The system should provide security mechanisms for CLI and Application           N/A
Application Program Interface Security         Program Interface access to the system. The system should enforce security
                                               for command line input that is functionally identical to Graphical User
                                                                                                                                                                                                     3
                                               Interface (GUI) access restrictions and controls; security for Advanced
                                               Programming Interfaces that are functionally identical to GUI access
                                               restrictions and controls.
Provide Communication Ports Security           The system shall provide the capability to designate a limited set of ports for This is necessary to configure management platforms to
                                               communication between management platforms and managed components.              communicate across routers and switches (considering port
                                                                                                                                                                                                     1
                                                                                                                               restrictions that may be applied to network devices) within the
                                                                                                                               LandWarNet.
Provide Configuration Management Data          This system shall integrate with an external CMDB/SS system; which includes This is required to provide critical NetOps inventory and
Base/Service Support Integration               components such as: Service Desk, Incident Management, Problem                  configuration item data, health/welfare status
                                               Management, Change Management, Configuration Management, Asset                  information/events, and other administrative information
                                                                                                                                                                                                     1
                                               Management, Project Management, etc. This includes enabling the user to         necessary to monitor and manage the health, welfare, and
                                               access the manual workflow report (Trouble Ticket) features of the CMDB/SS. operational status of the LandWarNet.

Provide Configuration Profile Repository       The system should store information about configuration profiles used to        N/A
                                               manage asset configurations. [Configuration profiles are a named set of
                                               configuration settings, approved protocols/services and other operational files
                                               associated to a specific class/category of IT asset and/or users. For example,
                                               an administrative assistant's baseline profile software is Office XP and
                                               Outlook, an engineer's baseline profile contains Visio and Project, and an AD                                                                         3
                                               Server's baseline profile will contain the appropriate Tivoli/SMS agent, AD
                                               version, Microsoft Server 2003, and Host Based Security System
                                               (HBSS)/Host Intrusion Prevention System (HIPS) agent information.] It
                                               should store new/staged, current, and multiple historical versions of these
                                               profiles.
Provide Data Compression and                   The system should provide multiple types of data compression and                N/A
                                                                                                                                                                                                     3
Decompression                                  decompression for a specific job or groups of jobs.


         Enterprise NetOps Planning Division
         ESTA-OSC I-ENPD
         2133 Cushing St.
         Ft. Huachuca, AZ 85613-7070
         Compliance.Team@conus.army.mil                                                                                                                                            6                                                                                                         1/11/2011
                                                                         FUNCTIONAL REQUIREMENTS                                                                                                                                                              PRODUCT COMPLIANCE

                                                                                                                                                                                                                 MET                                                               NOT-MET
                                                                                                                                                                                                                       SUPPORTING DOCUMENTATION TO INCLUDE:




                                                                                                                                                                                                      PR
                                                                                                                                                                                                       RI
              FUNCTION                                                SYSTEM DESCRIPTION                                                               JUSTIFICATION                                                     URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                                                                                                                                         O
                                                                                                                                                                                                         O
                                                                                                                                                                                                          RI
                                                                                                                                                                                                          R
                                                                                                                                                                                                                 √                                                                   √
                                                                                                                                                                                                                                    PAGE NUMBER




                                                                                                                                                                                                            T
                                                                                                                                                                                                            TY
Provide Defineable Report Filters               The system should provide filters that can be created and modified. Filters        N/A
                                                provide a way to produce reports that provide data on a specific attribute(s).                                                                           3

Provide Device and Media Configuration          The system shall store all configuration information about devices and media       This is needed to maintain and defend LandWarNet systems
Information Repository                          that is generated by the management system or its sub-systems/agents, to           via their configurations. It supports restoring and
                                                include any unique communications/encryption settings. This also includes          reconstitution of vital assets and applications.                      2
                                                new/staged, current, and multiple copies of historical configuration data.

Provide Diagnostic Routines                     The system shall provide diagnostic routines. Diagnostic routines enable           This is essential for the rapid trouble shooting and
                                                administrators to execute an action or set of actions intended to reveal           maintenance of assets.                                                2
                                                operational failures.
Provide Directory Data Integrity                The system shall ensure data integrity. Data integrity provides assurance that     This is needed to ensure the stability and integrity of the data
                                                the directory information has not been corrupted.                                  being stored in the directory, which is used to store identity,
                                                                                                                                                                                                         1
                                                                                                                                   configuration, and other information about assets and users
                                                                                                                                   on the LandWarNet.
Provide Directory Schema Management             The system shall provide LDAP/X.500 Schema management (add, delete,                This is needed to add and remove objects in the directory.
                                                modify). The schema is the data model that describes the directory structure,
                                                                                                                                                                                                         2
                                                and defines all the objects to be stored in the database.

Provide Email Management Trend Analysis The system should provide Email-related prediction capabilities. Prediction                N/A
                                        uses historical service usage data and predicts future changes in terms of
                                                                                                                                                                                                         3
                                        service utilization. This information can then be used to expand systems prior
                                        to an increase in utilization.
Provide Event Log Reports               The system shall produce reports containing event and associated user                      This is needed to meet AR requirements for reporting on
                                                                                                                                                                                                         2
                                        activity logs.                                                                             potential security breeches.
Provide Failover Monitoring             The system shall monitor infrastructure operations to determine when failover              This is vital for the reliability, survivability, and speedy
                                        criteria have been met.                                                                    recovery of the LandWarNet following a critical                       2
                                                                                                                                   asset/applications' failure, destruction, or removal.
Provide Frequently Asked Questions              The system should support a FAQs capability, providing searchable, quick           N/A
Feature                                         solutions for common problems for both administrators and customers/users.                                                                               3

Provide Graphical Interface                     The system shall provide a GUI enabling users and/or administrators to             This is needed to simplify the use of the management system.
                                                access and operate the system from their terminal or via a web-accessible
                                                Interface. The system functionality should be the same whether the operator                                                                              2
                                                accesses the system via the terminal or at the server/system's native
                                                interface.
Provide Help Feature                            The system should provide help functionality. This can be an on-line               N/A
                                                functionality or provided locally on the platform. It should provide a search                                                                            3
                                                and index capability.
Provide Import Digital Documents For            The system should import vendor supplied Digital Documentation Knowledge           N/A
                                                                                                                                                                                                         3
Knowledge Bases                                 Base information.
Provide Internal Events Repository              The system shall provide timely storage for internally generated system            This data is essential for the basic operation and
                                                log/transaction events (events/logs addressing the NetOps system's health          maintenance of this system, which is used to operate,
                                                and operational status). It shall record all reported event information, with      maintain, and defend IT assets and services within the
                                                time-stamp data, as textual data in a database. It shall support queries of this   LandWarNet. The ability to query its data is essential for            2
                                                data. It shall capture and store all agent/sensor reported events/logs and all     detailed analyses, which support NetOps procedures, training,
                                                operational logs (e.g., Sys-logs) polled from specific managed assets.             staffing, and infrastructure decisions.

Provide Knowledge Base                          The system should provide a knowledge base. Knowledge bases are                    N/A
                                                searchable (via queries) repository of information about a specific topic or
                                                product. The knowledge base should contain at a minimum; FAQs, trouble-                                                                                  3
                                                shooting wizards, Uniform Resource Locators (URL) for additional
                                                help/information.
Provide Knowledge Base Repository               The system should store NetOps Knowledge Base information. This includes           This is essential for the basic operation of the NetOps
                                                all information stored in the Knowledge Base used primarily by administrators      Systems Knowledge Base management capabilities.
                                                                                                                                                                                                         3
                                                in the operations and maintenance of systems and services.

Provide Lightweight Directory Access            The system should monitor the partitions of a LDAP/X.500 directory.                N/A
Protocol/X.500 Partition Monitoring             Partitions are contiguous sub trees of the directory that form a unit of
                                                                                                                                                                                                         3
                                                replication and occupy a specific space on a drive. The amount of space
                                                available for that partition must be monitored for space usage.
Provide Lightweight Directory Access            The system shall provide monitoring of the different Li\DAP processes.             This enables the quick identification of service failure thus
                                                                                                                                                                                                         2
Protocol/X.500 Process Monitoring                                                                                                  reducing downtime of the directory.

          Enterprise NetOps Planning Division
          ESTA-OSC I-ENPD
          2133 Cushing St.
          Ft. Huachuca, AZ 85613-7070
          Compliance.Team@conus.army.mil                                                                                                                                                  7                                                                                                      1/11/2011
                                                                        FUNCTIONAL REQUIREMENTS                                                                                                                                                                PRODUCT COMPLIANCE

                                                                                                                                                                                                                  MET                                                               NOT-MET
                                                                                                                                                                                                                        SUPPORTING DOCUMENTATION TO INCLUDE:




                                                                                                                                                                                                       PR
                                                                                                                                                                                                        RI
             FUNCTION                                                SYSTEM DESCRIPTION                                                                JUSTIFICATION                                                      URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                                                                                                                                          O
                                                                                                                                                                                                          O
                                                                                                                                                                                                           RI
                                                                                                                                                                                                           R
                                                                                                                                                                                                                  √                                                                   √
                                                                                                                                                                                                                                     PAGE NUMBER




                                                                                                                                                                                                             T
                                                                                                                                                                                                             TY
Provide Multiple Component Access              The system shall control the administrator's ability to only perform operations     This is needed to enable automated administrative access
Controls                                       to those assets/asset groups they are authorized to manage.                         controls - enhancing overall reliability and security.                 2

Provide Operational Reports                    The system shall provide operational NetOps reports, to include those on            This is needed to allow the element manager to combine and
                                               component and aggregated asset/system utilization (or usage); failed                summarize device/storage information, Job Status, Job
                                                                                                                                                                                                          2
                                               components/assets; configuration settings for all/designated                        Volume, Device Utilization, media verification, job failures, job
                                               components/assets; and asset/device/storage information.                            schedules, report alerts.
Provide Operational Status Repository          The system shall store the operational status of all managed assets. [This          Knowing the health/operational status of managed assets is a
                                               asset/service health and status data is received by or generated within the         core NetOps function and essential to operate, maintain and            1
                                               management system, based upon events/other reports.]                                defend the LandWarNet.
Provide Performance Data Repository            The system should store Performance data collected and analyzed by the              This is needed to enable managers to monitor services,
                                               management system. Performance data may include average/maximum                     discern bottlenecks and initiate pre-emptive
                                               transaction times (e.g., raw/average/maximum time required for network              reallocations/maintenance actions prior to service outages
                                               transmissions, storage read/writes, authentications, processing, etc.), security    and significant disruptions to the LandWarNet.
                                               event metrics (number of attacks detected/prevented, number of pre-emptive
                                               security-related work flow records, number of reactive security-related work                                                                               2
                                               flow request), customer satisfaction statistics, the mean time between service
                                               calls for a service, and accuracy metrics (e.g., Jitter, Bit-Error-Rates, Trouble
                                               Ticket re-openings, etc.).

Provide Performance Groupings                  The system should provide the ability to group users, systems and                   N/A
                                                                                                                                                                                                          3
                                               applications against which performance measurements can be applied.
Provide Performance Tracking                   The system should provide tracking for long term performance trends of              N/A
                                                                                                                                                                                                          3
                                               assets.
Provide Predefined Display Formats             The system shall display predefined formats/displays to make the system             This is needed for basic operation of the system out of the
                                                                                                                                                                                                          2
                                               usable immediately after the initial installation.                                  box, reducing configuration and implementation time.
Provide Predefined Reporting Filters           The system should display filters to reduce displayed data based on                 N/A
                                               relevancy and provide predefined display filters to support analysis of                                                                                    3
                                               reported data.
Provide Public Key Infrastructure/X.500        Public Key Infrastructure (PKI) provides a method for secure communications         This is necessary for the authentication of users to the AD
Management                                     over networks. The Department of Defense (DoD) PKI is not an application            environment.
                                               that is contained by AD. It is its own infrastructure, which can function on top
                                               of AD environment. The DoD PKI is its own infrastructure separate from AD,
                                               but from an operational standpoint, AD does store the X.509 certificates used                                                                              1
                                               in DoD PKI within the Directory Service. This will require maintenance of the
                                               certificates within the directory.

Provide Remote Administration                  The system shall provide secure, IP-based remote administration of the              This is required to secure the LandWarNet and operate large
                                                                                                                                                                                                          2
                                               manager and its managed assets.                                                     networks.
Provide Security Event Repository              The system shall provide timely storage for security event information relating     This data is essential for the basic operation of this system's
                                               to the management console and any managed assets/services. This includes            management console, which is used to defend the
                                               expired passwords, user lockouts, numerous faulty log on attempts,                  LandWarNet. The ability to query its data is essential for
                                               transaction logs of changes to system permissions, unauthorized transactions        forensic analyses on computer network attacks and others
                                               (e.g., user/administrator access escalations), and similar alarms/alerts. It        security incidents.                                                    2
                                               shall record all reported event information, with time-stamp data, as textual
                                               data in a database. It shall support queries. It shall capture and store all
                                               managed agents/sensors reported security events/logs.

Provide Single Component Access                The system shall enable administrators to interact with a single monitored          This is needed to facilitate defensive actions, maintenance,
                                               asset or service on a single screen. This includes enabling them to view and        and operational management of core components and
                                                                                                                                                                                                          2
                                               manipulate the asset/service's status, type, capacity, utilization, allocation,     services underpinning the entire LandWarNet.
                                               and location.
Provide Software Repository                    The system shall provide a repository for storage of software or firmware, by       This repository is essential for the operation of the
                                               version. It shall store the current version of profiles; and store multiple         management system and in order to install, restore, and
                                               historical versions. It shall stage new versions within the repository for          trouble-shoot faulty software/firmware versions. It also
                                               subsequent distribution/ installation. Once a new version is deployed, it           provides a baseline of authorized software that may be used            2
                                               becomes the current version and the old current version becomes a historical        during forensic analysis to identify unauthorized changes
                                               version. It shall enable administrators to control the number and/or age of         arising from a computer network attack.
                                               historical versions retained.




         Enterprise NetOps Planning Division
         ESTA-OSC I-ENPD
         2133 Cushing St.
         Ft. Huachuca, AZ 85613-7070
         Compliance.Team@conus.army.mil                                                                                                                                                8                                                                                                          1/11/2011
                                                                         FUNCTIONAL REQUIREMENTS                                                                                                                 PRODUCT COMPLIANCE

                                                                                                                                                                    MET                                                               NOT-MET
                                                                                                                                                                          SUPPORTING DOCUMENTATION TO INCLUDE:




                                                                                                                                                         PR
                                                                                                                                                          RI
             FUNCTION                                                 SYSTEM DESCRIPTION                                             JUSTIFICATION                          URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                                                                                            O
                                                                                                                                                            O
                                                                                                                                                             R
                                                                                                                                                             RI
                                                                                                                                                                    √                                                                   √
                                                                                                                                                                                       PAGE NUMBER




                                                                                                                                                               T
                                                                                                                                                               TY
Provide Standard and Predefined Reports        The system should predefined/standard reports and views. The system             N/A
                                               should also provide graphics within text reports (e.g., Trending Reports may
                                               contain pie charts, bar charts, line charts and other standard graphics). The
                                               system should publish reports in Hyper Text Markup Language (HTML),
                                               eXtensible Markup Language (XML), Sequential Query Language (SQL),
                                               American Standard Code for Information Interchange (ASCII), Joint                                            3
                                               Photographic Experts Group (JPEG) and other standard languages/formats;
                                               be able to print and email all generated reports. The system should be able
                                               to provide displays and reports on all on the following:

                                               a) audit reports that detail modifications and upgrades to the system,


                                               b) identifying all major problems (per pre-defined Service Level Agreement
                                               (SLA)/service support program, per period),
                                               c) resolution time for incidents/problems,


                                               d) closed incidents/problems,


                                               e) problems that result in the highest percentage of resource utilization,


                                               f) first contact to closure for incidents or problems,


                                               g) first call closure for incidents or problems,


                                               h) open incidents or problems,


                                               i) incidents or problems that violate SLA/service support program, Service
                                               Level Indicators,
                                               j) closed incidents and problems,



                                               k) resolved incidents and problems,


                                               l) escalated incidents and problems,


                                               m) based on each individual support staff for the number of incidents or
                                               problems that they turned over to other support staff during a shift change,

                                               n) based on department/group for the number of incidents or problems that
                                               are turned over to other support staff during a shift change,
                                               o) trends by agent/support staff for number of incidents and problems opened
                                               per day, week, and month,
                                               p) trends by agent/support staff for number of incidents and problems
                                               resolved per day, week, and month,
                                               q) trends by agent/support staff for number of incidents and problems
                                               escalated per day, week, and month,
                                               r) trends by agent/support staff on the average time taken for incidents and
                                               problems to move from open to resolved status,
                                               s) trends by agent/support staff on the average time spent talking to
                                               customers/users regarding an incident or problem,
                                               t) trends by agent/support staff on percent of first contact to resolution
                                               regarding incidents and problems,




         Enterprise NetOps Planning Division
         ESTA-OSC I-ENPD
         2133 Cushing St.
         Ft. Huachuca, AZ 85613-7070
         Compliance.Team@conus.army.mil                                                                                                              9                                                                                              1/11/2011
                                                                         FUNCTIONAL REQUIREMENTS                                                                                                                                                          PRODUCT COMPLIANCE

                                                                                                                                                                                                             MET                                                               NOT-MET
                                                                                                                                                                                                                   SUPPORTING DOCUMENTATION TO INCLUDE:




                                                                                                                                                                                                  PR
                                                                                                                                                                                                   RI
             FUNCTION                                                SYSTEM DESCRIPTION                                                               JUSTIFICATION                                                  URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                                                                                                                                     O
                                                                                                                                                                                                     O
                                                                                                                                                                                                      RI
                                                                                                                                                                                                      R
                                                                                                                                                                                                             √                                                                   √
                                                                                                                                                                                                                                PAGE NUMBER




                                                                                                                                                                                                        TY
                                                                                                                                                                                                        T
                                               u) trends (daily, weekly, monthly) by agent/support staff on percent of first call
                                               resolution regarding incidents and problems,
                                               v) trends (daily, weekly, monthly) by agent/support staff on the average first
                                               contact to resolution regarding incidents and problems,
                                               w) trends (daily, weekly, monthly) by agent/support staff on the average first
                                               call to resolution regarding incidents and problems,
                                               x) trends by group/department for number of incidents and problems opened
                                               per day, week, and month,
                                               y) trends by group/department for number of incidents and problems resolved
                                               per day, week, and month,
                                               z) trends by group/department for number of incidents and problems
                                               escalated per day, week, and month,
                                               aa) trends by group/department on the average time taken for incidents and
                                               problems to move from open to resolved status,
                                               bb) trends by group/department on the average time spent talking to
                                               customers/users regarding an incident or problem,                                                                                                     3

                                               cc) trends by group/department on percent of first contact to resolution
                                               regarding incidents and problems,
                                               dd) trends by group/department on percent of first call to resolution regarding
                                               incidents and problems,
                                               ee) trends by group/department on the average first contact to resolution
                                               regarding incidents and problems,
                                               ff) trends (daily, weekly, monthly) by group on the average first call to
                                               resolution regarding incidents and problems,
                                               gg) Incident/Problem rollups by LandWarNet Command, Control, C4IM/IT
                                               service or product,
                                               hh) Users that access a specific asset,


                                               ii) users that own a specific asset,


                                               jj) operational assets which have exceeded their life-cycle (to identify
                                               equipment that needs to be replaced),
                                               kk) minimum, maximum, and averages for all time and numeric based reports,


                                               ll) number of users that access a defined service,

                                               mm) customers and their associated users,

                                               nn) specify the concentration and distribution of vendors and their related
                                               products within the enterprise (allows the organization to more clearly
                                               understand the impact of issues related to specific products or vendors),

                                               oo) life-cycle plans (projections) for an asset,

                                               pp) service or product defect status,

                                               qq) service or product enhancement request/Request For Change reports.

Provide System Documentation                   The system should support documentation for a specific                               N/A
                                               technology/capabilities. This includes system design, implementation and                                                                              3
                                               user guides.
Provide User Account Repository                The system shall store user and administrator account information for the            This is needed to control access to the management system
                                               management system.                                                                   and to support addressing for notification messages/alerts.      2




         Enterprise NetOps Planning Division
         ESTA-OSC I-ENPD
         2133 Cushing St.
         Ft. Huachuca, AZ 85613-7070
         Compliance.Team@conus.army.mil                                                                                                                                             10                                                                                                       1/11/2011
                                                                        FUNCTIONAL REQUIREMENTS                                                                                                                                                                PRODUCT COMPLIANCE

                                                                                                                                                                                                                  MET                                                               NOT-MET
                                                                                                                                                                                                                        SUPPORTING DOCUMENTATION TO INCLUDE:




                                                                                                                                                                                                       PR
                                                                                                                                                                                                        RI
             FUNCTION                                                SYSTEM DESCRIPTION                                                               JUSTIFICATION                                                       URL, NAME OF SOURCE DOCUMENT AND          DESCRIPTION               COMMENTS




                                                                                                                                                                                                          O
                                                                                                                                                                                                          O
                                                                                                                                                                                                           R
                                                                                                                                                                                                           RI
                                                                                                                                                                                                                  √                                                                   √
                                                                                                                                                                                                                                     PAGE NUMBER




                                                                                                                                                                                                             TY
                                                                                                                                                                                                             T
Provide User Activity Log                      The system shall create and manage the User Activity (Audit) Log, recording        This is required per AR requirements and provides a means
                                               all user transactions, and changes to permissions on the system in                 to verify NetOps staff actions, conduct roll-backs, and
                                                                                                                                                                                                          1
                                               accordance with AR 25-2.                                                           conduct post-mortems/After-Action-Reviews (AARs) to
                                                                                                                                  improve NetOps procedures.
Provide User Defined Display Filters           The system shall enable administrators to define filtering criteria to view a      This is needed to enable administrators to quickly view all
                                               subset of the available information.                                               data based upon specific criteria, facilitating analyses, trouble-      2
                                                                                                                                  shooting, work scheduling, etc.
Provide User Defined Display Formats           The system should allow users to create, add, modify, or delete display            N/A
                                                                                                                                                                                                          3
                                               formats.
Provide User Defined Report Format             The system should allow for defined presentation formats to view available   N/A
                                               information. It should enable the customization of the fields in a report
                                               template or system-provided default report. The system should provide report
                                               creation tools and support ability to customize reports. The system should                                                                                 3
                                               enable the user to define output report formats in XML, Hypertext Transfer
                                               Protocol (HTTP), ASCII, SQL, and JPEG.

Provide User Log Data Repository               The system shall store User Activity Log data collected for analyses by the        This is needed to trace user logon activity and to meet
                                               management system.                                                                 AR 25-1 and AR 25-2 requirements (punitive requirement)                 1

Provide Web Accessible Display                 The system shall interact with devices via a web-based interface. The              This is needed to support Army requirements to provide web
                                               functionality shall be equivalent to the capability provided by non-web based      accessible interface.                                                   2
                                               user interfaces.
Receive Events in Standard Protocols           The system shall receive events via industry standard protocols (Storage           This is needed to reduce the amount of time spent integrating
                                               Management Initiative - Specifications, Simple Network Management Protocol         products.
                                                                                                                                                                                                          2
                                               (SNMP) v2/3, common information model, XML, User Datagram Protocol,
                                               etc.).
Recover From Failover Operations               The system shall recover from failover operations by returning to normal           Needed to revert back to normal operations after a failover
                                               settings/operations/systems.                                                       has been execute, thus ensuring that assets/services in the             2
                                                                                                                                  LandWarNet remain operational.
Report Inactive Administrator Accounts         The system shall detect and report inactive administrator accounts. Inactive       This is needed for enforcing secure access controls over the
                                               administrators are those who have not accessed a specific system for a             NetOps systems used to secure, operate, and manage the
                                               predefined amount of time. Inactive administrators shall be flagged for            LandWarNet and its supported Army and Business systems.
                                                                                                                                                                                                          2
                                               administrative attention and possible action (i.e., account suspension,
                                               deletion, etc.). The system shall provide alert and report mechanisms to
                                               system administrators to act on flagged files.
Reset Administrator Account Parameters         The system shall establish the capabilities expected from a Manager to reset       This is to provide the ability to lock accounts and unlock
                                               Administrator Account/Group parameters of an application. A reset is the           administrative accounts allowing for the securing of the
                                                                                                                                                                                                          2
                                               ability to lock or unlock, make active or disable, or change any of the settings   LandWarNet.
                                               of an account.
Schedule the Production of Reports             The system should support the ability schedule the production of reports.          N/A
                                               Scheduling will allow for monthly, daily, and hourly configuration such that                                                                               3
                                               reports can be run automatically.
Send Incident/Problem Data                     The system shall transmit Incident and Problem data. The system shall, upon        This is necessary for ensuring that assets in the LandWarNet
                                               triggering of operational or security related problems, send or transmit the       are operating optimally.
                                                                                                                                                                                                          1
                                               data (time of event, IP address, category of event, etc.) needed to create a
                                               workflow record.
Set Event Severity                             The system shall set severity of events based on predefined criteria. Criteria     Provides a way for administrators to quickly identify those
                                               include event type, name, source, and category.                                    events with high priority, reducing the amount of time needed           2
                                                                                                                                  to resolve security/operational issues with assets.
Support Multiple Concurrent Administrators The system shall support multiple administrators performing management                 This is needed to support the ability for multiple
                                           operations concurrently.                                                               administrators to perform operations concurrently reducing
                                                                                                                                                                                                          2
                                                                                                                                  the Total Cost of Ownership (TCO).

Track Logon Attempts                           The system shall detect and log user logon attempts (successful or                 This is needed for enforcing AR 25-1 and AR 25-2 security
                                               otherwise). The system shall provide alerts/reports to system administrators       regulations and enforcing secure access controls over the
                                               to act on multiple failed attempts.                                                systems used to secure, operate, and manage the
                                                                                                                                  LandWarNet and its supported Army and Business systems.                 1
                                                                                                                                  It also supports post-mortems on IT outages/attacks.



11/2/2009




         Enterprise NetOps Planning Division
         ESTA-OSC I-ENPD
         2133 Cushing St.
         Ft. Huachuca, AZ 85613-7070
         Compliance.Team@conus.army.mil                                                                                                                                               11                                                                                                          1/11/2011
                                                                                                                                                mocten
                                                                                                                                  LANDWARNET NETOPS ARCHITECTURE (LNA)
                                                                                                                                                         COMPLIANCE CHECKLIST #2
                                            ORGANIZATIONAL MESSAGING SERVICE (DMS-ARMY) MANAGEMENT                                                                                                                                                        PRODUCT COMPLIANCE
                                                    INTERACTION WITH OTHER LNA CAPABILITIES                                                                                                                                                            TO BE COMPLETED BY VENDOR
                                                                                                                                                                                                                              SUPPORTING DOCUMENTATION
                                                                                                                                                                                                                 COMPLIANCE     TO INCLUDE: URL, SOURCE DOCUMENT
                 FROM                               TO                     DATA FLOW TEXT DESCRIPTION                                             DATA ELEMENT DEFINITION                                                             NAME AND PAGE NUMBERS        DESCRIPTION     COMMENTS
                                                                                                                                                                                                                     YES/NO


    Capacity, Availability, and       Organizational Messaging Service Contains a request for data sent from the CAP system to Request for Data: This is a generic request for data from one NetOps
    Performance Monitoring System     (Defense Message System-Army) the Organizational Messaging Service (Defense              system to another. The type, content, format, and frequency of the data
                                      Management                       Message System-Army) Management System.                 requested and/or sent is dependant on the respective unique systems.

    Organizational Messaging Service Capacity, Availability, and        Contains data sent from the Organizational Messaging     Availability Data: Data relative to which resources are ready for use.
    (Defense Message System-Army) Performance Monitoring System         Service (Defense Message System-Army) Management
    Management                                                          System to the CAP System.                                Capacity Data: Data regarding the resource utilization, user data
                                                                                                                                 consumption, and allocation of resources.

                                                                                                                                 Performance Data: Provides graphical representations of current and
                                                                                                                                 historic performance information and trend analysis of the servers in the
                                                                                                                                 enterprise.

    Organizational Messaging Service Configuration Management           Contains Inventory, Configuration, and Event data sent   Address: Address that this protocol endpoint represents, for example,
    (Defense Message System-Army) Database/Service Support              from the Organizational Messaging Service (Defense       171.79.6.40 or FE:ED:FE:ED:00:11. The address format, such as
    Management                                                          Message System-Army) Management System to the            Internet Protocol, internet packet exchange, or Ethernet, depends on the
                                                                        CMDB/SS System.                                          Protocol Type value. It can be further refined in subclasses.


                                                                                                                                 Alerting Managed Element: Name of the alerting computer as known by
                                                                                                                                 the management system.
                                                                                                                                 Configuration: Contains all the information on how an asset
                                                                                                                                 (configuration item) is presently configured (e.g., parameter settings, ports
                                                                                                                                 and protocols enabled, filters set, version of Internet Operating
                                                                                                                                 System/firmware, etc.).
                                                                                                                                 Description: Textual description of the instance.
                                                                                                                                 Event Time: Date and time of the event or occurrence within the
                                                                                                                                 LandWarNet.
                                                                                                                                 Host Name: Contains alphanumeric data reflecting the name of
                                                                                                                                 LandWarNet Asset.
                                                                                                                                 Inventory: Contains the full descriptive inventory of managed assets - to
                                                                                                                                 include all known/discoverable metadata about the asset.
                                                                                                                                 Primary Capability: Main function of the computer system. Possible
                                                                                                                                 values are defined in the Capability List attribute:
                                                                                                                                 Not Dedicated (default)
                                                                                                                                 Unknown
                                                                                                                                 Other
                                                                                                                                 Storage
                                                                                                                                 Router
                                                                                                                                 Switch
                                                                                                                                 Layer 3 Switch
                                                                                                                                 Central Office Switch
                                                                                                                                 Hub
                                                                                                                                 Access Server
                                                                                                                                 Firewall
                                                                                                                                 Print
                                                                                                                                 Input/Output (I/O)
                                                                                                                                 Web Caching
                                                                                                                                 Server
                                                                                                                                 Management
                                                                                                                                 Block Server
                                                                                                                                 File Server
                                                                                                                                 Mobile User Device



Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                                                                                                                            12                                                                                                           1/11/2011
                                                                                                mocten
                                                                                  LANDWARNET NETOPS ARCHITECTURE (LNA)
                                                                                                       COMPLIANCE CHECKLIST #2
                                      ORGANIZATIONAL MESSAGING SERVICE (DMS-ARMY) MANAGEMENT                                                                                                           PRODUCT COMPLIANCE
                                              INTERACTION WITH OTHER LNA CAPABILITIES                                                                                                               TO BE COMPLETED BY VENDOR
                                                                                                                                                                           SUPPORTING DOCUMENTATION
                                                                                                                                                              COMPLIANCE     TO INCLUDE: URL, SOURCE DOCUMENT
                 FROM                    TO         DATA FLOW TEXT DESCRIPTION                     DATA ELEMENT DEFINITION                                                         NAME AND PAGE NUMBERS        DESCRIPTION     COMMENTS
                                                                                                                                                                  YES/NO



                                                                                 Repeater
                                                                                 Bridge/Extender
                                                                                 Gateway
                                                                                 LoadBalancer
                                                                                 Mainframe
                                                                                 SANSwitch
                                                                                 SANHub
                                                                                 SANBridge
                                                                                 SANRouter
                                                                                 SANDirector
                                                                                 Redundant Array of Independent Disk (RAID) StorageDevice
                                                                                 TapeLibrary
                                                                                 JBOD
                                                                                 Typically, this attribute is set to the first item in Capability List. For
                                                                                 example, a server that has some firewall capabilities could have Primary
                                                                                 Capability set to Server and Capability List set to Server, Firewall. A
                                                                                 switch device would have both Capability List and Primary Capability set
                                                                                 to Switch.

                                                                                 Primary Operating System: Computer system's primary operating
                                                                                 system.
                                                                                 Submitter: Unique account identifier of the user that created the
                                                                                 instance. This attribute is automatically populated and can be an actual
                                                                                 individual or a system that auto-generated instance.
                                                                                 System Type: Type of computer system. If the computer is Windows-
                                                                                 based, this attribute must have a value. Values are:
                                                                                 X86-based Personal Computer (PC)
                                                                                 Millions of Instructions Per Second (MIPS) -based PC
                                                                                 Alpha-based PC
                                                                                 Power PC
                                                                                 SH-x PC
                                                                                 StrongARM PC
                                                                                 64-bit Intel PC
                                                                                 64-bit Alpha PC
                                                                                 Unknown (default)
                                                                                 X86-Nec98 PC




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                                                                           13                                                                                                         1/11/2011
                                                                                                               9th SIGNAL COMMAND (ARMY)
                                                                                                   LANDWARNET NETOPS ARCHITECTURE (LNA)
                                                                            ORGANIZATIONAL MESSAGING SERVICE (DMS-ARMY) MAN
                                                                                                  TO BE COMPLETED BY ARMY REQUIRING ACTIVITY
                 ARMY PROPONENT                                         VENDOR                          PRODUCT                      COMPLIANCE CHECKLIST SUBMITTED TO NETCOM

ORGANIZATION:                                           COMPANY NAME:                 NAME:
                                                                                                                                  DATE:
                                                                                      VERSION:

POINT OF CONTACT:                                       POINT OF CONTACT:
                                                                                                                                                                     INTENDED USE OF TH

PHONE:                                                  PHONE:


E-MAIL:                                                 E-MAIL:



                                                                                 TARGETED ECHELON(S) FOR IMPLEMENTATION OF THIS PRODUCT (Please Check

    Army Area Processing Center (APC):                                                   Army CIO G-6:


    Army Global Network Operations and Security Center (Army-GNOSC) TOC:                 Army Operations Center - Pentagon:


    Army Strategic Command (ARSTRAT):                                                    Battalion (II) S-6:


    Battalion Command Assistance Team (BCAT):                                            Brigade (X) Combat Team (BCT):


    Brigade (X) Signal Company:                                                          Communications-Electronics Research Development & Engineering Center (CERDEC):


    Corps (XXX) G-6:                                                                     Corps (XXX) Signal Company:


    Division (XXX) G-6:                                                                  Division (XX) Signal Company:


    Installation, Garrison, Post, Camp, Station NEC (formally DOIM):                     NETCOM / 9th Signal Command (Army):


    Regional Computer Emergency Response Team (RCERT):                                   Regional Hub Node:
   Theater Network Operations (NetOps) Center (TNC) - DISA:                                                                Theater Network Operations (NetOps) Control Center (TNCC):


   Theater Tactical Signal Brigade (TTSB):                                                                                 U.S. Army National Guard NOSC:


   Other (Please Identify):




NOTE:
a) Completed LNA Compliance Checklists and supporting documentation are to be e-mailed to the NETCOM 9th Signal Command, LNA Compliance Team at the following: .- - - - - - - - - - - - - - - -- - - - - - - - - - - - - - - - - - - - - - -

b) These LNA Checklists and supporting documentation will be utilized by the LNA Compliance Team in their assessment of this NetOps products compliance to the Army LNA, prior to a CoN being granted by NETCOM/9th Signal Command
NAL COMMAND (ARMY)
T NETOPS ARCHITECTURE (LNA)
GING SERVICE (DMS-ARMY) MANAGEMENT
TED BY ARMY REQUIRING ACTIVITY
        COMPLIANCE CHECKLIST SUBMITTED TO NETCOM              DOES THIS PRODUCT (VERSION ) HAVE A CERTIFICATE OF NETWORTHINESS (CoN)

                                                      YES:                                     CoN DATE:
     DATE:
                                                      NO:                                      DATE REQUEST SUBMITTED:

                                        INTENDED USE OF THIS PRODUCT




LEMENTATION OF THIS PRODUCT (Please Check ( √ )

                                                            Army Computer Emergency Response Team (ACERT) Tactical Operations Center (TOC):


                                                            Army Service Component Commands:


                                                            Battalion (II) Signal Company:


                                                            Brigade (X) S-6:


Development & Engineering Center (CERDEC):                  Company Signal Support:


                                                            Department of the Army (DA):


                                                            Expeditionary Signal Battalion (ESB) BATCON:


):                                                          NSC Operations Center (OC):


                                                            Signal Command (Theater) HQ and CIO:
Control Center (TNCC):                                                                               Theater Network Operations and Security Center (TNOSC):


                                                                                                     U.S. Strategic Command (STRATCOM):




t the following: .- - - - - - - - - - - - - - - -- - - - - - - - - - - - - - - - - - - - - - -   compliance.team@conus.army.mil

e to the Army LNA, prior to a CoN being granted by NETCOM/9th Signal Command.

								
To top