Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out
Get this document free

Instructions_ Manuals_ and Notices - DAU Home Page

VIEWS: 41 PAGES: 144

									                                CHAIRMAN OF THE JOINT
                                   CHIEFS OF STAFF
                                     INSTRUCTION


     J-6                                                            CJCSI 6212.01D
     DISTRIBUTION: A, B, C, J, S                                    14 October 2005
 1
 2   INTEROPERABILITY AND SUPPORTABILITY OF INFORMATION TECHNOLOGY
 3                   AND NATIONAL SECURITY SYSTEMS
 4
 5   References: See Enclosure F.
 6
 7   1. Purpose. This instruction:
 8
 9       a. Establishes policies and procedures for developing, coordinating,
10   reviewing, and approving Information Technology (IT) and National Security
11   System (NSS) interoperability and supportability (I&S) needs.

12       b. Establishes procedures to perform I&S Certification and J-6 System
13   Validation of Joint Capabilities Integration and Development System (JCIDS)
14   Acquisition Category (ACAT) programs/systems cited in references a and b.

15       c. Establishes procedures to perform I&S Certification and J-6 System
16   Validation of Information Support Plans (ISPs), formerly C4ISPs, for all non-
17   ACAT and fielded programs/systems (references c and d).

18      d. Defines the four elements of the Net-Ready Key Performance Parameter
19   (NR-KPP).

20      e. Provides guidance for NR-KPP development and assessment.

21       f. Establishes procedures for Joint Interoperability Test Command (JITC)
22   Joint Interoperability Test Certification.
23
24   2. Cancellation. CJCSI 6212.01C, 20 November 2003, "Interoperability and
25   Supportability of Information Technology and National Security Systems" is
26   canceled.
27
28   3. Applicability. This instruction applies to:
29
                                                                      CJCSI 6212.01D
                                                                      14 October 2005
 1       a. The Joint Staff, Services, Combatant Commands, Defense Agencies and
 2   joint and combined activities. This instruction also applies to other agencies
 3   preparing and submitting JCIDS documents in accordance with references a
 4   and b.

 5      b. All IT and NSS (systems or services) acquired, procured or operated by
 6   any component of the Department of Defense, to include:

 7           (1) All ACAT programs, non-ACAT activities and procurements, and
 8   fielded systems. ACAT programs include all DOD 5000-Series (references e and
 9   f) IT and NSS acquisition systems. Non-ACAT activities and procurements
10   include all defense technology IT and NSS projects, IT and NSS pre-acquisition
11   demonstrations (e.g., Advanced Concept Technology Demonstrations (ACTD),
12   Advanced Technology Demonstrations (ATD), and Coalition Warrior
13   Interoperability Demonstrations (CWID) when selected for acquisition or
14   procurement, joint experimentations, Joint Tests and Evaluations (JTE); non-
15   DOD 5000 Series IT and NSS acquisitions or procurements (e.g., the
16   Combatant Commander Command and Control Initiative Program (C2IP),
17   Combatant Commander Initiatives Fund (CCIF), Combatant Commander Field
18   Assessments, Military Exploitation of Reconnaissance and Technology
19   Programs, and Tactical Exploitation of National Capabilities Programs); and
20   post-acquisition (fielded) IT and NSS systems.

21           (2) All inter- and intra- component IT and NSS that exchange and use
22   information to enable units or forces to operate effectively in joint, combined,
23   coalition, and interagency operations.

24            (3) All IT and NSS acquired, procured, or operated by DOD intelligence
25   agencies, DOD Component intelligence elements, and other DOD intelligence
26   activities engaged in direct support of DOD missions. This instruction
27   recognizes that special measures may be required for protection and/or
28   handling of foreign intelligence or counterintelligence information, or other
29   need-to-know information. Accordingly, implementation of this instruction
30   must be tailored to comply with Director of National Intelligence (DNI)
31   directives and intelligence community policies.

32          (4) All DOD IT and NSS external information exchange interfaces with
33   other US government departments and agencies, combined and coalition
34   partners, and multinational alliances (e.g., North Atlantic Treaty Organization).

35         (5) All DOD Component IT and NSS supporting business areas and
36   domains within the DOD.

37      c. Any organization that supports the J-6 in its role to perform I&S
38   Certification and System Validation of IT and NSS.

39


                                             2
                                                                     CJCSI 6212.01D
                                                                     14 October 2005
 1   4. Policy. It is Joint Staff policy to develop, acquire, and deploy IT and NSS
 2   that (1) meet the essential operational needs of US forces; (2) are interoperable
 3   with existing and proposed IT and NSS; (3) are supportable over the existing
 4   and planned global information grid; (4) are interoperable with allies and
 5   coalition partners; (5) are net-ready; and (6) allow US forces to protect mission
 6   essential data; detect and respond to network intrusion/system compromise;
 7   and restore mission essential data.
 8
 9       a. All IT and NSS and major modifications to existing IT and NSS will be
10   compliant with DOD regulations and policies contained in references c through
11   i. The NR-KPP is a mandatory element of Capability Development Documents
12   (CDDs), Capability Production Documents (CPDs) and Information Support
13   Plans (ISPs). Establishing and maintaining interoperability and supportability
14   in a DOD system is a continuous process that must be managed throughout
15   the lifecycle of the system.

16       b. Interoperability and Supportability Certification shall be accomplished
17   through an assessment of adherence to the NR-KPP; and other applicable IT
18   and NSS specific policies/guidance to include Spectrum Supportability
19   (references i.through k) and Selective Availability Anti-Spoofing Module
20   (SAASM) (reference l) compliance.

21       c. An NR-KPP, consisting of verifiable performance measures and metrics,
22   shall be used to assess information needs, information timeliness, information
23   assurance, and net-ready attributes required for both the technical exchange of
24   information and the end-to-end operational effectiveness of that exchange.

25       d. The four NR-KPP elements include: compliance with the Net-Centric
26   Operations and Warfare (NCOW) Reference Model (RM) (reference m),
27   supporting integrated architecture products (references n and o) required to
28   assess information exchange and use for a given capability, compliance with
29   applicable Global Information Grid (GIG) Key Interface Profiles (KIPs),
30   verification of compliance with DOD information assurance requirements
31   (references p through u).

32       e. The Joint Staff Interoperability and Supportability (I&S) Certification
33   process is an integral part of the JCIDS process. I&S Certifications granted
34   under the former requirements generation system remain valid; however, all
35   capabilities documents supporting a Milestone B or Milestone C decision will
36   include the NR-KPP elements applicable to the program. See National Security
37   Space Acquisition Policy 03-01 (reference v), for space program key decision
38   points (KDPs).

39       f. Secret and below ISPs shall be submitted to the OSD ISP (C4ISP)
40   Assessment Tool for review via the Secret Internet Protocol Router Network
41   (SIPRNET) Joint C4I Program Assessment Tool-Empowered (JCPAT-E) (URL:


                                             3
                                                                     CJCSI 6212.01D
                                                                     14 October 2005
 1   https://jcpat.ncr.disa.smil.mil) or Non-secure Internet Protocol Router Network
 2   (NIPRNET) JCPAT-E (URL: https://jcpat.ncr.disa.mil). TS and/or SCI ISPs will
 3   be posted on the Joint World Wide Intelligence Communications System
 4   (JWICS) by the sponsoring entity. SCI and SAP document submissions parallel
 5   the KM/DS process – specific submission instructions can be obtained from J-
 6   8. DODI 4630.8 provides specific ISP preparation, review procedures, formats
 7   and timelines.

 8      g. Interoperability and Supportability of IT and NSS.

 9          (1) Interoperability and Supportability of IT and NSS capabilities for
10   ACAT programs will be determined during the JCIDS process (references a
11   through d, f, g and this instruction) and will be updated as necessary
12   throughout the acquisition process, deployment and operational life of a
13   system.

14            (2) I&S of IT and NSS capabilities for non-ACAT and fielded systems will
15   be determined by the approving authority IAW references c, d, f, h and this
16   instruction and will be updated as necessary throughout the acquisition
17   period, deployment, and operational life of a system. J-6 provides the NR-KPP
18   certification for these programs/systems.

19          (3) The Joint Interoperability Test Certification provided by JITC is
20   provided upon completion of testing to the NR-KPP and is valid for three years
21   from the date of the certification.

22         (4) J-6 assessment is an assessment of the ICD integrated architecture
23   products provided to the sponsor via the J-8.

24          (5) J-6 System Validation is entered in the validation block on the
25   JCPAT-E upon completion of both the I&S Certification and the Joint
26   Interoperability Test Certification provided by JITC. The Validation is valid for
27   three-years from the date of the Test Certification or when subsequent program
28   modifications change the NR-KPP. Contact the J-6 and the JITC to discuss
29   changes.

30




                                             4
                                                                                                              CJCSI 6212.01D
                                                                                                              14 October 2005
 1           (6) Table 1 summarizes the I&S Certification and J-6 System Validation
 2   of IT and NSS by program category. The entries in the table also include the
 3   reference that contains the detailed procedures.


                                                                                                                        Fielding
                                    IT&NSS Program                          JCD      ICD      CDD        CPD     ISP*** Decision
        JCIDS JPD (ACAT)




                           JROC Interest                                      2       A2       C2        C2       N1      V3

                           Joint Integration                                  2       A2       C2        C2       N1      V3

                           Joint Information*                                 4        4        4         4       N3      V3

                           Independent                                        2       A2       C3        C3       N3      V3

     OSD Special Interest**                                                                                       C3

     Non-ACAT                                                                                                     C3

     Fielded Systems                                                                                              C3
     Requirement                                                          Governing Directive
     C: I&S Certification                                                 1: DOD 4630
     V: J-6 System Validation                                             2: CJCSI 3170 and CJCSI 6212
     N: NR-KPP Certification                                              3: CJCSI 6212
     A: J-6 Assessment                                                    4: JROCM 100-05

     * Joint Information JPD per JROCM 100-05
     **OSD Special Interest per OSD Memorandum
     *** Tailored ISP Contains Fewer Arch Products, but Still
     Requires the Appropriate Certification, Validation or Assessment

                                 Table 1. Interoperability and Supportability Certification and Validation Summary


 4
 5   5. Definitions. See Enclosure GL, Part II.
 6
 7   6. Responsibilities. See Enclosure B.
 8
 9   7. Summary of Changes. This revision:
10
11       a. Reflects a significant change and restructuring to reflect lessons learned
12   from implementation of the NR-KPP.

13               b. Introduces and provides guidance for the Tailored ISP (TISP).

14      c. Provides additional data strategy guidance to evaluate interoperability
15   concerns IAW references w and x.

16       d. Adds the following architecture products: OV-7, SV-2, SV-11 and TV-2
17   to the NR-KPP.


                                                                        5
                                                                       CJCSI 6212.01D
                                                                       14 October 2005
 1       e. Adds the OV-2, OV-4, and OV-5, Activity Model, as mandatory
 2   architecture products in the ICD. This change is implemented to aid systems
 3   designers' and decision makers' interoperability and integration analysis early
 4   in the JCIDS life cycle.

 5      f. Updates policy regarding the Key Interface Profiles.

 6      g. Expands the requirements to support the IA certification and
 7   accreditation (C&A) process and spectrum supportability requirements.

 8      h. Addresses Combatant Command (COCOM), Service, and Agency
 9   (CC/S/As) need for Organization Unique Standards (OUSs) to be identified in
10   JCIDS and ISP documents.

11       i. Deletes requirements associated with the Levels of Information Systems
12   Interoperability (LISI) and Interconnectivity and Interoperability Capability (IIC)
13   Profiles.

14   8. Releasability. This instruction/manual/notice is approved for public
15   release; distribution is unlimited. DOD components (to include the combatant
16   commands), other Federal agencies, and the public may obtain copies of this
17   instruction/ manual/notice through the Internet from the CJCS Directives
18   Home Page--http://www.dtic.mil/cjcs_directives. Copies are also available
19   through the Government Printing Office on the Joint Electronic Library CD-
20   ROM.
21
22   9. Effective Date. XX XXX 2005.
23
24
25
26
27                                           {NAME1}
28                                           {Rank1}
29                                           {Title1}
30
31   Enclosure(s):
32
33      A – Life Cycle Process Overview
34      B – Responsibilities
35      C – Staffing Process and Procedures
36      D – Determining Interoperability, Supportability, and Net-Readiness
37      E – Joint Interoperability Testing and Certification Process
38      F – References
39      GL – Glossary
40




                                              6
                                                                                             CJCSI 6212.01D
                                                                                             14 October 2005
 1                                               DISTRIBUTION
 2
 3   Distribution A, B, C, and J plus the following:
 4
 5
 6                                                                                                        Copies
 7
 8   Secretary of State .......................................................................................... 2
 9   Secretary of Defense...................................................................................... 2
10   Director of National Intelligence .................................................................... 2
11   Under Secretary of Defense for Acquisition, Technology
12    And Logistics ................................................................................... .......... 2
13   Undersecretary of Defense (Comptroller)............................................. .......... 2
14   Under Secretary of Defense for Personnel and Readiness .................... .......... 2
15   Under Secretary of Defense for Policy ................................................. .......... 2
16   Under Secretary of Defense for Intelligence ........................................ .......... 2
17   Assistant Secretary of Defense (Health Affairs).................................... .......... 2
18   Assistant Secretary of Defense (Network & Information
19    Integration)/DOD CIO ..................................................................... .......... 2
20   Director, Program Analysis and Evaluation ........................................ .......... 2
21   Director of Operational Test and Evaluation .................................................. 2
22
23
24




                                                            i
                             CJCSI 6212.01D
                             14 October 2005
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20   (INTENTIONALLY BLANK)
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44




               ii
                                                                        CJCSI 6212.01D
                                                                        14 October 2005
 1
 2
 3                              LIST OF EFFECTIVE PAGES
 4
 5   The following is a list of effective pages for. Use this list to verify the currency
 6   and completeness of the document. An "O" indicates a page in the original
 7   document.
 8
 9
     PAGE                      CHANGE       PAGE                      CHANGE

     1 thru 6                      O        D-1 thru D-24                 O
     i thru viii                   O        D-A-1 thru D-A-6              O
     A-1 thru A-6                  O        D-B-1 thru D-B-6              O
     B-1 thru B-12                 O        D-C-1 thru D-C-18             O
     C-1 thru C-8                  O        E-1 thru E-22                 O
     C-A-1 thru C-A-4              O        F-1 thru F-4                  O
     C-B-1 thru C-B-2              O        GL-1 thru GL-18               O
10




                                               iii
                             CJCSI 6212.01D
                             14 October 2005
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19   (INTENTIONALLY BLANK)
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43




              iv
                                                       CJCSI 6212.01D
                                                       14 October 2005
1
2
3                    RECORD OF CHANGES
4
                                                     Name of Person
    Change No.   Date of Change       Date Entered   Entering Change




5
6
7


                                  v
                             CJCSI 6212.01D
                             14 October 2005
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20   (INTENTIONALLY BLANK)
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44




              vi
                                                                                              CJCSI 6212.01D
                                                                                              14 October 2005
 1
 2
 3                                           TABLE OF CONTENTS
 4                                                                                                              Page
 5   Cover Page .................................................................................................... 1
 6
 7   Table of Contents ........................................................................................... vii
 8
 9   ENCLOSURE A LIFE CYCLE PROCESS OVERVIEW ..................................... A-1
10
11   ENCLOSURE B RESPONSIBILITIES ............................................................. B-1
12
13   ENCLOSURE C PROCESS AND PROCEDURES ............................................ C-1
14
15   ENCLOSURE D DETERMINING INTEROPERABILITY, SUPPORTABILITY AND
16   NET-READINESS ....................................................................................... D-1
17
18   ENCLOSURE E JOINT INTEROPERABILITY TESTING AND CERTIFICATION
19   PROCESS ................................................................................................. E-1
20
21   ENCLOSURE F REFERENCES ..................................................................... F-1
22
23   ENCLOSURE GL GLOSSARY ....................................................................GL-1
24
25   FIGURE                                                                                          Page
26   A-1 DOD Acquisition, JCIDS and I&S Process Relationship ............ ..............A-4
27   A-2 ASD(NII)/DOD CIO ISP Submission Process........................................... A-4
28   C-1 J-6 Critical Comment Resolution Process ................................ ..............C-4
29   C-2 Sample Comments Resolution Matrix for JCIDS Documents ......... .........C-6
30   D-1 NCOW RM Top Level Activity Model Decomposition .................... ..........D-6
31   D-2 Architecture Linkage to NR-KPP Attributes ..........................................D-12
32   D-3 KIP Development Process ....................................................................D-16
33   E-1 Interoperability Test Certification Process .............................................. E-6
34
35   TABLE                                                                                                     Page
36   1-Interoperability and Supportability Certification and Validation
37      Summary .................................................................................................... 5
38   A-1 Interoperability and Supportability Internet Resources........................... A-5
39   C-1 Staffing Timelines .................................................................................. C-4
40   D-1 NR-KPP Products Matrix ....................................................................... D-3
41   D-2 NR-KPP Compliance Statement............................................................. D-4
42   D-3 Architecture Products Descriptions .....................................................D-11
43   D-4 KIP Consumer and Provider Responsibilities ........................................D-14
44   D-A-1 NR-KPP Compliance Statement ...................................................... D-A-2
45   D-A-2 KIP Declaration Table ..................................................................... D-A-6
46   D-C-1 Interoperability and Supportability Assessor’s Checklist................. D-C-1
47
                                                           vii
                             CJCSI 6212.01D
                             14 October 2005
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19   (INTENTIONALLY BLANK)
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42




              viii
                                                                     CJCSI 6212.01D
                                                                     14 October 2005
 1
 2
 3                                    ENCLOSURE A
 4
 5                         LIFE CYCLE PROCESS OVERVIEW
 6
 7
 8   1. This enclosure provides an overview of this instruction and its relationship
 9   to other Joint Staff and DOD policies and processes that require, affect, or
10   contribute to achieving and maintaining interoperability and supportability
11   throughout the lifecycle of DOD IT and NSS systems.

12   2. Relationship between this instruction and related DOD and Joint Staff
13   policies and processes.

14       a. Clinger-Cohen Act. The Information Technology Management Reform
15   Act of 1996 (reference y) as amended by Public Law 105-261 and Public Law
16   107-217, commonly referred to as the Clinger-Cohen Act (CCA), defines IT and
17   NSS, directs the use of integrated architectures, and directs interoperability of
18   IT and NSS.

19        b. E-Government Act (Public Law 107-347), Title III, Federal Information
20   Security Management Act of 2002 (reference z) requires Federal agencies to
21   (i.e., DOD and its components) develop, document, and implement an agency-
22   wide information security program to provide information security for the
23   information and information systems that support the operations and assets of
24   the agency, including those provided or managed by another agency,
25   contractor, or other source and; ensure that information security is addressed
26   throughout the life cycle of each agency information system.

27       c. DOD 5000 Series, National Security Space Acquisition Policy 03-01, and
28   Defense Acquisition Guidebook. DODD 5000.1 prescribes DOD Policy for the
29   Defense Acquisition System. DODI 5000.2 provides instructions for acquisition
30   of non-space systems and National Security Space Acquisition Policy 03-01
31   provides additional policy and instructions for acquisition of space systems.
32   Moreover, the Defense Acquisition Guidebook (reference aa) and the Defense
33   Acquisition University (DAU) is a primary source of acquisition guidance.
34   CJCSI 6212.01 supports these acquisition policy and instruction documents by
35   providing I&S Certification at key milestones through its interface with the
36   JCIDS (references a and b) and the JCPAT-E.

37       d. DOD 4630 Series. The DOD 4630 Series publications prescribe policy
38   for establishing and maintaining interoperability and supportability for all IT
39   and NSS throughout their lifecycle. DODI 4630.8, ―Procedures for




                                            A-1                           Enclosure A
                                                                      CJCSI 6212.01D
                                                                      14 October 2005
 1   Interoperability and Supportability of Information Technology (IT) and National
 2   Security Systems (NSS)‖ introduces and establishes the requirement for an
 3   Information Support Plan (ISP) for all Acquisition Category (ACAT), non-ACAT,
 4   and fielded systems, and that the ISP be maintained and updated over the
 5   lifecycle of all IT and NSS systems. CJCSI 6212 implements the DOD 4630
 6   policy to ensure all non-ACAT, ACAT, and fielded systems are interoperable
 7   and supportable throughout their lifecycle.

 8          (1) For ACAT programs, the ISP should be developed in conjunction with
 9   the associated Joint Capabilities Integration and Development System (JCIDS)
10   documentation and results of the ISP analysis included in the appropriate
11   supportability sections of the Capability Development Document (CDD) and
12   Capability Production Document (CPD) (see CJCS 3170 Series paragraph).

13           (2) For non-ACAT and fielded systems, including pre-acquisition
14   demonstrations described in references c and d, the J-6 will provide
15   interoperability and supportability certification based on the NR-KPP within the
16   ISP as ready to support JITC Interoperability and Standards conformance
17   testing.

18       e. CJCS 3170 Series. The CJCS 3170 Series (CJCSI 3170.01E, ―Joint
19   Capabilities Integration and Development System‖ and CJCSM 3170.01B)
20   prescribe policy and procedures for the Joint Capabilities Integration and
21   Development System (JCIDS). The JCIDS supports the Chairman of the Joint
22   Chiefs of Staff (CJCS) and the Joint Requirements Oversight Council (JROC) in
23   identifying, assessing and prioritizing joint military capability needs. The
24   JCIDS provides the Chairman’s advice and assessment for acquisition
25   programs in support of the Defense Acquisition Process. CJCSI 6212 details
26   how the J-6 performs review, certification, and validation of interoperability
27   and supportability of JCIDS documents for acquisition programs supporting
28   milestone decisions (ICD/CDD/CPD) and other programs as
29   required/requested through the JCIDS process.

30       f. DODD 8320.2, Data Sharing in a Net-Centric Department of Defense.
31   Establishes policies and responsibilities for implementing data sharing within
32   the GIG. Included in this policy is that data shall be visible, accessible, and
33   understandable. Data assets will be tagged, discoverable, searchable and
34   retrievable using DOD-wide capabilities. This instruction outlines the policy
35   for data sharing as part of the Interoperability and Supportability Certification.

36       g. DOD and Joint Staff Information Assurance (IA) Policies (references p
37   through s, u and bb through dd; references ee and ff for SCI and Special
38   Access Programs). Information Assurance is one of the four NR-KPP elements.
39   Like the 4630 Series, IA policies and processes apply to the entire lifecycle of IT
40   and NSS. CJCSI 6212.01 does not duplicate existing IA policies and processes;
41   rather it synchronizes IA efforts with the verification of interoperability and

                                            A-2                            Enclosure A
                                                                      CJCSI 6212.01D
                                                                      14 October 2005
 1   supportability of IT and NSS over the lifecycle and is consistent with DOD
 2   critical infrastructure policies. All other IA policies and procedures such as
 3   DITSCAP accreditations are prerequisites for J-6 I&S Certification.

 4       h. DODD 4650.1, ―Policy for Management and Use of the Electromagnetic
 5   Spectrum‖ (reference j) and the National Telecommunications and Information
 6   Administration (NTIA) ―Manual of Regulations and Procedures for Federal Radio
 7   Frequency Management‖ (reference k). Spectrum supportability is an
 8   assessment as to whether the electromagnetic spectrum necessary to support
 9   the operations of a spectrum-dependent equipment or system is, or will be,
10   available. The spectrum supportability assessment requires, at a minimum,
11   receipt of equipment spectrum certification, reasonable assurance of the
12   availability of sufficient frequencies for operation from Host Nations, and a
13   consideration of electromagnetic compatibility aspects. Policy requires that the
14   DOD Components developing or acquiring spectrum-dependent equipment or
15   systems take certain actions to obtain spectrum supportability. For spectrum-
16   dependent equipment or systems being developed, efforts to obtain spectrum
17   supportability shall be initiated as early as possible during the concept and/or
18   technology development phase and that no spectrum-dependent off-the-shelf or
19   other non-developmental system shall be purchased or procured without a
20   spectrum supportability determination. Requests for spectrum supportability
21   assessments shall include identification of those Host Nations into which
22   deployment is likely or planned. A spectrum supportability determination
23   must be obtained prior to a Milestone B decision for ACAT programs. For non-
24   ACAT systems, a spectrum supportability determination must be completed
25   prior to fielding. This instruction outlines the policy for spectrum
26   supportability as part of the Interoperability and Supportability Certification.

27        i. DODD 3222.3, ―Department of Defense Electromagnetic Environmental
28   Effects (E3) Program‖ (reference i). This directive provides policies and
29   responsibilities to ensure mutual EMC and effective E3 control among ground,
30   air, sea, and space-based systems, subsystems, and equipment, including
31   ordnance. The directive requires E3 control requirements to be defined early
32   during the concept and technology development phase and included in the
33   pertinent acquisition documentation (such as the CDD, CPD, ISP, TEMP, SOW,
34   and contract specification) and verified throughout the acquisition process.

35       j. DOD IT and NSS Specific Policies. CJCSI 6212.01 includes, in the I&S
36   Certification processes, a review of compliance with DOD IT and NSS related
37   policies (i.e. JTRS/radio acquisition policy (reference gg), SAASM (reference l),
38   etc.) (See Enclosure D).

39




                                            A-3                            Enclosure A
                                                                                                                                                                                                                                 4
                                                                                                                                                                                                                                     3
                                                                                                                                                                                                                                     2
                                                                                                                                                                                                                                     1




                                                                                                                                         Interoperability & Supportability                CJCSI 3170             DoDI 5000
                                                                                                                                             Certification and Testing                     Analysis
                                                                                                                                                     DOD 4630
                                                                                                                                                    CJCSI 6212




                                                                                                                                                                                                  ICD




                                                                                                                                                                                  JROC
                                                                                                                                                                                                                          MS-A




                                                                                                                                                                                                           DAB




                                                                                                                                         Initial Information Support Plan (ISP)
                                                                                                                                                                                                 CDD



                                                                                                                                                 J-6 I&S Certification
                                                                                                                                                                                  JROC
                                                                                                                                                       Test and Evaluation
                                                                                                                                                       Master Plan (TEMP)

                                                                                                                                                            DOT&E Review




A-4
                                                                                                                                                                                                           DAB
                                                                                                                                                                                                                          MS-B




                                                                                               Relationships
                                                                                                                                                                                         REFINE ANALYSIS
                                                                                                                                                      Revised ISP
                                                                                                                                                                                                                                     Figure A-2 illustrates the ISP process alignment.




                                                                                                                                                                                                  CPD




                                                                                                                                              J-6 interoperability and
                                                                                                                                             Supportability Certification
                                                                                                                                                                                  JROC




                                                                                                                                                    ISP of Record
                                                                                                                                                                                                           DAB
                                                                                                                                                                                                                        MS-C
                                                                                                                                                                                                                       or LRIP




                                                                                                                                                       Service/Agency
                                                                                                                                                      Operational Testing

                                                                                                                                             IA Accreditation (DITSCAP)




              Figure A-2. ASD/(NII)/DOD CIO ISP Submission Timeline
                                                                                                                                              DISA (JITC) Interoperability
                                                                      Figure A-1. DOD Acquisition, JCIDS and I&S Certification Process



                                                                                                                                                 Certification Testing

                                                                                                                                                              J6 System
                                                                                                                                                              Validation
                                                                                                                                                                                                 IOC
                                                                                                                                                                                                                                        k. Figure A-1 illustrates the general relationship between the DOD
                                                                                                                                                                                                                                     acquisition, JCIDS, and I&S Certification processes and documentation.
                                                                                                                                                                                                                                                                                                              14 October 2005




Enclosure A
                                                                                                                                                                                                                                                                                                              CJCSI 6212.01D
                                                                                      CJCSI 6212.01D
                                                                                      14 October 2005
1       l. The following table lists URLs for Interoperability and Supportability
2   Internet resources:

3        NIPR/
         SIPR    Website                                    Topic
         N       http://akss.dau.mil/jsp/default.jsp        AT&L Knowledge Sharing System
         N       http://www.dtic.mil/cjcs_directives        CJCS Directives Home Page
         N       http://akss.dau.mil/dag                    Defense Acquisition Guide Book
         N       https://disronline.disa.mil                DISRonline (NIPRNET)
         S                                                  DISRonline (SIPRNET) (Also resides on
                 http://disronline.disa.smil.mil/a/DISR     JWICS)
         N       http://www.defenselink.mil/nii/doc/DoDA DOD Architecture Framework Volume I:
                 F_v1_Volume_I.pdf                          Definitions and Guidelines
         N       http://www.defenselink.mil/nii/doc/DoDA DOD Architecture Framework Volume II:
                 F_v1_Volume_II.pdf                         Product Descriptions
         N                                                  DOD Architecture Repository System
                 https://dars1.army.mil                     (DARS)
         N       https://gesportal.dod.mil/sites/COIdirect
                 ory                                        DOD COI Directory/Guidance
         N       http://diides.ncr.disa.mil/mdreg/user/DD
                 MS.cfm or
                 http://diides.ncr.disa.mil/mdreg/uploads/ DOD Discovery Metadata Specifications
                 DDMS_v1_006.doc                            (DDMS)/DOD Metadata Registry
         N       https://disain.disa.mil/ncow.html          DOD Global Information Grid Architectures
         N       https://www.itdb.it is.osd.mil             DOD IT Registry
         N       http://www.defenselink.mil/nii/doc/        DOD Net-Centric Data Strategy
         N       http://gesnew.dod.mil/obtainPKI.html       DOD PKI Client Certificate Assistance
         N       http://www.defenselink.mil/nii/doc/DoDA
                 F_v1_Volume_Deskbook.pdf                   DODAF Deskbook
         N/S      Select ISP(C4ISP) Assessment Tool         ISP (C4ISP) Assessment Tool on JCPAT-
                 from JCPAT-E Link (NIPR or SIPR)           E
         N       https://jcpat.ncr.disa.mil                 JCPAT-E (NIPRNET)
         S       https://jcpat.ncr.disa.smil.mil            JCPAT-E (SIPRNET)
         N       http://jitc.fhu.disa.mil                   JITC Public Web Site/MCEB Pub 1
         N       https://stp.fhu.disa.mil                   JITC System Tracking Program
         N       http://www.dsc.osd.mil                     Joint C4ISR Decision Support Center
         N                                                  Joint Capability Development Resources
                 http://www.teao.saic.com/jfcom             and Training Materials
         N       http://kips.disa.mil                       KIPS
         S       https://siprweb1.js.smi.mil/pls/jrcz       KM/DS
         N                                                  NII Document Archives (DOD 8320
                 http://www.defenselink.mil/nii/doc         guidance)
         S       https://jcpat.ncr.disa.smil.mil/jecoweb.ns
                 f/c4isp?openpage                           OSD Special Interest
         N       www.jitc.fhu.disa.mil/itp/isp_info.html    TISP Process

                       Table A-1. Interoperability and Supportability Internet Resources




                                                       A-5                                  Enclosure A
                                                                     CJCSI 6212.01D
                                                                     14 October 2005
 1   3. Organization of remaining enclosures:

 2       a. Enclosure B. Responsibilities. This enclosure outlines the stakeholder
 3   responsibilities in the interoperability and supportability policy and processes
 4   described within this instruction.

 5      b. Enclosure C. Process and Procedures. This enclosure describes, in
 6   more detail, the processes for submission of documentation for interoperability
 7   and supportability review and certification/validation for all ACAT, non-ACAT
 8   and fielded IT and NSS. The appendices include the ISP(C4ISP) Assessment
 9   Tool and more detailed information on the Tailored ISP.

10       c. Enclosure D. Determining Interoperability, Supportability and Net
11   Readiness. This enclosure describes the technical aspect of determining
12   interoperability and supportability, including the NR-KPP, spectrum
13   supportability, and compliance with DOD IT and NSS specific policies. It also
14   includes an NR-KPP format, guidance on creating the TV-1 and TV-2, and an
15   I&S Certification Assessor’s Checklist.

16       a. Enclosure E. Joint Interoperability Test Certification Process. This
17   enclosure details the policy and processes for joint interoperability test
18   certification of IT and NSS over the lifecycle.




                                            A-6                           Enclosure A
                                                                   CJCSI 6212.01D
                                                                   14 October 2005
 1

 2                                     ENCLOSURE B
 3
 4                                    RESPONSIBILITIES
 5
 6
 7   1. The Joint Staff, J-6, will:

 8     a. Perform IT and NSS Interoperability and Supportability Certifications
 9   and Validations IAW Table 1.

10          (1) Submit I&S Certifications to the KM/DS for all CDDs and CPDs IAW
11   references a and b.

12         (2) Provide an NR-KPP Certification to ASD(NII)/DOD CIO for ACAT I
13   programs and programs designated as OSD Special Interest by ASD(NII)/DOD
14   CIO IAW references c and d.

15         (3) Provide I&S Certification for Non-ACAT and fielded systems to the
16   sponsoring DOD component.

17           (4) Validate system I&S by posting the J-6 System Validation
18   information in the JCPAT-E after the completion of the I&S Certification and
19   Joint Interoperability Test Certification.

20      b. Via the NC FCB, attend all Joint Capability Boards and Joint
21   Requirement Oversight Council meetings to provide Interoperability
22   Certification results.

23      c. Coordinate IT and NSS interoperability and supportability policies,
24   procedures and programs with CC/S/As.

25      d. Conduct MCEB Pub 1 responsibilities (references hh and ii).

26      e. Designate a POC to act as executive agent of the Joint C4I Program
27   Assessment Tool-Empowered (JCPAT-E) (see Appendix B to Enclosure D).

28      f. Ensure that USD (AT&L), ASD (NII)/DOD CIO, and other DOD
29   Components have the earliest opportunity to participate in or review JCIDS
30   documents and ISPs for Interoperability and Supportability of IT and NSS.

31      g. Review legacy systems for the NR-KPP.




                                            B-1                          Enclosure B
                                                                     CJCSI 6212.01D
                                                                     14 October 2005
 1   2. Joint Staff, J-2, will:

 2      a. Establish access to the Joint C4I Program Assessment Tool-Empowered
 3   (JCPAT-E) in accordance with Appendix B to Enclosure D.

 4      b. IAW reference jj, conduct the Intelligence Certification of JCIDS
 5   documents in a process that is separate, but related to the JCPAT-E process,
 6   that examines intelligence support needs for completeness, supportability, and
 7   impact on joint intelligence planning. This certification also considers the
 8   sufficiency of horizontal integration in accordance with reference kk.

 9     c. Coordination and combined testing with DISA (JITC) is encouraged to
10   support intelligence certification tests that overlap.

11   3. Joint Staff, J-4, will: Establish access to the Joint C4I Program Assessment
12   Tool-Empowered (JCPAT-E) in accordance with Appendix B to Enclosure D.

13   4. Combatant commanders will:

14      a. Review and comment on relevant programs during the J-6
15   interoperability and supportability certification process.

16      b. Establish access to the Joint C4I Program Assessment Tool-Empowered
17   (JCPAT-E) in accordance with Appendix B to Enclosure D.

18      c. Participate in or support, as appropriate, IT and NSS joint
19   interoperability testing programs (of those which the COCOM has Title 10
20   Authority) by planning, programming, budgeting, executing and providing
21   resources IAW agreed-to schedules and test plans. Required interoperability
22   testing and certification will have some impact on schedules and costs of
23   programs. These cost and schedule impacts shall be added to the Program
24   Objective Memorandum (POM) and project cost estimates.

25       d. In coordination with DISA (JITC), develop joint interoperability test and
26   evaluation criteria and/or measures of requirements for inclusion in system
27   acquisition documents, Test and Evaluation Master Plans (TEMP) (Enclosure
28   E), and other test plan submissions.

29      e. Provide input for the Interoperability Watch List based on the
30   observations of the Executive Agent (EA) staff and the Theater Joint Tactical
31   Networks Configuration Control Board (TJTN-CCB) during reviews of the
32   proposed acquisition of systems that must interoperate within the Operational
33   Area Network (OAN) and by monitoring fielded-system and software
34   modifications during the exercise of their configuration-management function.

35      f.   Participate, as appropriate, in the MCEB.


                                            B-2                           Enclosure B
                                                                    CJCSI 6212.01D
                                                                    14 October 2005
 1   5. US Joint Forces Command (USJFCOM) as the DOD joint force integrator
 2   will:

 3       a. Provide IT and NSS interoperability and supportability review comments
 4   to the Joint Staff J-6 from the warfighter’s perspective.

 5       b. Request interoperability demonstrations of selected programs, using the
 6   Joint Systems Integration Command (JSIC). These demonstrations do not
 7   replace the JITC system interoperability test certification. Demonstration
 8   results could be used or provided to JITC to support the Joint Interoperability
 9   Test Certification requirements.

10       c. Review ICDs, CDDs, CPDs and ISPs. It may also use Executive Agent for
11   Theater Joint Tactical Networks (EA-TJTN) venues (Joint On-Demand
12   Interoperability Network (JOIN), Joint Users' Interoperability Communications
13   Exercise (JUICE)), and DOD Interoperability Communications Exercise (DICE)
14   for system or program interoperability assessments. Selection of the program
15   or system may be made by the Joint Battle Management Command and
16   Control Board of Directors. This does not replace the JITC issued joint
17   interoperability test certification. However, JITC as the Joint interoperability
18   test certifier may elect to use demonstration results to issue the Joint
19   Interoperability Test Certification.

20   6. US Strategic Command (USSTRATCOM) will:

21      a. Review programs which will/may interface with national C2
22   architecture.

23      b. Review any programs planned to support global strike (kinetic--both
24   nuclear and non-nuclear—and non-kinetic), missile defense, intelligence,
25   surveillance and reconnaissance, information operations, and space
26   operations.

27       c. As the Joint Task Force for Global Network Operations (JTF-GNO),
28   assist DISA and NSA review and define information assurance standards.

29      d. Establish access to the Joint C4I Program Assessment Tool-Empowered
30   (JCPAT-E) in accordance with Appendix B to Enclosure C.

31   7. Military Services, Defense Agencies and US Special Operations Command
32   (USSOCOM) will:

33      a. Establish access to the Joint C4I Program Assessment Tool-Empowered
34   (JCPAT-E) in accordance with Appendix B to Enclosure D.




                                           B-3                          Enclosure B
                                                                     CJCSI 6212.01D
                                                                     14 October 2005
 1      b. Document interoperability and supportability needs by developing JCIDS
 2   documentation, including documentation supporting the achievement of the
 3   NR-KPP as specified in this instruction.

 4       c. Establish access to the DOD Architecture Repository System (DARS) to
 5   allow uploading and analysis of mandatory integrated architecture products
 6   and to assist in verification of NR-KPP compliance.

 7     d. Identify all Service or Agency systems that require external joint and
 8   combined interfaces with other Service or agency programs and systems.

 9      e. Ensure the CDD and CPD NR-KPPs along with other KPPs are used to
10   develop and refine the ISP and the Test and Evaluation Master Plan (TEMP).
11   Further, critical technical and operational issues developed during the
12   CDD/CPD development shall be included in the ISP analysis and defined in the
13   issues Chapter of the ISP as well as considered in the TEMP.

14       f. Ensure the Program Manager’s design includes all user required external
15   joint and combined DISR-compliant system interfaces when building new
16   systems or modifying existing ones through coordination with all DOD
17   Components and allies.

18      g. In coordination with DISA (JITC), develop interoperability test and
19   evaluation criteria, measures, and requirements for inclusion in acquisition
20   documents, TEMP, and other test plan submissions. Prior to a fielding
21   decision for all new or modified IT and NSS (regardless of the JPD), the Military
22   Services, Defense Agencies, USSOCOM, and participating test unit
23   coordinators will ensure those systems undergo joint interoperability test and
24   evaluation IAW these criteria. This includes any limited or prototype initial
25   operational capability (IOC) fielding.

26      h. Comply with the requirement for IT and NSS Joint interoperability
27   testing across a system’s life cycle by planning, programming, budgeting,
28   executing and providing resources in accordance with agreed-to schedules and
29   test plans. Required Joint interoperability testing and certification will have
30   some impact on schedules and costs of programs. These cost and schedule
31   impacts shall need to be added to the POM and project cost estimates.

32       i. For DISA (JITC) standards conformance and system interoperability test
33   certification:

34            (a) Coordinate funding with DISA (JITC) prior to the initiation of
35   DISA (JITC) efforts. Once funding is identified, the Program Office will identify
36   this requirement as an integrated facet of the program cost through the
37   Service/agency POM process.



                                            B-4                           Enclosure B
                                                                    CJCSI 6212.01D
                                                                    14 October 2005
 1            (b) Include funding for the Service/Agency Participating Test Unit
 2   Coordinator (PTUC). The PTUC will be the point of contact (POC) for
 3   coordinating funding with DISA (JITC) prior to the initiation of DISA (JITC)
 4   efforts.

 5      j. Ensure a TEMP is approved, prior to Key Decision Point B (KDP-B) for
 6   space systems being acquired under reference v, to ensure the system will
 7   complete interoperability certification testing IAW these criteria. Actual
 8   certification testing may occur after KDP-B and prior to the first launch and/or
 9   prior to declaration of IOC.

10      k. Ensure all IT or NSS systems are compliant with current DOD
11   information assurance directives and policies.

12      l. Provide guidance to acquisition managers to consider certification and
13   accreditation (C&A) requirements early.

14      m. Provide direction to acquisition managers to ensure that all IT and NSS
15   are certified and tested for interoperability IAW Table 1.

16      n. Provide guidance to all program managers and Operational Test Agencies
17   (OTAs) to ensure that information assurance hardware and software
18   capabilities are assessed for and meet interoperability and supportability
19   requirements as established by DODI 8500.2 (reference q) and CJCSI
20   6510.01D (reference ll).

21      o. Plan funding for I&S Re-Certification and Validation.

22      p. Plan funding for NR-KPP incorporation into ISPs.

23   8. Director, Defense Information Systems Agency (DISA) will:

24      a. Participate in the technical assessment of all IT and NSS capability
25   documents or Information Support Plans.

26       b. Exercise DISA’s role as the DOD executive agent for IT standards
27   (reference mm) including integrating the DISR tenets and their supporting
28   infrastructure activities and capabilities.

29      c. Ensure that the system technical standards profiles (TV-1s) conform to
30   DISR standards for interoperability by requiring that standards profiles be
31   generated and published through the use of the DISRonline tool on the
32   SIPRNET.

33      d. Update the DISRonline tool to be CADM conformant.




                                           B-5                           Enclosure B
                                                                     CJCSI 6212.01D
                                                                     14 October 2005
 1      e. Review the technical standards forecast, TV-2, to ensure emerging
 2   relevant technologies have been considered.

 3      f. Review Organization Unique Standards (OUSs) to ensure there is no
 4   conflict with Joint DISR standards and that they are identified for single-
 5   Service use only.

 6     g. Provide an assessment of the suitability of standards identified in IT and
 7   NSS programs submitted under this instruction.

 8      h. Forward standards issues that cannot be resolved to the MCEB.

 9      i. Establish and conduct, in collaboration with other DOD Components,
10   the JITC Joint Interoperability Testing and Certification program for applicable
11   IT and NSS.

12      j. Provide developmental interoperability testing assistance to DOD
13   Components, agencies and system developers to implement solutions and
14   ensure maximum interoperability and minimum duplication.

15      k. Review all available Test and Evaluation Master Plans and provide
16   acquisition managers with recommended interoperability test and evaluation
17   measures; and security certification and accreditation criteria for inclusion in
18   acquisition documents and test plans. Coordinate with National Security
19   Agency (NSA) regarding the inclusion of IA standards.

20     l. Post Joint Interoperability System Test Certification results to the
21   JCPAT-E in support of the J-6 System Validation.

22      m. Provide Interoperability System Test Certification results to the MCEB
23   ITP, post these results in the System Tracking Program (STP) and the JCPAT-E.

24      n. Notify the J-6 NLT 180 days prior to any Test Certification expiration.

25      o. Publish an annual report to the Joint Staff J-6, USD (AT&L), ASD
26   (NII)/DOD CIO, DOT&E, DOD Executive Agent for Space, and USJFCOM,
27   Military Services, and Program Offices containing an executive summary of
28   systems tested for IT and NSS interoperability.

29      p. Provide end-to-end (E2E) systems engineering, planning, and program
30   guidance to identify end to end issues and solutions required by individual
31   acquisition programs and have those solutions specified as part of key
32   interfaces to the enterprise infrastructure (e.g. GIG-BE, Teleport). This system
33   engineering provides the specific design guidance needed to ensure that the
34   independently developed component programs of the GIG work in concert to
35   provide an enterprise information environment.


                                            B-6                           Enclosure B
                                                                      CJCSI 6212.01D
                                                                      14 October 2005
 1      q. Assist NSA/Central Security Service (CSS) in coordinating and defining
 2   tactical signals intelligence (SIGINT) standards and processes and promote
 3   security, integration, interoperability, and data sharing among systems.
 4   Additionally, in coordination with NSA, review and define information
 5   assurance standards.

 6      r. Provide test tools and procedures, and support systems in support of
 7   interoperability and standards conformance testing. Validate test tools and
 8   procedures (including those developed by other organizations) for
 9   interoperability and standards conformance testing.

10     s. Designate a central office to act as system manager of the JCPAT-E (see
11   Appendix B to Enclosure D).

12      t. Establish access to the Joint C4I Program Assessment Tool-Empowered
13   (JCPAT-E) in accordance with Appendix B to Enclosure C.

14      u. Coordinate with the National Security Agency (NSA), for any DOD
15   system that collects, stores, transmits, or processes unclassified or classified
16   information, to ensure information assurance testing considerations are
17   addressed in interoperability testing.

18      v. Establish and maintain an automated process to track IT and NSS joint
19   interoperability test and certification status, document Interim Certificate to
20   Operate (ICTO) information, and track uncertified systems.

21     w. Allocate resources to manage and develop GIG KIPs in support of the
22   ASD(NII)/DOD CIO and the Chairman of the Joint Chiefs of Staff.

23   9. Director, National Security Agency (NSA)/Chief, Central Security Service
24   will:

25      a. Serve as the Community Functional Lead for Cryptology and coordinate
26   with the appropriate DOD Components on matters involving IT and NSS
27   Interoperability and Supportability of Cryptologic systems including US Signals
28   Intelligence Directives (USSIDs).

29      b. Serve as the DOD Lead for approving and enforcing tactical Signals
30   Intelligence (SIGINT) architectures and standards, coordinate with DOD
31   Components and the US Special Operations Command to develop tactical
32   SIGINT architectures and provide standards compliance and interoperability
33   assessment reports to assist Milestone Decision Authorities (MDAs) in
34   acquisition decisions.

35      c. Ensure that industry and non-governmental standards used for SIGINT
36   and SIGINT systems and applications are open-systems based, and conform to
37   DISR tenets for interoperability.

                                            B-7                            Enclosure B
                                                                     CJCSI 6212.01D
                                                                     14 October 2005
 1      d. Ensure that NSA/CSS IT and NSS programs are certified for standards
 2   conformance and IT and NSS interoperability and supportability.

 3       e. Develop policy and procedures for interoperable and supportable IT and
 4   NSS IA and information releasability for joint, combined, and coalition forces
 5   and US Government Departments and Agencies. Ensure that interoperable
 6   and supportable IA products are available for the security of NSS. In
 7   cooperation with DISA, identify, evaluate, and select IA and related standards
 8   for inclusion in the DISR.

 9      f. Establish access to the Joint C4I Program Assessment Tool-Empowered
10   (JCPAT-E) in accordance with Appendix B to Enclosure D.

11     g. Develop, provide and implement IA defense-in-depth solutions and
12   applications to ensure integrity and security of data, capabilities, and systems.

13     h. Ensure interoperability, supportability, and security of NSA/CSS IT and
14   NSS with those systems that provide direct support to the Combatant
15   Commanders.

16      i. Establish and maintain interoperability and supportability requirements
17   within the IA Component of the GIG Architecture, and ensure their satisfaction
18   through design and development of technical, procedural and operational
19   interfaces between IT and NSS.

20      j. Ensure that technical, procedural and operational interfaces are
21   specified and configuration managed in coordination with other DOD
22   Components so that US DOD, non-DOD and coalition
23   Cryptologic/Cryptographic systems can interoperate with DOD IT and NSS.

24   10. Director, National Geospatial-Intelligence Agency (NGA), will:

25      a. Ensure that National System for Geospatial-Intelligence (NSG) standards
26   and specifications established by NGA for geospatial intelligence support the
27   interoperability and supportability of IT and NSS via coordination with the
28   Military Services and other DOD Components, as appropriate.

29      b. Assist DIA in coordinating and defining MASINT and Defense HUMINT
30   standards and processes and promote security, integration, interoperability,
31   and data sharing among systems.

32      c. Prescribe and mandate standards for all geospatial intelligence systems
33   and interfaces, including to the Net-Centric Enterprise Services and their
34   accompanying KIPs.




                                            B-8                           Enclosure B
                                                                   CJCSI 6212.01D
                                                                   14 October 2005
 1      d. Ensure NSG standards and specifications require imagery and
 2   geospatial information to be tagged with metadata containing release or
 3   disclosure decisions.

 4      e. Ensure that commercial and non-governmental standards used for
 5   imagery and geospatial systems and applications are open-systems based and
 6   conform to DISR mandated standards for interoperability across the geospatial
 7   intelligence user community.

 8      f. Establish access to the Joint C4I Program Assessment Tool-Empowered
 9   (JCPAT-E) in accordance with Appendix B to Enclosure C.

10   11. Director, Defense Intelligence Agency (DIA), will:

11      a. Ensure that standards and specifications established for Defense
12   Human Intelligence (HUMINT) support the interoperability and supportability of
13   IT and NSS via coordination with the Military Services and other DOD
14   Components, as appropriate.

15      b. Assist NGA in coordinating and defining geospatial intelligence
16   standards and processes and promote security, integration, interoperability,
17   and data sharing among systems.

18      c. Ensure that standards and specifications established for measurement
19   and signature intelligence (MASINT) under the US MASINT System (USMS)
20   support the interoperability of IT and NSS via coordination with the Military
21   Services and other DOD Components, as appropriate.

22     d. Ensure that commercial and non-governmental standards used for
23   MASINT systems and applications are open-systems based and conform to the
24   GIG and DISR tenets for interoperability.

25   12. Program Managers from combatant commands, Military Services and
26   Defense Agencies, when building new, or modifying existing IT and NSS, will
27   ensure that they are:

28     a. Compliant with the Clinger-Cohen Act of 1996, as amended by Public
29   Law 105-261 and 107-217 (reference y).

30      b. Compliant with the NR-KPP (IAW Enclosure D).

31      c. Compliant with the latest version of applicable standards mandated in
32   the DISR and active OUSs identified in the DISRonline.

33      d. Identifying and including OUSs within the DISRonline and in the IT
34   Standards profile generated and published through the use of DISRonline.


                                            B-9                         Enclosure B
                                                                      CJCSI 6212.01D
                                                                      14 October 2005
 1      e. Compliant with current DOD Information Assurance directives and
 2   policies.

 3     f. Interoperable with other DOD, Joint and Coalition systems, fully
 4   implementing Data Strategy policy, including participating in all applicable
 5   Communities of Interest, within security constraints.

 6      g. Properly evaluated and certified for interoperability by DISA (JITC)
 7   (unless they have obtained an ICTO IAW MCEB Pub 1, as required, until
 8   system joint interoperability test certification is complete).

 9      h. Working with the respective Service Frequency Management Office and
10   by submitting an Application for Equipment Frequency Allocation (DD Form
11   1494) to the Service Frequency Management Office to obtain a spectrum
12   supportability determination for spectrum dependent equipment (reference j).

13   13. Department of the Air Force. As the DOD executive agent for Space, the
14   Under Secretary of the Air Force will review and confirm the sufficiency of NR-
15   KPPs and integrated architecture products for all National Security Space
16   Programs for all ACAT, non-ACAT and fielded systems.

17   14. DOD Executive Agent for Theater Joint Tactical Networks (EA-TJTN) (Army
18   Chief Information Officer (CIO) G6).

19     a. IAW reference nn convene and chair the Theater Joint Tactical Networks
20   Configuration Control Board (TJTN-CCB).

21      b. Provide a venue for the joint communications community to evaluate the
22   interoperability of proposed tactical networked-communications products,
23   making available assessment vehicles and the ability to conduct coordinated
24   laboratory experiments.

25      c. Review and provide recommendations on the release of new software
26   versions and equipment upgrades to systems to ensure that items affecting
27   interoperability attain or maintain their mutually supporting functionality and
28   do not degrade interoperability conditions.

29      d. Evaluate and provide recommendations on the necessity and extent of
30   interoperability testing required for the certification and integration of approved
31   changes to networked communications and network management system
32   software, hardware, interfacing equipment, or related systems.

33      e. Establish access to the Joint C4I Program Assessment Tool-Empowered
34   (JCPAT-E) in accordance with Appendix B to Enclosure D.

35   15. Other DOD Components. Coordinate on interoperability certification and
36   supportability documents developed by other sponsors to identify opportunities

                                            B-10                           Enclosure B
                                                                CJCSI 6212.01D
                                                                14 October 2005
1   for cross-component utilization, Joint Integration and harmonization of
2   capabilities. Make recommendations to the J-6 on whether interoperability
3   and supportability capability requirements contained in ICD, CDD, CPD, and
4   ISP proposals meet recognized standards.

5




                                       B-11                         Enclosure B
                             CJCSI 6212.01D
                             14 October 2005
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20   (INTENTIONALLY BLANK)
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43




             B-12                Enclosure B
                                                                     CJCSI 6212.01D
                                                                     14 October 2005
 1
 2
 3                                   ENCLOSURE C
 4
 5                      STAFFING PROCESS AND PROCEDURES
 6
 7
 8   1. General. The Joint Staff J-6 performs an Interoperability and Supportability
 9   (I&S) Certification, and J-6 System Validation for all IT and NSS programs.
10   CC/S/As submit JCIDS documents to KM/DS IAW CJCSM 3170.01, register
11   the system in the DOD IT Registry; and develop the program’s IT Standards
12   and Profile (TV-1, TV-2, and OUS) in DISRonline. CC/S/As submit ISPs IAW
13   DODI 4630.8 to the JCPAT-E, register the system in the DOD IT Registry; and
14   develop the program’s IT Standards and Profiles (TV-1, TV-2, and OUS) in
15   DISRonline.

16      a. J-6 Interoperability and Supportability Certification.

17           (1) JCIDS Documents. J-8 staffs all JCIDS documents on KM/DS to
18   the CC/S/As. The J-6 reviews the NR-KPP and other IT or supportability
19   related requirements and provides a certification recommendation to the J-8
20   via the KM/DS tool. J-6 I&S Certification occurs prior to acquisition
21   Milestones B and C. Figure A-1 illustrates the general J-6 Interoperability and
22   Supportability Certification process alignment with JCIDS document
23   coordination and the DOD Acquisition Process.

24           (2) ISPs (Figure A-2) IAW the DOD 4630 series, the Joint Staff shall
25   review, certify, and validate sufficiency of the NR-KPP. The J-6 accomplishes
26   this by providing an NR-KPP certification to ASD (NII)/DOD CIO.

27       b. J-6 System Validation. The J-6 system validation is intended to provide
28   total lifecycle oversight of warfighter IT and NSS interoperability and
29   supportability capabilities. The system validation occurs after Milestone C
30   upon receipt of JITC’s Joint Interoperability Test Certification (valid for three
31   years from date of the JITC certification letter). The J-6 will update the JCPAT-
32   E to indicate J-6 System Validation.

33   2. Staffing Process. Documents submitted by CC/S/As will be evaluated early
34   in the lifecycle of a system and at all acquisition milestones to help the
35   developer ensure that a system or program achieves J-6 Interoperability and
36   Supportability Certification. To support the interoperability and supportability
37   certification process, J-6 requests technical assessments from DISA, Services,
38   and other DOD agencies.




                                     C-1                                Enclosure C
                                                                      CJCSI 6212.01D
                                                                      14 October 2005
 1       a. JCIDS Documents. J-6 interoperability and supportability certification
 2   is not required for JCDs or ICDs; however, during the validation and approval
 3   process, J-6 will review the proposed architecture for compliance with the
 4   interoperability standards listed in reference n. J-6 certifies IT and NSS CDDs
 5   and CPDs for Interoperability and Supportability (JROC Interest, Joint
 6   Integration and select Joint Information). JITC Interoperability Test
 7   Certifications will be based upon these certifications. The process flow follows:

 8          (1) J-8 staffs JCIDS documents using the J-8 KM/DS tool IAW
 9   references a and b.

10          (2) DISA transfers JCIDS documents to the JCPAT-E.

11         (3) J-6 uses the JCPAT-E to staff the document for Interoperability and
12   Supportability Certification recommendations.

13         (4) J-6 compiles these results and posts the I&S Certification on the
14   JCPAT-E.

15          (5) DISA posts the I&S Certification on KM/DS.

16        b. J-6 ISP Staffing Process. CC/S/As upload ISPs in the Joint C4I
17   Program Assessment Tool-Empowered (JCPAT-E) for all ACAT, non-ACAT, and
18   fielded programs IAW references c and d; and this instruction. J-6 provides the
19   ISP NR-KPP certification to the ASD(NII)/DOD CIO or the the sponsoring DOD
20   Component. The sponsoring component will submit the certified ISP to the
21   JCPAT-E.

22         (1) The process is the same as for the JCIDs documents above, except
23   sponsors submit the ISP to the JCPAT-E vice the KM/DS tool and the final J-6
24   I&S Certification resides on the JCPAT-E (not KM/DS).

25           (2) J-6 reviews as needed but will not staff or certify ISPs for ACAT
26   programs with associated CDDs or CPDs. The CDD/CPD I&S certification
27   satisfies the requirement for J-6 ISP NR-KPP certification as long as the
28   information in the CDD/CPD matches the ISP information.

29      c. Comments.

30          (1) J-6 conducts interoperability and supportability certifications of
31   capability documents in three distinct stages.

32              (a) O-6 Level Review is the first assessment of JROC Interest Joint
33   Potential Designator (JPD) documents. The Stage I review is the first
34   assessment for Joint Integration JPD documents. Flag or Stage II review will
35   not be required if the adjudication of all comments is accepted by the
36   submitter, J-6, and the Functional Capabilities Board (FCB).

                                      C-2                               Enclosure C
                                                                     CJCSI 6212.01D
                                                                     14 October 2005
 1             (b) Flag Level Review (for JROC Interest JCIDS documents and
 2   ACAT I or OSD Special Interest ISPs) or Stage II Review (Joint Integration
 3   JCIDS documents and all other ISPs) review is the second and final
 4   assessment. Flag or Stage II review is not required when comment author, J-6,
 5   and the FCB accept the adjudication of all comments.

 6               (c) FCB Draft (JROC Interest JCIDS documents) or Final stage (Joint
 7   Integration JCIDS documents and all ISPs). Interoperability and supportability
 8   certifications will be issued upon successful adjudication of all critical
 9   comments from the previous two review stages. Sponsors will submit the final
10   or FCB Draft document along with the adjudicated comments resolution matrix
11   (CRM) to the J-8 KM/DS tool (JCIDS documents) or JCPAT-E (ISPs) for review
12   and certification by J-6. Sponsors must, at a minimum, denote whether each
13   comment was accepted, partially accepted, or rejected with rationale for
14   rejecting the comment, and the POC name, contact information, and whether
15   or not there was agreement with the program's adjudication. This information
16   will be provided in the "comment" field of the CRM (see Figure C-2).

17           (2) Combatant commanders are invited to review and comment on all
18   JCIDS and ISP documents during the formal review. During this review,
19   combatant commanders should review these documents for interoperability
20   concerns and include interoperability related comments in the response. All
21   interoperability comments submitted to the KM/DS tool will be identified in the
22   KM/DS Comment Matrix by inserting ―Interoperability Comment‖ as the first
23   entry in the COMMENT column. Only comments so marked will be considered
24   as part of the interoperability certification process.

25          (3) During the initial stages of a tactical program's introduction, the
26   Theater Joint Tactical Networks Configuration Control Board (TJTN CCB)
27   reviews the program for architectural suitability. The TJTN CCB, which is
28   convened by the DOD Executive Agent for Theater Joint Tactical Networks (EA-
29   TJTN) convenes the TJTN CCB (reference nn).

30           (4) Comment Resolution. J-6 forwards unresolved interoperability
31   issues to the MCEB or MIB for resolution. The MCEB or MIB will returns
32   resolved interoperability and supportability issues to the lead DOD Component
33   to complete the JROC approval process. The MCEB and MIB ensure that
34   unresolved issues resulting from interoperability and supportability
35   assessments are presented to the JROC for resolution (see Figure C-1).
36   Unresolved interoperability issues will result in withholding of interoperability
37   and supportability certification.

38




                                     C-3                                Enclosure C
                                                                                                                   CJCSI 6212.01D
                                                                                                                   14 October 2005
                                                                                  Critical
                                                                                 Comments
                                                                     JCB or      Unresolved    J-8
                                                                    FCB For
                                                                                              JROC
                                      Stage II Unresolved           Resolution
                                      Critical Comments
                                                               Critical                 Critical Comments
                                          J-6                Comments                   Resolved (JROCM)
                            INTEROPERABILITY                  Resolved
                               REQUIREMENTS
                                CERTIFICATION
                                If first staffing has                                 Program          Program           Lead
               PROGRAM       critical comments that No Critical                        Office/          Office/        Acquisition
                  JROC      have not been resolved, Comments                         Lead DoD         Lead DoD         Executive
                                                      Stage III         J-8
               INTEREST         document will be                                    Component         Component         Execute
                                                                     KMDS
                   Or          resubmitted for the                                     Head             Head            Program
                 JOINT        second staffing IAW                                   VALIDATE          APPROVE           & POM
               INTEGRA         the documents JPD
                  TION                category
                                              Stage I Unresolved
                                              Critical Comments
    1
    2                                    Figure C-1. J-6 Critical Comment Resolution Process
    3
    4               (5) Adjudication Timelines. Table C-1 details the timelines for
    5        adjudication.

              Document Type           Stage Days        Reference       Level                                           Comments
            JROC Interest             I        25 CJCSM 3170, (C-7)     O6                                  JROCM 100-05 Changes to 21
            JROC Interest             II       21 CJCSM 3170, (C-7)     Flag                                If Required
            JROC Interest             III      10 CJCSM 3170, (C-7)     Final
JCIDS JPD




            Joint Integration         I        25 CJCSM 3170, (C-10)    O6                                  JROCM 100-05 Changes to 21
            Joint Integration         II       21 CJCSM 3170, (C-10)    Flag                                If Required, Level May be O6
            Joint Integration         III      10 CJCSM 3170, (C-10)    Final
            Independent               N/A   N/A CJCSM 3170, (C-10)      N/A
            Joint Information         I        21 JROCM 100-05          O6                                  If J-8 Directs Review
            Joint Information         II       21 JROCM 100-05          Flag                                If J-8 Directs Review, If Required
            Joint Information         III      10 JROCM 100-05          Final                               If J-8 Directs Review
            Initial                   N/A      30 ASD(NII)/DOD CIO Memo N/A
                                                                                                            Information Support Plan (ISP)
            Revised                   N/A      30 ASD(NII)/DOD CIO Memo N/A
ISP




                                                                                                            Acquisition Streamlining Pilot
            Final ISP of Record       N/A      30 ASD(NII)/DOD CIO Memo N/A
                                                                                                            Program, dated 26 August 2005
            Updated ISP of Record     N/A      10 ASD(NII)/DOD CIO Memo N/A

                                                      Table C-1: Staffing Timelines

    6                    (a) The suspense for completing Stage I and Stage II (if required)
    7        documents is 21 calendar days from the transmittal date to KM/DS. The
    8        suspense to J-6 will be posted in the JCPAT-E. Stage II reviews are not
    9        required if all comments are resolved during the Stage I review.

10                      (b) The FCB Draft and Final Stage (Stage III) suspenses are 10
11           working days following sponsor posting to KM/DS (JCIDS documents) or
12           JCPAT-E (ISPs). In all cases, a minimum of ten working days prior to the FCB
13           Decision brief is required to ensure adequate procedural time for staffing.



                                                               C-4                                                     Enclosure C
                                                                     CJCSI 6212.01D
                                                                     14 October 2005
 1           (6) Comment Format. Comments should be prioritized as critical,
 2   substantive or administrative (see definitions in the Glossary). Convincing
 3   support for critical and substantive comments will be provided IAW Figure C-2.
 4   Class is short for Classification (codes include U for unclassified, C for
 5   confidential, and S for secret) and the Type delineates the comment priority (C
 6   for Critical, S for Substantive, and A for Administrative). All comments will
 7   include a rewrite recommendation and a rationale.

 8   3. Failure to meet Certification Requirements.

 9       a. If a program/system fails to meet or maintain interoperability and
10   supportability certification, information assurance and/or joint interoperability
11   test certification requirements, the J-6 may:

12          (1) Recommend the program not proceed to the next milestone (if
13   currently in the DOD 5000 acquisition process).

14           (2) Recommend that appropriate funding be withheld until compliance
15   is achieved.

16          (3) The J-6 will make its recommendation to the USD(AT&L), USD(P),
17   USD(C), USD(I), ASD(NII)/DOD CIO, DOD Executive Agent for Space, the
18   Interoperability Senior Review Panel (ISRP), the Military Communications-
19   Electronics Board (MCEB), and the Joint Requirements Oversight Council
20   (JROC). The J-6 may also request that the program and/or system be added to
21   the ISRP’s Interoperability Watch List (IWL) in accordance with reference d.




                                     C-5                                Enclosure C
                                                                                                                   CJCSI 6212.01D
                                                                                                                   14 October 2005
 1
      Org /         Page #   Para #   Line #       Class        Type             Recommendation                   Rationale       Comment
     Reviewer                                     (U,C,S)      (A,S,C)

  Joint Staff J-6     0        0        0            U           C       Add sections 2, 3, 7, 9, and 14.        CJCSM          General:
   POC Name                                                              Ensure all sections according to        3170.01,       Several
 DSN: 999-9999                                                           the instruction are titled correctly.   Appendix A     sections
email@emailaddres                                                                                                to Enclosure   missing.
    s.smil.mil                                                                                                   E.
         or
email@emailaddres
       s.mil
  Joint Staff J-6     3       5.h      405           U           C       Include an SV-1 and narrative           CJCSI 3170;    Systems
   POC Name                                                              describing the systems and              Mandatory      Interface
 DSN: 999-9999                                                           connectivity providing or               contents of    Description
email@emailaddres                                                        supporting system functions. It         document       (SV-1) is
    s.smil.mil                                                           should show how multiple                               missing.
         or                                                              systems link and integrate and
email@emailaddres                                                        identify key nodes including
       s.mil                                                             materiel system nodes, physical
                                                                         connections, association of
                                                                         systems to nodes, circuits,
                                                                         networks, warfighting platforms,
                                                                         and specific parameters.



                                             Figure C-2. Sample Comment Resolution Matrix




                                                         C-6                                        Enclosure C
                                                                     CJCSI 6212.01D
                                                                     14 October 2005
 1   4. Rapid Acquisition, Experimentation, legacy systems and for systems that
 2   are not subject to DOD 5000 series acquisition requirements. J-6 will assist,
 3   and specifically advise in the process when the C2IP is recommended as a
 4   resource option. In those situations, J-6 will staff, through the relevant C2IP
 5   process flow, the associated C2IP request. J-6 will also perform necessary
 6   reviews, within the established timelines herein; of information
 7   technology/national security systems to ensure that applicable interoperability,
 8   supportability, testing, information assurance, and information support plan
 9   requirements are implemented or adequately scheduled for implementation.
10   Several initiatives are working in parallel.

11          (1) These programs may include:

12              (a) Advanced Concept Technology Demonstrations (ACTDs),
13   Coalition Warfare Program (CW), Defense Acquisition Challenge Program
14   (DACP), Technology Transition Initiative (TTI), Quick Reaction Special Projects
15   (QRSP), Foreign Comparative Testing Program (FCT), Rapid Action Initiative –
16   Net Centricity (RAI-NC), Coalition Warrior Interoperability Demonstration
17   (CWID), Air Force Combat Capability Documents (CCDs), Army Operational
18   Needs Statements (ONSs), Marine Corps Urgent Universal Need Statement
19   (UNSs), and Navy Rapid Deployment Capability (RDC).

20              (b) Technology Insertion: Technology insertion within joint networks
21   involves the introduction, integration, and fielding of emerging or interim
22   technology either with entire systems or through the upgrading of existing
23   systems or their elements within existing networks. It may be an approved
24   commercial-off-the-shelf product or other non-developmental item.

25          (2) Sponsors of any IT/NSS system that is developed and fielded from
26   these programs will develop an ISP IAW references c and d (DOD 4630 series)
27   and this instruction; and submit the ISP to the JCPAT-E. SCI ISPs will be
28   posted on the JWICS.

29               (a) J-6 will review rapid acquisition, experimentation, and non-DOD
30   5000 systems ISPs with DISA and JITC. JITC Interoperability Test
31   Certifications will be based upon Joint Staff interoperability and supportability
32   certifications of CDDs, CPDs, and ISPs.

33              (b) Joint Urgent Operational Needs (JUONs). CJCSI 3470.01, ―Rapid
34   Validation and Resourcing of Joint Urgent Operational Needs (JUONS) in the
35   Year of Execution,‖ is an avenue for Combatant Commanders to resource needs
36   in the year of execution. The J-6 coordinates with J-8 to incorporate
37   interoperability, supportability, testing, information assurance, and ISP
38   requirements for all programs being developed to satisfy urgent operational
39   needs. As per this instruction, J-6 will enforce the interoperability
40   requirements for all IT/NSS JUONs.

                                     C-7                                Enclosure C
                                                                   CJCSI 6212.01D
                                                                   14 October 2005
 1              (c) Tailored ISP: OSD Memorandum, 26 August 2005, ―Information
 2   Support Plan (ISP) Acquisition Streamlining Pilot Program,‖ provides a Tailored
 3   ISP option for ACAT II, III, and non-ACAT programs. A tailored ISP may be
 4   produced provided the Component notifies the J-6 via JCPAT-E and receives J-
 5   6 concurrence with the program’s tailored approach. J-6 coordinates with
 6   ASD(NII)/DOD CIO on this concurrence recommendation. Appendix B
 7   contains the detailed Tailored ISP request process.

 8               (d) C4I Support Plans (C4ISPs). With the issuance of DODI 4630.8
 9   and the CJCSI 6212 series, the C4ISP is replaced with the ISP. C4ISPs will be
10   accepted for staffing only if directed by ASD (NII)/DOD CIO or associated with
11   an ORD authorized for update within the JCIDS process (refer to references a,
12   b, c, and d (DODI 4630.8 and CJCS 3170 series). If associated with an ORD
13   update, J-6 will certify the C4ISP for supportability as indicated above for
14   ACAT programs. All programs with CDDs/CPDs must prepare an ISP (vice
15   C4ISP) IAW reference d unless waived or otherwise directed by ASD (NII)/DOD
16   CIO.




                                    C-8                               Enclosure C
                                                                   CJCSI 6212.01D
                                                                   14 October 2005
 1
 2
 3                          APPENDIX A TO ENCLOSURE C
 4
 5                          ISP(C4ISP) ASSESSMENT TOOL
 6
 7
 8   1. General. The Office of the Assistant Secretary of Defense, Networks and
 9   Information Integration, ASD (NII)/DOD CIO, reviews all ISP documents for
10   ACAT I and ACAT IA programs, and for other programs in which ASD
11   (NII)/DOD CIO has indicated as special interest. This review is performed on
12   the ISP (C4ISP) Assessment Tool in the JCPAT-E tool suite. The ISP (C4ISP)
13   Assessment Tool supports document submission, assessor review and
14   comment submission, collaborative workspace, and consolidated review
15   comment rollup.

16   2. This enclosure provides guidance on the use of the ISP (C4ISP) Assessment
17   Tool.

18   3. Access.

19       a. The ISP (C4ISP) Assessment Tool can be accessed via the SIPRNET at
20   https://jcpat.ncr.disa.smil.mil or on the NIPRNET at
21   https://jcpat.ncr.disa.mil. Whenever possible, the SIPRNET should be used
22   for program submissions.

23      b. A user ID and password are required to use the tool. Potential tool
24   users who require accounts may go to the JCPAT-E home page on the SIPRNET
25   and NIPRNET and follow the instructions for requesting an account.

26   4. Detailed ISP Review Procedures.

27       a. System Registration within JCPAT-E. The JCPAT-E IT and NSS
28   Registration Number is an important feature that establishes a
29   system/program link to all related information in the Lifecycle Management
30   Repository and Archive, i.e., profile documents, certification memorandums,
31   etc. within the JCPAT-E database. System registration in JCPAT-E is required
32   for all systems/capabilities. To register a system, go to SIPRNET URL:
33   https://jcpat.ncr.disa.smil.mil or NIPRNET URL: https://jcpat.ncr.disa.mil and
34   click on Register System on the lower left hand side of the screen. Then follow
35   the on-line instructions to complete the system registration.

36      b. ISP Review Process. There are three ISP reviews (an initial plan, revised




                                                                         Appendix A
                                          C-A-1                         Enclosure C
                                                                     CJCSI 6212.01D
                                                                     14 October 2005
 1   plan, and a final plan). There is a set of tasks associated with each of these
 2   reviews.
 3
 4           (1) The ISP reviews are tied to the acquisition milestones and the system
 5   engineering for the program and the decision reviews (preliminary design
 6   review (PDR), critical design review (CDR), and final plan submission prior to
 7   full-rate production decision review (FRP DR) for the program (See Figure C-1).
 8   At subsequent increments (upgrades) additional reviews are conducted. For
 9   PDR and CDR there is a similar ISP development cycle that should be
10   scheduled for and completed. The following summarizes each set of tasks for
11   each review.

12               (a) At Milestone B and PDR: An Initial ISP shall be developed by the
13   PM and submitted to ASD(NII)/DOD CIO via the JCPAT-E in sufficient time to
14   permit completion of a 30-day review prior to the decision review. Upon
15   completion of the ISP review, ASD (NII)/DOD CIO will provide the comments to
16   the PM for use in updating the document. The PM should coordinate
17   responses to the comments with each reviewer during the comment
18   adjudication process. Responses to critical IT support, interoperability or net-
19   centric issues that have been raised during the review shall be briefed at the
20   Milestone B IPT by the PM. Document structure issues shall not be briefed. A
21   completed comment resolution matrix must be submitted to JCPAT-E prior to
22   PDR

23              (b) Prior to CDR: A revised ISP shall be developed by the PM and
24   submitted to ASD (NII)/DOD CIO via the JCPAT-E in sufficient time to permit
25   completion of a 30-day review prior to the decision review. Upon completion of
26   the ISP review, ASD (NII)/DOD CIO will provide the comments to the PM for
27   use in updating the document. The PM should coordinate responses to the
28   comments with each reviewer during the comment adjudication process. A
29   completed comment resolution matrix must be submitted to JCPAT-E prior to
30   CDR.

31               (c) Prior to submission of the final ISP of Record, the PM shall
32   submit a final draft of the program’s ISP of Record to ASD (NII)/DOD CIO via
33   JCPAT-E for a 10-day final acceptance review by J-2 and J-6, as part of their
34   intelligence and supportability certification processes. Upon acceptance by J-2
35   and J-6 the PM will obtain a component approval (signed) and submit the ISP
36   of Record to JCPAT-E for posting in the document repository. There is no
37   DOD-level review of the ISP of Record.

38             (d) At further major system increments: The process is repeated for
39   each major acquisition increment (upgrade).



                                                                           Appendix A
                                           C-A-2                          Enclosure C
                                                                        CJCSI 6212.01D
                                                                        14 October 2005
 1            (2) Non-ACAT Program ISPs. Non-ACAT program ISPs will be posted to
 2   the JCPAT-E ISP tool by the document sponsor and maintained in the JCPAT-E
 3   repository. Non-ACAT ISPs will not be staffed by ASD (NII)/DOD CIO) or J-6 to
 4   CC/S/A for their review. The Joint Staff J-6 will provide an NR-KPP
 5   certification and post it on the JCPAT-E.

 6          (3) Fielded System ISPs

 7              (a) ISPs for fielded programs which are managed as an acquisition
 8   program per DOD 5000 series guidance will be staffed and certified for
 9   supportability by ASD (NII)/DOD CIO and J-6 IAW the procedures for ACAT
10   ISPs as described above.

11                (b) All other fielded program ISPs (i.e. for three-year JITC testing and
12   recertification) will be posted to the ASD (NII)/DOD CIO ISP (C4ISP) JCPAT-E
13   ISP Assessment Tool by the document sponsor and maintained in the JCPAT-E
14   repository. SCI ISPs will be posted on the JWICS by the sponsoring entity.
15   Fielded ISPs will not be staffed by ASD (NII)/DOD CIO or J-6 to CC/S/A for
16   their review. The Joint Staff J-6 will provide an NR-KPP certification and post
17   it on the JCPAT-E.

18




                                                                              Appendix A
                                            C-A-3                            Enclosure C
                             CJCSI 6212.01D
                             14 October 2005
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20   (INTENTIONALLY BLANK)
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43




                                  Appendix A
             C-A-4               Enclosure C
                                                                     CJCSI 6212.01D
                                                                     14 October 2005
 1
 2
 3                           APPENDIX B TO ENCLOSURE C
 4
 5                     TAILORED INFORMATION SUPPORT PLAN
 6
 7
 8   1. Tailored Information Support Plan (TISP). The purpose of the tailored ISP
 9   process is to provide a dynamic and efficient vehicle for certain programs to
10   produce requirements necessary for interoperability and supportability
11   certification. Non-ACAT, ACAT II and below program managers may request to
12   tailor the content of their ISP. For programs not designated OSD Special
13   Interest by ASD(NII)/DOD CIO, the Component will make the final decision of
14   the details of the tailored plan subject to the minimums in paragraph 4 (below)
15   and any special needs identified by the J-6 for the supportability certification
16   process. The final Component approved plan will be submitted to ISP(C4ISP)
17   Assessment Tool on the JCPAT-E.

18   2. TISP Pilot Program Waiver Request Process. Waiver requests shall be sent
19   via email to the Joint Staff J-6 through the applicable (Service/Agency/JFCOM)
20   Interoperability Test Panel (ITP) Representative. The request will include: the
21   program’s name, the capability it provides, funding allocated to the program,
22   and identification of key connectivity requirements (the NIPRNET website
23   www.jitc.fhu.disa.mil/itp/isp_info.html contains the submission format). The
24   J-6 will respond to the waiver request via e-mail with concur or non-concur.
25   Approval of a TISP Waiver will be contingent on the following:

26       a. If the mandatory sections of the form are not completed, the request will
27   be returned for completion.

28       b. J-6I Net Readiness Assessment, JCIDS, and Enforcement/Testing
29   Branches shall review the submitted TISP application and make
30   recommendations on including the submission for TISP processing. JS/J-6I
31   Division Chief retains final approval authority for entry into the Tailored ISP
32   process.

33      c. Applicants, and respective ISP representatives will be notified via email
34   that they may proceed with completing the TISP.

35   3. TISP Waiver Request Approval.

36      a. Components/Agencies responsible for ISP development IAW DODI
37   4630.8 shall comply with applicable portions of the instruction and the




                                                                          Appendix B
                                           C-B-1                          Enclosure C
                                                                     CJCSI 6212.01D
                                                                     14 October 2005
 1   Tailored ISP Program. All TISP requests will be submitted to the appropriate
 2   CC/S/A ITP Representative using the form provided at (URL). The form is also
 3   available on the ITP web page (URL) for either on-line submission or
 4   downloading. The appropriate CC/S/A ITP Representative shall validate the
 5   TISP request.

 6       b. Upon component/agency approval, the TISP will be submitted to J-6I for
 7   review and approval. J-6I will coordinate with ASD(NII)/DOD CIO on all
 8   submissions.

 9       c. As required, J-6I will invite the requesting system’s Program
10   Management Office (PMO) or designated representative to the next scheduled
11   ITP meeting to brief the members concerning the system and the justification
12   for requesting TISP versus the DODI 4630.8 ISP procedures. The ITP will serve
13   as an advisory panel to facilitate J-6I determination of system merits and
14   means to mitigate interoperability certification issues.

15       d. As the pilot program is intended to accelerate the Joint Interoperability
16   Certification process, programs should make early contact with the Joint
17   Interoperability Test Command (JITC) to create a testing strategy and gain
18   technical POCs for questions dealing with ISP testing.

19   4. Tailored ISP Content. The tailored plan will provide:

20      a. An explanation of the program’s Concept of Operations (CONOPs).

21      b. IT supportability analysis of the CONOPS.

22       c. The following Integrated Architecture Products: AV-1, OV-1 (optional),
23   OV-5, OV-6c (optional), SV-1 (optional), SV-5, SV-6, and TV-1. The J-6
24   determines if optional reviews are required.

25      d. Remaining Interoperability and Supportability requirements IAW
26   Enclosure D.

27   5. TISP I&S Certification. TISP I&S Certification and Validation is IAW Table 1
28   and Enclosure D.




                                                                          Appendix B
                                          C-B-2                           Enclosure C
                                                                     CJCSI 6212.01D
                                                                     14 October 2005
 1
 2
 3                                    ENCLOSURE D
 4
 5   DETERMINING INTEROPERABILITY, SUPPORTABILITY, AND NET-READINESS
 6
 7
 8   1. This enclosure provides the J-6 Interoperability and Supportability
 9   Certification procedures. The recommended format for submission of NR-KPP
10   documentation is provided in Appendix A, Appendix B includes procedures for
11   developing the TV-1 and TV-2, and Appendix C includes the J-6I assessors
12   checklist.

13       a. Inclusion of the NR-KPP is mandatory for all acquisition programs and
14   post acquisition IT and NSS programs for systems used to enter, process, store,
15   display, or transmit DOD information, regardless of classification or sensitivity,
16   except those that do not communicate with external systems. Non-acquisition
17   programs must also comply in accordance with DODD 4630.5 (reference c) and
18   DODI 4630.8 (reference d).

19       b. Migration strategies to achieve the NR-KPP are no longer accepted.
20   Documentation of the four NR-KPP components is required for interoperability
21   and supportability certification. Additional criteria for determining
22   interoperability and supportability are described below.

23   2. Interoperability and Supportability Certification

24      a. JCIDs and ISP Document Considerations

25         (1) Joint Capability Document (JCD). The NR-KPP is not required in
26   JCDs and interoperability and supportability certification is not provided.

27          (2) Initial Capabilities Document (ICDs). ICDs and four architecture
28   products (OV-1, OV-2, OV-4, and OV-5) are reviewed and comments are
29   provided. The NR-KPP is not required in ICDs, interoperability and
30   supportability certification is not provided.

31           (3) Capability Development Documents (CDDs). All CDDs for systems
32   that exchange information with external systems will be evaluated and certified
33   for interoperability and supportability based on the criteria listed in the
34   following section. In this context external system means any system outside
35   the scope of the program referenced in the CDD.

36          (4) Capability Production Documents (CPDs). All CPDs for systems that




                                            D-1                           Enclosure D
                                                                     CJCSI 6212.01D
                                                                     14 October 2005
 1   exchange information with external systems will be evaluated and certified for
 2   interoperability and supportability based on the criteria listed in the following
 3   sections. In this context external systems means any system outside the scope
 4   of the program referenced in the CPD. The NR-KPP produced in the precursor
 5   CDD shall be refined with greater detail and form a completed integrated
 6   architecture to characterize the capabilities and performance of the proposed
 7   production system. The architectural products must include any descriptions
 8   necessary to explain the system’s operation and should be traceable between
 9   the views.

10           (5) Information Support Plans (ISPs). All ISPs will be evaluated and
11   certified the NR-KPP.

12           (6) For each lifecycle development activity, IAW DOD Directive 5000.1
13   (reference f) and DODI 8580.1 (reference r), there is a corresponding set of
14   security activities that shall verify compliance with the security requirements
15   and evaluate vulnerabilities (may consider those vulnerabilities identified in the
16   System Threat Assessment Report (STAR)). Additionally, ISPs must address
17   spectrum supportability IAW DODI 4630.8, Enclosure 4 (reference d).

18   3. Components of the Interoperability and Supportability Certification Process

19       a. Net-Ready Key Performance Parameter. The NR-KPP is used to assess
20   information needs, information timeliness, information assurance, joint
21   interoperability and supportability, and net-ready attributes required for both
22   the technical exchange of information and the end-to-end operational
23   effectiveness of that exchange. The NR-KPP consists of measurable, testable,
24   or calculable characteristics and/or performance metrics required for the
25   timely, accurate, and complete exchange and use of information.

26      b. The NR-KPP must be included in all CDDs and CPDs describing systems
27   that send and/or receive information with external systems. NR-KPP
28   compliance is documented in CDDs and CPDs using four elements, which are
29   described in detail below and in Appendix A. The NR-KPP, documented in
30   CDDs and CPDs, shall be used in analyzing, identifying and describing IT and
31   NSS interoperability, and test strategies in the Test and Evaluation Master Plan
32   (TEMP).

33      c. NR-KPP consists of the four following elements:

34          (1) Compliance with the Net-Centric Operations and Warfare Reference
35   Model (NCOW RM)

36          (2) Integrated Architecture Products

37          (3) Compliance with Applicable Key Interface Profiles


                                            D-2                           Enclosure D
                                                                                                                                          CJCSI 6212.01D
                                                                                                                                          14 October 2005
 1                    (4) Compliance with DOD Information Assurance Requirements

 2      d. The following table summarizes these four elements and their
 3   applicability:

 4




                                                                                                                                                        KIP Compliance

                                                                                                                                                                         IA Compliance
                      Compliance




                                                                       Integrated Architecture Products
                      NCOW RM
       Document




                                                                                OV-6C




                                                                                                                                  SV-11
                                          OV-1

                                                 OV-2

                                                        OV-3

                                                                OV-4

                                                                         OV-5




                                                                                        OV-7
                                   AV-1




                                                                                               SV-1

                                                                                                      SV-2

                                                                                                             SV-4

                                                                                                                    SV-5

                                                                                                                           SV-6




                                                                                                                                          TV-1

                                                                                                                                                 TV-2
       JCD                                X


       ICD                                X      X              X        X


       CDD                 X       X      X      X      1       X        X      X       2             X      X      X      X              X      X       X                X


       CPD                 X       X      X      X      1       X        X      X       2             X      X      X      X       2      X      X       X                X


       ISP                 X       X      X      X              X        X      X       X             X      X      X      X      X       X      X       X                X


       TISP                X       X      3                              X      3              3                    X      X              X              X                X

                                   The OV-3 is not assessed as part of the NR-KPP review; however, normally the OV-3 is used to develop other
                  Note 1           architecture documents and can be included with the NR-KPP documentation to assist in development and
                                   conduct of the testing.

                  Note 2           OV-7 and SV-11 are required only when applicable.


                  Note 3           Optional as directed by the J-6.


 5                                                             Table D-1. NR-KPP Products Matrix
 6
 7      e. The four NR-KPP elements should be documented as an appendix to the
 8   CDD, CPD, and ISP. This CDD/CPD appendix can also be used for the
 9   analysis required in the ISP. See Appendix A for additional guidance.

10         (1) The NR-KPP Compliance Statement in Table D-2 provides the NR-
11   KPP Threshold and Objective.

12




                                                                                        D-3                                                      Enclosure D
                                                                    CJCSI 6212.01D
                                                                    14 October 2005
            KPP                Threshold (T)                     Objective (O)
    Net-Ready: The      The system must support           The system must support
    system must         execution of joint critical       execution of all joint
    support Net-        operational activities            operational activities
    Centric military    identified in the system’s        identified in the system’s
    operations. The     integrated architecture           integrated architecture
    system must be      products and satisfy the          products and satisfy the
    able to enter and   technical requirements            technical requirements
    be managed in       for transition to Net-            for Net-Centric military
    the network, and    Centric military                  operations to include
    exchange data in    operations to include             1) DISR mandated GIG IT
    a secure manner     1) DISR mandated GIG IT           standards identified in
    to enhance          standards identified in           the TV-1,
    mission             the TV-1,                         2) DISR mandated GIG
    effectiveness.      2) DISR mandated GIG              KIPs identified in the KIP
    The system will     KIPs identified in the KIP        declaration table,
    not significantly   declaration table,                3) NCOW RM Services
    increase the        3) NCOW RM Services               4) Information assurance
    workload of         4) Information assurance          requirements including
    operators,          requirements including            availability, integrity,
    system              availability, integrity,          authentication,
    administrators,     authentication,                   confidentiality, and non-
    or maintainers.     confidentiality, and non-         repudiation, and
                        repudiation, and                  issuance of an Interim
                        issuance of an Interim            Approval to Operate
                        Approval to Operate               (ATO) by the Designated
                        (IATO) by the Designated          Approval Authority
                        Approval Authority (DAA),         (DAA), and
                        and                               5) Operationally effective
                        5) Operationally effective        information exchanges;
                        information exchanges;            and mission critical
                        and mission critical              performance and
                        performance and                   information assurance
                        information assurance             attributes identified in
                        attributes identified in          the SV-6.
                        the SV-6.

                           Table D-2. NR-KPP Compliance Statement

1

2




                                          D-4                           Enclosure D
                                                                      CJCSI 6212.01D
                                                                      14 October 2005
 1            (2) The threshold value is determined by analysis of the system’s
 2   integrated architectural views as follows:
 3                (a) The joint critical mission threads for the system will be
 4   documented in OV-6Cs and should be identified as threshold or objective. The
 5   joint critical mission threads are determined by the sponsor’s analysis of the
 6   system’s required capabilities and other Key Performance Parameters. The
 7   associated joint critical operational activities required to perform these joint
 8   critical mission threads are documented in text with the OV-5.
 9                (b) The joint critical operational activities are traced through the
10   integrated architectures from OV-6Cs to OV-5, SV-5, SV-4, SV-6, and finally
11   TV-1. Since DODAF does not currently provide a method to identify joint
12   critical operational activities, the text describing each view must identify these
13   activities as they are traced.
14                (c) The DOD IT standards are identified in the TV-1 by tracing from
15   the critical mission threads.
16                (d) The NCOW RM service activities are identified in the appropriate
17   architecture views by tracing from the critical mission threads.
18                (e) The GIG KIPs are identified using the SV-6 and SV-4 by tracing
19   from the critical mission threads to determine the appropriate media and
20   method of system data exchange. Analysis of the GIG KIPs and the external
21   system data exchanges will identify the appropriate GIG KIPs.
22                (f) The system data exchanges and mission critical performance
23   attributes are identified in the SV-6 by tracing from the critical mission
24   threads. The following are examples of these attributes: Periodicity, Criticality,
25   Timeliness, and Size.
26                (g) Include a discussion of the threshold information assurance
27   requirements and information assurance attributes associated with the
28   threshold system data exchanges shown in the SV-6 and derived from the
29   critical mission threads. The following are examples of these attributes: IA –
30   Access Control, IA – Availability, IA – Confidentiality, IA – Dissemination
31   Control, IA – Integrity, IA – Non-Repudiation Consumer, and/or IA – Non-
32   Repudiation Producer.
33
34         (3) Compliance with the NCOW RM (https://disain.disa.mil/ncow.html)
35   and DOD Net-Centric Data Strategy (http://www.defenselink.mil/nii/doc). .

36               (a) The NCOW RM (reference m), depicted in Figure D-1 (top-level
37   activity model decomposition), describes the activities required to establish,
38   use, operate, maintain and manage the net-centric enterprise information
39   environment to include: the user-interface, the enterprise information
40   environment services (core services, Community of Interest (COI) services, and
41   environment control services), and the enterprise management components. It
42   also describes a selected target set of key standards that will be needed as the
43   NCOW capabilities of the GIG are realized. Future versions of the NCOW RM
44   will integrate elements of the IA Component of the GIG. The NCOW RM
45   represents the objective end-state for the GIG. This objective end-state is a

                                            D-5                           Enclosure D
                                                                                 CJCSI 6212.01D
                                                                                 14 October 2005
 1   service-oriented, inter-networked, information infrastructure in which users
 2   request and receive services that enable operational capabilities across the
 3   range of military operations; DOD business operations; and Department-wide
 4   enterprise management operations.

                                               Provide Enterprise
                                            Information Environment
                                                       A0




         Interact with          Perform            Provide           Allocate           Manage
          Net-Centric          User Agent         Enterprise        resources          Enterprise
           Enterprise           Services         Information       to services        Information
          Information              A2            Environment            A4            Environment
         Environment                               Services                                A5
               A1                                     A3

                         Figure D-1. NCOW RM Top Level Activity Model Decomposition

 5
 6               (b) The NCOW RM serves as a common, enterprise-level, reference
 7   model for the DOD’s Enterprise Architecture and for current and future
 8   acquisition programs to use in focusing and gaining net-centric support
 9   through the GIG. The NCOW RM enables a shared perspective of the
10   enterprise information environment operations and is used to assist decision-
11   makers in arriving at decisions that promote enterprise-wide unity of effort.
12   The goal is to perform program development and oversight with a uniform
13   Department-wide reference to which all net-centric IT-related issues can be
14   addressed within individual programs and across the set of enterprise
15   programs in a constructively consistent, coherent, and comprehensive manner.

16               (c) The program must comply with the NCOW RM in four ways:

17                  1. Use the NCOW RM common language, lexicon (dictionary of
18   terms), and taxonomy (structure of the information) in developing the
19   architecture products.

20                  2. Incorporate and/or account for the NCOW RM operational
21   capabilities and services provided or demonstrate equivalence in its materiel
22   solution.

23                  3. Assess the value of the NCOW RM’s emerging information
24   technologies to the program's architecture relative to achieving DOD's net-
25   centric, investment planning, and information superiority goals.


                                                   D-6                                  Enclosure D
                                                                    CJCSI 6212.01D
                                                                    14 October 2005
 1                  4. Comply with the DOD Net-Centric Data Strategy for all net-
 2   centric services, and data shared at the enterprise level.

 3                      a. The DOD is moving to net-centric operations. The vision
 4   is that all elements of the DOD are networked and able to seamlessly share
 5   information, resulting in dramatic improvements in operational effectiveness.
 6   CDDs, CPDs, and ISPs will document compliance with the DOD Net-Centric
 7   Data Strategy as identified in the NCOW RM and references m and w.

 8                      b. Verification of compliance with the DOD Net-Centric Data
 9   Strategy (reference x) will be accomplished through the analysis of the sponsor
10   provided architecture products with accompanying text detailing the program’s
11   compliance strategy. Additional verification may include analysis against the
12   DOD Metadata Registry (http://metadata.dod.mil); and the DOD COI Directory
13   (https://gesportal.dod.mil/sites/coidirectory/). All enterprise level shared data
14   should be tagged and associated metadata properly registered. Documentation
15   (in integrated architecture products or other forms) must clearly identify all
16   net-centric services and data delineated by COI(s), domain, and enterprise
17   mission area.

18                       c. DOD Net-Centric Data Strategy. DODD 8320.2 is the
19   codification of the DOD Net-Centric Data Strategy.

20                          (1) Compliance with the DODD 8320.2, ―Data Sharing in
21   a Net-Centric Department of Defense’‖ December 2, 2004
22   (http://www.dtic.mil/whs/directives/corres/dir2.html) and the DOD Net-
23   Centric Data Strategy (http://www.defenselink.mil/nii/doc/) is an essential
24   prerequisite of net-centric operations.

25                           (a) Data shall be made visible, accessible, and
26   understandable to any potential user in the Department of Defense

27                            (b) Data assets shall be made visible by creating and
28   associating metadata (―tagging‖), including discovery metadata, for each asset.

29                             (c) Data assets shall be made accessible by making
30   data available in shared spaces.

31                            (d) Data assets shall be made understandable by
32   publishing associated semantic and structural metadata in a federated DOD
33   metadata registry.

34                             (e) Data assets shall have associated information
35   assurance and security metadata, and an authoritative source for the data
36   shall be identified when appropriate.



                                           D-7                           Enclosure D
                                                                     CJCSI 6212.01D
                                                                     14 October 2005
 1                            (f) Data interoperability shall be supported by
 2   making data assets understandable and by enabling business and mission
 3   processes to be reused where possible.

 4                              (g) Semantic and structural agreements for data
 5   sharing shall be promoted through communities (e.g., communities of interest
 6   (COIs)), consisting of data users (producers and consumers) and system
 7   developers, in accordance with reference x.

 8                          (2) COIs will be registered in the ASD (NII)/DOD CIO COI
 9   Directory. The COI Directory provides visibility of COIs by enabling registration
10   of pertinent COI information that is discoverable by other COIs and interested
11   parties. The directory is at: https://gesportal.dod.mil/sites/coidirectory.
12   Users will need a DOD issued PKI client certificate (help in getting one is at:
13   http://gesnew.dod.mil/obtainPKI.html.

14                          (3) Data will be made visible by tagging it with DOD
15   Discovery Metadata Specification (DDMS) compliant metadata and posting it to
16   a catalog. Semantic and structural metadata will be registered in the DOD
17   Metadata Registry, located at:
18   http://diides.ncr.disa.mil/mdregHomePage/mdregHome.portal. The DDMS is
19   available at: http://diides.ncr.disa.mil/mdreg/user/DDMS.cfm.

20                         (4) CDDs and CPDs will include the Logical Data Model
21   (OV-7) and the Physical Schema (SV-11) if the system being described collects,
22   processes, or uses any shared data not prescribed by NCES or KIP use
23   (includes database systems). The SV-11 should include any XML namespace
24   in the DOD Metadata Registry that documents data standards used by the
25   proposed system. As stated in Enclosure D, Para 4c(3)(d)2, verification of
26   compliance with the DOD Net-Centric Data Strategy will be accomplished
27   through the analysis of the integrated architecture products and accompanying
28   textual description and testing. Additional analysis may include analysis
29   against the DOD Metadata Registry (http://metadata.dod.mil); or the DOD COI
30   Directory (https://gesportal.dod.mil/sites/coidirectory/).

31         (4) Integrated Architecture Products. A key component of NR-KPP
32   documentation is the integrated architecture description.

33              (a) An integrated architecture consists of three major perspectives or
34   views (operational, systems, and technical standards) that logically combine to
35   describe a program’s architecture. The architecture is integrated when the
36   data elements defined in one view are the same as architecture data elements
37   referenced in another view. Each of the three views depicts certain
38   architecture attributes. Some attributes bridge two views and provide integrity,
39   coherence, and consistency to architecture descriptions. They ensure the



                                           D-8                           Enclosure D
                                                                     CJCSI 6212.01D
                                                                     14 October 2005
 1   materiel solution set matches the proposed capabilities and that the
 2   relationships are understood.

 3              (b) Architecture descriptions assist DOD in understanding the
 4   linkages between capabilities and systems and in making appropriate
 5   acquisition decisions.

 6              (c) The DODAF (reference n) defines a common approach for DOD
 7   architecture description development, presentation, and integration for both
 8   warfighting operations and business operations and processes. It ensures that
 9   architecture descriptions can be compared and related across organizational
10   boundaries, including Joint and multinational boundaries.

11               (d) Architecture development begins with a clear understanding of
12   the capability or capabilities desired and the concept of operations, defined as a
13   verbal or graphic statement, in broad outline, of a commander's assumptions
14   or intent in regard to an operation or series of operations.

15                  1. The operational view describes the tasks and activities,
16   operational elements, and information exchange required to conduct
17   operational operations. Architecture view development begins with describing
18   the tasks and activities, operational elements, and information exchanges
19   required to accomplish the specified mission in the operational views.

20                  2. The systems views, which flow from the operational views,
21   describe the systems and their interconnections providing for, or supporting,
22   DOD functions. The SV associates systems resources to the operational views
23   and supports the operational activities and facilitates the exchange of
24   information among operational nodes.

25                  3. The technical standards view (TV) provides the minimal set of
26   rules, standards, and protocols governing the arrangement, interaction, and
27   interdependence of system parts or elements. The TV includes a collection of
28   the technical standards, implementation conventions, standards options, rules,
29   and criteria organized into profile(s) that govern systems and system elements
30   for a given architecture.

31                   4. The overarching aspects of an architecture that relate to all
32   three of the views are captured in the All-Views (AV) products. The AV products
33   provide information pertinent to the entire architecture but do not represent a
34   distinct view of the architecture. AV products set the scope and context of the
35   architecture. The scope includes the subject area and timeframe for the
36   architecture. The setting in which the architecture exists comprises the
37   interrelated conditions that compose the context for the architecture. These
38   conditions include doctrine; tactics, techniques, and procedures; relevant goals
39   and vision statements; concepts of operations; scenarios; and environmental
40   conditions.
                                            D-9                           Enclosure D
                                                                    CJCSI 6212.01D
                                                                    14 October 2005
 1                   5. An architecture description is integrated when products and
 2   their constituent architecture data elements are developed such that
 3   architecture data elements defined in one view are the same (i.e., same names,
 4   definitions, and values) as architecture data elements referenced in another
 5   view. There are common points of reference linking the OVs and the SVs and
 6   also linking the SVs and the TV. For example, SV-5 relates operational
 7   activities from OV-5 to system functions from SV-4; the SV-4 system functions
 8   are related to systems in SV-1. In addition the operational needlines identified
 9   in the OV-2 are related to the interfaces and the performance attributes in the
10   SV-6, and the performance attributes and specifications resident in the TV-1.

11                  6. Integrated architecture products provide detailed descriptions
12   of the system in the operational, system, and technical standards views.
13   Included in the description should be discussion of the analysis used to create
14   and integrate the various products. The architecture products should provide
15   enough detail to describe the system and its interfaces with external systems to
16   enable the assessment of end-to-end operational effectiveness. Systems not
17   immediately interfacing with the subject system do not need to be shown in the
18   architecture products and if they are shown, should be identified as outside the
19   boundaries of the system. Additional information on completing the
20   architecture products is located in Appendix A.

21                 7. Completion of the IT Technical Standards Profile (TV-1). A
22   system IT technical standards profile will be completed, published, and
23   maintained in the SIPRNET JCPAT-E DISR Online module. Information
24   Technology Standards. IT and NSS must comply with applicable information
25   technology standards mandated in the current DISR for all information
26   exchanges internal to DOD. This includes conformance with standards and
27   standards profiles identified in the NCOW RM, KIPs, etc.

28                  8. The TV-2 will be included to identify emerging standards that
29   the program intends to use and to identify issues affecting program
30   implementation (e.g. impacts of commercially available equipment or
31   development of another program). The TV-2 is generated by DISRonline (see
32   Appendix B of Enclosure C for details). The architecture views must include
33   needlines, interfaces, exchanges, and attributes identified in the DODAF for the
34   views and must note whether items are critical or enterprise level, for
35   determining the KPP threshold and objective values.

36                   9. Architecture products will be Core Architecture Data Model
37   (CADM) conformant and will be posted in an (a DOD) accessible online
38   architecture repository. The exception to this requirement is the TV-1 and TV-
39   2 developed and published on DISRonline. Architecture products should also
40   still be included as part of the document submission so that reviewers without
41   DARS access can review the products. Program Managers should consider a
42   statement be added to their architecture development statement of work

                                          D-10                           Enclosure D
                                                                                              CJCSI 6212.01D
                                                                                              14 October 2005
 1   requiring the contractor to deliver CADM conformant architecture products
 2   (with the exception of the TV-1 and TV-2) in machine readable form.

 3                 10. Table D-3 describes architecture products (IAW reference n
 4   (DODAF) to document the required capability and assess information exchange
 5   and net readiness. This table provides a general description of the purpose of
 6   each architecture product. Table D-1 and DODAF guidance identify the
 7   required products that shall be used in the NR-KPP.

       Framework        Framework Product
                                                                             General Description
        Products              Name
                   Overview and Summary          Scope, purpose, intended users, environment depicted, analytical
         AV-1
                   Information                   findings
                   High-Level Operational
         OV-1                                    High-Level graphical/textual description of operational concept.
                   Concept Graphic
                   Operational Node              Operational Nodes, operational activities performed at each node,
         OV-2
                   Connectivity Description      connectivity and information exchange need lines between nodes
                   Operational Information       Information exchanged between nodes and the relevant attributes
         OV-3
                   Exchange Matrix               of that exchange.
                   Organizational
         OV-4                                    Organizational, role, or other relationships among organizations
                   Relationships Chart
                                                 Operational activities, relationships among activities, inputs and
         OV-5      Operational Activity Model    outputs. Overlays can show cost performing nodes, or other
                                                 pertinent information.
                                                 One of three products used to describe operational activity
                   Operational Event-Trace
        OV-6c                                    sequence and timing – traces actions in a scenario or sequence of
                   Description
                                                 events and specifies timing of events.
                                                 System data requirements and structural business process rules
         OV-7      Logical Data Model
                                                 of the Operational View
                   System Interface              Identification of systems nodes, systems, and system items and
         SV-1
                   Description                   their interconnections, within and between nodes.
                   System Communications
         SV-2                                    Systems nodes and their related communications lay-downs
                   Description
                   Systems Functionality         Functions performed by systems and the information flow among
         SV-4
                   Description                   system functions, including information assurance functions
                   Operational Activity to
                                                 Mapping of systems back to operational capabilities or of system
         SV-5      Systems Function
                                                 functions back to operational activities.
                   Traceability Matrix
                   Systems Data Exchange         Provides details of systems data being exchanged between
         SV-6
                   Matrix                        systems.
                                                 Physical implementation of Logical Data Model entities, e.g.
        SV-11      Physical Schema
                                                 message format, file structures, physical schema
                                                 Extraction of standards that apply to the given architecture,
         TV-1      Technical Standards Profile   Including information assurance functions. Note: The TV-1 must
                                                 be completed in DISROnline and included in the NR-KPP annex.
                                                 Emerging standards, which are not currently approved. The TV-2
                   Technical Standards
         TV-2                                    should also be used to document technical issues affecting
                   Forecast
                                                 program implementation (e.g. non-availability of JTRS radios).
 8
 9                                 Table D-3. Architecture Products Descriptions
10




                                                       D-11                                          Enclosure D
                                                                                                  CJCSI 6212.01D
                                                                                                  14 October 2005
 1                 11. The following figure, Figure D-2, describes the required
 2   linkages between NR-KPP attributes, integrated architecture products, and
 3   performance metrics, which are necessary to assess the NR-KPP.

            Information Needs
            Information Needs
                                                 •   Precepts
                     AV-1
                     AV-1                        •   Nodes, Needlines & Activities
                                                 •   Organizational Relationships
           OV-2
           OV-2      OV-4
                     OV-4    OV-5
                             OV-5                •   Systems Information Exchanges
                                                 •   Activities & Process Flow
           SV-4      SV-5    SV-6                •   Data Flows
           SV-4      SV-5    SV-6
                                                 •   Capability to Systems Trace



          Information Timeliness
          Information Timeliness
                                                 • Required Systems Information Exchanges
                                                 • Performance Attributes:
                                                     Periodicity      Availability
          OV-6c
          OV-6c      SV-5
                     SV-5       SV-6
                                SV-6                 Timeliness       Throughput
                                                 • Time Ordered Nodal Information Exchanges           Measures
                                                 • Capability to Systems Correlation to Meet              of
                                                   Timeliness Requirements                           Performance
                                                                                                      Measures
          Information Assurance
          Information Assurance                  • Required Systems Information Exchanges                 of
                                                 • Performance Attributes:                           Effectiveness
                                                      Accuracy        Information Criticality
            OV-5
            OV-5            SV-4
                            SV-4                      Availability  Integrity
                                                 • Data Flows/Formats
                                                 • Information Sequencing
            SV-5
            SV-5            SV-6
                            SV-6                 • Capability to Systems Correlation to Meet
                                                   Information Assurance Requirements


                  Net-Enabled
                  Net-Enabled                    • Node Connectivities and Information Needs
                                                 • Capability to Systems Correlation
          OV-2                  SV-4             • Mapping to NCOW Activities Model
          OV-2                  SV-4
                    NCOW
                    NCOW                         • Data Flows/Formats
                     RM
                     RM                          • Technical Standards Required to Implement
          SV-5                  TV-1               Capability
          SV-5                  TV-1
                                                 • Information Sequencing
                                                 • SV-TV Bridge


                                Figure D-2. Architecture Linkage to NR-KPP Attributes

 4            (5) GIG Key Interface Profiles (KIPs). In light of the scope of the GIG
 5   environment, a form of enterprise-level integration management is needed to
 6   facilitate interoperability and testing at the seams of GIG components.
 7   Formally designated GIG KIPs offer organizations and system builders a set of
 8   managed technical interface specifications on which to converge. This brings
 9   visibility, and stability to these critical interfaces, while freeing the GIG
10   components to innovate on either side of the interface. GIG KIPs are applicable
11   to all functional proponents, software developers, operators and users of IT and
12   NSS systems, and encompass requirements pertaining to data, physical and
13   logical interfaces, communications, service levels and security. GIG KIPs are

                                                        D-12                                          Enclosure D
                                                                       CJCSI 6212.01D
                                                                       14 October 2005
 1   used to communicate the technical specifications and implementation of
 2   standards of the key interface.

 3              (a) A GIG KIP is the set of documentation produced as a result of
 4   interface analysis which:

 5                  1. Describes an interface with the GIG.

 6                  2. Details the key interface architectural, interoperability, test,
 7   and security attributes documenting KIP characteristics in conjunction with
 8   solution sets.

 9              (b) A mandated GIG KIP consists of:

10                  1. Refined operational and systems view products.

11                2. The technical specification of the applicable DISR standards
12   implementation options and settings governing the key interface external
13   presentation

14                  3. Technical Standards Profile (TV-1) with specifications to
15   bridge the Systems View to the Technical View

16                  4. Technical standards forecast (TV-2).

17                  5. Procedures for standards conformance testing

18              (c) A GIG KIP is associated with an interface between one or more
19   systems. GIG KIPs are applicable to both the consumer and the provider of the
20   service. Both the consumer and provider have responsibilities listed in Table
21   D-4. GIG KIPs life cycle includes provisional, emerging, mandated and retired
22   phases.

23




                                            D-13                            Enclosure D
                                                                                CJCSI 6212.01D
                                                                                14 October 2005
 1

                     Consumer Responsibilities                  Provider Responsibilities

                    Identify possible use of key             In coordination with DISA,
                     interfaces                                support the profile detailed
                    Plan for implementation of                development in accordance
     Emerging        GIG KIPs                                  with the KIP development
                    Plan and program for testing              guidance
                     of GIG KIPs                              Assist JITC in creating the
                                                               test strategy for GIG KIPs
                    Identify applicable GIG KIPs             Adhere to enterprise
                     using the Table D-A-2 of                  configuration management of
                     Appendix 1, Enclosure D                   key interface
                    Implement the system IAW                 In coordination with DISA,
                     the applicable profiles                   maintain the profiles in
     Mandated       Conduct standards                         accordance with the KIP
                     conformance testing of                    configuration management
                     applicable GIG KIPs against               guide
                     the profiles                             If requested by JITC, provide
                                                               an instantiation of the key
                                                               interface to JITC for testing.
 2                      Table D-4. KIP Consumer and Provider Responsibilities
 3               (d) A program complies with GIG KIPs by identifying relevant GIG
 4   KIPs in CDDs, CPDs, and ISPs, developing the program in accordance with the
 5   technical standards specifications in the profile, and performing GIG KIP
 6   testing. Compliance with identified GIG KIPs shall be analyzed during the
 7   development of the CDD, CPD, and ISP, and assessed during standards
 8   conformance and interoperability testing, which can be performed by JITC or
 9   performed by the program and results provided to JITC. When a GIG KIP
10   becomes mandated it will have an effective date. When completing CDDs,
11   CPDs, and ISPs, programs will identify applicable, mandated GIG KIPs to
12   establish a baseline for standards conformance testing and for meeting this
13   portion of the KPP.

14              (e) The Chairman of the Joint Chiefs of Staff and DISA shall
15   continue the development of the GIG KIPs according to the process outlined in
16   Figure D-2. Key interfaces are defined as part of the capability development
17   process. The appropriate FCB or Mission Area Lead (in the case of a COI
18   enterprise service interface) will designate a capability as providing a key
19   interface when it meets the following criteria:

20      • The interface spans organizational boundaries
21      • The interface is mission critical
22      • The interface is difficult or complex to manage

                                               D-14                                 Enclosure D
                                                                      CJCSI 6212.01D
                                                                      14 October 2005
 1      • There are capability, interoperability, or efficiency issues associated with
 2      the interface
 3      • The interface impacts multiple acquisition programs
 4      • The interface is vulnerable or important from a security perspective
 5      • Very large set of point-to-point interfaces already exists or has the
 6      potential to emerge
 7      • The number of current and potential providers and/or consumers of the
 8      services offered via the interface is large
 9
10               (f) Key interfaces of the GIG are identified by the Joint Staff or
11   appropriate Mission Area governance forum for COI enterprise services. Once
12   the GIG KIP is identified, the Information Technology Standards Committee
13   (ITSC) will designate an appropriate sponsor or program office for the key
14   interface. DISA will develop the profile in cooperation with the designated
15   sponsor or program office. The profile will be designated as emerging in DISR
16   during development and will be coordinated with JITC for testing issues. Once
17   completed, the Information Technology Standards Oversight Panel (ISOP) will
18   approve the GIG KIP and it will become mandated in the DISR. Programs must
19   identify, comply, and conduct conformance tests on mandated GIG KIPs. The
20   GIG KIPs will all include an effective date, after ISOP approval. The CDD and
21   CPD will include a list of mandated GIG KIPs, which each program will build to
22   and conduct testing against. KIPs will continue to evolve and new KIPs will be
23   identified, developed and approved over time. However, the CDD and CPD form
24   KIP baselines, which do not change as additional GIG KIPs are mandated
25   unless the ISOP approves an exception to policy requiring the newly mandated
26   GIG KIP to be implemented immediately by all programs. Programs can choose
27   to update their list of applicable GIG KIPs as necessary to include additional
28   mandated GIG KIPs. These program-directed KIP baseline changes will be
29   documented when the next CPD or ISP comes due, but KIP baseline changes
30   alone do not require a separate NR-KPP update. The GIG KIPs are maintained
31   to accurately reflect evolving GIG interface standards and will be updated as
32   the GIG and its enterprise services mature. DISA will maintain the list of
33   emerging and mandated GIG KIPs as part of DISR and also on the web site:
34   https://kips.disa.mil.




                                           D-15                            Enclosure D
                                                                                                   CJCSI 6212.01D
                                                                                                   14 October 2005


                                                                                                        CDD/CPDs
        New Capability                                                          CDD/CPDs
                                                 JCIDS documents                                         identify
          Identified                                                         identify applicable
                                                                                                        mandated
            (ICD)                                                              emerging KIPs
                                                                                                           KIPs




       JCIDS or mission         KI sponsor or                                                          KIP Mandated
                                                                               Emerging KIP
        area designates       program provider           Profile developed
                                                                             (appears in DISR)          (appears in
       capability as GIG       designated by                  by DISA
                                                                                                           DISR)
         Key Interface           ITSC/ISOP




        Key Interface          Key Interface              Coordinate KIP                               ISOP approves
                                                                              ISOP approves
        criteria used          aligned with                testing issues                                 KIP (sets
                                                                                   KIP
        for selection             family                     with JITC                                  effective date)



         Warfighting                                          DISR             JITC validates           JITC able to
        requirements                                     change requests      profile/identifies        conduct KIP
       drive capability                                     Submitted          test resources              testing



                                                                                                         Key Interface
                                                            Begin CM/         Profile reaches           instantiated in
                                                          version control        maturity
                                                                                                           HW/SW


 1

 2                                        Figure D-3. KIP Development Process
 3
 4
 5           (6) Information Assurance. Information assurance (IA) is a critical
 6   element in the GIG. IA uses a Defense-in-Depth strategy to establish and
 7   maintain an acceptable IA posture across the GIG. Protection mechanisms
 8   shall be applied to minimize system and information vulnerabilities, such that
 9   information and information systems maintain the appropriate level of
10   confidentiality, availability, integrity, authenticity, and non-repudiation based
11   on mission assurance category, classification and sensitivity of information,
12   while maintaining the level of interoperability essential to the GIG. IT or NSS
13   program managers/sponsors integrate information assurance into the
14   acquisition life cycle as outlined in Defense Acquisition Guidebook (reference
15   aa) paragraph 7.5.3.

16                      (a) The CDD must:

17                    1. Describe how the system will implement IA policies and
18   procedures IAW the most current policies and procedures contained in
19   references p through u and bb through dd; as well as references ee and ff for
20   SCI and Special Access Programs. If encrypted key (including PKI) technology is
21   required, include a statement that encrypted key technology will be acquired as
22   part of this effort and will be installed and used, including initial fielding



                                                              D-16                                     Enclosure D
                                                                      CJCSI 6212.01D
                                                                      14 October 2005
 1   efforts, to ensure information security over all voice, video, and data
 2   transmission.

 3                  2. Sponsors must certify compliance with IA requirements by
 4   including in the CDD an IA statement of compliance reading, ― This system is
 5   required to be in full compliance with DOD Directive 8500.1 and DOD
 6   Instruction 8500.2, and with the DITSCAP.‖ The DIACAP DOD Instruction
 7   8510, now in draft will supersede 5200.40. Submit documentation required for
 8   DITSCAP phase I or current accreditation decision documentation, the DIACAP
 9   Scorecard1, and upon request additional information to the Joint Staff J-6 for
10   review via the JCPAT-E. For Intelligence Community (IC) and non-DOD
11   products and systems interconnecting with DOD products systems, the
12   applicable IA requirements of DCID 6/3 (reference ff) for IC, and NIST SP 800-
13   53 (reference pp) (for non-DOD) must also be met.

14                   (b) The CPD must:

15                  1. Describe in greater detail how the production system
16   implements the IA policies and procedures cited in the CDD IAW the most
17   current policies and procedures contained in references p through u and bb
18   through dd; as well as references ee and ff for SCI and Special Access
19   Programs. If encrypted key technology is required, include a statement that
20   encrypted key technology will be acquired as part of this effort and will be
21   installed and used, including initial fielding efforts, to ensure information
22   security over all voice, video, and data transmission.

23                  2. Program managers must certify compliance with IA
24   requirements by including an IA statement of compliance reading, ― This
25   system is currently in full compliance with DOD Directive 8500.1 and DOD
26   Instruction 8500.2, and with the DITSCAP (DODI 5200.40).‖ The DIACAP DOD
27   Instruction 8510, now in draft will supersede 5200.40. Submit the required IA
28   documentation for the accreditation decision, DIACAP Scorecard2 and upon
29   request additional information to the Joint Staff J-6 for review via the JCPAT-
30   E.

31               (c) Sponsors and program managers must demonstrate achievement
32   of IA within the GIG through a defense-in-depth approach that integrates the
33   capabilities of personnel, operations and technology, and supports the
34   evolution to network centric operations and warfare. IA requirements shall be
35   identified and included in the architecture design, acquisition, installation,
36   operation, upgrade, or replacement of all DOD IT and NSS in accordance with
37   10 USC Section 2224, ―Defense Information Assurance Program,‖ OMB
38   Circular A-130 Appendix III, and references p through u and bb through dd as
39   well as references ee and ff for SCI and Special Access Programs.
     1
         Upon approval of DODI 8510
     2
         Upon approval of DODI 8510

                                            D-17                           Enclosure D
                                                                                               CJCSI 6212.01D
                                                                                               14 October 2005
 1   Interoperability and integration of IA solutions within or supporting the DOD
 2   shall be achieved through adherence to the DOD Architecture Framework
 3   (http://www.defenselink.mil/nii/doc/) including the IA Component of the GIG
 4   Architecture.

 5               (d) IAW DODI 8580.1 (reference r), Sponsors shall ensure that each
 6   assigned DOD information system has a designated Information Assurance
 7   Manager (IAM) with the support, authority and resources to satisfy the
 8   responsibilities established in DODI 8500.2 (reference q) and implement the
 9   DITSCAP for assigned DOD information systems. Ensure that information
10   system security engineering (ISSE) is employed to develop the IA component of
11   the system architecture in compliance with the IA component of the GIG
12   Architecture and to make maximum use of enterprise IA capabilities and
13   services including verifying compliance with the security requirements and
14   evaluate vulnerabilities, for each lifecycle development activity where there is a
15   corresponding set of security activities. Sponsors must provide J-6
16   documentation that each phase of the Defense Information Technology Security
17   Certification and Accreditation Program (DITSCAP), has been completed
18   throughout the phases of the JCIDS/acquisition process. These phases
19   include Definition, Verification, Validation, and Post Coordination. Upon
20   accreditation, sponsors shall post the System Security Authorization
21   Agreement (SSAA) to the JCPAT-E.

22                (e) IT and NSS, including commercial and non-developmental items,
23   must comply with applicable DOD Information Assurance and Critical
24   Infrastructure policies and regulations/instructions and Director Central
25   Intelligence Directives (DCIDs). This includes implementation of encrypted key
26   when required to ensure information security over all voice, video, and data
27   transmission. Interconnection of systems operating at different classification
28   levels will be accomplished by processes approved by the DOD Chief
29   Information Officer (CIO) in conjunction with DIA, DISA and NSA CIO’s. IA will
30   be an integral part of all net-readiness efforts thus allowing appropriate
31   security measures to protect mission data and system resources from all
32   known threats (references o, s, and bb). A thorough description must be
33   included of how subject IT and NSS comply with each applicable policy and
34   regulation/instruction to meet the requirements of this element of the NR-KPP.

35              (f) Information assurance is an integral part of net readiness. All
36   GIG information systems shall implement IA policies and protection
37   mechanisms in accordance with the MAC (Mission Assurance Category) and
38   Confidentiality Levels (CL) established for the system.3 The NR-KPP description
39   must include how the system will implement information assurance policies
     3
      When assigning MAC and CL to the system the PM should consider all interfaces and adopt the highest MAC and
     CL of the interface the system will exchange data with to prevent developing a system with inadequate IA controls.
     Example, PM may determine that system should be MAC II, but in grand scheme (OV-1) the system is exchanging
     data/information with a MAC I interface/system.

                                                          D-18                                        Enclosure D
                                                                        CJCSI 6212.01D
                                                                        14 October 2005
 1   and procedures IAW the most current policies and procedures. The NR-KPP
 2   description shall include: a description of the required security features; a
 3   statement that the features must have sufficient strength relative to the
 4   system’s environment; and a statement that the features operate in a way that
 5   enforces the system’s security policy. If encrypted key technology is required, a
 6   statement will be made that encrypted key technology will be acquired as part
 7   of this effort and will be installed and used, including initial fielding efforts, to
 8   ensure information security over all voice, video, and data transmission.

 9          (7) Additional Requirements

10                (a) Sponsors are encouraged to use an integrated, automated suite
11   of tools for developing and documenting system architecture and other NR-KPP
12   related information. System NR-KPP information, and an appropriate tool
13   suite, must be available for CDD, CPD, and ISP review and interoperability
14   testing purposes. (Note that this may require the sponsor to obtain additional
15   user licenses and make tools available online in some situations.) NR-KPPs
16   shall also be submitted in machine-readable form, and the PM/sponsor will
17   coordinate with reviewers (e.g., J-6) and testers (e.g., JITC) to ensure that
18   appropriate automated tools are available for processing and analyzing system
19   NR-KPP information.
20
21                   1. Submissions of documents (CDDs, CPDs, and ISPs) shall be
22   accompanied by machine-readable copies of the NR-KPP package and
23   identification of associated online files (e.g., DISROnline system profile, DARS
24   files). Names and version identification and location (e.g., URL) shall be
25   provided for machine-readable information as part of document submissions
26   (e.g., a CPD submission should identify the associated DARS files, DISROnline
27   entry, etc).
28
29                   2. A consistent naming convention shall be used to the extent
30   practicable for all machine readable information associated with a
31   program/system. The naming convention (for databases and other files,
32   including online entries) will identify the program/system/subsystem (system
33   component), increment, configuration management information (e.g., date,
34   version identification), and status (e.g., draft). Machine-readable information
35   will be ―locked‖ to the extent practicable upon submission of a documentation
36   package, so that all sources of information (i.e., documents, database entries,
37   computer files, etc.) will remain in sync for a given version. Any modifications
38   to databases, online entries, etc. after submission of a documentation package
39   shall be made to a new instance (i.e., a different copy), which shall be identified
40   with an appropriate change in version identification of the item.
41
42             (b) IT and NSS must comply with Defense Critical Infrastructure
43   guidance to ensure availability of DOD and non-DOD networked assets critical


                                            D-19                             Enclosure D
                                                                                               CJCSI 6212.01D
                                                                                               14 October 2005
 1   to project, support, and sustain military forces and operations worldwide
 2   (reference cc).

 3             (c) Spectrum Supportability Policy (DODD 4650.1) and
 4   Electromagnetic Environmental Effects (E3) control (DODD 3222.3).

 5                   1. All IT and NSS systems must be mutually compatible with
 6   other systems in their electromagnetic environment and not be degraded below
 7   operational performance requirements due to electromagnetic environmental
 8   effects (reference i).

 9                  2. All IT and NSS must comply with reference j. Spectrum
10   supportability and E3 control requirements must be addressed IAW CJCSM
11   3170.01.

12                       a. At or During Concept Refinement – a Stage 1 (Conceptual)
13   request for a spectrum supportability determination (i.e., a DD Form 1494)
14   must be obtained prior to the Milestone A, and must be submitted concurrently
15   with the initial (Milestone (MS) B) Information Support Plan (ISP).4

16                     b. By Technology Development – a Stage 2 (Experimental)
17   spectrum supportability determination must be obtained prior to the
18   Technology Development Stage. If a spectrum supportability determination
19   has not been obtained, DODD 4650.1 requires the Milestone Decision
20   Authority (MDA) to specifically authorize the program to proceed into the
21   System Development and Demonstration phase and to provide to the
22   USD(AT&L), the ASD(NII), the DOT&E, and Chair, MCEB, a justification and
23   plan to obtain spectrum supportability.

24                      c. By System Development and Demonstration – a Stage 3
25   (Developmental) spectrum supportability determination must be obtained prior
26   to Milestone B award. If a spectrum supportability determination has not been
27   obtained, DODD 4650.1 requires the MDA to specifically authorize the program
28   to proceed into the Production and Deployment phase and to provide to the
29   USD(AT&L), the ASD(NII), the DOT&E, and Chair, MCEB, a justification and
30   plan to obtain spectrum supportability.

31                      d. By System Production and Deployment – a Stage 4
32   (Operational) spectrum supportability determination must be obtained prior to
33   Milestone C award. If a spectrum supportability determination has not been
34   obtained, DODD 4650.1 requires the Milestone Decision Authority (MDA) to
35   specifically authorize the program to proceed into the Production and
36   Deployment phase and to provide to the USD(AT&L), the ASD(NII)/DOD CIO,
37   the DOT&E, and Chair, MCEB, a justification and plan to obtain spectrum
38   supportability.‖

     4
         The DD Form 1494 must be releasable to the Host Nation(s) (HN) to where the equipment will be deployed.

                                                           D-20                                      Enclosure D
                                                                    CJCSI 6212.01D
                                                                    14 October 2005
 1                   3. All IT and NSS must be compliant with other regulatory
 2   documents for spectrum supportability and certification such as DODI 5000.2
 3   (Enclosure 3, Table E3.T1), the ―Manual of Regulations and Procedures for
 4   Federal Radio Frequency Management‖ (a.k.a. ―NTIA Redbook‖), Office of
 5   Management and Budget (OMB) Circular A-11 (Part 2, section 33.4), DODDs
 6   3222.3 and 4650.1 (references i and j), and other documents listed in this
 7   instruction. Note: While not required, it is highly recommended that Program
 8   Managers reference section 7.6, ―Electromagnetic Spectrum,‖ of the Defense
 9   Acquisition Guidebook (reference aa) where additional information including
10   detailed Milestone requirements, additional mandatory policies, timelines,
11   sample wordings for documents, and other specific requirements for gaining
12   spectrum supportability are covered. Adherence to these guidelines will
13   alleviate problems, expedite the process and is intended to help the Program
14   Manager’s Office meet the intent of DODDs 3222.3 and 4650.1.‖

15                  4. All proposed IT and NSS systems that include spectrum-
16   dependent hardware must document spectrum certification of the hardware
17   (reference j).

18                5. Commercial and non-developmental items must also comply
19   with DOD policy on (E3) and Spectrum Supportability (references i and j).

20                  6. Host-Nation Approval (HNA). To ensure compatibility as well
21   as interoperability, all IT and NSS with equipment intended for operation in
22   host nations will require HNA coordinated by the MCEB and the appropriate
23   combatant commanders prior to use. The spectrum supportability process
24   includes national, international, and DOD policies and procedures for the
25   management and use of the electromagnetic spectrum. This process ensures
26   the following:

27                     a. The spectrum-dependent system/equipment being
28   acquired is designed to operate within the proper portion of the electromagnetic
29   spectrum;

30                      b. Permission has been (or can be) obtained from designated
31   authorities of sovereign ("host") nations (including the United States) to use
32   that equipment within their respective borders; and

33                     c. The newly acquired equipment can operate compatibly
34   with other spectrum-dependent equipment already in the intended operational
35   environment (electromagnetic compatibility).

36                  7. The objective of establishing E3 control requirements early in
37   the acquisition process is to ensure that DOD equipment, subsystems, and
38   systems are designed to be self-compatible and operate compatibly in the
39   operational electromagnetic environment. E3 control applies to the
40   electromagnetic interactions of both spectrum-dependent and non-spectrum-
                                          D-21                           Enclosure D
                                                                    CJCSI 6212.01D
                                                                    14 October 2005
 1   dependent objects within the operational environment. Examples of non-
 2   spectrum-dependent objects that could be affected by the electromagnetic
 3   environment are ordnance, personnel, and fuels. The increased dependency on
 4   and competition for portions of the electromagnetic spectrum have amplified
 5   the likelihood of adverse interactions among sensors, networks,
 6   communications, and weapons systems.

 7                  8. Hazards of Electromagnetic Radiation to Ordnance (HERO).
 8   All proposed IT and NSS should be assessed to determine their effects on all
 9   electro-explosive devices (ordnance) when the item is employed in IT and NSS
10   radio frequency environments.

11                 9. Ordnance containing electrically initiated devices (EIDs) will
12   be compatible with the operational electromagnetic environment and will not be
13   degraded by E3 (reference i).

14                 10. Ordnance must be integrated into platforms, systems, and
15   equipment to preclude safety problems and unintentional detonation when
16   exposed to the operational electromagnetic environment (reference i).

17                11. IT and NSS documents (CDDs, CPDs and ISPs) must contain
18   a spectrum compliance statement. An example statement follows:

19   Spectrum Supportability. Procurement or acquisition of all wireless radio
20   frequency (RF) dependent devices, to include commercial or Government off the
21   shelf (COTS or GOTS) and non-developmental items (NDI), must be conducted
22   IAW DOD guidance (e.g., DODD 4650.1, DODI 4630.8, DODD 5000.1, and
23   DODI 5000.2) as well as applicable MILDEP publications. Program Managers
24   (PM) should initiate spectrum supportability as early in the acquisition process
25   as possible. However, before assuming contractual obligations for
26   development, testing, production, or procurement of RF systems, they must
27   ensure RF support is or will be available in the countries (e.g., host nations)
28   determined by the PM or procurer for the equipment's intended use.
29   Specifically, the PM must obtain appropriate equipment allocation
30   guidance/status prior to MS B or MS C as outlined in DODD 4650.1 in order to
31   progress to the next phase. Programs employing spiral development, technology
32   insertion, or block upgrades must obtain equipment allocation guidance/status
33   during the planning stages. PMs obtain equipment allocation guidance by
34   submitting a DD Form 1494, Application for Equipment Frequency Allocation,
35   through the supporting spectrum management office. If the equipment is to be
36   used outside the United States and Its Possessions (US&P), a DD Form 1494
37   must be generated as releasable to the countries of interest and must be sent
38   through spectrum management channels to the theater Combatant
39   Commander(s), who will coordinate and obtain host nation equipment
40   allocation and spectrum supportability comments. Once the PM has obtained
41   favorable equipment allocation guidance, the acquisition process may proceed.

                                          D-22                          Enclosure D
                                                                     CJCSI 6212.01D
                                                                     14 October 2005
 1   Prior to actual fielding/deployment of the equipment, the operational user is
 2   responsible for obtaining specific operating frequencies by submitting a request
 3   through the appropriate spectrum management office to the theater Combatant
 4   Commander(s) that will coordinate with the host nation(s).

 5                  12. While not required in the ICD, spectrum supportability
 6   should be obtained as soon as possible and the ICD is one of the earliest
 7   opportunities to start that process. Program managers should consider
 8   including a statement similar to the following:

 9   This system will comply with DOD, national and international spectrum
10   management policies.

11                (d) Joint Tactical Radio System (JTRS). All future requirements for
12   radio-based communications will be satisfied by the approved current JTRS
13   requirements document unless ASD(NII)/DOD CIO grants authorization for a
14   specific procurement. Authorization will be granted in accordance with
15   reference qq. Under no circumstance will new research and development
16   activities for any radio systems, to include software reprogrammable radio
17   technologies, which may supplant the current JTRS program of record, be
18   conducted.

19             (e) Selective Availability Anti-Spoofing Module (SAASM). All
20   programs must comply with CJCSI 6140.01, which directs specific measures to
21   protect GPS. Include a statement on how the program complies with CJCSI
22   6140.01.

23




                                           D-23                           Enclosure D
                             CJCSI 6212.01D
                             14 October 2005
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20   (INTENTIONALLY BLANK)
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43




             D-24                Enclosure D
                                                                                 CJCSI 6212.01D
                                                                                 14 October 2005
 1
 2
 3                               APPENDIX A TO ENCLOSURE D
 4
 5                 RECOMMENDED NR-KPP DOCUMENTATION FORMAT
 6
 7
 8      ------------------------------------------------------------------------------------------
 9

10                                          APPENDIX ___
11

                             CLASSIFICATION OR UNCLASSIFIED


                                                NR-KPP
                                                  FOR
                                  TITLE OF PROGRAM/SYSTEM
12   This appendix provides an example format for the NR-KPP documentation. The
13   NR-KPP documentation should be developed as an appendix to the CDD or
14   CPD. Each subparagraph should be numbered to facilitate correlation and
15   traceability and for ease of identifying issues during staffing. The architecture
16   products should be produced to be CADM conformant so they can be loaded
17   into analysis tools.
18




                                                                                       Appendix A
                                                 D-A-1                                Enclosure D
                                                                       CJCSI 6212.01D
                                                                       14 October 2005
1   1. NR-KPP Statement.

        Net-Ready KPP               Threshold (T)                   Objective (O)
     Net-Ready: The           The system must support         The system must
     system must support      execution of joint critical     support execution of all
     Net-Centric military     operational activities          joint operational
     operations. The          identified in the system’s      activities identified in
     system must be able      integrated architecture         the system’s integrated
     to enter and be          products and satisfy the        architecture products
     managed in the           technical requirements          and satisfy the
     network, and             for transition to Net-          technical requirements
     exchange data in a       Centric military                for Net-Centric military
     secure manner to         operations to include           operations to include
     enhance mission          1) DISR mandated GIG IT         1) DISR mandated GIG
     effectiveness. The       standards identified in         IT standards identified
     system will not          the TV-1,                       in the TV-1,
     significantly increase   2) DISR mandated GIG            2) DISR mandated GIG
     the workload of          KIPs identified in the KIP      KIPs identified in the
     operators, system        declaration table,              KIP declaration table,
     administrators, or       3) NCOW RM Services             3) NCOW RM Services
     maintainers.             4) Information assurance        4) Information
                              requirements including          assurance requirements
                              availability, integrity,        including availability,
                              authentication,                 integrity,
                              confidentiality, and non-       authentication,
                              repudiation, and                confidentiality, and
                              issuance of an Interim          non-repudiation, and
                              Approval to Operate             issuance of an Interim
                              (IATO) by the Designated        Approval to Operate
                              Approval Authority              (ATO) by the Designated
                              (DAA), and                      Approval Authority
                              5) Operationally effective      (DAA), and
                              information exchanges;          5) Operationally
                              and mission critical            effective information
                              performance and                 exchanges; and mission
                              information assurance           critical performance and
                              attributes identified in        information assurance
                              the SV-6.                       attributes identified in
                                                              the SV-6.
2                          Table D-A-1. NR-KPP Compliance Statement
3

4



                                                                             Appendix A
                                           D-A-2                            Enclosure D
                                                                      CJCSI 6212.01D
                                                                      14 October 2005
 1   2. Net-Centric Operations and Warfare Reference Model (NCOW RM)
 2   Compliance Statement.

 3       a. Describe in the architecture products the NCOW RM activities,
 4   applicable to the system to establish, use, operate and manage the system
 5   capabilities within the net-centric enterprise information environment to
 6   include: the user interfaces, the intelligent-assistant capabilities, the net-
 7   centric service capabilities, and the enterprise management components.

 8       b. The program’s description and architecture products will comply with
 9   the taxonomy and lexicon of NCOW concepts and terms, and architectural
10   descriptions of NCOW concepts. It must also comply with the NCOW RM
11   activities, services and standards required to establish, use, operate, and
12   manage the net-centric enterprise information environment (EIE) to include the
13   generic user-interface, the intelligent-assistant capabilities, the net-centric
14   service capabilities, and the enterprise management components.

15       c. Clearly identify the following NCOW RM activities performed by the
16   system/program:

17          (1) Activities conducted by system to access the Net-Centric Enterprise
18   Services (NCES) and use the services/capabilities.

19          (2) Activities performed by the system or within the NCES to provide
20   assistance to system and invoke services.

21          (3) Activities performed by the system or within NCES to provide
22   services/capabilities.

23          (4) Activities that locate, activate, and connect the resources upon
24   which the system and NCES operate.

25          (5) Activities performed by the system or within the NCES to architect,
26   plan, engineer, provision and manage the environment.

27   3. Mandatory Integrated Architecture Products. Develop the mandatory
28   integrated architecture products in accordance with the DOD Architecture
29   Framework (DODAF).

30      a. Ensure architecture data element tables are provided for each product,
31   providing definitions of the metadata (i.e., the architecture data types that
32   comprise the products).

33       b. Ensure architecture products are CADM conformant (each product is
34   represented in a CADM XML document that can be loaded into DARS and other
35   CADM conformant architecture tools and databases) as required by the
36   DODAF. The exception to this requirement is the TV-1 and TV-2 developed and
                                                                      Appendix A
                                         D-A-3                       Enclosure D
                                                                    CJCSI 6212.01D
                                                                    14 October 2005
 1   published on DISRonline. DISRonine is moving towards CADM conformance
 2   and still contains the most up to date standards. The architecture views must
 3   still be included in the document.

 4       c. Comply with the DODAF requirements in producing architectural
 5   products. This requirement is met by producing a complete integrated
 6   architecture using the specified products described in the DODAF and having
 7   it assessed for accuracy, consistency, and sufficiency with respect to its
 8   intended use (e.g., capability definition, process re-engineering, investment
 9   decisions, and integration engineering). Comply with the DOD Net-Centric
10   Data Strategy and DODD 8320.2 Data Sharing in a Net-Centric Department of
11   Defense requirements and intent. Make explicit the data that is produced and
12   used by the program’s implemented operations and that is to be shared with
13   the user community. Provide the associated metadata, and define and
14   document the program’s data models. These requirements are met by
15   performing the following actions. If not completed, indicate the extent to which
16   progress has been made, or provide a plan to meet the requirement.

17           (1) At a minimum, the logical data models (LDMS) should include the
18   logical entity types, the data attributes describing those entities, and the
19   relationships between the entities.

20           (2) The Physical Data Models (PDMs) should contain the organization’s
21   database naming standards, data schema, data types, data tables, data
22   columns of those tables, and the relationships between the tables. The detail
23   varies depending on the complexity of the program’s data requirements. PDMs
24   must show greater detail, including associative tables required to implement
25   the associations as well as the keys needed to maintain the relationships.

26           (3) List the Communities of Interest (COIs) and the COI POC (name, org,
27   email, phone number) in which the program participates and which publish
28   the metadata/taxonomies/vocabularies used by the program.

29          (4) Report the status of COI metadata tagging including DDMS
30   compliant discovery metadata, associated information assurance and security
31   metadata and authoritative sources for the data.

32          (5) Report the status of data asset tagging with DDMS and COI
33   extensions and XML component tagging.

34          (6) Report the status of registering structural and semantic metadata in
35   the DOD Metadata Registry, including COI extensions to DDMS. Provide
36   representative samples of registry entries.




                                                                          Appendix A
                                          D-A-4                          Enclosure D
                                                                        CJCSI 6212.01D
                                                                        14 October 2005
 1          (7) Identify other shared spaces (registries, catalogs, repositories, etc.)
 2   where program data and semantic and structural metadata are posted.
 3   Provide names and URLs of the shared spaces.

 4          (8) Identify web services that the program is developing and where the
 5   services and their associated metadata are registered.

 6       e. Ensure that all information exchanges specified in architecture products
 7   are measurable and testable. When needed to insure measurability and
 8   testability of information exchanges, include mandatory SV-6 performance
 9   attributes (such as periodicity, criticality, timeliness, and size).

10       f. Architecture products need to show information exchanges with both
11   external systems and Net-Centric Core Enterprise Services (NCES).

12   4. Key Interface Profiles (KIPs) Declaration. Recognizing that the KIPs and IT
13   standards will evolve over time, the list of applicable emerging and mandated
14   KIPs will change. Use the most recent version of the table below, which can be
15   found at https://kips.disa.mil. Uniquely identify the KIP, including the KIP
16   version. Use the applicable column to identify if the KIP is applicable to the
17   program. State whether the KIP is emerging or mandated as posted on the
18   DISR. State whether this KIP will be implemented as part of the threshold or
19   objective value of the NR-KPP. Also, identify the associated interfaces and
20   include KIP implementation statement information. The statement, similar to
21   the implementation statement for a standard, expands on the declaration to
22   include an explanation of how well the design complies with an individual KIP. It
23   identifies optional elements that are implemented, known deviations, and any
24   necessary configuration details. The KIP statement alone does not ensure
25   interoperability; a system must also be designed against the appropriate
26   architectures and DOD DISR and IA standards. An example KIP declaration is
27   provided in the following table:




                                                                             Appendix A
                                            D-A-5                           Enclosure D
                                                                                                   CJCSI 6212.01D
                                                                                                   14 October 2005
 1
        Key Interface           Applicable        DISR Status       Implementation   Consumer          Implementation
         Family/Name      Ver    (Yes/No)     (Emerging/Mandated)       Phase        or Provider     Issues/KIP Options
      Communications
      Family
      UHF SATCOM
      X-Band SATCOM
      C-Band SATCOM
      Ku-Band
      SATCOM
      Ka-Band
      SATCOM
      EHF SATC OM
      AEHF SATCOM
      MUOS
      GPS
      EMSS
      Unsecure voice
      Secure voice
      Viedo
      teleconferencing
      Non Class IP
      Network
      Secure IP
      Network
      JIS
      GBS
      IBS
      Link-16
      JTIDS
      Tactical Wireless
      Multiband
      CENTRIXS
      Computing
      Family
      NetOps
      Applications
      Staging
      Computing
      Infrastructure
      Content Staging
      Enterprise
      Services Family
      Content
      Discovery
      Service Discovery
      Service Security
      Service
      Messaging

 2                                           Table D-A-2. KIP Declaration Table
 3   5. Information Assurance Compliance Statement. Provide all the information
 4   assurance documentation described in Enclosure D including the compliance
 5   statement. An example Information Assurance Compliance statement follows:

 6   This program or system (will be) in full compliance with requirements of the
 7   Federal Information Security Management Act (FISMA) (reference z), DOD 8500
 8   series and CJCS 6510 series directives, instructions and manuals with
 9   documentation provided in JCPATS or KM/DS. Change ―will be‖ to ―is‖ for
10   CPD.

                                                                                                         Appendix A
                                                          D-A-6                                         Enclosure D
                                                                 CJCSI 6212.01D
                                                                 14 October 2005
 1
 2
 3                         APPENDIX B TO ENCLOSURE D
 4
 5                TECHNICAL STANDARDS PROFILE AND FORECAST
 6
 7
 8   1. General. The JCPAT-E DISRonline module enables Component Program
 9   Managers (PM) to develop Technical Standards Profiles (TV-1), Technical
10   Standards Forecast (TV-2), and OUS in compliance with the applicable
11   standards contained in the DISRonline. The TV-1 is required as a supporting
12   JCIDS predecessor document for all CDDs, CPDs and ISPs.

13   2. Access.

14       a. The JCPAT-E DISRonline module for creating and publishing a TV-1,
15   TV-2 and OUS profiles shall be accessed via the SIPRNET at
16   https://jcpat.disa.smil.mil.

17      b. A user ID and password are required to use the tool. Potential tool
18   users who require accounts may go to the JCPAT-E home page on the SIPRNET
19   and follow the instructions for requesting an account.

20   3. Background. DISRonline provides users with an easy method to identify the
21   applicable DOD Mandated, Emerging, Retired, and Organization Unique
22   standards, and helps them build a TV-1, TV-2, and OUS profiles through
23   analysis of their IT and NSS Capability/System requirements.

24   4. Requirements.

25     a. DISRonline shall be used to develop and publish all TV-1s, TV-2s, and
26   OUSs referenced in JCIDS documents and ISPs.

27       b. All CDDs, CPDs, and ISPs will have a current TV-1 and TV-2, which is
28   published in the JCPAT-E DISRonline module on the SIPRNET (Check for new
29   versions published between reviews). Only CDDs and CPDs will have an
30   associated TV-2 that is published in the JCPAT-E DISRonline module on the
31   SIPRNET.

32      c. The PMs or PEOs may cite additional standards within a capabilities
33   document that are not mandated in DISR, however the following conditions
34   must be met.




                                                                       Appendix B
                                        D-B-1                         Enclosure D
                                                                    CJCSI 6212.01D
                                                                    14 October 2005
 1           (1) Prior to Milestone B, the PM or PEO shall, for each non-cited
 2   standard, either include a waiver or submit change request(s) (CR) into
 3   DISRonline NIPRNET (http://disronline.disa.mil). In addition the PM or PEO
 4   will identify, in Appendix A of the CDD or Chapter II of the ISP, the date that
 5   the CR was submitted. An Interim Standards Acknowledgement (ISA) of non-
 6   cited standards and their corresponding CR will be addressed during the
 7   routine assessment of the TV-1 with its CDD or Stage I ISP documents. The ISA
 8   will be provided in the assessor comments.

 9           (2) Prior to Milestone C decision, CPD and Stage II ISP documents that
10   identify standards not contained in the DISR will require a waiver.

11        d. Waivers must be obtained in accordance with DOD Instruction 4630.8
12   from the Component Acquisition Executive, Component CIO or cognizant
13   official.

14       e. PMs will provide notification in JCIDS and ISP documents that they
15   have obtained waivers or an ISA for all standards not mandated in DISR that
16   are used in their TV-1.

17       f. For Milestones B and C. PMs will develop a technology insertion risk
18   assessment for all waived standards included in their TV-1. Standards that
19   have received an ISA will not require a Technology Insertion Risk Assessment.
20   This Technology Insertion Risk Assessment will be included as an individual
21   attachment to JCIDS and/or ISP documents.

22           (1) Risk Assessment for Using Retired Standards. The risk assessment
23   for selecting ―Retired‖ standards for the TV-1 shall identify all approved
24   waivers, describe the cost, schedule or performance risk associated with
25   implementing the retired standard in place of a mandated standard and, within
26   their mitigation plan, include a migration strategy for transitioning from the
27   retired standards included in the TV-1 to applicable mandated standards.

28           (2) The risk assessment for using emerging standards in favor of, or in
29   the absence of, a mandated standard shall describe the cost, schedule or
30   performance risk impacting the program in the event that the selected
31   emerging standards implemented do not transition in the future to a mandated
32   status in the DISR.

33   5. Technical Standards Profile/Forecast (TV-1 and TV-2) Development.

34      a. CDD and Stage I ISP Preparation of TVs for Milestone B. The document
35   sponsor, with appropriate system and IT Standards subject matter experts
36   (SME), using the DISRonline tool and profile building privileges will begin the
37   development of a TV-1 and TV-2 for review and subsequent J-6 interoperability
38   assessment. Mandated standards should be used in the TV-1. Retired

                                                                         Appendix B
                                         D-B-2                          Enclosure D
                                                                    CJCSI 6212.01D
                                                                    14 October 2005
 1   standards identified in the TV-1 shall be accompanied by a waiver. It is
 2   preferred that Emerging standards be placed in the TV-2. The PM or PEO can
 3   add an Emerging standard to their TV-1, however this will require that they
 4   enter a Change Request into DISRonline NIPRNET for each applicable
 5   standard. The PM or PEO will then make a statement in the CDD or ISP
 6   document that all applicable Change Requests have been entered into
 7   DISRonline NIPRNET. The PM or PEO may then be granted an ISA. This ISA
 8   will not be valid for future associated CPD or Stage II ISP. If Emerging
 9   standards are placed in the TV-1 without an associated Change Request, then
10   a waiver is required. Standards not cited in the DISRonline but contained in
11   the CDD or Stage I ISP will be treated like Emerging standards and will require
12   either a waiver or that a Change Request be submitted into DISRonline
13   NIPRNET. In addition an appropriate statement in the JCIDS or ISP document
14   will be required.

15         (1) Producing the TV-1 and TV-2. A TV-1 and TV-2 residing in the
16   DISRonline application on the SIPRNET shall be referenced in CDDs being
17   submitted via JROC KM/DS.

18              (a) The TV-1 and TV-2 must be built using one or more of
19   DISRonline’s profile building methods. During the building process the TVs
20   can be saved as system profiles. Prior to publishing, these system profiles can
21   only be seen by the PM or PEO, and their designated profile builders (emerging
22   standards will be placed automatically in the TV-2 upon publication).

23               (b) If KIPS are being used by the PM or PEO, then applicable
24   Mandated KIP standards must be included in the system profiles. Upon
25   completion of the system profile, the PM or PEO shall publish the system
26   profile as a TV-1 and TV-2. During the publishing process:

27                  1. Mandated and retired standards will be placed into the TV-1,
28   the PM or PEO can choose to add Emerging or Retired standards to the TV-1
29   but these standards will require a Change Request or waiver as indicated in
30   paragraph 5.a. above. All remaining Emerging standards that have not been
31   placed in the TV-1 will be put in the TV-2.

32                  2. The PM or PEO will be required to publish them as a TV-1
33   and TV-2. This will require the PM or PEO to assign a JCPAT-E system
34   registration number and a system classification to the TVs. Once the TVs are
35   published, all DISRonline users can publicly view the most recent versions.

36                  3. The PM or PEO will be required to assign a JCPAT-E system
37   registration number and a system classification to the TV-1 and TV-2. Once
38   the TVs are published, all DISRonline users can publicly view the most recently
39   published version.

                                                                         Appendix B
                                         D-B-3                          Enclosure D
                                                                    CJCSI 6212.01D
                                                                    14 October 2005
 1                    4. The PM or PEO will be directed to save an electronic PDF-
 2   formatted copy of their TV-1 and TV-2 on their local personal computer. This
 3   PDF file is for local PM or PEO use only and is not required to be included in
 4   the CDD or ISP document.

 5          (2) Change Requests for Non-Mandated Standards. PMs or PEO shall
 6   submit a Change Request in DISRonline (NIPRNET) and acknowledge in the
 7   CDD or Stage I ISP that they have submitted a Change Request for any
 8   Emerging or other standard not mandated in the DISR that is contained in
 9   their CDD or Stage I ISP by entering the Change Request number and the date
10   that the Change Request was submitted.

11           (3) DISR-Retired Standards Waivers. In lieu of submitting a change
12   request, the PM or PEO will acknowledge in DISRonline SIPRNet and in the
13   CDD or Stage I ISP that they have obtained a waiver for any Retired standard
14   that is contained in their TV-1 by entering the approval authority and the date
15   that the waiver was granted.

16           (4) Technology Insertion Risk Assessment. The use of a retired or other
17   standard not mandated in DISR will require completion of a technology
18   insertion risk assessment. This document must be submitted with its
19   corresponding CDD into the KM/DS tool during the JCIDS process. Risk
20   attributes that should be discussed in the risk assessment include:
21   value/benefits gained, evaluation (high, moderate, low), mitigation, and impact.

22       b. CPD and Stage II ISP Preparation of TVs for Milestone C. IT Standards
23   contained in DISR are initially confirmed for a system when the TV-1 developed
24   for a CPD or ISP is subsequently assessed for J-6 interoperability or
25   supportability. Once the TV-1 developed in DISRonline is completed, the PM or
26   PEO will publish it in DISRonline and reference it in the CPD or ISP.

27          (1) TV-1 and TV-2 Refinement. The PM or PEO, with appropriate
28   system and IT Standards subject matter experts (SME), using the DISRonline
29   tool and profile building privileges and previously developed CDD TVs, will
30   generate refined TV-1 and TV-2 in the DISRonline application on the SIPRNET
31   that shall be referenced in the CPDs being submitted via JCIDS KM/DS.

32           (2) Producing a TV-1 and TV-2 for a CPD or ISP. A TV-1 residing in the
33   DISRonline application in the SIPRNET is required.. In addition a TV-2 is
34   required for a CPD and is optional for an ISP. The TV-1 and TV-2 shall be
35   referenced in the applicable CPDs and ISPs submitted via the JROC KM/DS
36   tool or JCPAT-E.

37              (a) TV-1s for CPDs shall be developed using the TV-1 published
38   previously with the CDD as a starting point. The PM or PEO will then update


                                                                          Appendix B
                                          D-B-4                          Enclosure D
                                                                    CJCSI 6212.01D
                                                                    14 October 2005
 1   the previously developed TV-1 using one or more of DISRonline’s profile
 2   building methods.

 3               (b) For ISPs where no prior TV-1 has been developed, a system
 4   profile shall be developed in a manner similar to TV-1 development for a CDD.
 5   PMs or PEOs should pay special attention to other published TV-1s created for
 6   systems that they are required to interoperate with.

 7              (c) If KIPS are being used by the PM or PEO, then applicable
 8   mandated KIP standards must be included in the system profile. Upon
 9   publishing the system profile, mandated and retired standards will be placed
10   into the TV-1 and emerging standards will be placed into the TV-2.

11              (d) Once the new system profile is completed, the PM will be
12   required to publish it as a TV-1 and TV-2. This will require the PM to assign a
13   JCPAT-E system registration number and a system classification to the TVs.
14   Once the TV-1 is published, all SIPRNET DISRonline users can publicly view
15   the most recent TV-1. The PM will store the published TV-1 and TV-2 in
16   DISRonline according to its corresponding JCPAT-E system registration
17   number. During the publishing process the PM or PEO will also be directed to
18   save an electronic PDF-formatted copy of their TVs. This PDF file is for local
19   PM or PEO use only and is not required to be included in the CDD or ISP
20   document.

21          (3) DISR Standards Waivers. PMs or PEOs will acknowledge in
22   DISRonline on the SIPRNET and in the CPE or Stage II ISP that they have
23   obtained a waiver for any emerging, retired or other standard not mandated in
24   DISR by entering the approval authority and the date that the waiver was
25   granted.

26            (4) Technology Insertion Risk Assessment. The use of any retired or
27   other standard not mandated in DISR in a TV-1 will require a risk assessment
28   to address the status of prior waivers and any new waivers approved since J-6
29   certification of the CDD. This document must be submitted with its
30   corresponding CPD into the KM/DS tool during the JCIDS process. For ISPs
31   where no prior TV-1 has been developed, the use of any retired standards in a
32   TV-1 also will require completion of a risk assessment. This document must be
33   submitted as an individual attachment to the ISP. Risk attributes that should
34   be discussed in the risk assessment include: value/benefits gained, evaluation
35   (high, moderate, low), mitigation, and impact.

36




                                                                         Appendix B
                                          D-B-5                         Enclosure D
                             CJCSI 6212.01D
                             14 October 2005
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20   (INTENTIONALLY BLANK)
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43




                                  Appendix B
             D-B-6               Enclosure D
                                                                                                              CJCSI 6212.01D
                                                                                                              14 October 2005
        1
        2
        3                                            APPENDIX C TO ENCLOSURE D
        4
        5                   INTEROPERABILITY AND SUPPORTABILITY ASSESSOR'S CHECKLIST
        6
        7           General: The intent of Table D-C-1, the Interoperability and Supportability
        8           Assessor’s Checklist, is to provide guidelines for J-6 assessors in certifying the
        9           NR-KPP in acquisition documents and ISPs. It does not supersede
       10           requirements listed in this instruction and in the references. Programs are not
       11           required to submit this checklist.
       12
                                                                         T    I    J I C C                  Status             Comments
            Reference




                                                                         I    S    C C D P               C = Complete
                                                                                                         I = In process
                                                                                                                                 Include Risk
                                                                                                                                  Assessment:
Item                                                                     S    P    D D D D
                                          Criteria                                                       F = Failure to          H = High Risk
                        5




  #                                                                      P
                                                                              6                             Complete           M = Moderate Risk
                                                                         6                             NA = Not Applicable       L = Low Risk
                                                                                                                                  N = No Risk

1           Encls
            D
                            Net-Ready Key Performance                    X X                 X X
                            Parameter (NR-KPP)
                            Statement. (Assessor: J-6I)
2           M               Net-Centric Operations and
                            Warfare Reference Model
                            (NCOW RM) Compliance
                            (Assessor J-6I)
2.1         M, U               a. DOD Architecture
                            Framework (DODAF). All
                            DOD architectures are
                            expected to comply and
                            conform to the NCOW RM by:
2.11                               (1) Common NCOW RM                    X X            X X X
                            definitions and vocabulary
                            used.
2.12                               (2) The capabilities and              X X                 X X
                            services described in the
                            NCOW RM have been
                            incorporated.
2.13                               (3) The IT/NSS                        X X                 X X
                            standards identified in the
                            NCOW RM have been
                            incorporated.
2.2                            b. Net-Centric Operations

                    5
                     Reference = Location in this Instruction or Reference identified in Enclosure F
                    6
                     The (T)ISP column is provided as information only for the assessors in the J6 to review, certify and validate the
                    NR-KPP. The governing document for the ISP is DODI 4630.8 and DOD Memorandum “Information Support
                    Plan (ISP) Acquisition Streamlining Pilot Program,” dated 26 August 2005. The governing documents are DODI
                    4630.8 and OSD Memorandum, “Information Support Plan (ISP) Acquisition Streamlining Pilot Program,” dated 26
                    August 2005.
                                                                                                                     Appendix C
                                                                        D-C-1                                       Enclosure D
                                                                                   CJCSI 6212.01D
                                                                                   14 October 2005
                                                           T   I   J I C C       Status            Comments
        Reference

                                                           I   S   C C D P     C = Complete
                                                                               I = In process
                                                                                                     Include Risk
                                                                                                      Assessment:
Item                                                       S   P   D D D D
                                    Criteria                                   F = Failure to        H = High Risk
                    5



  #                                                        P
                                                               6                  Complete         M = Moderate Risk
                                                           6                 NA = Not Applicable     L = Low Risk
                                                                                                      N = No Risk

                        and Warfare Reference Model
                        (NCOW RM). Architectures
                        must fully integrate the
                        following key aspects of the
                        NCOW RM:
2.21                           (1) Interaction with the    X X         X X
                        Net-Centric Information
                        Environment: Organizations
                        in the Enterprise interact
                        using the GIG and the
                        services provided by net-
                        centric services.
2.211                              (a) Services provided   X X         X X
                        and performed by the
                        information environment: The
                        reference model describes the
                        services that are provided to
                        users or performed by the
                        information environment.
                        These services, found under
                        the A2-Perform Net-Centric
                        User/Entity Services and A3-
                        Provide Net-Centric Services,
                        consist of three categories:
                        Core Services, COI Services,
                        and Environment Control
                        Services. Knowing what these
                        services are and what they
                        bring to the table, is essential
                        for architects to incorporate
                        them into architecture
                        development and optimize use
                        of the services.
2.212                              (b) The TPPU vision:    X X         X X
                        TPPU (task, post, process, and
                        use). Architects should
                        incorporate and reflect this
                        concept throughout their
                        architectures. Posting
                        information before processing
                        supports discovery and
                        storage services, and then
                        publish and subscribe
                        concept.
2.213                              (c) Target Technical    X X         X X
                        View: The Target Technical
                                                                                           Appendix C
                                                           D-C-2                          Enclosure D
                                                                                  CJCSI 6212.01D
                                                                                  14 October 2005
                                                          T   I   J I C C       Status            Comments
        Reference

                                                          I   S   C C D P     C = Complete
                                                                              I = In process
                                                                                                    Include Risk
                                                                                                     Assessment:
Item                                                      S   P   D D D D
                                    Criteria                                  F = Failure to        H = High Risk
                    5



  #                                                       P
                                                              6                  Complete         M = Moderate Risk
                                                          6                 NA = Not Applicable     L = Low Risk
                                                                                                     N = No Risk

                        View is an integral part of the
                        NCOW RM as an addendum to
                        the DISR. It identifies key
                        standards (protocols) and
                        frameworks that play an
                        important role in enabling
                        net-centricity and that are
                        common throughout the GIG.
                        These standards and
                        frameworks focus on
                        interoperability for
                        information sharing and
                        network operations. The
                        systems associated with any
                        architecture should reflect
                        these standards to ensure
                        interoperability.
2.214                             (d) Data management     X X         X X
                        strategy: Net-centricity is
                        dependent upon the ability to
                        locate and retrieve
                        information and services
                        regardless of where they are
                        stored. Common strategy for
                        data management that is
                        incorporated into the
                        architectures of all COIs and
                        shared space providers. (See
                        DOD Net-Centric Data
                        Strategy, 9 May 2003).
2.3     M, W,           DOD Data Strategy
        X
                        Implementation.
2.311                   Is the program a member of                    X X
                        any Communities of Interest
                        (COIs)?
2.312                   Does the program provide                      X X
                        adequate evidence that it is
                        tagging data with DDMS
                        compliant metadata (including
                        associated information
                        assurance and security
                        metadata and authoritative
                        sources), and posting it on the
                        DOD Metadata Registry?
2.313                   Was a representative sample                   X X
                        of the tagged data assets with
                                                                                          Appendix C
                                                          D-C-3                          Enclosure D
                                                                                CJCSI 6212.01D
                                                                                14 October 2005
                                                        T   I   J I C C       Status            Comments
        Reference

                                                        I   S   C C D P     C = Complete
                                                                            I = In process
                                                                                                  Include Risk
                                                                                                   Assessment:
Item                                                    S   P   D D D D
                                   Criteria                                 F = Failure to        H = High Risk
                    5



  #                                                     P
                                                            6                  Complete         M = Moderate Risk
                                                        6                 NA = Not Applicable     L = Low Risk
                                                                                                   N = No Risk

                        discovery metadata and COI
                        extensions provided?
2.314                   Does the program show that it               X X
                        is has registered structural
                        and semantic metadata with
                        the DOD Metadata Registry?
2.315                   Is the registered metadata                  X X
                        published by a COI?
2.316                   Does the program address the                X X
                        requirement to post data and
                        metadata to shared spaces for
                        users to access?
2.317                   If the program is                           X X
                        developing/maintaining
                        services, is the appropriate
                        metadata stored in registries
                        or catalogs?
2.318                   Are these COIs registered in                X X
                        the DOD COI Directory?
3                       Mandatory Integrated
                        Architecture Products:
                        Architecture tasks primary
                        focus must be on Architecture
                        and Standards. (Assessor: J-
                        6I)
3.1     N                   a. Architecture Products
3.11                           (1) AV-1                 X X       X X X
3.121                          (2) OV-1                 X X     X X
3.122                          (3) OV-2                   X       X X X
3.123                          (4) OV-3                             X X
3.124                          (5) OV-4                     X       X X
3.131                          (6) OV-5                 X   X       X X
3.132                          (7) OV-6C                X   X       X X
3.133                          (8) OV-7                     X       X X
3.141                          (9) SV-1                 X   X
3.142                          (10) SV-2                    X     X X X
3.143                          (11) SV-4                    X       X X
3.144                          (12) SV-5                X   X       X X
3.145                          (13) SV-6                X   X       X X
3.146                          (14) SV-11                   X         X
3.151   G                      (15) TV-1 generated      X   X       X X
                        from DISR Online
3.152   G                      (16) TV-2                            X X
                                                                                        Appendix C
                                                        D-C-4                          Enclosure D
                                                                                    CJCSI 6212.01D
                                                                                    14 October 2005
                                                            T   I   J I C C       Status            Comments
        Reference

                                                            I   S   C C D P     C = Complete
                                                                                I = In process
                                                                                                      Include Risk
                                                                                                       Assessment:
Item                                                        S   P   D D D D
                                    Criteria                                    F = Failure to        H = High Risk
                    5



  #                                                         P
                                                                6                  Complete         M = Moderate Risk
                                                            6                 NA = Not Applicable     L = Low Risk
                                                                                                       N = No Risk

3.2                         b. Architecture Analysis.
3.21                           (1) First order analysis –             X X X
                        Performed by the respective
                        FCB - identifying capability
                        gaps, shortfalls and
                        duplications. Once a first
                        order of analysis identifies
                        capability gaps and
                        deficiencies, a decision
                        process follows to evaluate
                        what to do about it. Measures
                        of effectiveness (MOEs) are
                        developed to guide the
                        DOTMLPF process.
3.211                              (a) Where capability               X X X
                        gaps exist, a new system
                        needs to be developed to meet
                        the requirement?
3.212                              (b) Where capability               X X X
                        deficiencies exist, existing
                        systems need to be improved
                        or modified to meet the
                        requirement?
3.213                              (c) If the analysis                X X X
                        identifies systems that have
                        no required capability based
                        on the first order analysis,
                        they should be eliminated.
3.214                              (d) If there are                   X X X
                        capability duplications, a
                        follow-on question needs to be
                        addressed to determine if the
                        redundancy is necessary.
                        There may be circumstances
                        where it is strongly desired to
                        maintain secondary and even
                        tertiary capability. In these
                        cases, maintain the
                        redundant systems. However,
                        when system redundancy is
                        identified that is not
                        necessary, the less capable
                        systems should be deleted.
3.215                              (e) How will the         X X       X X X
                        system operate in a net-
                        centric environment?
                                                                                            Appendix C
                                                            D-C-5                          Enclosure D
                                                                                 CJCSI 6212.01D
                                                                                 14 October 2005
                                                         T   I   J I C C       Status            Comments
        Reference

                                                         I   S   C C D P     C = Complete
                                                                             I = In process
                                                                                                   Include Risk
                                                                                                    Assessment:
Item                                                     S   P   D D D D
                                   Criteria                                  F = Failure to        H = High Risk
                    5



  #                                                      P
                                                             6                  Complete         M = Moderate Risk
                                                         6                 NA = Not Applicable     L = Low Risk
                                                                                                    N = No Risk

3.216                              (f) How will the        X X     X X X
                        system operate in a degraded
                        environment (limited
                        bandwidth, changes in the
                        information condition level
                        (INFOCON))? For example,
                        what is lost, what is the
                        alternative method and
                        impact on operations?
3.22                           (2) Second order                      X X
                        analysis – Performed by J-6,
                        identifies interoperability
                        requirements. Tasks and
                        capabilities are grouped into
                        operational nodes. System
                        interfaces required within
                        nodes and between nodes are
                        mapped out
3.221                              (a) If there is no                X X
                        system that performs a
                        required function (capability
                        gap), then the interoperability
                        requirements become key
                        design criteria in the proposed
                        solution,
3.222                              (b) For legacy systems,
                        the first question that should
                        be resolved through the first
                        order analysis is whether the
                        system is even needed. If a
                        system does not support a
                        capability need in the
                        architecture, there is no need
                        to proceed with interoperability
                        analysis, it should simply be
                        cut.
3.23                       c. Detailed Architecture
                        Analysis
3.231                          (1) Do the architecture     X X       X X
                        products (as applicable AV-1,
                        OV-2, OV-4, OV-5, OV-6c, OV-
                        7, SV-1, SV-2, SV-4, SV-5, SV-
                        6, SV-11, TV-1, TV-2) include a

                                                                                         Appendix C
                                                        D-C-6                           Enclosure D
                                                                                      CJCSI 6212.01D
                                                                                      14 October 2005
                                                            T   I   J I C C         Status            Comments
        Reference

                                                            I   S   C C D P       C = Complete
                                                                                  I = In process
                                                                                                        Include Risk
                                                                                                         Assessment:
Item                                                        S   P   D D D D
                                    Criteria                                      F = Failure to        H = High Risk
                    5



  #                                                         P
                                                                6                    Complete         M = Moderate Risk
                                                            6                   NA = Not Applicable     L = Low Risk
                                                                                                         N = No Risk

                        short complete description that
                        describes the architecture, its
                        intended use, and discusses
                        the highlights of each product?
3.232                          (2) Do the architecture      X X           X X
                        products demonstrate
                        integration by showing that the
                        architecture graphics are
                        traceable between each of the
                        other architecture views?
3.233                          (3) Does the OV-1                      X
                        architecture product present a
                        top-level view of the system’s
                        interoperability requirements
                        with other current and known
                        future systems?
3.234                          (4) Do the mandatory         X X       X X X
                        architecture views provide all
                        the essential data elements
                        specified by the DoDAF for an
                        integrated architecture product
                        set?
3.235                          (5) Does the document        X X           X X
                        identify the information
                        exchange for the system for
                        each mission area that the
                        system is proposed to support
                        (e.g., CAS, AAW, surveillance,
                        and reconnaissance)?
3.236                          (6) Do the document          X X           X X
                        architecture views (as applicable
                        AV-1, OV-2, OV-4, OV-5, OV-6c,
                        OV-7, SV-4, SV-5, SV-6, SV-11,
                        TV-1, TV-2) identify specific
                        current and known IT and NSS
                        sub-systems and interfaces that
                        need to exchange information?
3.237                          (7) Does the document        X X       X X X
                        describe considerations for
                                                                                              Appendix C
                                                            D-C-7                            Enclosure D
                                                                                   CJCSI 6212.01D
                                                                                   14 October 2005
                                                           T   I   J I C C       Status            Comments
        Reference

                                                           I   S   C C D P     C = Complete
                                                                               I = In process
                                                                                                     Include Risk
                                                                                                      Assessment:
Item                                                       S   P   D D D D
                                   Criteria                                    F = Failure to        H = High Risk
                    5



  #                                                        P
                                                               6                  Complete         M = Moderate Risk
                                                           6                 NA = Not Applicable     L = Low Risk
                                                                                                      N = No Risk

                        joint, combined, and coalition
                        use?
3.238                          (8) Does the document       X X         X X
                        identify procedural and
                        technical interfaces,
                        communications, protocols,
                        and standards required to be
                        incorporated to ensure
                        compatibility and
                        interoperability with other
                        Service, joint Service, NATO,
                        and other allied and friendly
                        nation systems?
3.239                          (9) Does the document       X X         X X
                        require the system to comply
                        with applicable information
                        technology standards contained
                        in the DISR? NIPRNET:
                        http://disronline.disa.mil/
                        SIPRNET:
                        http://disronline.disa.smil.mil/
                        a/DISR
3.240                          (10) Does the document      X X       X X X
                        identify multinational
                        interoperability considerations,
                        where applicable?
3.241                          (1) Core Architecture       X X         X X
                        Data Model (CADM). CJCSI
                        3170.01 and the DODAF
                        require architecture products
                        are CADM conformant for
                        analysis (met by products
                        provided as CADM XML
                        documents).
4       ENCL
        D
                        Key Interface Profile
                        Declaration. (Assessor: J-6I)
4.1                         a. Does the Program /          X X         X X
                        system capability document
                        includes KIP declaration as
                                                                                           Appendix C
                                                           D-C-8                          Enclosure D
                                                                                CJCSI 6212.01D
                                                                                14 October 2005
                                                        T   I   J I C C       Status            Comments
       Reference

                                                        I   S   C C D P     C = Complete
                                                                            I = In process
                                                                                                  Include Risk
                                                                                                   Assessment:
Item                                                    S   P   D D D D
                                     Criteria                               F = Failure to        H = High Risk
                   5



  #                                                     P
                                                            6                  Complete         M = Moderate Risk
                                                        6                 NA = Not Applicable     L = Low Risk
                                                                                                   N = No Risk

                       applicable.

4.2                        b. Does the architecture     X X         X X
                       agree with the declared KIPS?
4.3                    c. Does the KIP declaration      X X         X X
                       table contain all appropriate
                       information? Typically:
                       KIP Family
                       KIP ID
                       KIP Version ID Applicability
                       Status
                       Threshold
                       Objective Indicator
                       Associated Interfaces
                       Implementation Statement
5      P-U             Information Assurance.
                       (Assessor: J-6X)
5.11                     a. Is compliance with DOD      X X         X X
                       8500 series documents
                       required? (If yes, continue)
5.12                     b. Does program address the    X X         X X
                       requirement for system
                       accreditation as defined in
                       DITSCAP (DODI 5200.40),
                       DCID 6/3, or NIACAP (NSTISSI
                       #1000) and/or OMB A-130, as
                       appropriate?
5.13                     c. Is the program in the DOD   X X         X X
                       Information Technology
                       Security Certification and
                       Accreditation Process
                       (DITSCAP)?
5.14                   d. Has the program’s                       X X X
                       Acquisition Information
                       Assurance Strategy been
                       approved by the Component
                       CIO and reviewed by the DOD
                       CIO IAW DODI 8580.1?
5.15                     e. Has an IA Manager (IA)      X X         X X
                                                                                        Appendix C
                                                        D-C-9                          Enclosure D
                                                                                     CJCSI 6212.01D
                                                                                     14 October 2005
                                                          T   I    J I C C         Status            Comments
        Reference

                                                          I   S    C C D P       C = Complete
                                                                                 I = In process
                                                                                                       Include Risk
                                                                                                        Assessment:
Item                                                      S   P    D D D D
                                          Criteria                               F = Failure to        H = High Risk
                    5



  #                                                       P
                                                              6                     Complete         M = Moderate Risk
                                                          6                    NA = Not Applicable     L = Low Risk
                                                                                                        N = No Risk

                        been identified and appointed
                        in writing?
5.16                      f. Does the CDD include an                   X
                        Information Assurance
                        Compliance Statement with
                        words similar to: This program
                        or system will be in full
                        compliance with requirements
                        of the Federal Information
                        Security Management Act
                        (FISMA) (reference z), DOD
                        8500 series and CJCS 6510
                        series directives, instructions
                        and manuals with
                        documentation provided in
                        JCPAT-E.
5.17                      g. Does the CPD include the                      X
                        Information Assurance
                        Compliance Statement with
                        words similar to: This program
                        or system is in full compliance
                        with requirements of the
                        Federal Information Security
                        Management Act (FISMA)
                        (reference z), DOD 8500 series
                        and CJCS 6510 series
                        directives, instructions and
                        manuals with documentation
                        provided in JCPAT-E.
5.181   F, q              i. Has the Interim Authority    X X              X
                        to Operate (IATO) or the              7

                        Approval to Operate (ATO) been
                        posted to the JCPAT-E?
5.19                      j. Has the Security System      X X              X
                        Authorization Agreement
                        (SSAA) been posted to JCPAT-
                        E?
5.20                      l. Does the document include                     X
                7
                    ISP for Milestone C
                                                                                             Appendix C
                                                          D-C-10                            Enclosure D
                                                                                     CJCSI 6212.01D
                                                                                     14 October 2005
                                                            T   I    J I C C       Status            Comments
       Reference

                                                            I   S    C C D P     C = Complete
                                                                                 I = In process
                                                                                                       Include Risk
                                                                                                        Assessment:
Item                                                        S   P    D D D D
                                   Criteria                                      F = Failure to        H = High Risk
                   5



  #                                                         P
                                                                6                   Complete         M = Moderate Risk
                                                            6                  NA = Not Applicable     L = Low Risk
                                                                                                        N = No Risk

                       IA security policy and
                       architectural implementations,
                       as required by the IA Controls
                       listed in DODI 8500.2 and
                       based on MAC and
                       Confidentiality levels of the
                       system?
5.21                     m. Does CDD/CPD address                         X X
                       IA as a separate requirement in
                       a paragraph with words similar
                       to: ―Program shall provide
                       security and protection of
                       information consistent with the
                       classification of data passed, by
                       providing an integrated
                       defense-in-depth approach that
                       extends from the user to device
                       to the network. IA capabilities
                       will employ access controls,
                       manage exposure to risk, detect
                       attacks, provide immediate
                       protection, adapt to change,
                       and alert users and IA
                       managers. IA capabilities will
                       ensure confidentiality, integrity,
                       availability, and non-
                       repudiation of data.‖
5.22                     n. Does program address the                   X X X
                       requirement to align with DOD
                       Net-Centric IA Strategy?
5.23                     o. Does program address the                     X X
                       requirement to protect data in
                       transit and at rest to ensure
                       authorized users obtain reliable
                       secure information, even in the
                       presence of adversarial
                       disruption?
5.24                     p. Does program address the                     X X
                       requirement for access control

                                                                                             Appendix C
                                                            D-C-11                          Enclosure D
                                                                             CJCSI 6212.01D
                                                                             14 October 2005
                                                     T   I   J I C C       Status            Comments
       Reference

                                                     I   S   C C D P     C = Complete
                                                                         I = In process
                                                                                               Include Risk
                                                                                                Assessment:
Item                                                 S   P   D D D D
                                 Criteria                                F = Failure to        H = High Risk
                   5



  #                                                  P
                                                         6                  Complete         M = Moderate Risk
                                                     6                 NA = Not Applicable     L = Low Risk
                                                                                                N = No Risk

                       and IA policy enforcement?
5.25                     q. Does program address the             X X
                       requirement for network
                       and/or data management?
                       System shall be capable of
                       detecting and responding to
                       anomalies/attacks/disruptions
                       from external threats, internal
                       threats, and natural causes.
5.26                     r. Does CDD/CPD identify                X X
                       the programs Mission
                       Assurance Category and
                       Confidentiality Level?
5.27                     s. Does program define the              X X
                       information domains for which
                       it will provide/consume
                       services?
5.28                     t. Does program address the             X X
                       requirement to interface with
                       the National Key Management
                       Infrastructure to obtain
                       cryptographic materials
                       necessary to operate?
5.29                     u. Does program address the             X X Different
                       requirement to meet IPv6                      Section?
                       compliance?
5.30                     v. Have IA solutions been                 X
                       incorporated?
5.31                     w. Have IA solutions been                 X
                       tested?
5.32                     x. Has the system received                X
                       DITSCAP accreditation and is
                       the IATO or ATO been posted to
                       the JCPAT-E?
5.33                     y. Has the program been       X X       X X
                       registered with the Ports,
                       Protocols and Services
                       Management (PPSM) database
                       IAW DODI 8551.1(reference rr)?
                                                                                     Appendix C
                                                    D-C-12                          Enclosure D
                                                                                     CJCSI 6212.01D
                                                                                     14 October 2005
                                                            T   I    J I C C       Status            Comments
        Reference

                                                            I   S    C C D P     C = Complete
                                                                                 I = In process
                                                                                                       Include Risk
                                                                                                        Assessment:
Item                                                        S   P    D D D D
                                    Criteria                                     F = Failure to        H = High Risk
                    5



  #                                                         P
                                                                6                   Complete         M = Moderate Risk
                                                            6                  NA = Not Applicable     L = Low Risk
                                                                                                        N = No Risk

5.34                       z. Public Key Infrastructure
                        (PKI) (Replace all encrypted
                        key?)
5.341                        (1) If PKI is required, does   X X        X X X
                        the document include a
                        statement that PKI technology
                        will be acquired as part of this
                        effort and will be installed and
                        used, including in initial
                        fielding efforts, to ensure
                        information security over all
                        voice, video, and data
                        transmission (PKI
                        implementation should also
                        consider communications
                        interoperability with
                        commercial and multinational
                        partners)?
5.342                        (2) Does the document          X X        X X X
                        address the interconnection of
                        systems operating at different
                        classification levels and what
                        information assurance
                        concepts are implemented?
5.35                      aa. If applicable, does the                    X X
                        document identify unique user
                        interface requirements,
                        documentation needs, and
                        special software certificates?
5.36                      bb. Does the program provide      X X          X X
                        authentication of its users in
                        accordance with designated
                        GIG IA standards?
5.37                      cc. Does the program provide      X X          X X
                        different services or responses
                        based on the identity of the
                        service requestor?
5.38                      dd. Has your program              X X          X X
                        identified the information
                                                                                             Appendix C
                                                            D-C-13                          Enclosure D
                                                                                     CJCSI 6212.01D
                                                                                     14 October 2005
                                                            T   I    J I C C       Status            Comments
        Reference

                                                            I   S    C C D P     C = Complete
                                                                                 I = In process
                                                                                                       Include Risk
                                                                                                        Assessment:
Item                                                        S   P    D D D D
                                    Criteria                                     F = Failure to        H = High Risk
                    5



  #                                                         P
                                                                6                   Complete         M = Moderate Risk
                                                            6                  NA = Not Applicable     L = Low Risk
                                                                                                        N = No Risk

                        domains that establish the
                        context for which your
                        programs will be
                        providing/consuming their
                        associated services?
5.39                      ee. Have COIs been defined to     X X          X X
                        facilitate the appropriate
                        information transactions within
                        or between domains?
5.40                      ff. Does the program provide      X X          X X
                        dynamic, flexible and threat-
                        tailorable solutions for
                        exchanging information and
                        services between different
                        security domains, with
                        flexibility to accommodate new
                        operational needs with minimal
                        impact on system and mission
                        performance?
5.41                     gg. Does the program provide:
5.411                         (1) Protection against        X X          X X
                        modification or destruction of
                        information, services or
                        resources?
5.412                         (2) Assurance that            X X          X X
                        information is not disclosed to
                        unauthorized entities, services
                        or processes?
5.413                         (3) Assurance that the        X X          X X
                        originator of an action and the
                        recipient of a reaction are
                        known?
5.414                         (4) Assurance that there is   X X          X X
                        timely and reliable access to
                        information, services and
                        resources anytime, anywhere
                        for authorized users/entities?
5.42                      hh. Does the program have         X X          X X
                        digital IA/security policy
                                                                                             Appendix C
                                                            D-C-14                          Enclosure D
                                                                                     CJCSI 6212.01D
                                                                                     14 October 2005
                                                            T   I    J I C C       Status            Comments
       Reference

                                                            I   S    C C D P     C = Complete
                                                                                 I = In process
                                                                                                       Include Risk
                                                                                                        Assessment:
Item                                                        S   P    D D D D
                                   Criteria                                      F = Failure to        H = High Risk
                   5



  #                                                         P
                                                                6                   Complete         M = Moderate Risk
                                                            6                  NA = Not Applicable     L = Low Risk
                                                                                                        N = No Risk

                       management capabilities that
                       define, enforce, and manage
                       the digital security policy rules,
                       guidelines and standards for
                       securely exchanging data and
                       services across security
                       domains?
5.43                     ii. Does the program provide       X X          X X
                       the capability to manage access
                       to the GIG information and
                       resources based upon the GIG
                       digital security policy as well as
                       the entity’s credentials,
                       privileges, roles and profile?
5.44                     jj. Does the program have an       X X          X X
                       IA capability that provides
                       adequate protection from user
                       attempts to circumvent system
                       access controls, accountability
                       or procedures for performing
                       unauthorized system
                       operations?
5.45                     kk. Does the program have          X X          X X
                       an IA capability to perform
                       content-based encryption of
                       information objects at the host,
                       instead of depending on the
                       bulk encryption of the entire
                       network, to secure the
                       information, while also being
                       available for operations
                       involving allied and coalition
                       forces?
5.46                     ll. Does the CDD/CPD show                       X X
                       compliance with the applicable
                       IA aspects of the NCOW RM,
                       the IA Component of the GIG
                       Architecture and the CND
                       Architecture?

                                                                                             Appendix C
                                                            D-C-15                          Enclosure D
                                                                                   CJCSI 6212.01D
                                                                                   14 October 2005
                                                          T   I    J I C C       Status            Comments
        Reference

                                                          I   S    C C D P     C = Complete
                                                                               I = In process
                                                                                                     Include Risk
                                                                                                      Assessment:
Item                                                      S   P    D D D D
                                   Criteria                                    F = Failure to        H = High Risk
                    5



  #                                                       P
                                                              6                   Complete         M = Moderate Risk
                                                          6                  NA = Not Applicable     L = Low Risk
                                                                                                      N = No Risk

6      I, J             Spectrum Supportability, E3,
                        and Frequency Management.
                        (Assessor: J-6B)
6.1                          a. If applicable, does the   X X        X X X
                        document identify a
                        requirement for spectrum
                        supportability?
6.2                          b.If applicable, does the    X X        X X X
                        document address
                        electromagnetic environmental
                        effects (E3)?
6.3                          c. If applicable, does the   X X        X X X
                        document address host nation
                        approval?
6.4                          d.If applicable, has a DD    X X        X X X
                        Form 1494 been submitted to
                        the Service Frequency Manager
                        Office?
6.5                          e. Does the document         X X        X X X
                        include a spectrum
                        supportability compliance
                        statement or outline a plan to
                        obtain spectrum
                        supportability?
6.6                          f. Does the document                      X X
                        address spectrum
                        supportability as a separate
                        requirement in a paragraph?
7      GG,
       QQ
                        Joint Tactical Radio System                  X X X
                        (JTRS). If applicable, does the
                        document identify
                        requirements for radio-based
                        communications that will be
                        satisfied by the JTRS
                        CDD/CPD? (Assessor: J-6C)
8      L                Space and SAASM. If                          X X X
                        applicable, does the document
                        include a requirement for
                        NAVSTAR global positioning
                                                                                           Appendix C
                                                          D-C-16                          Enclosure D
                                                                                    CJCSI 6212.01D
                                                                                    14 October 2005
                                                           T   I    J I C C       Status            Comments
        Reference

                                                           I   S    C C D P     C = Complete
                                                                                I = In process
                                                                                                      Include Risk
                                                                                                       Assessment:
Item                                                       S   P    D D D D
                                   Criteria                                     F = Failure to        H = High Risk
                    5



  #                                                        P
                                                               6                   Complete         M = Moderate Risk
                                                           6                  NA = Not Applicable     L = Low Risk
                                                                                                       N = No Risk

                        system (GPS) and precise posi-
                        tioning service (PPS)? If yes,
                        does the document clearly state
                        that the system will develop
                        and procure only selective
                        availability anti-spoofing
                        module (SAASM) based
                        equipment? (Assessor: J-6C)
9       Encl
        E
                        JITC Testing. Does the                          X X
                        document adequately address
                        the requirement for
                        interoperability system testing
                        and certification? (Assessor: J-
                        6I)
10                      Miscellaneous. (Assessor: J-
                        6I)
10.1    OSD
        Memo
                            a. Is the program registered   X X          X X
                        in the DOD IT Registry?
                        (https://www.itdb.it is.osd.mil)
10.2                        b. Is the program/system       X X
                        registered in JCPAT-E?
10.3                        c. NR-KPP Configuration        X X          X X
                        Management. The NR-KPP
                        package and associated files
                        and online entries (e.g., DISR,
                        DARS) must be uniquely
                        identified with an appropriate
                        naming convention and
                        changes strictly controlled.
                        Associated computer files and
                        database entries should be
                        ―locked‖ upon submission of
                        the document package (i.e., any
                        changes made to a new
                        version).
10.31                       d. Are DARS files uniquely     X X          X X
                        identified with name/version
                        ID?
10.32                       e. Is the DISROnline entry     X X          X X
                                                                                            Appendix C
                                                           D-C-17                          Enclosure D
                                                                                                       CJCSI 6212.01D
                                                                                                       14 October 2005
                                                                     T   I    J I C C                Status            Comments
            Reference

                                                                     I   S    C C D P              C = Complete
                                                                                                   I = In process
                                                                                                                         Include Risk
                                                                                                                          Assessment:
Item                                                                 S   P    D D D D
                                       Criteria                                                    F = Failure to        H = High Risk
                        5



  #                                                                  P
                                                                         6                            Complete         M = Moderate Risk
                                                                     6                           NA = Not Applicable     L = Low Risk
                                                                                                                          N = No Risk

                            (TVs) uniquely identified with
                            name/version ID?
10.33                           f. Documents marked with X X                           X X
                            version/date?
10.34                           g. References to outside      X X                      X   X
                            material: standards, standards
                            profiles, KIPs, interface control
                            documents, etc. all identify a
                            specific version? (At least
                            major version ID with an
                            unambiguous method for
                            determining the specific version
                            to be implemented.)
11                          Acquisition History.
                            (Assessor: J-6I)
11.1                           a. Does the document           X X                  X X X
                            identify applicable predecessor
                            documents?
11.2                           b. Is the associated ISP                                X X
                            submitted to JCPAT-E
                            database?
        1                             Table D-C-1. Interoperability and Supportability Assessor's Checklist




                                                                                                               Appendix C
                                                                   D-C-18                                     Enclosure D
                                                                      CJCSI 6212.01D
                                                                      14 October 2005
 1
 2
 3                                    ENCLOSURE E
 4
 5       JOINT INTEROPERABILITY TESTING AND CERTIFICATION PROCESS
 6
 7
 8   1. General. All Information Technology (IT) systems including National
 9   Security Systems (NSS) must be evaluated and certified by the Defense
10   Information Systems Agency (DISA) Joint Interoperability Test Command
11   (JITC). All systems – Acquisition Category (ACAT), non-ACAT, and fielded
12   systems – must be evaluated and certified prior to (initial or updated) fielding,
13   and periodically during their entire life – as a minimum, every 3 years. JITC
14   Interoperability Test Certification is based on Joint Staff J-6 certified Net-Ready
15   Key Performance Parameters (NR-KPPs) and other approved requirements.
16   Testing associated with evaluations may be performed in conjunction with
17   other testing (e.g., Developmental Test & Evaluation (DT&E), Operational T&E
18   (OT&E)) to conserve resources. JITC as the Joint interoperability test certifier
19   may use test results from another testing organization (ie. USJFCOM JSIC) as
20   the basis for a Joint Interoperable Test Certification if the testing results are
21   sufficient. Joint interoperability testing and certification is a continuous
22   process that must be managed and resourced throughout the system lifecycle.

23   2. Applicability – Systems Requiring Certification. All systems affecting
24   joint/enterprise information exchange will be certified for net-readiness before
25   being placed into operation (see DOD 4630 series). This includes, but is not
26   limited to:

27       a. Joint network infrastructure system components (e.g., voice switches for
28   Defense Switched Network (DSN), encryption devices, network routers, network
29   firewalls).

30       b. Each increment of an evolutionary development, including each
31   increment of a spiral development.

32       c. Systems with changes (e.g., Doctrine, Organization, Training, Materiel,
33   Leadership, Personnel and Facility (DOTMLPF), DOTLPF, hardware or software
34   modifications, including firmware) affecting net-readiness, similar changes to
35   interfacing systems, or systems with revoked certifications or J-6 validation, or
36   systems with expired certifications.

37   3. Interoperability Test Certification. JITC will evaluate the four NR-KPP
38   elements: NCOW RM (net-centric enterprise services and data functionality),
39   operational information exchange in an operational environment IAW




                                            E-1                            Enclosure E
                                                                        CJCSI 6212.01D
                                                                        14 October 2005
 1   integrated architecture products, compliance with applicable KIPS, and
 2   Information Assurance (IA) status.

 3       d. Systems without an NR-KPP will be evaluated based on alternate J-6
 4   approved requirements. For all systems, interoperability evaluation will assess
 5   the degree to which the interoperability requirements are met and the expected
 6   operational impact of any discrepancies.

 7        e. Interoperability Test Certification is the part of the overall certification
 8   process that characterizes interoperability capabilities in an operational
 9   environment and assesses the operational impact of any discrepancies.
10   Related processes are the J-6 interoperability and supportability certifications
11   and the J-6 System Validation. J-6 certified interoperability requirements and
12   capabilities feed the JITC interoperability test and evaluation process, and, in
13   turn, JITC Interoperability Test Certifications provide input to the J-6 System
14   Validation process and the Milestone Decision Authority (MDA) (or equivalent)
15   fielding decision.

16        f. JITC issues full interoperability test certifications when all critical
17   interoperability requirements are met and there are no discrepancies with a
18   critical operational impact. When appropriate, JITC issues limited
19   certifications to provide the interoperability status when only a subset of
20   critical requirements have been adequately demonstrated. ―Limited‖
21   certifications provide an indication of the interoperability status in cases where
22   useful capabilities are provided, despite not meeting threshold requirements,
23   and there are no expected critical operational impacts or adverse effects on the
24   interoperability environment.

25       g. JITC updates Interoperability Test Certifications throughout the lifecycle
26   of a system to reflect changes in the status and environment.

27   4. Clarification of Scope. Joint Interoperability Test Certification is not a
28   substitute for J-6 System Validation – programs in the JCIDS process must
29   have both a Joint Interoperability Test Certification from JITC and J-6 System
30   Validation before fielding. The only exception is systems that have been issued
31   an Interim Certificate To Operate (ICTO) by the Military Communications-
32   Electronics Board/Interoperability Test Panel (MCEB/ITP) (or appropriate
33   authority). There may also be other certifications or validations required in
34   addition to Joint Interoperability Test Certification, J-6 Interoperability and
35   Supportability Certification, and J-6 System Validation. Spectrum
36   certifications, IA certifications or accreditations, network manager approval,
37   and other validations/approvals may be required and are not necessarily
38   satisfied by JITC Interoperability Test Certification.




                                             E-2                             Enclosure E
                                                                     CJCSI 6212.01D
                                                                     14 October 2005
 1   5. Program Manager (PM)/Sponsor Responsibilities. The system sponsor shall
 2   ensure that the following items are adequately addressed at least 120 days
 3   prior to any interoperability testing.

 4      a. J-6 certified requirements, or alternate J-6 approved requirements.

 5         (1) Certified Capabilities Production Document (CPD), Information
 6   Support Plan (ISP), or NR-KPP/Interoperability KPP (I-KPP).

 7          (2) J-6 confirmation that previously approved/certified Requirements
 8   Generation System (RGS – predecessor to JCIDS) documents are valid (e.g.,
 9   older Operational Requirements Documents (ORDs), C4I Support Plans
10   (C4ISPs) when used as the source of requirements).

11           (3) J-6 confirmation that any changes to the certified NR-KPP/I-KPP are
12   also valid (i.e., are also J-6 certified).

13       b. Validity of any non-JCIDS requirements is confirmed by J-6. (This
14   includes requirements derived from JCIDS certified documents, such as a
15   system that implements a subset of CPD requirements.)

16      c. System component requirements are coordinated with JITC to ensure
17   that requirements are defined, testable and measurable (e.g., requirements for
18   non-DOD systems/components, commercial off-the-shelf (COTS) components).

19      d. Planning has been coordinated and testing scheduled with JITC.

20            (1) If applicable, approved Test and Evaluation Master Plan (TEMP), or
21   equivalent, is available. As a minimum, all CPD/ISP enterprise-level and
22   critical information exchanges will be used to develop the TEMP measures of
23   effectiveness.

24          (2) Coordination with JITC to develop an interoperability test and
25   evaluation strategy, which is documented in an Interoperability Certification
26   Evaluation Plan (ICEP), interoperability test plan (ITP), or equivalent
27   documentation, as appropriate.

28           (3) Funding and resources are provided to JITC for test planning,
29   conduct, and reporting. Standards Conformance testing programs serve as a
30   foundation for overall joint interoperability testing. Service Participating Test
31   Unit Coordinators (PTUCs) will be the point of contact for conducting or
32   coordinating standards conformance testing activities for Service programs.
33   Program Sponsors will coordinate with Service PTUCs for funding and
34   scheduling of standards conformance and testing resources. Service PTUCs
35   can also serve to coordinate participation of Service resources in joint
36   distributed federations that enable JITC joint interoperability testing. The
37   PTUC will be the Program Sponsor’s POC for coordinating funding of standards

                                           E-3                            Enclosure E
                                                                      CJCSI 6212.01D
                                                                      14 October 2005
 1   conformance testing and participation in Joint distributed federations
 2   supporting interoperability testing to ensure efficient and effective testing and
 3   certification of the program.

 4          (4) Standards profiles have been validated in DISRonline, as applicable.

 5      e. Net-Centric Operations and Warfare Reference Model (NCOW RM)
 6   compliance has been verified.

 7      f. IA compliance has been verified, as applicable.

 8       g. Results from standards conformance, KIPs compliance tests, Service
 9   testing, any assessments, etc. are available.

10       h. Coordination with JITC during the planning and execution of standards
11   conformance and system interoperability testing for each acquisition milestone
12   and for recertification to ensure that the required data elements for system
13   interoperability evaluation are collected and validated.

14      i. Coordination, funding, and scheduling considerations negotiated with
15   proponents of interfacing systems (e.g., interfacing systems must be available
16   during interoperability testing).

17       j. Issues are resolved or presented to the appropriate authority for
18   resolution – J-6 for interoperability requirements, MCEB/ITP for ICTOs, etc.

19   6. Interoperability Test Certification Process. The JITC Interoperability Test
20   Certification process comprises four basic steps. Joint interoperability testing
21   and evaluation is an iterative process – some or all of the steps may need to be
22   repeated as conditions change. The four basic steps are (see figure E-1):

23          (1) Identify (Interoperability) Requirements

24          (2) Develop Certification Approach (Planning)

25          (3) Perform Evaluation

26          (4) Report Certifications and Statuses

27       a. Identify Interoperability Requirements. Establishing requirements/
28   capabilities is a critical step, and system sponsors must resolve any
29   requirements/capabilities issues with the Joint Staff J-6. If a J-6 System
30   Validation is needed (e.g., for JCIDS systems), requirements/capabilities must
31   be J-6 certified. The JITC provides input to the J-6 requirements/capabilities
32   certification process and uses the results as the foundation for the remaining
33   three steps of the Interoperability Test Certification process. Thus, system
34   sponsors must coordinate with the JITC beginning with the initial

                                            E-4                            Enclosure E
                                                                     CJCSI 6212.01D
                                                                     14 October 2005
 1   requirements documentation processes to ensure requirements/capabilities are
 2   defined in measurable and testable form.

 3       b. Develop Certification Approach (Planning). The sponsor and JITC will
 4   work closely to establish a strategy for evaluating interoperability requirements
 5   in the most efficient and effective manner, in an operationally realistic
 6   environment (the environment must be as operationally realistic as practicable
 7   – this includes employing production representative systems, members of the
 8   user community as operators, realistic messages and network loads,
 9   configurations in compliance with IA requirements, etc.). This evaluation
10   strategy identifies data necessary to support JITC Interoperability Test
11   Certification as well as the test events/environments planned to produce that
12   data. Sponsors will coordinate with JITC to integrate interoperability and
13   standards conformance test needs into the system's T&E documents (e.g.,
14   TEMP, test plans), identify and use any applicable existing plans, and ensure
15   test data is available to JITC for evaluation. Sponsors are encouraged to
16   coordinate with other interoperability testing organizations and JITC to try to
17   identify interoperability demonstration venues acceptable for JITC
18   interoperability assessment testing or interoperability certification testing
19   activities.

20




                                           E-5                            Enclosure E
                                                                                    CJCSI 6212.01D
                                                                                    14 October 2005




                          Figure E-1. Interoperability Test Certification Process

Legend:
Cert      Certification                               KIP            Key Interface Profile
DT        Developmental Test                          MCEB/ITP       Military Communications-Electronics
                                                                     Board/Interoperability and Policy Test
                                                                     Panel
IA        Information Assurance                       NR             Net-Ready
ICEP      IOP Certification Evaluation Plan           NR-KPP         Net-Ready Key Performance Parameter
IOP       Interoperability                            OT             Operational Test
ICTO      Interim Certificate to Operate              PM             Program Manager (Sponsor)
JCIDS     Joint Capabilities Integration and          QT             Qualification Test
          Development System
JITC      Joint Interoperability Test Command         Req’s          Requirements
J-6       Joint Staff J-6                             Std’s          Standards Conformance
 1
 2
 3
                                                   E-6                                  Enclosure E
                                                                     CJCSI 6212.01D
                                                                     14 October 2005
 1           (1) Additionally, complex systems that depend on multiple evaluation
 2   events will require JITC to develop an Interoperability Certification Evaluation
 3   Plan (ICEP).

 4           (2) Some systems and programs will have a TEMP (see DoDI 5000.2) to
 5   guide interoperability planning. These systems/programs may have a JITC
 6   ICEP. ICEPs will lay out how the systems will be tested and evaluated.
 7   Generic test plans will accommodate testing of frequently tested system
 8   components (e.g., telecommunications switches, individual KIPs). The sponsor
 9   and JITC will work closely to establish a viable testing program that satisfies
10   testing requirements in the most efficient and effective manner.

11          (3) JITC works with the system sponsor to develop an ICEP. The ICEP
12   outlines how the system will be tested against the J-6 certified requirements in
13   the CPD/ISP. The testing is conducted during DT&E, OT&E, and various joint
14   exercises and deployments.

15           (4) In support of test planning and JITC development of a certification
16   approach and ICEP, system sponsor and developers will provide necessary
17   system technical data and interface specifications, and coordinate with JITC to
18   identify test data collection requirements.

19       c. Perform Evaluation. Interoperability evaluation often spans DT and OT
20   and relies on multiple test events conducted by various organizations. The
21   amount and type of testing will vary based on characteristics of the system
22   being evaluated. This is further reason to coordinate early with the testing
23   organizations.

24            (1) When JITC is not the responsible testing organization, the system
25   sponsor (for DT) or appropriate Operational Test Agency (OTA) (for OT) will
26   coordinate test plans, analysis, and reports with JITC to ensure sufficient
27   information is available to support a certification determination. Sponsors
28   must coordinate testing changes (e.g., schedule, locations, scope, methodology,
29   etc.) with JITC, since such changes may impact JITC’s ability to evaluate and
30   certify.

31          (2) When JITC is the responsible test organization, JITC will develop the
32   necessary plans and reports and coordinate them with the sponsor.
33   Regardless of the responsible test organization, tests must employ production
34   representative systems in as realistic an operational environment as
35   practicable, including use of authorized IA configurations.

36          (3) Interoperability evaluation requires results from standards
37   conformance testing/certification. Standards conformance testing should be
38   coordinated early with JITC to ensure that the testing is adequate to support
39   interoperability evaluation. Standards conformance testing may be performed
40   by other organizations with prior coordination with JITC. JITC conducts some
                                            E-7                           Enclosure E
                                                                      CJCSI 6212.01D
                                                                      14 October 2005
 1   standards conformance testing for standards that have a direct impact on
 2   interoperability and where there is not an existing standards testing and
 3   certification program.

 4           (4) Interoperability assessments are a special case of interoperability
 5   evaluation where the objective is to determine the interoperability of a system
 6   or system component prior to formal evaluation. Assessments may be based
 7   on preliminary requirements (e.g., from a Capabilities Development Document
 8   (CDD)), or may be designed to assess only part of the overall requirements.
 9   Assessments can provide valuable insight to the sponsor on the state of
10   interoperability, and may also be used to provide input to the OT Readiness
11   Review (OTRR).

12       d. Report Certifications and Statuses. JITC uses data from the various
13   types of testing to produce interoperability reports and certifications, as
14   appropriate. Standards conformance testing may result in a Standards
15   Conformance Certification. Interoperability testing results may be documented
16   in a number of ways, depending on the test purpose, status of requirements,
17   and nature of the system. Only Joint System Interoperability Test
18   Certifications are examined by the J-6 for consideration of issuing a J-6
19   System Validation.

20           (1) The JITC Interoperability evaluation will be an independent analysis
21   of the data to determine the interoperability status of the system.

22           (2) Joint System Interoperability Test Certifications report on the status
23   of the four NR-KPP elements, including net-readiness, information exchange
24   (individual interfaces and the status of top-level exchange requirements), KIPs
25   compliance, IA, and any other specified system interoperability performance
26   parameters. The certification will also specify if it applies only to special
27   operational environments, and will also indicate the expiration period.

28           (3) JITC distributes Interoperability Test Certifications to the MCEB/ITP
29   members, J-6, the program manager (sponsor), and other interested,
30   authorized parties. In addition to distribution, JITC maintains a database of
31   all JITC certification related products, the System Tracking Program (STP).

32   7. Interoperability Test Certification Process –Typical Events. The following is
33   an example of the major interoperability test related events that may occur
34   during a "typical" (medium to large JCIDS) system development. For non-
35   JCIDS systems, the events would be similar, however, the details may differ
36   (e.g., RGS ORD may be used in place of CPD).

37      a. Initiation of development/acquisition/procurement.

38          (1) Sponsor contacts JITC; POCs established, JITC STP entry made.


                                            E-8                            Enclosure E
                                                                      CJCSI 6212.01D
                                                                      14 October 2005
 1      b. Interoperability requirements established, test plans developed.

 2           (1) Initial Capabilities Document (ICD)/CDD used to create initial test
 3   plans (ICEP, ITP, etc.).

 4          (2) If non-JCIDS, alternate ISP or NR-KPP/I-KPP requirements
 5   coordinated with J-6.

 6           (3) Any interoperability requirements issues resolved by J-6 and
 7   MCEB/ITP, with those related to intelligence resolved by the Military
 8   Intelligence Board (MIB).

 9       c. Standards conformance and interoperability assessments may be
10   performed (if system components are available).

11          (1) Standards Conformance Certifications issued.

12          (2) Interoperability Assessments produced, if needed.

13      d. Interoperability requirements refined, certified, derived, as appropriate.

14          (1) CPD used to refine interoperability test plans (ICEP, ITP...).

15          (2) TEMP developed or refined, and approved, as needed.

16       e. Standards profiles validated, other validations and certifications occur
17   (e.g., N-COW RM compliance).

18       f. Standards conformance and interoperability assessments continue
19   throughout the development phase.

20      g. JITC provides input to OTRR process, as requested.

21      h. JITC provides testing status to J-6, MCEB/ITP, etc., as requested.

22      i. Interoperability testing conducted, usually in conjunction with OT.

23      j. JITC interoperability evaluation performed.

24          (1) Joint System Interoperability Test Certification issued. Full, limited,
25   or non-certification. Alternatively, an interoperability assessment letter/report
26   may be produced.

27         (2) Interoperability status posted to JITC STP, and distributed to
28   appropriate parties (J-6, MCEB/ITP, sponsor).

29      k. J-6 issues J-6 System Validation (if J-6 certified requirements exist and
30   other conditions met).

                                            E-9                            Enclosure E
                                                                        CJCSI 6212.01D
                                                                        14 October 2005
 1       l. Life-cycle support. Changes affecting interoperability, including new
 2   releases or planned increments, or expiration/revocation of certifications,
 3   require additional testing and evaluation starting at the appropriate step.

 4   8. JITC Interoperability Products. JITC interoperability products include the
 5   following, though not all products may apply to all systems:

 6       a. ICEP/Test Plans (planning documents) and various types of reports and
 7   online (NIPRNET/SIPRNET) product registers.

 8        b. Standards Conformance Certification. Issued after technical testing
 9   against published standards/standards profiles documented in the TV-1 and
10   TV-2 created in the DISRonline tool to describe the degree of conformance to
11   that standard/profile (e.g., conformance to MIL-STD-188-181 (DAMA
12   SATCOM)). A standards conformance certification is not sufficient to allow
13   fielding. Additional testing beyond that needed for a standard may be required
14   to determine compliance with standards profiles.

15       c. Interoperability Assessment. Issued following testing (Operational
16   Assessments (OAs), JITC compatibility and interoperability assessments) to
17   provide feedback concerning interoperability strengths and weaknesses when a
18   certification is not appropriate. An interoperability assessment is not sufficient
19   to allow fielding.

20       d. OT Readiness Review (OTRR) Interoperability Statement. JITC
21   recommendation, to the OTRR assessing whether a system is ready for OT from
22   a interoperability perspective. (DODI 4630.8 describes the contents of the JITC
23   OTRR input.)

24       e. Interoperability Test Certifications: All JITC interoperability test
25   certifications expire upon changes that may affect interoperability.
26   Additionally, all certifications expire three (3) years from original date of issue.

27            (1) Special Interoperability Test Certification. Issued for systems or
28   system components (e.g., network infrastructure components) that require
29   interoperability test certification but are not subject to the JCIDS process, and
30   generally do not individually need requirements certified by J-6 (e.g.,
31   commercial switches being procured to operate in the DSN, in-line encryption
32   devices). JITC will work with J-6 to verify that the item is not subject to J-6
33   certification.

34           (2) Limited Joint System Interoperability Test Certification. Issued
35   when a system has adequately demonstrated interoperability for a subset of
36   interoperability requirements (has not met all threshold requirements). A
37   ―limited‖ certification may not be sufficient to allow fielding. If military
38   necessity warrants fielding of the system for the demonstrated capabilities, the
39   system sponsor should contact the J-6 to request a formal modification of the

                                             E-10                            Enclosure E
                                                                         CJCSI 6212.01D
                                                                         14 October 2005
 1   NR-KPP (or legacy I-KPP) or the MCEB/ITP for an Interim Certificate to Operate
 2   (ICTO). Joint System Interoperability Test Certification. Issued when a system
 3   has adequately demonstrated interoperability for at least all critical threshold
 4   requirements pertaining to a specific increment. This system certification
 5   attests that the system’s interoperability is sufficient to support a fielding
 6   decision. Evaluation should continue until the status of all objective
 7   interoperability requirements can be determined and reported.

 8   9. Interoperability Evaluation and Certification. Interoperability evaluation will
 9   evolve along with evolution of the established NR-KPP elements. During the
10   transition to the NR-KPP, I-KPP evaluations (from valid J-6 certified ORDs/I-
11   KPPs) may still be conducted until 24 May 2007. After this date,
12   interoperability evaluations based on I-KPP requirements shall not be
13   performed without consent of the J-6 and J-8 (Certification letters, including
14   extension of certification, associated with I-KPP evaluations will be issued NLT
15   90 days after this cutoff date).

16       a. Policy applicable to all types of interoperability test certifications
17   includes:

18          (1) Interoperability requirements shall be certified by J-6 interoperability
19   and supportability certification, and J-6I will resolve any interoperability
20   requirements issues.

21           (2) All interoperability requirements shall be used for evaluation and the
22   status reported for all interoperability requirements, not merely the capabilities
23   that have been implemented. This includes critical (threshold) and all (critical
24   plus non-critical -- objective) requirements. If requirements for increments
25   were not clearly delineated by increment (phase, spiral, block, etc.) in the J-6
26   certified requirements, as mandated by DOD policy, all interoperability
27   requirements shall be assumed to apply to the current increment and be
28   evaluated as such. Changing the increment or criticality of a requirement is a
29   modification to the requirements that requires J-6 (re-) certification.

30           (3) As a minimum, all enterprise level and external (top-level)
31   information exchanges shall be evaluated. Any other system interoperability
32   requirements shall also be factored into the overall interoperability evaluation
33   (e.g. some interoperability requirements do not appear in the integrated
34   architecture products, such as a capability to communicate on two channels
35   simultaneously. Other interoperability-related requirements may appear as
36   KPPs separate from the NR-KPP, such as the tagging of data, reliability of
37   certain types of communications, etc.).

38         (4) Standards conformance requirements, as documented in TV-1
39   products, or derived from other requirements and specifications, shall be



                                             E-11                             Enclosure E
                                                                       CJCSI 6212.01D
                                                                       14 October 2005
 1   evaluated and reported as appropriate for the complexity and maturity of the
 2   protocols.

 3          (5) Interoperability evaluation will be based on testing of production
 4   representative systems in as realistic an operational environment as
 5   practicable. This includes use of test scenarios with a typical message mix,
 6   loading that reflects normal and wartime modes, and benign and hostile
 7   environments. System test configurations will represent realistic IA aspects of
 8   the operational environment.

 9           (6) Interoperability evaluation must assess the end-to-end exchange and
10   use of information. For the exchange to be assessed as meeting all
11   requirements, the technical exchange and use in an operational environment
12   must be confirmed, including associated attributes for accuracy, completeness,
13   and timing (i.e., QoS attributes); security, etc. Meeting the requirements
14   means that not only the system functions correctly, but that the interfacing
15   systems also perform as required, and that the network infrastructure provides
16   the necessary reliability, bandwidth, response times, security, etc. JITC
17   interoperability evaluation is not an assessment of operational effectiveness,
18   but does include the expected operational impact of any discrepancies.

19           (7) Version identification information shall be provided for the system,
20   interfacing systems, and net-centric components (both services and data).

21            (8) Status reporting on items shall include the criticality associated with
22   the item, the status (e.g., certified, not tested), the degree of compliance (e.g.,
23   all critical requirements met, all requirements met), and the expected
24   operational impact of any discrepancies. Expected operational impact includes
25   the effects on the system, interfacing systems, and interoperability
26   environment (e.g., net-centric services and data).

27          (9) The interoperability test certification memorandum shall include a
28   statement on any conformance certification requirements, whether
29   conformance has been conducted as a separate test or included in the
30   interoperability testing.

31          (10)   Testing limitations shall be reported, including the impact they
32   may have on interpretation of the results and conclusions. Any untested
33   requirements shall be included in the testing limitations.

34          (11)    Life cycle interoperability evaluation will continue until objective
35   requirements have been satisfied and certified, and then will continue as
36   needed to satisfy re-certification needs.

37          (12)   Certification status will be verified during exercises and
38   deployments throughout the life cycle. If indications warrant (e.g., serious
39   problems are observed or reported, requirements or operational environment

                                            E-12                            Enclosure E
                                                                    CJCSI 6212.01D
                                                                    14 October 2005
 1   appear to have changed, configuration has changed significantly) assessments
 2   or complete evaluations will be performed to confirm and update the status, as
 3   necessary. Existing certifications may be confirmed (no action required),
 4   extended to minor system releases (updates), or revoked, and certification, non-
 5   certification, and interoperability status memoranda issued as appropriate.

 6       b. Net-Ready Key Performance Parameter (NR-KPP) Based Interoperability
 7   Test Certifications. For programs subject to NR-KPP processes, the evaluation
 8   will determine the operational status of the NR-KPP requirements (including
 9   interfaces, enterprise-level exchange requirements and other interoperability
10   requirements). Guidance specific to the NR-KPP process includes:

11            (1) Requirements shall be obtained from a J-6 interoperability and
12   supportability certified NR-KPP contained in a CPD – alternatively, an ISP if a
13   CPD is not required. If there is both a CPD and ISP with different requirements
14   (or different J-6 certification status), J-6 must be consulted to resolve the
15   issue. When J-6 has granted a waiver for the NR-KPP requirement, an
16   alternate J-6 approved source of requirements information will be specified by
17   J-6. This alternate source shall then be used for JITC interoperability
18   evaluation.

19          (2) The certification must address the NR-KPP statement, with the four
20   primary elements of the NR-KPP and associated performance attributes, and
21   provide the status of standards conformance. (Note that the elements are not
22   mutually exclusive – there is considerable overlap and interplay of the
23   requirements of the NR-KPP elements.)

24       c. As noted, in addition to reporting on the NR-KPP elements, standards
25   conformance shall be reported separately where appropriate. A summary of
26   the status reporting for these items follows.

27           (1) NCOW (GIG Enterprise Services (GIG ES (GES)) compliance (i.e., net-
28   readiness). Evaluation of the NCOW element to determine if a system is net-
29   enabled involves dynamic testing in addition to the static NCOW RM
30   compliance checklist. For example, standards conformance testing is the
31   dynamic analog of the static DISR compliance assessment. JITC’s evaluation
32   of this element comprises compliance with GES that comprises compatibility
33   with Core Enterprise Services (CES) and COI services and data. A given system
34   may be a provider or consumer of services/data, or both, and for the entire
35   enterprise or a subset.

36          (2) Integrated Architectures. This element of the NR-KPP includes both
37   the technical exchange of information and the end-to-end use of that exchange.
38   Exchange status is reported by physical/logical interface (as defined in
39   architecture products), and critical, enterprise-level exchange requirements.



                                          E-13                          Enclosure E
                                                                     CJCSI 6212.01D
                                                                     14 October 2005
 1   Interface status will include an identification of any KIPs associated with the
 2   interface and its compliance status.

 3           (3) Key Interface Profiles (KIPs) are operational, systems, and technical
 4   specifications of key GIG interfaces. The categories of KIPs comprise a wide
 5   range of interface specifications, from complete interface requirements to
 6   merely protocol specifications for part of an interface. The KIP Declaration
 7   Statement includes additional information on the system compliancy
 8   requirements to the KIPs (i.e., not all systems may need to implement 100% of
 9   a KIP specification). KIPs compliance will be reported separately to clarify the
10   overall compliance with this NR-KPP element, and will also be included in the
11   reporting of other elements where appropriate (e.g., in the interface
12   requirements matrix, where one or more KIPs may apply to an interface). KIPs
13   compliance must be reported in sufficient detail to indicate the degree of
14   compliance (for those cases where 100% compliance is not required), and the
15   method of determining the compliance status (e.g., standards conformance
16   testing, derived (from other formal testing), demonstrated). Any discrepancies
17   must be assessed for expected operational impact.

18           (4) Information Assurance (IA) is an integral part of all aspects of net-
19   centric systems – it should not be viewed as an independent element of the NR-
20   KPP, except for reporting purposes. JITC will evaluate IA (or portions of IA
21   requirements) when requested, and will report any known IA status as part of
22   reporting the NR-KPP status. However, some portions of IA requirements (e.g.,
23   DITSCAP) may not be assessed until after JITC interoperability certification,
24   and cannot be reported in the certification. As noted above, testing
25   environments will employ realistic IA configurations.

26            (5) Standards conformance requirements also appear throughout the
27   NR-KPP, however, like KIPs, the status will be reported separately or included
28   in the reporting of other elements where appropriate (e.g., in the interface
29   requirements matrix). With the net-centric paradigm, standards will play a
30   critical role, therefore a thorough, consistent methodology must be applied
31   when testing and certifying standards conformance. The system standards
32   profile is documented in the TV-1, created with the help of the DISR online tool.
33   Other standards requirements may be defined in KIPs declared in requirements
34   documents (and KIPs used by other KIPs), the NCOW RM, etc.

35        d. Interoperability Key Performance Parameter (I-KPP) Based
36   Interoperability Test Certifications. Interoperability evaluation and status
37   reporting for systems documented under the RGS system shall use the
38   following guidance.

39          (1) Requirements shall be obtained from a J-6 interoperability and
40   supportability certified ORD or certified I-KPP package. Some ORDs approved
41   by the Joint Requirements Oversight Council (JROC) before JCIDS may still be

                                           E-14                           Enclosure E
                                                                    CJCSI 6212.01D
                                                                    14 October 2005
 1   valid. However, JROC approved ORDs, ORDs approved before 2001 (prior to
 2   CJCSI 6212.01B), and ORDs without an I-KPP statement require coordination
 3   with, and approval by, J-6 before use. The I&S certification must address
 4   whether the I-KPP and individual top-level IERs and overall system
 5   interoperability performance have been met. The status of physical/logical
 6   interfaces is also reported.

 7       e. JITC Certification Determination – Interoperability Test Certification.
 8   Interoperability test and evaluation quantifies to the Warfighter the degree to
 9   which a system will operate in relation to its overall interoperability
10   requirements. The status also conveys the level of risk associated with the
11   system meeting requirements by identifying the expected operational impact of
12   any discrepancies. Status reporting is dependent on the form of requirements
13   (e.g., I-KPP statements qualitatively differ from NR-KPP statements).

14       f. Foreign Systems. JITC cannot issue an Interoperability Test
15   Certification for foreign systems because requirements are not defined by
16   JCIDS processes. Using an Interoperability Assessment, JITC can report
17   interoperability testing results for foreign systems whose requirements are
18   defined. JITC can also report on the test status of U.S. and foreign programs
19   in combined and coalition environments, when the requirements in these
20   environments are defined. There is also an exception in cases where a foreign
21   program is U.S. sponsored and has defined interfaces with U.S. programs.
22   Additionally, JITC can perform standards conformance certification for foreign
23   systems for any standard affecting interoperability.

24       g. Homeland Defense-Related Systems. JITC test methodologies will treat
25   information exchanges with homeland defense (non-Department of Defense
26   (DOD)) systems as any other external interface for the purposes of evaluating
27   DOD system interoperability. Special policy for evaluating interoperability of
28   homeland defense-related systems themselves has not been established. As
29   with other systems without J-6 certified requirements, JITC cannot issue an
30   interoperability test certification. However, JITC may produce assessments or
31   standards conformance certifications, as appropriate.

32       h. Stimulators/Simulators and Training Systems. Stimulators/simulators
33   and training systems, separate from operational systems, may be used in the
34   development and testing of IT and NSS and to support exercises. These devices
35   may interface with other systems in the testing environment. Using these
36   systems in a testing environment does not necessarily mean the test is not
37   adequately operationally realistic. Potential differences between the test
38   environment and the operational environment, as well as associated risks,
39   must be considered in accordance with applicable policy (e.g., DOD 5000.61)
40   before issuing any certification.



                                          E-15                          Enclosure E
                                                                    CJCSI 6212.01D
                                                                    14 October 2005
 1          (1) JITC may certify stimulator/simulator and training systems in the
 2   same manner as operational systems. These systems must have J-6 certified
 3   requirements (I-KPP/NR-KPP) for certification. JITC does not certify that these
 4   systems provide an accurate model of any particular environment.

 5       i. Validation of Test Tools and Standards. Test tools (and any associated
 6   components such as test suites) and standards/standards profiles should be
 7   validated before T&E use. JITC does not have the unique mission to validate
 8   test tools or standards. However, JITC may contribute to the validation as
 9   requested by a standards body or perform validation under the authority used
10   to establish a JITC testing program.

11      b. Testing Resources include:

12             (a) Services and Defense Agencies, such as DISA (JITC), the DOD
13   Intelligence Information System (DODIIS) Independent Test Authority (ITA), and
14   USJFCOM JSIC.

15            (b) Services and Defense Agencies’ systems, equipment, and
16   personnel, necessary to accomplish standards conformance testing and joint
17   interoperability testing.

18       j. Information Assurance (IA). IT and NSS, including commercial and non-
19   developmental items, must comply with applicable DOD IA
20   policies/regulations/instructions and Director Central Intelligence Directives
21   (DCIDs) or superseding Director of National Intelligence guidance. This
22   includes implementation of encrypted key when required to ensure information
23   security over all voice, video, and data transmission. Interconnection of
24   systems operating at different classification levels will be accomplished by
25   processes approved by the DOD Chief Information Officer (CIO) in conjunction
26   with Defense Intelligence Agency (DIA) CIO. IA will be an integral part of all
27   net-readiness efforts thus allowing appropriate security measures to protect
28   mission data and system resources from all known threats. JITC shall verify
29   that system and network configurations used in testing are representative of a
30   realistic operational environment, to include IA characteristics of the
31   environment. For cryptographic devices, JITC shall confer with the National
32   Security Agency (NSA) and user community, to confirm that IA characteristics
33   of the environment are operationally realistic.

34       k. Minor System Version Updates - No Test Required. J-6 certified
35   requirements shall be used to determine the appropriate type and amount of
36   testing required, including the situation where no interoperability testing is
37   required. A new system version having only minor changes not affecting
38   interoperability of the system or interfacing systems, nor otherwise impacting
39   the operational interoperability environment may not require interoperability
40   testing, if previously certified. JITC will use information provided by the

                                          E-16                           Enclosure E
                                                                       CJCSI 6212.01D
                                                                       14 October 2005
 1   sponsor and from other sources to decide if the previous certification still
 2   applies to the updated version (i.e., that the interoperability status remains
 3   unchanged). Since any system modification has the potential of adversely
 4   impacting interoperability, a risk assessment will be performed by JITC to
 5   determine the probability and consequences of impacts to interoperability.
 6   This situation will be documented in an extension of certification letter (see
 7   paragraph l.(2) below).

 8       l. Recertification and Extension of Certification. JITC interoperability re-
 9   certification is required upon any of the following events.

10          When materiel changes (e.g., hardware or software modifications,
11          including firmware) and similar changes to interfacing systems affect
12          interoperability

13          Upon revocation of interoperability certifications or JS J-6 System
14          Validation

15          Upon automatic expiration 3 years after the date of the certification

16          When non-materiel changes (i.e., DOTLPF) occur that may affect
17          interoperability

18      m. Other than the case of an expired certification, any of these events will
19   require additional interoperability evaluation and certification in order to
20   update the interoperability status.

21            (1) Expired Certifications. If a review of the circumstances for a
22   particular system indicates no change in interoperability characteristics or
23   requirements or J-6 System Validation since the last certification, a new
24   certification may be issued upon expiration. Contact the JITC at least six
25   months prior to expiration to coordinate the recertification effort. A new
26   certification is required to reset the 3-year validity period. This "re-issued"
27   certification may not require additional interoperability testing. However,
28   requirements certification and J-6 validation status shall be reconfirmed. The
29   status of all interfacing systems must be examined to ensure that their status
30   or requirements with respect to the system under test have not changed. The
31   interoperability environment must not have changed, and the previously
32   certified status should have been verified during exercises or deployments.
33   Only if all of these conditions have been met will a new certification be granted
34   without additional testing. A limited certification where only partial
35   requirements were certified because some requirements (critical or not) were
36   not tested or implemented shall not be reissued. The goal is a certification of
37   all objective requirements.

38          (2) Certification Extensions ("derived" certification). If a certified system
39   has been modified, but JITC determines that the modifications do not affect

                                            E-17                            Enclosure E
                                                                       CJCSI 6212.01D
                                                                       14 October 2005
 1   interoperability and the interoperability environment and interfacing systems
 2   have not changed significantly; the certification may be extended to cover the
 3   modified version. Contact the JITC to request/coordinate extensions. The
 4   system sponsor should provide a written statement that the modifications do
 5   not affect interoperability, along with sufficient information for JITC to
 6   independently make a determination of the impact of changes. The extended
 7   certification will expire 3 years from the date of the certification being extended
 8   (i.e., the extension applies only to the specific system versions being covered,
 9   not to the expiration date).

10       n. Revocation and Re-issuance of JITC Certifications. There are situations
11   that may warrant the rescinding, revocation, or re-issuance of a JITC
12   certification. These situations range from the need to correct simple
13   administrative errors (e.g., wrong configuration identified) to serious cases
14   where the J-6 fails to validate the testing and requests the status be
15   reexamined. It is impossible to anticipate all of these situations and the
16   appropriate actions. Everyone that received the original JITC certification
17   notice will be properly notified of any changes.

18       o. Standards and Standards Profiles Conformance Test Methodology.
19   Standards conformance certification results from testing a system/component
20   for conformity with standards/standards profiles (for information processing,
21   content, format, or transfer). Conformity is characterized with a matrix
22   showing whether an implementation (the hardware/software under test) meets
23   the individual mandatory and optional requirements specified in the
24   standard/standards profile. Certification is confirmation that the
25   system/component meets - as a minimum - all of the mandatory and
26   implemented optional requirements and that there are no critical
27   discrepancies. Other types of products may be extremely useful to the
28   sponsor; however, they do not satisfy requirements for having to have
29   standards conformance certifications.

30            (1) Standards conformance certification is based on detailed assessment
31   of protocol elements and other specified requirements. Standards conformance
32   certification means that all mandatory items, and all implemented optional
33   items, are correctly supported. If an optional item fails, it must be removed or
34   disabled. Standards conformance certifications should be based on a test plan
35   that has procedures to test all requirements. A table that shows all
36   requirements (at a level sufficient to show at least the major capabilities
37   supported), what is implemented, and the status. Status must be "rolled up" --
38   a higher-level item passes only if all subordinate elements pass or are not
39   applicable.

40          (2) Most standards identify mandatory and optional items and don't
41   necessarily identify the criticality. With complex standards there is almost
42   never 100% conformance, so a status of "limited conformance" or "not met, but

                                            E-18                           Enclosure E
                                                                     CJCSI 6212.01D
                                                                     14 October 2005
 1   minor impact or workaround exists" may be appropriate (in effect factoring in
 2   criticality).

 3   10. Funding and Other Certifications. The following must also be considered
 4   during the interoperability testing process.

 5      a. Funding for interoperability certification, including planning, testing,
 6   analysis, and reporting is the responsibility of the program sponsor. Contact
 7   JITC for guidance on testing fund planning.

 8      b. There may also be other certifications, validations, or accreditations
 9   required prior to fielding a system (e.g., DODI 5200.40 (DITSCAP), IA, and
10   security, electromagnetic spectrum, and authorization to connect to specific
11   networks).

12   11. Exceptions and Other Considerations. Some programs have a
13   requirements authority that differs from the nominal JCIDS process. For these
14   programs, coordination with the J-6 may be necessary to confirm
15   interoperability requirements. Other programs where system components are
16   certified (e.g., network infrastructure components), may have requirements
17   derived from Chairman of the Joint Chiefs of Staff Manuals (CJCSMs), program
18   specifications, or other sources. These will need to be handled on a case-by-
19   case basis, with the sponsor coordinating with JITC and J-6.

20      a. Some examples of these exceptions are:

21         (1) Missile Defense Agency – exempt from DOD 5000 requirements until
22   systems are transitioned to the Services.

23           (2) DSN switches/network components – requirements defined in Joint
24   Staff approved Generic Switching Center Requirements (GSCR), DSN ATM
25   specification, CPDs for network, etc.

26          (3) In-line encryption devices (security capabilities independently tested
27   and certified by National Security Agency (NSA)).

28         (4) COTS VTC, network infrastructure components – derived from
29   network or commercial standards.

30           (5) SATCOM terminals, radios – CPDs for program or FoS; requirements
31   may be derived from multiple documents (e.g., commercial and military
32   SATCOM covered in different requirements documents) or be selected from
33   overall requirements (e.g., JTRS defines requirements for entire program,
34   individual radios would have a subset of requirements).

35       b. Other categories of systems with special sources of requirements may
36   include foreign and non-DOD systems (without an interface to DOD systems –

                                           E-19                           Enclosure E
                                                                        CJCSI 6212.01D
                                                                        14 October 2005
 1   systems that do interface to DOD systems should have the DOD interfaces
 2   documented and the requirements confirmed by J-6).

 3      c. Other considerations include:

 4          (1) For COTS systems and software not requiring formal JCIDS, ISP, or
 5   NR-KPP documentation, proponent-sponsored interoperability testing and JITC
 6   evaluation/certification shall be conducted prior to IOC.

 7           (2) The MCEB/ITP will resolve issues concerning joint testing and
 8   interoperability test certification. Interoperability issues related to intelligence
 9   will be referred to the MIB.

10           (3) The MCEB/ITP may grant a temporary waiver from interoperability
11   test certification requirements – an ICTO – in special situations, based on
12   justifiable circumstances and impacts. Note that there may be exceptions for
13   specific programs (e.g., DSN waivers must be issued from ASD(NII)/DOD CIO).

14          (4) Additional approval may be required before a system is connected to
15   some networks. The system sponsor is responsible for coordinating these
16   requirements with the appropriate authority. Examples include:

17              (a) DITSCAP/IA accreditation/certification requirements.

18              (b) DRSN PMO approval for connection to the DRSN.

19              (c) TJTN approval for certain tactical networks.

20               (d) NSA/CSS is the certifier for approved security for protecting
21   classified or national security information (see NSD42).

22          (5) Life-cycle support.

23              (a) JITC assesses systems during exercises and operational use to
24   determine if changes to joint architectures, standards, operational concepts,
25   procedures, or interfacing systems have affected interoperability.

26               (b) JITC also documents the employment of systems that deviate
27   from certified requirements documents (CPD and ISP, or equivalent). Identified
28   deviations, deficiencies, and uncertified (never certified or expired certification)
29   systems are tracked and reported to J-6 for appropriate action.

30   12. Related Information

31       a. The JITC public Web site provides information on available information
32   and access requirements, and points of contact (POCs). JITC maintains a
33   variety of information online, including basic policy and procedures,


                                             E-20                            Enclosure E
                                                                      CJCSI 6212.01D
                                                                      14 October 2005
 1   descriptions of testing programs, program/product registers, and
 2   interoperability databases. Refer to: http://jitc.fhu.disa.mil/.

 3       b. System Tracking Program (STP). JITC uses the STP to track
 4   interoperability information for programs and systems. The STP includes
 5   (unclassified) information on requirements documentation, ICTOs, and
 6   certification status. Authorized users (.mil/. gov) may refer to:
 7   https://stp.fhu.disa.mil for instructions on requesting access.

 8   13. Conclusion. The interoperability certification process must begin during
 9   interoperability requirements and capabilities development and continue
10   throughout the system lifecycle, including testing and fielding. The intent is to
11   detect interoperability deficiencies sufficiently early to ensure that no system is
12   fielded without achieving critical interoperability capabilities. Thorough and
13   continuous coordination among the Joint Staff, JITC, and sponsors is required
14   to ensure that systems provided to the warfighter have met the requisite
15   interoperability requirements to support joint operations.

16




                                            E-21                           Enclosure E
                             CJCSI 6212.01D
                             14 October 2005
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20   (INTENTIONALLY BLANK)
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43




             E-22                Enclosure E
                                                                  CJCSI 6212.01D
                                                                  14 October 2005
 1
 2
 3                                  ENCLOSURE F
 4
 5                                   REFERENCES
 6
 7
 8      a. CJCSI 3170.01, Joint Capabilities Integration and Development System

 9     b. CJCSM 3170.01, Operation of the Joint Capabilities Integration and
10   Development System

11       c. DOD Directive 4630.5, 5 May 2004, Interoperability and Supportability
12   of Information Technology (IT) and National Security Systems (NSS)

13      d. DOD Instruction 4630.8, 30 June 2004, Procedures for Interoperability
14   and Supportability of Information Technology (IT) and National Security
15   Systems (NSS)

16      e. DOD Directive 5000.1, 12 May 2003, The Defense Acquisition System

17      f. DODI 5000.2, 12 May 2003, Operation of the Defense Acquisition
18   System

19      g. Department of Defense Information Technology Standards Registry
20   current Baseline Release located on the NIPRNET at http://disronline.disa.mil
21   and on the SIPRNET at http://disronline.disa.smil.mil/a/DISR

22     h. DOD Directive 8100.1, 19 September 2002, (Certified current as of
23   November 21, 2003) Global Information Grid (GIG) Overarching Policy

24      i. DOD Directive 3222.3, 8 September 2004, Department of Defense
25   Electromagnetic Environmental Effects (E3) Program

26      j. DOD Directive 4650.1, 8 June 2004, Policy for Management and Use of
27   the Electromagnetic Spectrum

28      k. US Department of Commerce, National Telecommunications and
29   Information Administration (NTIA) ―Manual of Regulations and Procedures for
30   Federal Radio Frequency Management,‖ May 2003 Edition (May 2005 Revision)

31      l. CJCSI 6140.01A, NAVSTAR Global Positioning System Selective
32   Availability Anti-Spoofing Module Requirements

33      m. Net-Centric Operations and Warfare (NCOW) Reference Model (RM)




                                          F-1                          Enclosure F
                                                                                        CJCSI 6212.01D
                                                                                        14 October 2005
 1   (https://disain.disa.mil/ncow.html)

 2       n. DOD Architecture Framework (DODAF)

 3      o. Global Information Grid (GIG) Architecture, Version 2.0, 9 December
 4   2003, located at https://disain.disa.mil/ncow.html

 5       p. DOD Directive 8500.1, 24 October 2002, Information Assurance (IA)

 6      q. DOD Instruction 8500.2, 6 February 2003, Information Assurance (IA)
 7   Implementation

 8      r. DODI 8580.1, 9 July 2004, Information Assurance (IA) in the Defense
 9   Acquisition System5

10      s. DOD Instruction 5200.40, 30 December 1997, DOD Information
11   Technology Security Certification and Accreditation Process (DITSCAP)8

12      t. End-to-End IA Component of the GIG Integrated Architecture, 26
13   October 2004, located at https://gesportal.dod.mil

14       u. Net-Centric IA Strategy, 30 June 2004, located at
15   https://gesportal.dod.mil

16       v. National Security Space Acquisition Policy 03-01, 27 December 2004

17      w. DODD 8320.2, 2 December 2004, Data Sharing in a Net-Centric
18   Department of Defense

19      x. Department of Defense Chief Information Officer Memorandum, DOD
20   Net-Centric Data Strategy, May 9, 2003

21     y. Subtitle III of Title 40, United States Code, Information Technology
22   Management Reform Act of 1996 (Clinger-Cohen Act) as amended by Public
23   Law 105-261 and Public Law 107-217

24      z. Federal Information Security Act of 2002, E-Government Act (Public Law
25   107-347), Title III

26       aa.Defense Acquisition Guidebook located at http://akss.dau.mil/dag

27     bb. AsstSecDef memorandum, 21 May 2002, Department of Defense (DOD)
28   Public Key Infrastructure (PKI)

29       cc. DODD 3020.40, Defense Critical Infrastructure Program (DCIP)
     8
      DODI 8510.1, DOD Information Assurance Certification and Accreditation Process (DIACAP) supersedes DODI
     5200.40 and DOD 8510.1-M, DOD Information Technology Security Certification and Accreditation Process
     (DITSCAP) when approved.

                                                       F-2                                    Enclosure F
                                                                  CJCSI 6212.01D
                                                                  14 October 2005
 1     dd. DODD 8581.1E, Information Assurance (IA) Policy for Space Systems
 2   Used by the Department of Defense, 21 June 2005

 3      ee. DCID 6/1, 1 March 1995 (Administratively updated 4 November 2003),
 4   Security Policy for Sensitive Compartmented Information and Security Policy

 5      ff. DCID 6/3, 5 June 1999, Protecting Sensitive Compartmented
 6   Information Within Information Systems (administratively updated 3 May
 7   2002, Directive classified)

 8     gg. ASD(C3I) memorandum, 28 August 1998, Radio Acquisitions

 9      hh. DOD Directive 5100.35, 10 March 1998, Military Communications-
10   Electronics Board (MCEB)

11     ii. MCEB Pub 1, 1 March 2002, MCEB Organization, Mission and
12   Functional Manual

13     jj. CJCSI 3312.01, Joint Military Intelligence Requirements Certification

14      kk. Horizontal Integration JROCM 124-04

15      ll. CJCSI 6510.01B, Information Assurance (IA) and Computer Network
16   Defense (CND)

17      mm. DODD 5101.7, DOD Executive Agent for Information Technology
18   Standards, May 21, 2004

19     nn. DODD 5122.01, Theater Joint Tactical Networks Configuration Control
20   Board Charter, 25 March 2003

21     oo. CJCSI 3470.01, Rapid Validation and Resourcing of Joint Urgent
22   Operational Needs (JUONs) in the Year of Execution

23      pp. NIST SP 800-53, Recommended Security Controls for Federal
24   Information Systems, February 2005

25      qq. ASD/NII Memorandum, Subject: Temporary Suspension of the Joint
26   Tactical Radio Systems (JTRS) Waive Process, dated: May 23, 2005

27     rr. DODI 8551.1, Port, Protocols, and Services Management (PPSM), 13
28   August 2004

29




                                          F-3                          Enclosure F
                             CJCSI 6212.01D
                             14 October 2005
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20   (INTENTIONALLY BLANK)
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43




              F-4                Enclosure F
                                                               CJCSI 6212.01D
                                                               14 October 2005
 1
 2
 3                                 GLOSSARY
 4
 5
 6                  PART I--ABBREVIATIONS AND ACRONYMS
 7
 8
 9         A
10
11   ACAT               Acquisition Category
12   ASD(NII)/DOD CIO   Assistant Secretary of Defense for Networks and
13                      Information Integration/DOD Chief Information Officer
14   AT&L               Acquisition Technology and Logistics
15   ATD                Advanced Technology Demonstration
16   ATM                Asynchronous Transfer Mode
17   ATO                Authority to Operate
18   AV                 All Views
19
20         C
21
22   C&A                Certification and Accreditation
23   C2                 Command and Control
24   C2IP               Command and Control Initiative Program
25   C3I                Command, Control, Communications, and
26                      Intelligence
27   C4I                Command, Control, Communications, Computers, and
28                      Intelligence
29   C4ISP              Command, Control, Communications, Computers, and
30                      Intelligence Support Plan
31   C4ISR              Command, Control, Communications, Computers,
32                      Intelligence, Surveillance, and Reconnaissance
33   CC/S/A             Combatant Commands, Services, Agencies
34   CCB                Configuration Control Board
35   CDD                Capability Development Document
36   CDR                Critical Design Review
37   CES                Core Enterprise Services
38   CFLC               Community Functional Lead for Cryptology
39   CIO                Chief Information Officer
40   CIP                Critical Infrastructure Protection
41   CJCS               Chairman of the Joint Chiefs of Staff
42   CJCSI              Chairman of the Joint Chiefs of Staff Instruction
43   CJCSM              Chairman of the Joint Chiefs of Staff Manual
44   CND                Computer Network Defense
45   COCOM              Combatant Command
                                      GL-1                             Glossary
                                                       CJCSI 6212.01D
                                                       14 October 2005
 1   COI       Communities of Interest
 2   COTS      Commercial off the Shelf
 3   CPD       Capabilities Production Document
 4   CRM       Comments Resolution Matrix
 5   CR        Change Request
 6   CSS       Central Security Service
 7
 8     D
 9
10   DAA       Designated Approving Authority
11   DAU       Defense Acquisition University
12   DCID      Director of Central Intelligence Directive
13   DCIP      Defense Critical Infrastructure Program
14   DCR       DOTMLPF Change Recommendations
15   DIA       Defense Intelligence Agency
16   DIACAP    Defense Information Assurance Certification and
17             Accreditation Process
18   DICE      DOD Interoperability Communications Exercise
19   DISA      Defense Information Systems Agency
20   DISR      DOD Information Technology Standards Registry
21   DITSCAP   DOD Information Technology Security Certification and
22             Accreditation Process
23   DNI       Director of National Intelligence
24   DOD       Department of Defense
25   DODAF     DOD Architecture Framework
26   DODD      Department of Defense Directive
27   DODI      DOD Instruction
28   DODIIS    DOD Intelligence Information System
29   DOT&E     Director, Operational Test and Evaluation
30   DOTMLPF   Doctrine, Organization, Training, Materiel, Leadership
31             and Education, Personnel, and Facilities
32   DRSN      Defense Red Switch Network
33   DSN       Defense Switch Network
34   DT        Developmental Testing
35   DT&E      Developmental Test and Evaluation
36
37     E
38
39   E3        Electromagnetic Environmental Effects
40   EA        Executive Agent
41   EID       Electrically Initiated Devices
42   EIE       Enterprise Information Environment
43   EMC       Electromagnetic Compatibility
44
45     F
                             GL-2                             Glossary
                                                      CJCSI 6212.01D
                                                      14 October 2005
 1
 2   FCB      Functional Capabilities Board
 3   FRP DR   Full-Rate Production Decision Review
 4   FSA      Functional Solution Analysis
 5   FY       Fiscal Year
 6
 7      G
 8
 9   GIG      Global Information Grid
10   GIG-ES   GIG Enterprise Services
11   GPS      Global Positioning System
12   GSCR     Generic Switching Center Requirements
13
14      H
15
16   HERO     Hazards of Electromagnetic Radiation to Ordnance
17   HNA      Host-Nation Approval
18
19      I
20
21   I&S      Interoperability and Supportability
22   IA       Information Assurance
23   IAM      Information Assurance Manager
24   IATO     Interim Approval to Operate
25   IAW      In Accordance With
26   IC       Intelligence Community
27   ICD      Initial Capabilities Document
28   ICEP     Interoperability Certification Evaluation Plan
29   ICTO     Interim Certificate To Operate
30   I-KPP    Interoperability KPP
31   IOC      Initial Operational Capability
32   IP       Internet Protocol
33   ISA      Interim Standards Acknowledgement
34   ISP      Information Support Plan
35   ISRP     Interoperability Senior Review Panel
36   ITSC     Information Technology Standards Committee
37   ISSE     Information System Security Engineering
38   ISOP     IT Standards Oversight Panel
39   IT       Information Technology
40   ITP      Interoperability Policy and Test Panel
41   ITP      Interoperability Test Plan
42   IWL      Interoperability Watch List
43
44      J
45

                             GL-3                              Glossary
                                                        CJCSI 6212.01D
                                                        14 October 2005
 1   JCD       Joint   Capabilities Document
 2   JCIDS     Joint   Capabilities Integration and Development System
 3   JCPAT     Joint   C4I Program Assessment Tool
 4   JCPAT-E   Joint   C4I Program Assessment Tool - Empowered
 5   JIA       Joint   Integrated Architecture
 6   JITC      Joint   Interoperability Test Command
 7   JPD       Joint   Potential Designator
 8   JROC      Joint   Requirements Oversight Council
 9   JSIC      Joint   Systems Integration Command
10   JTF-GNO   Joint   Task Force for Global Network Operations
11   JTRS      Joint   Tactical Radio System
12   JWICS     Joint   World Wide Intelligence Communications System
13
14     K
15
16   KIP       Key Interface Profile
17   KM/DS     Knowledge Management/Decision Support
18   KDP       Key Decision Point
19   KDP-A     Key Decision Point Milestone A
20   KDP-B     Key Decision Point Milestone B
21   KDP-C     Key Decision Point Milestone C
22   KPP       Key Performance Parameter
23
24     L
25
26   LDM       Logical Data Model
27
28     M
29
30   MAC       Mission Assurance Category
31   MASINT    Measurement and Signature Intelligence
32   MCEB      Military Communications-Electronics Board
33   MDA       Milestone Decision Authority
34   MIB       Military Intelligence Board
35   MS        Milestone
36
37     N
38
39   NATO      North Atlantic Treaty Organization
40   NCES      Net-Centric Enterprise Services
41   NCOW      Net-Centric Operations and Warfare
42   NCOW RM   Net-Centric Operations and Warfare Reference Model
43   NGA       National Geospatial-Intelligence Agency
44   NII       Networks and Information Integration
45   NIPRNET   Non-secure Internet Protocol Router Network
                                GL-4                            Glossary
                                                        CJCSI 6212.01D
                                                        14 October 2005
 1   NR-KPP    Net-Ready Key Performance Parameter
 2   NSA       National Security Agency
 3   NSS       National Security Systems
 4   NSTISSP   National Security Telecommunications Systems and
 5             Information Systems Security Policy
 6
 7     O
 8
 9   O         Objective
10   OA        Operational Assessment
11   OASD      Office of the Assistant Secretary of Defense
12   ORD       Operational Requirements Document
13   OSD       Office of the Secretary of Defense
14   OT        Operational Testing
15   OT&E      Operational Test and Evaluation
16   OTRR      Operational Test Readiness Review
17   OUS       Organization Unique Standards
18   OV        Operational View
19
20     P
21
22   PDM       Physical Data Model
23   PDR       Preliminary Design Review
24   PKI       Public Key Infrastructure
25   PM        Program Manager
26   POC       Point Of Contact
27   POM       Program Objective Memorandum
28   PPS       Precise Positioning Service
29   PPSM      Ports, Protocols, and Services Management
30   PTUC      Participating Test Unit Coordinator
31
32     Q
33
34   QoS       Quality of Service
35
36     R
37
38   RGS       Requirements Generation System
39
40     S
41
42   SAASM     Selective Availability Anti-Spoofing Module
43   SATCOM    Satellite Communications
44   SCI       Sensitive Compartmented Information
45   SDD       System Development and Demonstration
                              GL-5                             Glossary
                                                            CJCSI 6212.01D
                                                            14 October 2005
 1   SIGINT       Signals Intelligence
 2   SIPRNET      SECRET Internet Protocol Router Network
 3   SME          Subject Matter Expert
 4   SSAA         System Security Authorization Agreement
 5   STP          System Tracking Program
 6   SV           Systems View
 7
 8     T
 9
10   T&E          Test and Evaluation
11   T            Threshold
12   TEMP         Test and Evaluation Master Plan
13   TISP         Tailored Information Support Plan (ISP)
14   TJTN         Theater Joint Tactical Networks
15   TV           Technical Standards View
16
17     U
18
19   USA          United States Army
20   USAF         United States Air Force
21   USCENTCOM    United States Central Command
22   USD(AT&L)    Under Secretary of Defense (Acquisition, Technology, and
23                Logistics)
24   USD(C)       Under Secretary of Defense (Comptroller)
25   USD(P)       Under Secretary of Defense (Policy)
26   USEUCOM      United States European Command
27   USJFCOM      United States Joint Forces Command
28   USMC         United States Marine Corps
29   USMS         United States MASINT System
30   USN          United States Navy
31   USNORTHCOM   United States Northern Command
32   USPACOM      United States Pacific Command
33   USSID        US Signals Intelligence Directives
34   USSOCOM      United States Special Operations Command
35   USSOUTHCOM   United States Southern Command
36   USSTRATCOM   United States Strategic Command
37   USTRANSCOM   United States Transportation Command
38
39     X
40
41   XML          Extensible Markup Language
42
43                     PART II – DEFINITIONS
44


                                 GL-6                              Glossary
                                                                    CJCSI 6212.01D
                                                                    14 October 2005
 1   Acquisition Category (ACAT). Categories established to facilitate decentralized
 2   decision making as well as execution and compliance with statutorily imposed
 3   requirements. The categories determine the level of review, decision authority,
 4   and applicable procedures. Reference h provides the specific definition for each
 5   acquisition category.

 6   Administrative comments. Administrative comments to correct what appear to
 7   be typographical or grammatical errors.

 8   Advanced Concept Technology Demonstration (ACTD) - A demonstration of the
 9   military utility of a significant new technology and an assessment to clearly
10   establish operational utility and system integrity.

11   Advanced Technology Demonstration (ATD) - A demonstration of the maturity
12   and potential of advanced technologies for enhanced military operational
13   capability or cost-effectiveness. ATDs are identified, sponsored and funded by
14   the Services and Agencies.

15   Architecture. The organizational structure and associated behavior of a
16   system. An architecture can be recursively decomposed into parts that interact
17   through interfaces, relationships that connect parts, and constraints for
18   assembling parts. Parts that interact through interfaces include classes,
19   components, and subsystems.

20   Capability Development Document (CDD) - A document that captures the
21   information necessary to develop a proposed program(s), normally using an
22   evolutionary acquisition strategy. The CDD outlines an affordable increment of
23   militarily useful, logistically supportable and technically mature capability.

24   Capability Production Document (CPD). A document that addresses the
25   production elements specific to a single increment of an acquisition program.

26   Coalition interface. Any interface that passes information between one or more
27   US IT and NSS and one or more coalition partner IT and NSS.

28   Combined interface. Any interface that passes information between one or
29   more US IT and NSS and one or more allied IT and NSS.

30   Communities of Interest (COI). Collaborative groups of users who must exchange
31   information in pursuit of their shared goals, interests, missions, or business
32   processes, and who therefore must have shared vocabulary for the information
33   they exchange (source: DCIO DOD Net-Centric Data Strategy, dated 9 May
34   2003)

35   Critical Comments. Critical comments will cause non-concurrence in a
36   document if comments are not satisfactorily resolved. During a flag-level

                                          GL-7                              Glossary
                                                                       CJCSI 6212.01D
                                                                       14 October 2005
 1   review, persons commenting are required to contact and coordinate critical
 2   comments with document submitters prior to submission of the comments.

 3   Critical Infrastructure Protection. Actions taken to prevent, remediate, or
 4   mitigate the risks resulting from vulnerabilities of critical infrastructure assets.
 5   Depending on the risk, these actions could include: changes in tactics,
 6   techniques, or procedures; adding redundancy; selection of another asset;
 7   isolation or hardening; guarding, etc

 8   Defense Agencies. All agencies and offices of the Department of Defense,
 9   including the Missile Defense Agency, Defense Advanced Research Projects
10   Agency, Defense Commissary Agency, Defense Contract Audit Agency, Defense
11   Finance and Accounting Service, Defense Information Systems Agency, Defense
12   Intelligence Agency, Defense Legal Services Agency, Defense Logistics Agency,
13   Defense Threat Reduction Agency, Defense Security Cooperation Agency,
14   Defense Security Service, National Geospatial Intelligence Agency, National
15   Reconnaissance Office, and National Security Agency/Central Security Service.

16   Defense Critical Infrastructure Program. A DOD risk management program
17   that seeks to assure the availability of networked assets critical to DOD
18   missions. Activities include the identification, assessment, and security
19   enhancement of assets essential for executing the National Military Strategy.

20   Defense-in-Depth. The DOD approach for establishing an adequate IA posture
21   in a shared-risk environment that allows for shared mitigation through: the
22   integration of people, technology and operations; the layering of IA solutions
23   within and among IT assets; and, the selection of IA solutions based on their
24   relative level of robustness.

25   DOD Information Assurance Certification and Accreditation Process (DIACAP).
26   Establishes the standard DOD process for identifying, implementing, and
27   validating IA controls, for authorizing the operation of DOD information
28   systems, and for managing IA posture across DOD information systems
29   consistent with the Federal Information Security Management Act (FISMA).

30   DOD Information Technology Security Certification and Accreditation Process
31   (DITSCAP). The standard DOD process for identifying information security
32   requirements, providing security solutions, and managing information system
33   security activities.

34   DOD Information Technology Standards Registry (DISR). The DISR provides the
35   minimal set of rules governing the arrangement, interaction, and
36   interdependence of system parts or elements, whose purpose is to ensure that
37   a conformant system satisfies a specified set of requirements. It defines the
38   service areas, interfaces, standards (DISR elements), and standards profiles
39   applicable to all DOD systems. Use of standards mandated in the DISR is
                                            GL-8                                Glossary
                                                                      CJCSI 6212.01D
                                                                      14 October 2005
 1   required for the development and acquisition of new or modified fielded IT and
 2   NSS systems throughout the Department of Defense. The DISR replaced the
 3   Joint Technical Architecture.

 4   DOD Interoperability Communications Exercise (DICE). An annual exercise
 5   that is sponsored by the Joint Forces Command and conducted by the Joint
 6   Interoperability Test Command. DICE is the only exercise dedicated to testing
 7   interoperability between systems from each Service, DOD agencies, coalition
 8   members, and commercial vendors.

 9   Electromagnetic environmental effects (E3). E3 is the impact of the
10   electromagnetic environment upon the operational capability of military forces,
11   equipment, systems, and platforms. It encompasses all electromagnetic
12   disciplines, including compatibility, interference; vulnerability, pulse; electro-
13   static discharge; hazards of radiation to personnel, ordnance, and volatile
14   materiels; and natural phenomena effects, of lightning and precipitation static.

15   Emerging KIP. A maturing profile developed by the KIP PM using the SIPRNET
16   DISRonline tool allowing visibility of the state of the system interface design
17   implementing standards projected for inclusion in the KIP. This KIP lifecycle
18   phase provides all PMs the opportunity to plan for incorporating the KIP
19   technical specifications.

20   Equipment Spectrum Certification. The statement(s) of adequacy received from
21   authorities of sovereign nations after their review of the technical
22   characteristics of a spectrum-dependent equipment or system regarding
23   compliance with their national spectrum management policy, allocations,
24   regulations/instructions, and technical standards. Equipment Spectrum
25   Certification is alternately called "spectrum certification‖.

26   Enterprise. A unit of economic organization or activity, ie. business
27   organization.

28   Fielded System. Post acquisition IT and NSS operational systems.

29   Functional Area - A broad scope of related joint warfighting skills and
30   attributes that may span the range of military operations. Specific skill
31   groupings that make up the functional areas are approved by the JROC.

32   Functional Capabilities Board (FCB) - A permanently established body that is
33   responsible for the organization, analysis, and prioritization of joint warfighting
34   capabilities within an assigned functional area.

35   Global Information Grid (GIG). The globally interconnected, end-to-end set of
36   information capabilities associated processes and personnel for collecting,
37   processing, storing, disseminating, and managing information on demand to

                                            GL-9                               Glossary
                                                                    CJCSI 6212.01D
                                                                    14 October 2005
 1   warfighters, policy makers, and support personnel. The GIG includes all
 2   owned and leased communications and computing systems and services,
 3   software (including applications), data, security services and other associated
 4   services necessary to achieve information superiority. It also includes National
 5   Security Systems as defined in section 5142 of the Clinger-Cohen Act of 1996.
 6   The GIG supports all Department of Defense, National Security Systems, and
 7   related Intelligence Community missions and functions (strategic, operational,
 8   tactical and business), in war and in peace. The GIG provides capabilities from
 9   all operating locations (bases, posts, camps, stations, facilities, mobile
10   platforms and deployed sites). The GIG provides interfaces to coalition, allied,
11   and non-DOD users and systems.

12   IA Component of the GIG Architecture. The set of guiding documents and
13   DoDAF products which provides an IA strategy for achieving the assured,
14   integrated, and survivable information enterprise necessary to attain the
15   strategic objectives of the DoD and IC.

16   Information assurance (IA). Information operations that protect and defend
17   information and information systems by ensuring their availability, integrity,
18   authentication, confidentiality, and non-repudiation. This includes providing
19   for restoration of information systems by incorporating protection, detection,
20   and reaction capabilities. (Joint Publication 3-13).

21   Information Assurance. Information operations that protect and defend
22   information and information systems by ensuring their availability, integrity,
23   authentication, confidentiality, and non-repudiation. This includes providing
24   for restoration of information systems by incorporating protection, detection,
25   and reaction capabilities.

26   Information Support Plan (ISP). The identification and documentation of
27   information needs, infrastructure support, IT and NSS interface requirements
28   and dependencies focusing on net-centric, interoperability, supportability and
29   sufficiency concerns (DODI 4630.8).

30   Information Technology (IT). Any equipment or interconnected system or
31   subsystem of equipment, that is used in the automatic acquisition, storage,
32   manipulation, management, movement, control, display, switching,
33   interchange, transmission, or reception of data or information. Information
34   technology includes computers, ancillary equipment, software, firmware, and
35   similar procedures, services (including support services), and related resources.
36   Information technology does not include any equipment that is acquired by a
37   federal contractor incidental to a federal contract.

38   Information Timeliness. Occurring at a suitable or appropriate time for a
39   particular condition.

                                          GL-10                              Glossary
                                                                      CJCSI 6212.01D
                                                                      14 October 2005
 1   Initial Capabilities Document (ICD) - Documents the need for a materiel
 2   solution to a specific capability gap derived from an initial analysis of
 3   alternatives executed by the operational user and, as required, an independent
 4   analysis of alternatives. It defines the capability gap in terms of the functional
 5   area, the relevant range of military operations, desired effects, and time.

 6   Integrated Architecture. An architecture consisting of multiple views or
 7   perspectives (Operational View, Systems View, and Technical Standards View)
 8   that facilitates integration and promotes interoperability across family of
 9   systems and system of systems and compatibility among related architectures.
10   An architecture description that has integrated Operational, Systems, and
11   Technical Standards Views with common points of reference linking the
12   Operational View and the Systems View and also linking the Systems View and
13   the Technical Standards View. An architecture description is defined to be an
14   integrated architecture when products and their constituent architecture data
15   elements are developed such that architecture data elements defined in one
16   view are the same (i.e., same names, definitions, and values) as architecture
17   data elements referenced in another view.

18   Interim Certificate to Operate (ICTO). Authority to field new systems or
19   capabilities for a limited time, with a limited number of platforms to support
20   developmental efforts, demonstrations, exercises, or operational use. The
21   decision to grant an ICTO will be made by the MCEB Interoperability Test Panel
22   based on the sponsoring component's initial laboratory test results and the
23   assessed impact, if any, on the operational networks to be employed.

24   Interoperability. The ability of systems, units or forces to provide data,
25   information, materiel and services to and accept the same from other systems,
26   units or forces and to use the data, information, materiel and services so
27   exchanged to enable them to operate effectively together. IT and NSS
28   interoperability includes both the technical exchange of information and the
29   end-to-end operational effectiveness of that exchanged information as required
30   for mission accomplishment. Interoperability is more than just information
31   exchange. It includes systems, processes, procedures, organizations, and
32   missions over the lifecycle and must be balanced with information assurance.

33   Interoperability Certification Evaluation Plan (ICEP). A JITC plan, developed in
34   conjunction with the PM/proponent, that establishes a strategy for evaluating
35   interoperability requirements in the most efficient and effective manner, in an
36   operationally realistic environment. This evaluation strategy identifies data
37   necessary to support an interoperability evaluation as well as the test
38   events/environments planned to produce that data. The PM/proponent should
39   coordinate with JITC to integrate interoperability into the system's T&E
40   documents (e.g., Test and Evaluation Master Plan (TEMP), test plans).
41   Complex systems that depend on multiple evaluation events will require JITC
42   to develop an NCEP, in addition to interoperability test plans (ITPs. Separate
                                           GL-11                              Glossary
                                                                       CJCSI 6212.01D
                                                                       14 October 2005
 1   from any NCEP, ITPs are written for individual test or data collection events.
 2   These plans detail the testing and data collection and analysis procedures that
 3   apply to that event. Generalized test plans may be applicable to some testing
 4   programs where the only variable is the specific system under test (i.e., test
 5   configuration, procedures, etc., remain the same).

 6   Interoperability Watch List (IWL). IAW reference g (DODI 4630.8) IT and NSS
 7   with significant interoperability deficiencies (as determined by the offices of the
 8   USD(AT&L), the ASD(NII)/DOD CIO, the Chairman of the Joint Chiefs of Staff,
 9   the Commander, U.S. Joint Forces Command), shall be placed on the IWL to
10   ensure that sufficient attention is given to achieving and maintaining
11   interoperability objectives; and to provide DOD oversight for those IT and NSS
12   activities for which interoperability is deemed critical to mission effectiveness,
13   but interoperability issues are not being adequately addressed. IT and NSS
14   considered for the IWL may be pre-acquisition systems, acquisition programs
15   (any ACAT), already fielded systems, or combatant commander-unique
16   procurements.

17   Joint. Connotes activities, operations, organizations, etc., in which elements of
18   two or more Military Departments participate. (Joint Publication 3-13).

19   Joint Capabilities Board (JCB) - The JCB functions to assist the JROC in
20   carrying out its duties and responsibilities. The JCB reviews and, if
21   appropriate, endorses all JCIDS and DOTMLPF proposals prior to their
22   submission to the JROC. The JCB is chaired by the Joint Staff, J-8, Director
23   of Force Structure, Resources, and Assessment. It is comprised of Flag
24   Officer/General Officer representatives of the Services.

25   Joint Capabilities Document (JCD) - The JCD identifies a set of capabilities
26   that support a defined mission area utilizing associated Family of Joint Future
27   Concepts, CONOPS or Unified Command Plan-assigned missions. The
28   capabilities are identified by analyzing what is required across all functional
29   areas to accomplish the mission. The gaps or redundancies are then identified
30   by comparing the capability needs to the capabilities provided by existing or
31   planned systems. The JCD will be used as a baseline for one or more
32   functional solution analyses leading to the appropriate Initial Capabilities
33   Document or joint doctrine, organization, training, materiel, leadership and
34   education, personnel, and facilities (DOTMLPF) change recommendations, but
35   cannot be used for the development of capability development or capability
36   production documents. The JCD will be updated as changes are made to the
37   supported Family of Joint Future Concepts, CONOPS or assigned missions.

38   Joint Capabilities Integration and Development System (JCIDS). A Chairman of
39   the Joint Chiefs of Staff process to identify, assess, and prioritize joint military
40   capability needs. The JCIDS process is a collaborative effort that uses joint
41   concepts and integrated architectures to identify prioritized capability gaps and
                                           GL-12                                Glossary
                                                                      CJCSI 6212.01D
                                                                      14 October 2005
 1   integrated DOTMLPF solutions (materiel and non-materiel) to resolve those
 2   gaps.

 3   Joint Interface. An IT and NSS interface that passes or is used to pass
 4   information between systems and equipment operated by two or more
 5   combatant commanders, Services, or agencies.

 6   JROC Interest. Programs identified by the JROC Secretary as being of interest
 7   to the JROC for oversight even though they do not meet the ACAT I cost
 8   thresholds or have been designated as ACAT ID.

 9   Key Interface. Interfaces in functional and physical characteristics that exist at
10   a common boundary with co-functioning items, systems, equipment, software
11   and data. A key interface profile is an external presentation through which a
12   GIG enterprise service can be accessed. They are designated as a Key Interface
13   when one or more of the following criteria are met:

14       a. The interface spans organizational boundaries. Different entities
15   (service, agency, organization) have ownership and authority over the hardware
16   and software capabilities on either side of the boundary,

17       b. The interface is mission critical. Data from joint organizations, multiple
18   services, and/or multiple agencies/organizations must move across the
19   interface to satisfy joint information flow requirements. If systems are not
20   interoperable at that interface, the ability to accomplish the mission is
21   endangered.

22      c. The interface is difficult or complex to manage.

23       d. There are capability, interoperability, or efficiency issues associated with
24   the interface.

25      e. The interface impacts multiple acquisition programs, usually more than
26   two (e.g. network points of presence, many-to-many or one-to-many
27   connections).

28      f. The interface is vulnerable or important from a security perspective.

29   Key Interface Profile (KIP). An operational functionality, systems functionality
30   and technical specifications description of the Key Interface. The profile
31   consists of refined Operational and Systems Views, Interface Control
32   Document/Specifications, Engineering Management Plan, Configuration
33   Management Plan, Technical View with SV-TV Bridge, and Procedures for
34   Standards Conformance and Interoperability Testing. The key interface profile
35   is the external technical specification that governs this access.


                                           GL-13                               Glossary
                                                                     CJCSI 6212.01D
                                                                     14 October 2005
 1   Key Interface Profile PM (KIP Owner). The Joint Staff/ASD(NII)/DOD CIO
 2   designated Program Manager assigned the responsibility for developing a
 3   specified external interface governing access to an enterprise service contained
 4   within the three GIG ES Key Interface Profile families.

 5   Key Interface Profile Family. Individual KIPs are organized into three families:
 6   Communications (define the interface profiles for communications and network
 7   components), Computing Infrastructure (define the external interfaces
 8   providing access to the computing environment hosting GIG Application
 9   Enterprise Services), and Application Enterprise Services (define the interface
10   profiles for software services).

11   Key Performance Parameters (KPPs). Those capabilities or characteristics
12   considered essential for successful mission accomplishment. Failure to meet a
13   system or program’s KPP threshold can be cause for the concept or system
14   selection to be reevaluated or the program to be reassessed or terminated.
15   Failure to meet a system or program’s KPP threshold can be cause for the
16   family-of-systems or system-of-systems concept to be reassessed or the
17   contributions of the individual systems to be reassessed. KPPs are validated by
18   the JROC. KPPs are included in the acquisition program baseline.

19   KIPs Declaration. A list identifying applicable KIPs. Key information to be
20   provided includes: KIP family/KIP identification, version identification,
21   applicability and status, threshold/objective indicator, associated interface(s),
22   and implementation statement, as appropriate. The implementation statement
23   expands on the basic declaration to include information on optional elements
24   that are implemented, known deviations, and any necessary configuration
25   details.

26   The categories of KIPs comprise a wide range of interface specifications, from
27   complete interface requirements to protocol specifications for part of an
28   interface. The implementation statement includes additional information on
29   system compliancy to the KIPs (i.e., not all systems may be required to
30   implement 100% of a KIP specification). Implementation and assessment of
31   KIPs compliance will require knowing which key interfaces are implemented
32   and any constraints/parameters associated with the implemented interface(s).

33   Mandated KIP. A fully mature profile, tested by the JITC, certified by the J-6,
34   published in DISRonline with an assigned compliance date designated by the
35   ISOP, and available with standards implementations with options and settings
36   for DOD PM use.

37   Metadata. Information describing the characteristics of data; data or
38   information about data; or descriptive information about an entity’s data, data
39   activities, systems and holdings. For example, discovery metadata is a type of

                                          GL-14                              Glossary
                                                                         CJCSI 6212.01D
                                                                         14 October 2005
 1   metadata that allows data assets to be found using enterprise search
 2   capabilities.

 3   Milestone Decision Authority (MDA). The individual designated in accordance
 4   with criteria established by the USD(AT&L), or by the ASD(NII)/DOD CIO for
 5   acquisition programs, to approve entry of an acquisition program into the next
 6   phase.

 7   Milestones. Major decision points that separate the phases of an acquisition
 8   program.

 9   Mission Assurance. A process to ensure that assigned tasks or duties can be
10   performed in accordance with the intended purpose or plan. It is a summation
11   of the activities and measures taken to ensure that required capabilities and all
12   supporting infrastructures are available to the DOD to carry out the National
13   Military Strategy. It links numerous risk management program activities and
14   security related functions -- such as force protection; antiterrorism; critical
15   infrastructure protection; information assurance; continuity of operations;
16   chemical, biological, radiological, nuclear, and high-explosive defense;
17   readiness; and installation preparedness -- to create the synergistic affect
18   required for DOD to mobilize, deploy, support and sustain military operations
19   throughout the continuum of operations.

20   Mission Need. A deficiency in current capabilities or an opportunity to provide
21   new capabilities (or enhance existing capabilities) through the use of new
22   technologies. They are expressed in broad operational terms by the DOD
23   components.

24   National Security Systems (NSS). Telecommunications and information
25   systems operated by the Department of Defense -- the functions, operation, or
26   use of which (1) involves intelligence activities; (2) involves cryptologic activities
27   related to national security; (3) involves the command and control of military
28   forces; (4) involves equipment that is an integral part of a weapon or weapons
29   systems; or (5) is critical to the direct fulfillment of military or intelligence
30   missions. Subsection (5) in the preceding sentence does not include
31   procurement of automatic data processing equipment or services to be used for
32   routine administrative and business applications (including payroll, finance,
33   logistics and personnel management applications).

34   Net-Centric. Information-based operations that use service-oriented
35   information processing, networks, and data from the following perspectives:
36   user functionality (capability to adaptively perform assigned operational roles
37   with increasing use of system-provided intelligence/cognitive processes),
38   interoperability (shared information and loosely coupled services), and
39   enterprise management (net operations).

                                            GL-15                                 Glossary
                                                                   CJCSI 6212.01D
                                                                   14 October 2005
 1   Net-Centric Operations and Warfare (NCOW). Describes how DOD will conduct
 2   business operations, warfare, and enterprise management. It is based on the
 3   concept of an assured, dynamic, and shared information environment that
 4   provides access to trusted information for all users, based on need,
 5   independent of time and place. It is characterized by assured services,
 6   infrastructure transparency (to the user), independence of data consumers and
 7   producers, and metadata supported by information discovery, protection and
 8   mediation. This fundamental shift from platform-centric warfare to net-centric
 9   warfare provides for an Information Superiority-enabled concept of operations.
10   The NCOW RM provides a common taxonomy and lexicon of NCOW concepts
11   and terms, and architectural descriptions of NCOW concepts. It represents an
12   important mechanism in DOD transformation efforts, establishing a common
13   framework for net-centricity. It will enable capability developers, program
14   managers, and program oversight groups to move forward on a path toward a
15   transformed, net-centric enterprise.

16   Net-Centric Operations and Warfare Reference Model (NCOW RM). The NCOW
17   RM describes the activities required to establish, use, operate, and manage the
18   net-centric enterprise information environment to include: the generic user-
19   interface, the intelligent-assistant capabilities, the net-centric service
20   capabilities (core services, Community of Interest (COI) services, and
21   environment control services), and the enterprise management components. It
22   also describes a selected set of key standards that will be needed as the NCOW
23   capabilities of the Global Information Grid (GIG) are realized. The NCOW RM
24   represents the objective end-state for the GIG. This objective end-state is a
25   service-oriented, inter-networked, information infrastructure in which users
26   request and receive services that enable operational capabilities across the
27   range of military operations; DOD business operations; and Department-wide
28   enterprise management operations. The NCOW RM is a key compliance
29   mechanism for evaluating DOD information technology capabilities and the
30   Net-Ready Key Performance Parameter.

31   Net-Ready. DOD IT/NSS that meets required information needs, information
32   timeliness requirements, has information assurance accreditation, and meets
33   the attributes required for both the technical exchange of information and the
34   end-to-end operational effectiveness of that exchange. DOD IT/NSS that is
35   Net-Ready enables warfighters and DOD business operators to exercise control
36   over enterprise information and services through a loosely coupled, distributed
37   infrastructure that leverages service modularity, multimedia connectivity,
38   metadata, and collaboration to provide an environment that promotes unifying
39   actions among all participants. Net-readiness requires that IT/NSS operate in
40   an environment where there exists a distributed information processing
41   environment in which applications are integrated; applications and data
42   independent of hardware are integrated; information transfer capabilities exist
43   to ensure seamless communications within and across diverse media;

                                         GL-16                              Glossary
                                                                     CJCSI 6212.01D
                                                                     14 October 2005
 1   information is in a common format with a common meaning; there exist
 2   common human-computer interfaces for users; and there exists effective
 3   means to protect the information. Net-Readiness is critical to achieving the
 4   envisioned objective of a cost-effective, seamlessly integrated environment.
 5   Achieving and maintaining this vision requires interoperability:

 6      a. Within a Joint Task Force/combatant command area of responsibility
 7   (AOR).

 8      b. Across combatant command AOR boundaries.

 9      c. Between strategic and tactical systems.

10      d. Within and across Services and agencies.

11      e. From the battlefield to the sustaining base.

12      f. Among US, Allied, and Coalition forces.

13      g. Across current and future systems.

14   Net-Ready Key Performance Parameter (NR-KPP). The NR-KPP is a key,
15   measurable, performance parameter stating a system’s information needs,
16   information timeliness, information assurance, and net-ready attributes
17   required for both the technical exchange of information needs, information
18   timeliness, information assurance, and net-ready attributes required for both
19   the technical exchange of information and the end-to-end operational
20   effectiveness of that exchange. The NR-KPP consists of verifiable performance
21   measures and associated metrics required to evaluate the timely, accurate, and
22   complete exchange and use of information to satisfy information needs for a
23   given capability. The NR-KPP is comprised of the following elements: a.
24   Compliance with the NCOW RM, b. Compliance with applicable GIG KIPs, c.
25   Verification of compliance with DOD information assurance requirements, d.
26   Supporting integrated architecture products required to assess IT and NSS
27   capabilities and limitations in providing mission essential data to the
28   Warfighter.

29   Operational View (OV) - An architecture view that describes the joint
30   capabilities that the user seeks and how to employ them. The OVs also identify
31   the operational nodes, the critical information needed to support the piece of
32   the process associated with the nodes, and the organizational relationships.

33   Spectrum Supportability. The determination as to whether the electromagnetic
34   spectrum necessary to support the operation of spectrum-dependent
35   equipment or system during its expected lifecycle is, or will be, available (that
36   is, from system development, through developmental and operational testing,
37   to actual operation in the electromagnetic environment.) The assessment of
                                          GL-17                                Glossary
                                                                    CJCSI 6212.01D
                                                                    14 October 2005
 1   equipment or system as having ―spectrum supportability is based upon, as a
 2   minimum, receipt of equipment spectrum certification, reasonable assurance of
 3   the availability of sufficient frequencies for operation, and consideration of
 4   electromagnetic compatibility (EMC).

 5   Substantive Comment. Substantive comments are provided because sections
 6   in the document appear to be or are potentially unnecessary, incorrect,
 7   incomplete, misleading, confusing, or inconsistent with other sections.

 8   Systems view (SV) - An architecture view that identifies the kinds of systems,
 9   how to organize them, and the integration needed to achieve the desired
10   operational capability. It will also characterize available technology and
11   systems functionality.

12   Technical Standards View. The Technical Standards View (TV) provides the
13   technical systems-implementation standards upon which engineering
14   specifications are based, common building blocks are established, and product
15   lines are developed.

16   Top-Level Exchanges. Top-level refers to exchanges between systems of
17   Combatant Command/Service/agency, Allied, and Coalition partners.
18




                                          GL-18                              Glossary

								
To top