Docstoc

FUNCTIONAL REQUIREMENTS - NETCOM

Document Sample
FUNCTIONAL REQUIREMENTS - NETCOM Powered By Docstoc
					                                                                                                                                             NETCOM/9th SIGNAL COMMAND (ARMY)
                                                                                                                                           LANDWARNET NETOPS ARCHITECTURE (LNA)
                                                                                                                                                        ANTI-VIRUS MANAGEMENT SYSTEM
                                                                                                                                                               COMPLIANCE CHECKLIST #1
                                                                                                                                                                                                                                                                     Vendors Certification of Product Meeting LNA
                                                        PRODUCT
                                                                                                                                                                                                                                                                                     Requirements
                                                                                                                                                                                                                                                                Name:                   Title:
Name:                                                                                                                                               CHECKLIST TO BE COMPLETED BY VENDOR
Version:                                                                                                                                                                                                                                                        Signature:

                                                                          FUNCTIONAL REQUIREMENTS                                                                                                                                                               PRODUCT COMPLIANCE
                                                                                                                                                                                                                   MET   SUPPORTING DOCUMENTATION TO INCLUDE:                           NOT-MET




                                                                                                                                                                                                        PR
                                                                                                                                                                                                         RI
             FUNCTION                                                 SYSTEM DESCRIPTION                                                                 JUSTIFICATION                                                                                                  DESCRIPTION                 COMMENTS




                                                                                                                                                                                                          IO
                                                                                                                                                                                                                           URL, NAME OF SOURCE DOCUMENT AND




                                                                                                                                                                                                            RI
                                                                                                                                                                                                            RI
                                                                                                                                                                                                                   √                                                                       √
                                                                                                                                                                                                                                      PAGE NUMBER




                                                                                                                                                                                                              TY
                                                                                                                                                                                                               Y
Add, Delete and Register Agents                  The system shall add and delete agents to/from managed clients/assets.               This is needed in order to perform basic management
                                                 Whenever a new agent is added, the manager triggers inventory data                   functions on agent managed assets and services.
                                                 collection for the affected asset/agent. Whenever an agent is removed, the                                                                                1
                                                 pertinent data is removed from the manager.

Analyze Events by Multiple Criteria              The system shall enable administrators to analyze system events by multiple          This is essential to support root cause analyses,
                                                 criteria. It shall enable tem to analyze events relating to two or more              troubleshooting, and in order to assess progress in improving
                                                 administrator designated criteria, to include (but not limited to) specific times,   support/services - all necessary to operate, maintain and
                                                 assets (hardware, software, Agents), Command, Control, Communications,               defend the LandWarNet. It also reduces the amount of time
                                                 Computers, and Information Management/Information Technology (C4IM/IT)               administrators will spend in isolating the underpinning cause
                                                 services, users, administrators, threat signatures, behavioral profiles,             of an outage.                                                        2
                                                 asset/threat type, management system transactions/job, Capacity,
                                                 Availability, Performance (CAP) data, business impact, data source, and/or
                                                 configuration items.


Analyze Events by Time                           The system shall analyze system events by time. It shall enable                      This helps administrators associate related events during
                                                 administrators to extract and report event data by reception time, report            trouble-shooting, fine tune rules/profiles for alarms/Intrusion
                                                 generation time, or a specific time window. It shall enable administrators to        Prevention System (IPS)/firewalls, and reduce administrator          2
                                                 schedule these queries (to implement recurring time-based event                      workload (e.g., produce reports to support shift-changes).
                                                 analysis/reports).
Assign Privileges to Administrative Groups       The system shall provide the ability to assign privileges (read, write, execute, This is needed for administrators to quickly and securely add
                                                 access to, restrictions from) to administrative groups. Administrative groups and remove access permissions to management platforms.
                                                 are composed of administrative accounts used to manage the platform.                                                                                      2


Collect Agent Configuration Data                 The system shall obtain information from managed agents about their                  This is required to reduce administrative workloads and
                                                 client's configuration and status. The reported data includes agent                  network traffic burdens (during peak operational periods),
                                                 identification, addresses, and agent/client computing platform's operational         while providing the data needed to operate, manage and
                                                 status data. The system enables administrators to schedule these data                defend the LandWarNet remotely.                                      2
                                                 collections. The reported information is stored in the Manager.


Collect Agent Inventory                          The system shall provide the capability to query agents to obtain information        This reduces administrator workloads, facilitates network
                                                 about their operational software version. The manager shall include the              optimization, and increases the probability and speed of
                                                 capability to identify software changes that have occurred within an agent,          detecting illicit changes and incomplete/failed updates to
                                                 based on previously collected data. The manager shall support the                    agents; all combine to improve LandWarNet security,                  2
                                                 definition of a schedule for the collection of information from agents. This         availability and reliability.
                                                 information is stored in the Software Repository.


Collect Software/Firmware Inventory and          The system shall query manage components, agents, or sensors and obtain This is necessary in order to baseline, manage, and defend
Configuration Data                               information about the operational software/ firmware inventory on the    the underlying software existing within the LandWarNet.
                                                 managed asset(s). This information is stored in the Software Repository.                                                                                  1




           Enterprise NetOps Planning Division
           ESTA-OSC I-ENPD
           2133 Cushing St.
           Ft. Huachuca, AZ
           85613-7070
           Compliance.Team@conus.army.mil                                                                                                                                                  1                                                                                                             6/25/2011
                                                                         FUNCTIONAL REQUIREMENTS                                                                                                                                                              PRODUCT COMPLIANCE
                                                                                                                                                                                                                 MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                                                                                                                                      PR
                                                                                                                                                                                                       RI
              FUNCTION                                                SYSTEM DESCRIPTION                                                             JUSTIFICATION                                                                                                 DESCRIPTION               COMMENTS




                                                                                                                                                                                                        IO
                                                                                                                                                                                                                         URL, NAME OF SOURCE DOCUMENT AND




                                                                                                                                                                                                          RI
                                                                                                                                                                                                          RI
                                                                                                                                                                                                                 √                                                                   √
                                                                                                                                                                                                                                    PAGE NUMBER




                                                                                                                                                                                                            TY
                                                                                                                                                                                                             Y
Configure Communication Resources                The system shall have configurable communication parameters. These               This is needed to securely configure communication channels
                                                 parameters can be set between component-to- management consoles,                 between agents and management platforms ensures secure
                                                 manager-to-agent and manager-to-management consoles; client-to-server,           transfer of data between the two elements.
                                                 client-to-client, Virtual Private Network (VPN) Device-to-remote user, and                                                                              1
                                                 server-to-server components. This include configuring ports, Internet
                                                 Protocol (IP) address.

Customize Knowledge Base                         The system should enable administrators to customize its digital documents N/A
                                                 knowledge bases for its managed clients/agents/applications, and supported
                                                 customers, organizations, or services. This enables administrators to add
                                                 Army specific documents (approval to operate, tailored Standard Operating
                                                 Procedure (SOP)/Tactics, Techniques, and Procedures (TTPs), Army-refined
                                                 Frequently Asked Questions (FAQs), IPS Policy/Behavior-Based Rule                                                                                       3
                                                 Implementation Instructions, Field Manuals (FMs)/Behavior-Based Rules,
                                                 etc.) to standard Enterprise documents and links within the knowledge base.



Define Access Privileges                         The system shall enable designated administrators to define, and                 This is critical for securing LandWarNet resources and
                                                 subsequently enforce access privileges for other administrators, users and       preventing unauthorized users from making changes that
                                                 assets to the management platform its data and any managed assets.               could lead to false alarms, failure of vital system functions,
                                                                                                                                                                                                         2
                                                                                                                                  and corruption of data used to operate, manage and defend
                                                                                                                                  the LandWarNet.

Delete Infected Files                            The system shall enable administrators to either remotely or locally delete      This is necessary to delete files containing malicious code in
                                                 infected files from systems.                                                     order to defend the LandWarNet; infected files will then be
                                                                                                                                  replaced with uncorrupted versions by Systems Management,              2
                                                                                                                                  Secure Configuration Remediation (SCR) Management
                                                                                                                                  System Manager, or other means.
Detect and Report Login Credential               The system shall identify when users/ administrators have changed, or      This is needed to track user activity and identify those types
Changes                                          attempted to change, their login credentials (user name, password, domain) of activities that may indicate unauthorized changes to
                                                                                                                                                                                                         2
                                                 and report this change.                                                    accounts.

Detect Hardware Configuration Changes            The system shall track the configuration changes made to managed                 This provides administrators with the ability to quickly identify
                                                 platforms. Configuration changes to hardware may include such things are a       changes to assets in the LandWarNet and analyze as to
                                                 hard drive being partitioned differently, or a NIC card having a different       whether they were authorized changes, thus validating
                                                 configuration, an EPROM being updated.                                           authorized changes. It also enables management systems to              3
                                                                                                                                  tailor software/signature updates to meet the reconfigured
                                                                                                                                  device's needs.

Detect Software/Firmware Changes                 The system shall identify software/ firmware changes that have occurred          This is needed to ensure authorized changes are effected
                                                 within a device, agent, or sensor, based on the previous collection of           and that unauthorized changes are identified.                          2
                                                 software configuration and version data.
Detect Threats                                   The system shall detect, recognize, and classify viral, spyware and adware       This is needed for automatic detection and subsequent
                                                 threats - to include any unauthorized and/or hostile programs that can           detailed reporting of known (Common Vulnerabilities and
                                                 compromise the security of the system.                                           Exploitations and customized) threats that are a critical part of
                                                                                                                                  the LandWarNet's defenses; it helps focus manual
                                                                                                                                  troubleshooting and remediation efforts, while simultaneously          1
                                                                                                                                  reducing human error. When coupled to prevention/blocking
                                                                                                                                  features, this can substantially reduce administrative
                                                                                                                                  workloads and mission disruption by preventing further
                                                                                                                                  attacks.

Display Available Diagnostic Routines            The system should present a list of available diagnostic routines that can be N/A
                                                 executed on either the management platform or managed asset.                                                                                            3

Display Change History                           The system shall display information regarding historical changes to the         This is needed to enable administrators to verify authorized
                                                 system and its managed objects or applications.                                  changes and identify unauthorized changes to the
                                                                                                                                  management system and any managed devices and                          1
                                                                                                                                  applications.
Display Events                                   The system shall display dynamic near-real-time events based on alarm            This is needed for the operation, maintenance, and defense
                                                 severity, time, hierarchical importance, client groups, etc. The system shall    of the Global Information Grid (GIG) and LandWarNet.
                                                 support drill down capabilities to display the underlying events behind larger                                                                          1
                                                 alarms/incidents.
           Enterprise NetOps Planning Division
           ESTA-OSC I-ENPD
           2133 Cushing St.
           Ft. Huachuca, AZ
           85613-7070
           Compliance.Team@conus.army.mil                                                                                                                                              2                                                                                                         6/25/2011
                                                                         FUNCTIONAL REQUIREMENTS                                                                                                                                                            PRODUCT COMPLIANCE
                                                                                                                                                                                                               MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                                                                                                                                    PR
                                                                                                                                                                                                     RI
                FUNCTION                                              SYSTEM DESCRIPTION                                                             JUSTIFICATION                                                                                               DESCRIPTION               COMMENTS




                                                                                                                                                                                                      IO
                                                                                                                                                                                                                       URL, NAME OF SOURCE DOCUMENT AND




                                                                                                                                                                                                        RI
                                                                                                                                                                                                        RI
                                                                                                                                                                                                               √                                                                   √
                                                                                                                                                                                                                                  PAGE NUMBER




                                                                                                                                                                                                          TY
                                                                                                                                                                                                           Y
Display Help                                     The system should provide the ability to view help files specific to the         N/A
                                                 application or management system.                                                                                                                     3

Display Knowledge Base Information               The system should display requested information from a particular               N/A
                                                 knowledge base, in response to administrator queries. It should support
                                                 information retrieval and display from authorized (administratively-linked)
                                                 external knowledge bases (e.g., a vendor maintained knowledge base. This                                                                              3
                                                 facilitates rapid trouble-shooting and insightful decision making, particularly
                                                 by less experienced administrators.

Display Logging Information                      The system shall present logging information received from an asset or           Enables administrators to view activity logs to identify
                                                 agent/sensor.                                                                    unauthorized events per Army Regulation (AR) 25-2.                   2

Display Results of Diagnostics                   The system shall present results of diagnostic routines executed on a            This is needed to facilitate trouble shooting.
                                                 network device.                                                                                                                                       2

Distribute Configuration                         The system shall distribute configuration information to managed                 This is needed to set/change the configuration of an asset.
                                                 components/assets.                                                               Also supports rollbacks to an authorized current baseline
                                                                                                                                                                                                       2
                                                                                                                                  following an unauthorized change/information attack.

Distribute Current Software/Firmware             The system shall distribute current baseline software releases from the          This is needed to ensure current versions of software and
Version                                          Current Software Versions (i.e., management software, applications,              patches can be installed. It also supports rapid rollbacks to
                                                 patches, etc.) area within the Software Repository.                              an authorized current software/firmware baseline following an        2
                                                                                                                                  unauthorized change/information attack.

Distribute Historic Software/Firmware            The system should distribute a previous version of software (i.e.,               This is critical to support rollbacks of software, signatures,
Version                                          applications, patches, etc.) from the Historical Software Information area       profiles and/or processing rules following from a faulty update      3
                                                 within the Software Repository.                                                  or implementation of a flawed rule/process.

Distribute New Software/Firmware                 The system shall distribute new software releases (i.e., applications,           This is needed to ensure that those systems will not be
                                                 patches, etc.) from the New Software Versions staging area within the            compromised. Remediation of systems on the LandWarNet
                                                 Software Repository. Once installed and verified, the system changes the         contributes to security in depth. Retaining prior baseline data      2
                                                 new release's status to current baseline status, and the previous current        as described enables rollbacks in the event of a faulty update.
                                                 baseline software to historical baseline status.

Distribute Software/ Firmware Based on           The system should distribute software (i.e., applications, patches, agents, N/A
Profiles                                         etc.) based on client profiles and managed/ defended IT assets and network
                                                 segments. The system is essential for the correct software installation,
                                                 configuration and maintenance of network operations devices and their                                                                                 3
                                                 managed/defended networks and Information technology assets.


Encrypt Data Exchanges                           The system shall provide secure (encrypted) data exchange between a              Secures Network Operations (NetOps) management data
                                                 manager and clients. Certain types of data being exchanged require               used to control management platforms on the LandWarNet.
                                                 encryption (e.g., logon credentials). The system shall provide the capability
                                                 to encrypt data transferred between the system and assets using Secure                                                                                1
                                                 Socket Layer (SSL) and Transport Layer Security (TLS) that is Federal
                                                 Information Processing Standards (FIPS) Publication 140-2 compliant.

Filter Events                                    The system shall filter or limit the events being generated from the managed This is needed to filter events being generated from the
                                                 asset. Examples of filter criteria are event name, type, identification number, managed assets the console will receive to prevent more
                                                 source, and type of event (i.e., security, system, application).                events that can be processed. This could cause the console            2
                                                                                                                                 to lock up, and could also result in loss of pertinent event
                                                                                                                                 data.
Forward Infected Files                           The system shall forward infected files to the appropriate repository, central   This is essential for rapid, follow on forensics analysis,
                                                 console/manager, or designated expert administrator's email account.             behavior policy/ signature development (giving protection until
                                                                                                                                  security patches are provided), and/or to identify which file
                                                                                                                                  needs to be replaced from the baseline set (recovery). This
                                                                                                                                  also enables the appropriate Program Manager/vendor to               2
                                                                                                                                  develop security patches for systems (e.g., Army Battle
                                                                                                                                  Command Systems) attacked by custom threats not found on
                                                                                                                                  the internet.
Manage Administrator Accounts                    The system shall provide the ability to manage (add, modify, verify, delete)     This is needed to ensure that access to management
                                                 accounts that are used to administrate the system. This also includes the        systems is controlled and secure.
                                                                                                                                                                                                       2
                                                 ability add and remove users from groups.

           Enterprise NetOps Planning Division
           ESTA-OSC I-ENPD
           2133 Cushing St.
           Ft. Huachuca, AZ
           85613-7070
           Compliance.Team@conus.army.mil                                                                                                                                              3                                                                                                       6/25/2011
                                                                         FUNCTIONAL REQUIREMENTS                                                                                                                                                                PRODUCT COMPLIANCE
                                                                                                                                                                                                                   MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                                                                                                                                        PR
                                                                                                                                                                                                         RI
              FUNCTION                                                SYSTEM DESCRIPTION                                                                JUSTIFICATION                                                                                                DESCRIPTION               COMMENTS




                                                                                                                                                                                                          IO
                                                                                                                                                                                                                           URL, NAME OF SOURCE DOCUMENT AND




                                                                                                                                                                                                            RI
                                                                                                                                                                                                            RI
                                                                                                                                                                                                                   √                                                                   √
                                                                                                                                                                                                                                      PAGE NUMBER




                                                                                                                                                                                                              TY
                                                                                                                                                                                                               Y
Manage Agent/Client Configuration Settings The system shall manage agent/client related configuration settings. To                  This is needed to be able to manage any LandWarNet asset.
                                           include 'auto-install' new definitions, files to exclude, reporting criteria,                                                                                   2
                                           reporting times, etc.
Manage Anti-Virus Client Profiles                The system shall manage (create, modify, delete, and archive) anti-virus         This is needed to greatly reduce the amount of time spent
                                                 client application and configuration profiles for different types of             administering platforms and thus increase the time spent
                                                 administrators and platforms. Profiles define what baseline anti-virus client identifying potential security threats on the LandWarNet.
                                                 application, virus/threat definition, and configuration settings are assigned to                                                                          2
                                                 administratively defined platform and/or user types. This data is stored in
                                                 the Anti-Virus Client Profile Repository.

Manage Behavior Blocking Rules                   The system should enable administrators to manage (create, modify, and        N/A
                                                 delete) behavior blocking rules. It should provide a means to
                                                 measure/monitor activities during initial implementation to determine normal
                                                 rates and sequence patterns (heuristics) for employing specific ports,
                                                 protocols, services, and/or executable files (behaviors) within the protected
                                                 network/computing host. It should support generating, adjusting, and                                                                                      3
                                                 deleting rules used to block malicious/unauthorized behaviors, using the
                                                 generated heuristics data. [Behavior blocking stops malicious or
                                                 unauthorized types of behavior, even if a specific threat signature has not
                                                 been matched.]

Manage Component Grouping                        The system shall allow administrators to define groups of assets. Groups           This is needed to enable the administrators to perform
                                                 may be created using different characteristics, including hierarchical,            common operations upon them (loading patches, signatures,
                                                 organizational, geographical, or functional (e.g., Email Servers). Also, the       profiles, access control list, etc.) - speeding implementation of
                                                 system shall enable administrators to assign specific assets/components to         security measures during an attack, reducing the chances of            2
                                                 defined groups.                                                                    error, and reducing overall administrator workloads.


Manage Configuration Profiles                    The system shall manage (create, modify, archive, and delete) sets of              This speeds asset configuration (during installation/updates),
                                                 configuration profiles for specific classes of devices, agent/clients, and         reduces administrator burdens, and reduces human error by
                                                 applications. A configuration profile contains all the configuration information   establishing standard configuration sets to apply for specific
                                                 about a specific asset. It shall support both the current configuration profile    assets. It also provides a means to assess compliance to an
                                                 of a managed asset as well as a baseline configuration profile.                    approved Enterprise configuration standard for common                  2
                                                                                                                                    systems/devices (e.g., an Active Directory (AD) server should
                                                                                                                                    have specific agents, signatures and profiles loaded at any
                                                                                                                                    given time).

Manage Event Filter Criteria                     The system shall enable administrators to create, modify, archive, and             This is needed to the effective application of the filter to the
                                                 delete filtering criteria used to control what events are generated (sent) or      asset. Event filtering prevents the console from receiving
                                                 permitted (accepted) from each managed element/asset. It shall support             more events that can be processed. This could cause the
                                                 different filters for sending events, receiving/processing events, and             console to lock up, and could also result in loss of pertinent
                                                 alerts/notifications arising from events. The system shall support temporary       event data.
                                                 filters, enabling administrators to select default/administrator defined filters
                                                 from a pick list to adjust and activate. The supported filtering criteria shall                                                                           2
                                                 address standards/Protocol based variables/thresholds (e.g., Simple
                                                 Network Management Protocol (SMNP), computer input multiplexer) as well
                                                 as system unique ones (e.g., vendor provided SNMP, manual input buffer
                                                 extensions).

Manage Groups                                    The system shall manage (create, modify, delete) User Groups, with user            The system is critical to the operations and security of this
                                                 roles and privileges. It shall support User Group creation, data entry/            Network Operations system and the LandWarNet. User
                                                 modification, and deletion by authorized system users. This includes the           accounts and their associated User Group(s) will be used
                                                 ability to remove multiple groups/super groups (groups that contain other          throughout the Enterprise to control privilege-based access to
                                                 groups) within a single action.                                                    various resources/assets and services, track trouble                   1
                                                                                                                                    calls/service requests, provide alerts/notifications, and to
                                                                                                                                    maintain audit/transaction logs (In Accordance With (IAW) AR
                                                                                                                                    25-1 and AR 25-2).

Obtain Software/Firmware Updates from            The system shall obtain software/firmware (i.e., software/firmware patches, Updates to assets in the LandWarNet are required in order to
Authoritative Source                             signature/profile updates, rules updates) updates from a specified location in prevent compromise of the assets.                                          2
                                                 either an on-demand or scheduled fashion.
Perform Local Authentication                     The system shall authenticate users, administrators, and assets from data          This is needed for the authentication of users to access and
                                                 stored locally within the management application or device.                        resources on the LandWarNet and is required by AR 25-1,                1
                                                                                                                                    and AR 25-2.
           Enterprise NetOps Planning Division
           ESTA-OSC I-ENPD
           2133 Cushing St.
           Ft. Huachuca, AZ
           85613-7070
           Compliance.Team@conus.army.mil                                                                                                                                                 4                                                                                                        6/25/2011
                                                                          FUNCTIONAL REQUIREMENTS                                                                                                                                                               PRODUCT COMPLIANCE
                                                                                                                                                                                                                   MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                                                                                                                                        PR
                                                                                                                                                                                                         RI
              FUNCTION                                                SYSTEM DESCRIPTION                                                                 JUSTIFICATION                                                                                               DESCRIPTION               COMMENTS




                                                                                                                                                                                                          IO
                                                                                                                                                                                                                           URL, NAME OF SOURCE DOCUMENT AND




                                                                                                                                                                                                            RI
                                                                                                                                                                                                            RI
                                                                                                                                                                                                                   √                                                                   √
                                                                                                                                                                                                                                      PAGE NUMBER




                                                                                                                                                                                                              TY
                                                                                                                                                                                                               Y
Perform Operations on Multiple Assets            The system shall permit administrators to interact with multiple managed             This is needed to save the administrators considerable time,
                                                 assets on a single screen. It allows them to select and perform operations           enable central management and maintenance of large
                                                 on individual assets, and groups of assets (Hardware, Software, Agents),             network - enhancing overall reliability and security.
                                                 from administratively defined (pick) lists of available assets/asst groups and                                                                            2
                                                 operations. The system shall enable the administrator to define and save
                                                 groups of assets for future pick list displays (to perform future operations
                                                 upon).

Perform Remote Authentication                    The system shall authenticate users, administrators, and assets from a               This is the core function for the authentication of users to
                                                 remote authentication service on the network.                                        access and resources on the LandWarNet and is required by            1
                                                                                                                                      AR 25-1, and AR 25-2.
Provide Ability to Drill-Down                    The system shall provide in-depth detailed information about any monitored This enables rapid trouble-shooting or identification of key
                                                 asset, service, or function depicted on the GUI. This enables the user to drill- information necessary for operations, maintenance or
                                                 down on any graphical representation (e.g., icon) to obtain specific relevant defense actions.                                                            2
                                                 detailed information regarding its status.

Provide Access/Control Web                       The system should provide all functions needed to enable web application             N/A
                                                 interfaces and access controls. For example, it should enable an expert
                                                 administrator to securely log onto and operate a management console from                                                                                  3
                                                 another computer (with web browsers) anywhere on the LandWarNet.


Provide Administrator Audit Log                  The system shall provide administrator audit log information, to include the         This is required in accordance with Department of Defense
                                                 administrator's identification, time stamp, the specific activity/transaction        Instruction (DoDI) 8500.2, AR 25-1 and AR 25-2.
                                                 performed, changes in permissions, and any other specified data of interest                                                                               2
                                                 related to administrator transactions on the system.

Provide Behavior Blocking                        The system shall provide behavior blocking based on heuristic rules and              This is needed in order to identify and block/prevent malicious
                                                 pattern matching (e.g., block an executable from accessing other                     activity not previously defined in signatures or profiles.
                                                 executables, ports, protocols, and/or services that it is not cleared/historically   Behavior blocking analyzes the actions and activities of
                                                 known to access/leverage).                                                           executed software looking for suspicious/malicious type              2
                                                                                                                                      behavior, even if a specific threat signature has not been
                                                                                                                                      matched.

Provide Configuration Management Data            This system shall integrate with an external Configuration Management Data           This is required to provide critical NetOps inventory and
Base/Service Support Integration                 Base/Service Support (CMDB/SS) system; which includes components such                configuration item data, health/welfare status
                                                 as: Service Desk, Incident Management, Problem Management, Change                    information/events, and other administrative information
                                                 Management, Configuration Management, Asset Management, Project                      necessary to monitor and manage the health, welfare, and             1
                                                 Management, etc. This includes enabling the user to access the manual                operational status of the LandWarNet.
                                                 Work Flow Report (Trouble Ticket) features of the CMDB/SS.


Provide Command Line Interface                   The system shall use a command line interface for system or account                  This is needed to enable administrators to execute changes
                                                 administration locally and remotely.                                                 on large groups of configuration items via a single command.         2

Provide Command Line Interface and               The system should provide security mechanisms for Command Line                   N/A
Application Program Interface Security           Interface (CLI) and Application Program Interface access to the system. The
                                                 system should enforce security for command line input that is functionally
                                                 identical to Graphical User Interface access restrictions and controls; security                                                                          3
                                                 for Advanced Programming Interfaces that are functionally identical to
                                                 graphical user interface access restrictions and controls.

Provide Communication Ports Security             The system shall provide the capability to designate a limited set of ports for This is necessary to configure management platforms to
                                                 communication between management platforms and managed components. communicate across routers and switches (considering port
                                                                                                                                 restrictions that may be applied to network devices) within the           1
                                                                                                                                 LandWarNet.
Provide Configuration Change Reports             The system should produce reports on a managed client’s configuration                N/A
                                                                                                                                                                                                           3
                                                 changes based on inventory scans.
Provide Definable Report Filters                 The system should provide filters that can be created and modified. Filters          N/A
                                                 provide a way to produce reports that provide data on a specific attribute(s).
                                                                                                                                                                                                           3




           Enterprise NetOps Planning Division
           ESTA-OSC I-ENPD
           2133 Cushing St.
           Ft. Huachuca, AZ
           85613-7070
           Compliance.Team@conus.army.mil                                                                                                                                                5                                                                                                         6/25/2011
                                                                        FUNCTIONAL REQUIREMENTS                                                                                                                                                        PRODUCT COMPLIANCE
                                                                                                                                                                                                          MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                                                                                                                               PR
                                                                                                                                                                                                RI
             FUNCTION                                                SYSTEM DESCRIPTION                                                            JUSTIFICATION                                                                                            DESCRIPTION               COMMENTS




                                                                                                                                                                                                 IO
                                                                                                                                                                                                                  URL, NAME OF SOURCE DOCUMENT AND




                                                                                                                                                                                                   RI
                                                                                                                                                                                                   RI
                                                                                                                                                                                                          √                                                                   √
                                                                                                                                                                                                                             PAGE NUMBER




                                                                                                                                                                                                     TY
                                                                                                                                                                                                      Y
Provide Device and Media Configuration          The system shall store all configuration information about devices and media This is needed to maintain and defend LandWarNet systems
Information Repository                          that is generated by the management system or its sub-systems/agents, to via their configurations. It supports restoring and
                                                include any unique communications/encryption settings. This also includes reconstitution of vital assets and applications.                        2
                                                new/staged, current, and multiple copies of historical configuration data.


Provide Event Aggregation                       The system should aggregate/fuse similar events into a single event             N/A
                                                record/report. [Aggregation/Fusion is the combination of data from multiple                                                                       3
                                                sources into a single location/report.]

Provide Event Correlation                       The system shall correlate events. [Correlation is the establishment of         This is needed to enable administrators to rapidly discern
                                                relationships between events from various sources. The combination of           new computer network attacks, installation of a bad lot of
                                                these events will provide increased information about possible events.]         components, or other related failures/transactions requiring      2
                                                                                                                                immediate attention to ensure the LandWarNet continues to
                                                                                                                                operate.

Provide Event Escalation                        The system shall raise the priority or severity of an event based on            This ensures rapid responses to events that can disrupt the
                                                predefined rules established within the system.                                 LandWarNet if not addressed quickly.                              2

Provide Event Log Reports                       The system shall produce reports containing event and associated user           This is needed to meet AR requirements for reporting on
                                                activity logs.                                                                  potential security breeches.                                      2

Provide Event Reduction                         The system should reduce the number of events generated. [Reduction of        N/A
                                                events is the process of removing duplicate and repetitive events.] It should
                                                have the ability to automatically adjust the combined timestamp information,                                                                      3
                                                provide/update any event duration time entries, and note the number of
                                                times it had been reported.

Provide Frequently Asked Questions              The system should support a FAQ capability, providing searchable, quick    N/A
Feature                                         solutions for common problems for both administrators and customers/users.                                                                        3


Provide Graphical Interface                     The system shall provide a GUI enabling users and/or administrators to      This is needed to simplify the use of the management
                                                access and operate the system from their terminal or via a web-accessible   system.
                                                interface. The system functionality should be the same whether the operator                                                                       2
                                                accesses the system via the terminal or at the server/system's native
                                                interface.

Provide Help Feature                            The system should provide help functionality. This can be an on-line            N/A
                                                functionality or provided locally on the platform. It should provide a search                                                                     3
                                                and index capability.

Provide Hostile Application Treatment           The system should provide the ability to quarantine or delete hostile           This is needed in order to identify and remove unauthorized
                                                applications (root kits, key loggers, trojan agents, malware, spyware). This and potentially hostile applications intended to compromise
                                                is an application and includes all files, executables, and associated services. LandWarNet assets.                                                2


Provide Import Digital Documents For            The system should import vendor supplied Digital Documentation                  N/A
Knowledge Bases                                 Knowledge Base information.                                                                                                                       3

Provide Knowledge Base                          The system should provide a knowledge base. Knowledge bases are                 N/A
                                                searchable (via queries) repository of information about a specific topic or
                                                product. The knowledge base should contain at a minimum; frequently                                                                               3
                                                asked questions, trouble-shooting wizards, Uniform Resource Locators
                                                (URL) for additional help/information.

Provide Knowledge Base Repository               The system should store NetOps Knowledge Base information. This                 This is essential for the basic operation of the NetOps
                                                includes all information stored in the Knowledge Base used primarily by         Systems Knowledge Base management capabilities.
                                                administrators in the operations and maintenance of systems and services.                                                                         3


Provide Multiple Component Access               The system shall control the administrator's ability to only perform operations This is needed to enable automated administrative access
Controls                                        to those assets/asset groups they are authorized to manage.                     controls - enhancing overall reliability and security.            2




          Enterprise NetOps Planning Division
          ESTA-OSC I-ENPD
          2133 Cushing St.
          Ft. Huachuca, AZ
          85613-7070
          Compliance.Team@conus.army.mil                                                                                                                                           6                                                                                                      6/25/2011
                                                                        FUNCTIONAL REQUIREMENTS                                                                                                                                                                PRODUCT COMPLIANCE
                                                                                                                                                                                                                  MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                                                                                                                                       PR
                                                                                                                                                                                                        RI
             FUNCTION                                                SYSTEM DESCRIPTION                                                               JUSTIFICATION                                                                                                 DESCRIPTION               COMMENTS




                                                                                                                                                                                                         IO
                                                                                                                                                                                                                          URL, NAME OF SOURCE DOCUMENT AND




                                                                                                                                                                                                           RI
                                                                                                                                                                                                           RI
                                                                                                                                                                                                                  √                                                                   √
                                                                                                                                                                                                                                     PAGE NUMBER




                                                                                                                                                                                                             TY
                                                                                                                                                                                                              Y
Provide Operational Reports                     The system shall provide operational NetOps reports, to include those on          This is needed to allow the element manager to combine and
                                                component and aggregated asset/system utilization (or usage); failed              summarize device/storage information, Job Status, Job
                                                components/assets; configuration settings for all/designated components/          Volume, Device Utilization, media verification, job failures, job       2
                                                assets; and asset/device/storage information.                                     schedules, report alerts.

Provide Predefined Display Formats              The system shall display predefined formats/displays to make the system           This is needed for basic operation of the system out of the
                                                usable immediately after the initial installation.                                box, reducing configuration and implementation time.                    2

Provide Predefined Reporting Filters            The system should display filters to reduce displayed data based on               N/A
                                                relevancy and provide predefined display filters to support analysis of                                                                                   3
                                                reported data.

Provide Quarantined Files Repository            The system shall provide safe, queriable storage of quarantine files at the       This is necessary to prevent the spread of malicious files
                                                client and/or manager, based upon administratively-defined rules. It shall        across the LandWarNet, by enabling administrators and
                                                ensure that the quarantined files are not able to infect other files or           authorized Program Managers/vendors to analyze
                                                propagate themselves any further.                                                 suspect/malicious files in order to update threat
                                                                                                                                  signature/behavior profiles, host/network filters, and                  2
                                                                                                                                  eventually develop new security patches for the attacked
                                                                                                                                  system/application/files (to include those for Government-off-
                                                                                                                                  the-Shelf (GOTS)/Battle Command Systems).

Provide Remote Administration                   The system shall provide secure, IP-based remote administration of the            This is required to secure the LandWarNet and operate large
                                                manager and its managed assets.                                                   networks.                                                               2

Provide Scanning Based on Protocol              This system shall enables virus scanning of network traffic. It includes the      This is essential for the identification of viruses on systems
                                                capability to scan traffic transferred on the following protocols: HyperText      and thus the operation of all general-purpose platforms on
                                                Transfer Protocol (HTTP), File Transfer Protocol, Point of Presence 3, and        the LandWarNet.                                                         2
                                                Simple Mail Transfer Protocol (SMTP).
Provide Security Event Repository               The system shall provide timely storage for security event information            This data is essential for the basic operation of this system's
                                                relating to the management console and any managed assets/services.               management console, which is used to defend the
                                                This includes expired passwords, user lock outs, numerous faulty log on           LandWarNet. The ability to query its data is essential for
                                                attempts, transaction logs of changes to system permissions, unauthorized         forensic analyses on computer network attacks and others
                                                transactions (e.g., user/administrator access escalations), and similar           security incidents.                                                     2
                                                alarms/alerts. It shall record all reported event information, with time-stamp
                                                data, as textual data in a database. It shall support queries. It shall capture
                                                and store all managed agents/sensors reported security events/logs.


Provide Security Information Management         This system shall integrate with the external Security Information                This is needed for the SIMS to get data from systems.
System Integration                              Management System (SIMS). This includes data received from managed                Security Information Management System depends upon this
                                                assets as well as events generated on the security management platform            data in order to do it's analysis of security related information.      2
                                                itself (i.e., user unsuccessfully tried to log onto management platform more
                                                than three times).

Provide Single Component Access                 The system shall enable administrators to interact with a single monitored      This is needed to facilitate defensive actions, maintenance,
                                                asset or service on a single screen. This includes enabling them to view and and operational management of core components and
                                                manipulate the asset/service's status, type, capacity, utilization, allocation, services underpinning the entire LandWarNet.                              2
                                                and location.

Provide Software Inventory Repository           The system shall store software inventory data collected and analyzed by the This is needed to support baseline determinations and data
                                                management system. This includes historic, current, and staged inventory     restoral operations.
                                                                                                                                                                                                          2
                                                data.

Provide Software Repository                     The system shall provide a repository for storage of software or firmware, by     This repository is essential for the operation of the
                                                version. It shall store the current version of profiles; and store multiple       management system and in order to install, restore, and
                                                historical versions. It shall stage new versions within the repository for        trouble-shoot faulty software/firmware versions. It also
                                                subsequent distribution/installation. Once a new version is deployed, it          provides a baseline of authorized software that may be used             1
                                                becomes the current version and the old current version becomes a                 during forensic analysis to identify unauthorized changes
                                                historical version. It shall enable administrators to control the number and/or   arising from a computer network attack.
                                                age of historical versions retained.
Provide Software/Firmware Distribution          The system should verify a software/firmware distribution was successful.         N/A
Verification                                                                                                                                                                                              3




          Enterprise NetOps Planning Division
          ESTA-OSC I-ENPD
          2133 Cushing St.
          Ft. Huachuca, AZ
          85613-7070
          Compliance.Team@conus.army.mil                                                                                                                                                7                                                                                                         6/25/2011
                                                                         FUNCTIONAL REQUIREMENTS                                                                                                                PRODUCT COMPLIANCE
                                                                                                                                                                   MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                                                                                        PR
                                                                                                                                                         RI
            FUNCTION                                                  SYSTEM DESCRIPTION                                            JUSTIFICATION                                                                    DESCRIPTION               COMMENTS




                                                                                                                                                          IO
                                                                                                                                                                           URL, NAME OF SOURCE DOCUMENT AND




                                                                                                                                                            RI
                                                                                                                                                            RI
                                                                                                                                                                   √                                                                   √
                                                                                                                                                                                      PAGE NUMBER




                                                                                                                                                              TY
                                                                                                                                                               Y
Provide Standard and Predefined Reports         The system should predefined/standard reports and views. The system           N/A
                                                should also provide graphics within text reports (e.g., Trending Reports may
                                                contain pie charts, bar charts, line charts and other standard graphics). The
                                                system should publish reports in Hyper Text Markup Language (HTML),
                                                eXtensible Markup Language (XML), Sequential Query Language (SQL),
                                                American Standard Code for Information Interchange (ASCII), Joint                                          3
                                                Photographic Experts Group (JPEG) and other standard languages/formats;
                                                be able to print and email all generated reports. The system should be able
                                                to provide displays and reports on all on the following:


                                                a) audit reports that detail modifications and upgrades to the system,
                                                b) identifying all major problems (per pre-defined service level
                                                agreement/service support program, per period),
                                                c) resolution time for incidents/problems,
                                                d) closed incidents/problems,
                                                e) problems that result in the highest percentage of resource utilization,
                                                f) first contact to closure for incidents or problems,
                                                g) first call closure for incidents or problems,
                                                h) open incidents or problems,
                                                i) incidents or problems that violate Service Level Agreement (SLA)/service
                                                support program, Service Level Indicators,
                                                j) closed incidents and problems,
                                                k) resolved incidents and problems,
                                                l) escalated incidents and problems,
                                                m) based on each individual support staff for the number of incidents or
                                                problems that they turned over to other support staff during a shift change,


                                                n) based on department/group for the number of incidents or problems that
                                                are turned over to other support staff during a shift change,
                                                o) trends by agent/support staff for number of incidents and problems
                                                opened per day, week, and month,
                                                p) trends by agent/support staff for number of incidents and problems
                                                resolved per day, week, and month
                                                q) trends by agent/support staff for number of incidents and problems
                                                escalated per day, week, and month,
                                                r) trends by agent/support staff on the average time taken for incidents and
                                                problems to move from open to resolved status,
                                                s) trends by agent/support staff on the average time spent talking to
                                                customers/ users regarding an incident or problem,                                                         3

                                                t) trends by agent/support staff on percent of first contact to resolution
                                                regarding incidents and problems,
                                                u) trends (daily, weekly, monthly) by agent/support staff on percent of first
                                                call resolution regarding incidents and problems,
                                                v) trends (daily, weekly, monthly) by agent/support staff on the average first
                                                contact to resolution regarding incidents and problems,
                                                w) trends (daily, weekly, monthly) by agent/support staff on the average first
                                                call to resolution regarding incidents and problems,
                                                x) trends by group/department for number of incidents and problems opened
                                                per day, week, and month,
                                                y) trends by group/department for number of incidents and problems
                                                resolved per day, week, and month,



          Enterprise NetOps Planning Division
          ESTA-OSC I-ENPD
          2133 Cushing St.
          Ft. Huachuca, AZ
          85613-7070
          Compliance.Team@conus.army.mil                                                                                                            8                                                                                              6/25/2011
                                                                         FUNCTIONAL REQUIREMENTS                                                                                                                                                           PRODUCT COMPLIANCE
                                                                                                                                                                                                              MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                                                                                                                                   PR
                                                                                                                                                                                                    RI
             FUNCTION                                                SYSTEM DESCRIPTION                                                               JUSTIFICATION                                                                                             DESCRIPTION               COMMENTS




                                                                                                                                                                                                     IO
                                                                                                                                                                                                                      URL, NAME OF SOURCE DOCUMENT AND




                                                                                                                                                                                                       RI
                                                                                                                                                                                                       RI
                                                                                                                                                                                                              √                                                                   √
                                                                                                                                                                                                                                 PAGE NUMBER




                                                                                                                                                                                                         TY
                                                                                                                                                                                                          Y
                                                z) trends by group/department for number of incidents and problems
                                                escalated per day, week, and month,
                                                aa) trends by group/department on the average time taken for incidents and
                                                problems to move from open to resolved status,
                                                bb) trends by group/department on the average time spent talking to
                                                customers/ users regarding an incident or problem,
                                                cc) trends by group/department on percent of first contact to resolution
                                                regarding incidents and problems,
                                                dd) trends by group/department on percent of first call to resolution regarding
                                                incidents and problems,
                                                ee) trends by group/department on the average first contact to resolution
                                                regarding incidents and problems,
                                                ff) trends (daily, weekly, monthly) by group on the average first call to
                                                resolution regarding incidents and problems,
                                                gg) Incident/Problem rollups by LandWarNet C4IM/IT service or product,

                                                hh) Users that access a specific asset,
                                                ii) users that own a specific asset,
                                                jj) operational assets which have exceeded their life-cycle (to identify
                                                equipment that needs to be replaced),
                                                kk) minimum, maximum, and averages for all time and numeric based
                                                reports,
                                                ll) number of users that access a defined service,
                                                mm) customers and their associated users,
                                                nn) specify the concentration and distribution of vendors and their related
                                                products within the enterprise (allows the organization to more clearly
                                                understand the impact of issues related to specific products or vendors),


                                                oo) life-cycle plans (projections) for an asset,
                                                pp) service or product defect status,
                                                qq) service or product enhancement request/Request For Change reports.

Provide Synchronous Event Polling               The system should collect event logs based on synchronous polling.                N/A
                                                                                                                                                                                                      3
Provide System Documentation                    The system should support documentation for a specific technology/                N/A
                                                capabilities. This includes system design, implementation and user guides.                                                                            3

Provide Threat Categorization                   The system shall categorize threats with sufficient detail to automatically This is needed to classify and subsequently correlate
                                                separate them from each other for further action. It shall be capable of    identified threats reducing the amount of time administrators
                                                matching them to the appropriate Common Vulnerabilities and Exploitations spend in addressing LandWarNet threats.                                     2
                                                identifier.

Provide Threat Detection                        The system shall detect viral and non-viral threats. It shall recognize viruses This is needed to enable follow-on automatic corrective
                                                to include, trojan horses/back doors, zombies, key loggers, spyware,            actions and enables administrators to focus upon more
                                                trackware, adware, and other unauthorized and/or hostile programs that can complex infections and general maintenance.                                1
                                                compromise the security of the system(s).

Provide Threat Scans                            The system shall scan for virus threats. It shall be able to scan incoming        This is essential for the identification of viruses on systems
                                                files from email, downloads, external storage, floppy drives, etc. It shall be    and thus the operation of all GP platforms on the
                                                able to scan system memory and stored files, including system files. It shall LandWarNet.
                                                enable administrators/users to select specific files, or groups of files to scan.                                                                     2
                                                It shall enable scheduling the aforementioned scans. It shall be able to
                                                recognize authorized applications as NON-threats.




          Enterprise NetOps Planning Division
          ESTA-OSC I-ENPD
          2133 Cushing St.
          Ft. Huachuca, AZ
          85613-7070
          Compliance.Team@conus.army.mil                                                                                                                                               9                                                                                                      6/25/2011
                                                                         FUNCTIONAL REQUIREMENTS                                                                                                                                                                PRODUCT COMPLIANCE
                                                                                                                                                                                                                   MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                                                                                                                                        PR
                                                                                                                                                                                                         RI
              FUNCTION                                                SYSTEM DESCRIPTION                                                               JUSTIFICATION                                                                                                 DESCRIPTION               COMMENTS




                                                                                                                                                                                                          IO
                                                                                                                                                                                                                           URL, NAME OF SOURCE DOCUMENT AND




                                                                                                                                                                                                            RI
                                                                                                                                                                                                            RI
                                                                                                                                                                                                                   √                                                                   √
                                                                                                                                                                                                                                      PAGE NUMBER




                                                                                                                                                                                                              TY
                                                                                                                                                                                                               Y
Provide Threat Signatures Repository             The system shall store standard and custom threat definitions/signatures (for     This data is essential for the proper functioning of anti-
                                                 viruses, worms, back doors, spyware, malicious adware, etc.). It shall be         virus/spyware/mal-ware components/systems/applications,
                                                 able to store new, current and multiple historical versions of these              used to identify known threats for subsequent defensive
                                                 signatures. It shall support pick-lists (e.g., for Threat Profile creation) and   blocking/repair/quarantine action prior to their attacking the
                                                 system queries of this data.                                                      LandWarNet. Storing custom signatures enable
                                                                                                                                   administrators to use Commercial-off-the-Shelf (COTS)                   1
                                                                                                                                   systems to defend Army Battle Command systems and other
                                                                                                                                   unique Department of Defense (DoD)/GOTS systems.



Provide Threat Signatures to Clients             The system shall update virus threat signatures to clients/agents and             This is needed in order to update the clients with new threat
                                                 subordinate managers.                                                             definitions thus helping to increase the security posture of the        1
                                                                                                                                   assets residing on the LandWarNet.
Provide User Account Repository                  The system shall store user and administrator account information for the         This is needed to control access to the management system
                                                 management system.                                                                and to support addressing for notification messages/alerts.             2

Provide User Activity Log                        The system shall create and manage the User Activity (Audit) Log, recording This is required per Army Regulatory requirements and
                                                 all user transactions, and changes to permissions on the system in          provides a means to verify NetOps staff actions, conduct roll-
                                                 accordance with AR 25-2.                                                    backs, and conduct post-mortems/After-Action-Reviews                          1
                                                                                                                             (AAR) to improve NetOps procedures.

Provide User Defined Display Filters             The system shall enable administrators to define filtering criteria to view a     This is needed to enable administrators to quickly view all
                                                 subset of the available information.                                              data based upon specific criteria, facilitating analyses, trouble-      2
                                                                                                                                   shooting, work scheduling, etc.

Provide User Defined Display Formats             The system should allow users to create, add, modify, or delete display           N/A
                                                 formats.                                                                                                                                                  3

Provide User Defined Report Format               The system should allow for defined presentation formats to view available N/A
                                                 information. It should enable the customization of the fields in a report
                                                 template or system-provided default report. The system should provide
                                                 report creation tools and support ability to customize reports. The system                                                                                3
                                                 should enable the user to define output report formats in XML, HTTP, ASCII,
                                                 SQL, and American JPEG.
Provide User Log Data Repository                 The system shall store User Activity Log data collected for analyses by the       This is needed to trace user logon activity and to meet AR 25-
                                                 management system.                                                                1 and AR 25-2 requirements (punitive requirement).                      1

Provide Web Accessible Display                   The system shall interact with devices via a web based interface. The         This is needed to support Army requirements to provide web
                                                 functionality shall be equivalent to the capability provided by non-web based accessible interface.                                                       2
                                                 user interfaces.
Quarantine Infected Files                        The system shall quarantine infected files. Quarantined files reside on the      This is needed to be able to secure the LandWarNet from
                                                 infected client or the manager's internal repository and are kept there until an infected filed until such time as they can be deleted or                 2
                                                 administrator removes or cleans them.                                            cleaned.

Receive Events from Log Files (Passive)          The system shall receive events from log files or logging systems. (Passive This is needed in order for the management platform to
                                                 listening). This includes log files created by agents residing on managed   receive health, status, and security posture of managed                       2
                                                 client assets.                                                              systems in the LandWarNet.

Receive Events in Standard Protocols             The system shall receive events via industry standard protocols (Storage          This is needed to reduce the amount of time spent integrating
                                                 Management Initiative - Specifications, SNMP v2/3, common information             products.                                                               2
                                                 model, XML, User Datagram Protocol, etc.)

Repair Infected Files                            The system shall repair infected files. Once repaired the files should still be   This is needed to remove viruses from files while leaving the
                                                 readable and accessible.                                                          file intact.                                                            2

Report Inactive Administrator Accounts           The system shall detect and report inactive administrator accounts. Inactive      This is needed for enforcing secure access controls over the
                                                 administrators are those who have not accessed a specific system for a            NetOps systems used to secure, operate, and manage the
                                                 predefined amount of time. Inactive administrators shall be flagged for           LandWarNet and its supported Army and Business systems.
                                                 administrative attention and possible action (i.e., account suspension,                                                                                   2
                                                 deletion, etc.). The system shall provide alert and report mechanisms to
                                                 system administrators to act on flagged files.




           Enterprise NetOps Planning Division
           ESTA-OSC I-ENPD
           2133 Cushing St.
           Ft. Huachuca, AZ
           85613-7070
           Compliance.Team@conus.army.mil                                                                                                                                               10                                                                                                         6/25/2011
                                                                        FUNCTIONAL REQUIREMENTS                                                                                                                                                         PRODUCT COMPLIANCE
                                                                                                                                                                                                           MET   SUPPORTING DOCUMENTATION TO INCLUDE:                        NOT-MET




                                                                                                                                                                                                PR
                                                                                                                                                                                                 RI
             FUNCTION                                                SYSTEM DESCRIPTION                                                            JUSTIFICATION                                                                                             DESCRIPTION               COMMENTS




                                                                                                                                                                                                  IO
                                                                                                                                                                                                                   URL, NAME OF SOURCE DOCUMENT AND




                                                                                                                                                                                                    RI
                                                                                                                                                                                                    RI
                                                                                                                                                                                                           √                                                                   √
                                                                                                                                                                                                                              PAGE NUMBER




                                                                                                                                                                                                      TY
                                                                                                                                                                                                       Y
Reset Administrator Account Parameters          The system shall establish the capabilities expected from a Manager to reset This is to provide the ability to lock accounts and unlock
                                                Administrator Account/Group parameters of an application. A reset is the         administrative accounts allowing for the securing of the
                                                ability to lock or unlock, make active or disable, or change any of the settings LandWarNet.                                                       2
                                                of an account.

Schedule Event Collection                       The system should schedule the collection (polling) of agents/clients for        N/A
                                                event logs.                                                                                                                                        3

Schedule Scans                                  The system shall enable administrators to schedule partial and full scans on     This is needed to enable administrators to support the
                                                protected/managed general purpose computing platforms. It shall support          LandWarNet's defense-in-depth by enforcing periodic scans,
                                                scheduling partial scans of specific files, folders, systems, and/or asset       while conducting them at non-peak hours for minimal
                                                groups - as well as full scans of designated assets/asset groups.                disruption to the scanned devices, services, and users.
                                                                                                                                 Partial scans enables tailoring the scans for specific            2
                                                                                                                                 threats/vulnerabilities - or recurring problem'
                                                                                                                                 users/applications - speeding overall scan times and
                                                                                                                                 speeding corrective actions.

Schedule Software/Firmware Distribution         The system should allow an administrator to define a schedule for the             N/A
                                                distribution of software (i.e., applications, patches, signatures, remediation's)
                                                to managed assets (e.g., sensors, agents, applications, devices, etc.).                                                                            3


Schedule Software/ Firmware Inventory           The system should define a schedule for the collection of software/firmware      N/A
Collection                                      inventory information from devices, agent, adapter, or sensors.                                                                                    3

Schedule Synchronization With                   The system should schedule synchronization of manager's software and files N/A
Authoritative Source                            with an authoritative source.                                                                                                                      3

Schedule the Production of Reports              The system should support the ability schedule the production of reports.        N/A
                                                Scheduling will allow for monthly, daily, and hourly configuration such that
                                                                                                                                                                                                   3
                                                reports can be run automatically.

Send Incident/Problem Data                      The system shall transmit Incident and Problem data. The system shall,           This is necessary for ensuring that assets in the LandWarNet
                                                upon triggering of operational or security related problems, send or transmit    are operating optimally.
                                                the data (time of event, Internet Protocol address, category of event, etc.)                                                                       1
                                                needed to create a WFR.


Support Multiple Concurrent Administrators The system shall support multiple administrators performing management                This is needed to support the ability for multiple
                                           operations concurrently.                                                              administrators to perform operations concurrently reducing        2
                                                                                                                                 the Total Cost of Ownership (TCO).
Synchronize Signatures with Authoritative       The system shall synchronize the manager's virus/threat                          This is needed to identify intrusions. Updating them is
Source                                          definitions/signatures with an authoritative source such as the anti-virus       necessary in order to ensure assets on the LandWarNet are
                                                                                                                                                                                                   1
                                                vendor or Department of Defense (DoD) server.                                    secure.

Track Logon Attempts                            The system shall detect and log user logon attempts (successful or               This is needed for enforcing AR 25-1 and AR 25-2 security
                                                otherwise). The system shall provide alerts/reports to system administrators     regulations and enforcing secure access controls over the
                                                to act on multiple failed attempts.                                              systems used to secure, operate, and manage the
                                                                                                                                 LandWarNet and its supported Army and Business systems.           1
                                                                                                                                 It also supports post-mortems on IT outages/attacks.


Verify Agent Account Data                       The system shall manage agents to verify user account data, to include           This is a core functionality of the Backup and Recovery
                                                which permissions, assets, services, and applications the user is authorized     system and is needed by administrators to ensure proper
                                                to activate/possess. User account data may be modified and pushed back           usage of the system                                               2
                                                to the platform if necessary using the Manage Agent User Accounts system
                                                function.


10/28/2009




          Enterprise NetOps Planning Division
          ESTA-OSC I-ENPD
          2133 Cushing St.
          Ft. Huachuca, AZ
          85613-7070
          Compliance.Team@conus.army.mil                                                                                                                                           11                                                                                                      6/25/2011
                                                                                                                                          NETCOM/9TH SIGNAL COMMAND (ARMY)
                                                                                                                                    LANDWARNET NETOPS ARCHITECTURE (LNA)
                                                                                                                                                         COMPLIANCE CHECKLIST #2
                                                                    ANTI-VIRUS MANAGEMENT SYSTEM                                                                                                                                                           PRODUCT COMPLIANCE
                                                               INTERACTION WITH OTHER LNA CAPABILITIES                                                                                                                                                  TO BE COMPLETED BY VENDOR
                                                                                                                                                                                                                                      SUPPORTING DOCUMENTATION
                                                                                                                                                                                                                     COMPLIANCE   TO INCLUDE: URL, SOURCE DOCUMENT
                     FROM                           TO                     DATA FLOW TEXT DESCRIPTION                                                DATA ELEMENT DEFINITION                                           YES/NO           NAME AND PAGE NUMBERS
                                                                                                                                                                                                                                                                     DESCRIPTION    COMMENTS

       Anti-Virus Management System   Anti-Virus Management System      Contains Update data sent from the External Source to      Update: This generic data exchange is used to send an update to an a
       External Support Site                                            the Anti-virus Management System.                          LandWarNet Network Operations Architecture (LNA) management system
                                                                                                                                   from its respective external authoritative support site. For example, the Anti-
                                                                                                                                   Virus system receiving an updated list of virus signatures or the Internet
                                                                                                                                   Protocol (IP) Network Management system requesting an update to the
                                                                                                                                   known device catalog.
       Anti-Virus Management System   Anti-Virus Management System      Request for the data, files, updates etc. from an external Request Update: This generic data exchange is used to request an update
                                      External Support Site             authoritative source that are necessary to update the Anti- from a LNA management system to its respective external authoritative
                                                                        Virus Management System.                                    support site. For example, the Anti-Virus system requesting an updated list
                                                                                                                                    of virus signatures or the IP Network Management system requesting an
                                                                                                                                    update to the known device catalog.

       Anti-Virus Management System   Configuration Management          Contains Anti-Virus Event Reporting, Inventory and         Address: Address that this protocol end point represents, for example,
                                      Database/Service Support          configuration data that is passed from the Anti-Virus      171.79.6.40 or FE:ED:FE:ED:00:11. The address format, such as IP,
                                                                        Management System to the Configuration Management          Internetwork Packet Exchange, or Ethernet, depends on the Protocol Type
                                                                        Database/Service Support System                            value. It can be further refined in subclasses.
                                                                                                                                   Alerting Managed Element: Name of the alerting computer as known by
                                                                                                                                   the management system.

                                                                                                                                   Configuration: Contains all the information on how an asset (CI) is
                                                                                                                                   presently configured (e.g., parameter settings, ports & protocols enabled,
                                                                                                                                   filters set, version of IOS/firmware, etc.).
                                                                                                                                   Description: Textual description of the instance.

                                                                                                                                   Event Time: Date and time of the event or occurrence within the
                                                                                                                                   LandWarNet.
                                                                                                                                   Host Name: Contains alphanumeric data reflecting the name of
                                                                                                                                   LandWarNet Asset.
                                                                                                                                   Inventory: Contains the full descriptive inventory of managed assets - to
                                                                                                                                   include all known/discoverable metadata about the asset.
                                                                                                                                   Submitter: Unique account identifier of the user that created the instance.
                                                                                                                                   This attribute is automatically populated and can be an actual individual or a
                                                                                                                                   system that auto-generated instance.
                                                                                                                                   System Type: Type of computer system. If the computer is Windows-
                                                                                                                                   based, this attribute must have a value. Values are:
                                                                                                                                   X86-based Personal Computer (PC)
                                                                                                                                   Millions of Instructions Per Second (MIPS) -based PC
                                                                                                                                   Alpha-based PC
                                                                                                                                   Power PC
                                                                                                                                   SH-x PC
                                                                                                                                   StrongARM PC
                                                                                                                                   64-bit Intel PC
                                                                                                                                   64-bit Alpha PC
                                                                                                                                   Unknown (default)
                                                                                                                                   X86-Nec98 PC
       Anti-Virus Management System   Network Access Control            Contains messages from the Anti-Virus Management           Last Scan Date: Attribute used by applications to specify the last date and
                                                                        System about the latest scans being conducted by that      time the instance was scanned.
                                                                        system. This will enable the Network Access Control to
                                                                        verify how recently the latest virus-scan was run on the
                                                                        endpoints.
       Anti-Virus Management System   Security Information Management   Contains Security related data sent from the Anti-Virus    Security Event Data: This is a report of one or more security events
                                      System                            Management system to the SIMS.                             detected by a managed object or NetOps management system. It includes
                                                                                                                                   all pertinent data about the event and/or consolidation of multiple events.




Enterprise NetOps Planning Division
ESTA-OSC I-ENPD
2133 Cushing St.
Ft. Huachuca, AZ 85613-7070
Compliance.Team@conus.army.mil                                                                                                                                              12                                                                                                           6/25/2011
                                                                                                                                                    NETCOM/9th SIGNAL COMMAND (ARMY)
                                                                                                                                                  LANDWARNET NETOPS ARCHITECTURE (LNA)
                                                                                                                                                            ANTI-VIRUS MANAGEMENT SYSTEM


                                                                                                                             TO BE COMPLETED BY ARMY REQUIRING ACTIVITY
                  ARMY PROPONENT                                                   VENDOR                                                  PRODUCT                             COMPLIANCE CHECKLIST SUBMITTED TO NETCOM                                DOES THIS PRODUCT ( VERSION ) HAVE A CERTIFICATE OF NETWORTHINESS (CoN)

ORGANIZATION:                                               COMPANY NAME:                                              NAME:                                                                                                                    YES:                                     CoN DATE:
                                                                                                                                                                            DATE:
                                                                                                                       VERSION:                                                                                                                 NO:                                      DATE REQUEST SUBMITTED:

POINT OF CONTACT:                                           POINT OF CONTACT:
                                                                                                                                                                                                                     INTENDED USE OF THIS PRODUCT

PHONE:                                                      PHONE:


E-MAIL:                                                     E-MAIL:



                                                                                                         TARGETED ECHELON(S) FOR IMPLEMENTATION OF THIS PRODUCT (Please Check ( √ )

    Army Area Processing Center (APC):                                                                                      Army CIO G-6:                                                                                                             Army Computer Emergency Response Team (ACERT) Tactical Operations Center (TOC):


    Army Global Network Operations and Security Center (Army-GNOSC) TOC:                                                    Army Operations Center - Pentagon:                                                                                        Army Service Component Commands:


    Army Strategic Command (ARSTRAT):                                                                                       Battalion (II) S-6:                                                                                                       Battalion (II) Signal Company:


    Battalion Command Assistance Team (BCAT):                                                                               Brigade (X) Combat Team (BCT):                                                                                            Brigade (X) S-6:


    Brigade (X) Signal Company:                                                                                             Communications-Electronics Research Development & Engineering Center (CERDEC):                                            Company Signal Support:


    Corps (XXX) G-6:                                                                                                        Corps (XXX) Signal Company:                                                                                               Department of the Army (DA):


    Division (XXX) G-6:                                                                                                     Division (XX) Signal Company:                                                                                             Expeditionary Signal Battalion (ESB) BATCON:


    Installation, Garrison, Post, Camp, Station NEC (formally DOIM):                                                        NETCOM / 9th Signal Command (Army):                                                                                       NSC Operations Center (OC):


    Regional Computer Emergency Response Team (RCERT):                                                                      Regional Hub Node:                                                                                                        Signal Command (Theater) HQ and CIO:


    Theater Network Operations (NetOps) Center (TNC) - DISA:                                                                Theater Network Operations (NetOps) Control Center (TNCC):                                                                Theater Network Operations and Security Center (TNOSC):


    Theater Tactical Signal Brigade (TTSB):                                                                                 U.S. Army National Guard NOSC:                                                                                            U.S. Strategic Command (STRATCOM):


    Other (Please Identify):




NOTE:
 a) Completed LNA Compliance Checklists and supporting documentation are to be e-mailed to the NETCOM 9th Signal Command, LNA Compliance Team at the following: .- - - - - - - - - - - - - - - -- - - - - - - - - - - - - - - - - - - - - - -   compliance.team@conus.army.mil

 b) These LNA Checklists and supporting documentation will be utilized by the LNA Compliance Team in their assessment of this NetOps products compliance to the Army LNA, prior to a CoN being granted by NETCOM/9th Signal Command.

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:67
posted:6/25/2011
language:English
pages:13