NetOps Checklist

6,485 views

Published on

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
6,485
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
150
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

NetOps Checklist

  1. 1. 3 DISA NetOps 4 Readiness Review Process 5 6 And 7 8 DISA NetOps 9 Program/System/Application/Service 10 Readiness Checklist 11 13 14 15 16 17 18 Version 2.1 19 31 Aug 2007 20 21 22 Unclassified UNTIL FILLED IN 23 Circle one of the following: 24 25FOR OFFICIAL USE ONLY (mark each page) 26CONFIDENTIAL (mark each page and each finding) 27SECRET (mark each page and each finding)
  2. 2. 1 UNCLASSIFIED 2NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 331 Aug 2007 Defense Information Systems Agency 4 28 Document Change Record 29 Version ID Date Description Version 1 31 May 2006 Initial Release Version 2 04 Apr 2007 Updated NRRB Process, updated Recommended P/S/A/ S Documentation, updated Requirements and Question Formatting. Updated CFE reviews (Fig 4), CP-SIB and SEPA information. Merge of Process and Checklist documents into one. Version 2.1 31 August 2007 Updated with administrative comments received as feedback from formal staffing of Version 2 to DISA Directorates. Substantive comments will be addressed in the next major release. 30 5 6 i 7 UNCLASSIFIED
  3. 3. 8 UNCLASSIFIED 9NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 1031 Aug 2007 Defense Information Systems Agency 11 31 Table of Contents 32 331 Introduction.......................................................................................................................1 34 1.1 Background................................................................................................................1 35 1.2 Purpose of the NetOps Readiness Review Process ...................................................1 36 1.3 Scope of the Document..............................................................................................3 372 Definition of NetOps.........................................................................................................4 38 2.1 NetOps Essential Tasks and Desired Effects.............................................................4 39 2.2 NetOps in the DISA Framework................................................................................5 403 DISA’s Role in NetOps....................................................................................................6 41 3.1 DISA’s NetOps Vision..............................................................................................6 42 3.2 DISA’s Implementation of the GIG NetOps Vision..................................................6 434 Management for NetOps...................................................................................................8 44 4.1 DISA NetOps Goals...................................................................................................8 45 4.2 Best Practices to Ensure NetOps................................................................................8 465 NetOps Readiness Reviews............................................................................................10 47 5.1 NetOps Readiness Review Process..........................................................................10 48 5.1.1 NetOps P/S/A/S Readiness Checklist...............................................................11 49 5.1.2 CONOPS Template...........................................................................................13 50 5.2 DISA Roles in Achieving NetOps Readiness..........................................................14 51 5.2.1 The Chief Financial Executive Role.................................................................16 52 5.2.2 The Component Acquisition Executive Role...................................................16 53 5.2.3 The Corporate Board Role................................................................................18 54 5.2.4 The GIG Engineering and the Program Executive Offices Role......................18 55 5.2.5 The GIG Combat Support Directorate Role.....................................................19 56 5.2.6 The GIG Operations Directorate Role..............................................................20 57 5.2.7 Configuration Management Control Process....................................................20 58 5.2.8 Supporting the GIG IA Portfolio (GIAP).........................................................21 596 Appendix A. NetOps Program/System/Application/Service Readiness Checklist.........24 607 GIG ENTERPRISE MANAGEMENT (GEM)..............................................................28 61 7.1 Assignment of Project Officer.................................................................................28 62 7.2 CONOPS with NetOps Section...............................................................................28 63 7.3 Designation of DNC for Management and Control.................................................29 64 7.4 System Status Reporting Requirements and Procedures.........................................29 65 7.5 Situational Awareness (SA)/Critical System Status Reporting ..............................30 66 7.6 DISA NetOps Center (DNC) Specific Requirements..............................................30 67 7.7 Compliance with DISA OSS...................................................................................31 68 7.8 Filtering of Status Data............................................................................................31 69 7.9 Alternate DNC if the Internal Management System is Not Redundant...................32 70 7.10 Automated Drill Down and Query Capability.......................................................32 71 7.11 Integration to DISA Help Desk Center..................................................................33 72 7.12 Trouble Management System (TMS)....................................................................34 73 7.13 Configuration Management Tracking....................................................................34 74 7.14 Proposed Maintenance Schedule for System Devices/Components......................35 75 7.15 Specialized Training Requirements.......................................................................35 12 13 ii 14 UNCLASSIFIED
  4. 4. 15 UNCLASSIFIED 16NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 1731 Aug 2007 Defense Information Systems Agency 18 76 7.16 Formal Agreements with Outside (Non-DISA) Organizations.............................36 77 7.17 Maintenance of System Diagrams.........................................................................37 78 7.18 Approval Process for Changes to the System Architecture...................................38 79 7.19 Identification and Registration of System Interfaces.............................................39 80 7.20 Key Performance Metrics and Objectives for Service Level Agreement (SLA) 81 Monitoring.....................................................................................................................39 82 7.21 System Performance Capability ............................................................................40 83 7.22 Product Support Plan (PSP)...................................................................................42 84 7.23 Employment and Integration of Core Enterprise Services....................................42 85 7.24 Does the System Support IPv6.............................................................................43 868 GIG NETWORK DEFENSE (GND) .............................................................................44 87 8.1 DoD Net-Centric IA Strategy..................................................................................44 88 8.3 IA Design Tenets.....................................................................................................45 89 8.4 Assignment of Mission Assurance Category (MAC)/Sensitivity Levels................46 90 8.5 Integrity and Availability Controls Required for the Assigned MAC Level...........46 91 8.6 Confidentiality Controls Required for the Assigned Sensitivity Level...................46 92 8.7 Identification of P/S/A/S Need-to-Know Requirements and Access Control 93 Procedures......................................................................................................................47 94 8.9 Capture and UDOP Display of Security Events .....................................................48 95 8.10 Automated Capability for Detecting and Reporting P/S/A/S Security Events and 96 Anomalous Behavior.....................................................................................................48 97 8.11 IAVM Methodology .............................................................................................49 9810 GIG CONTENT MANAGEMENT (GCM).................................................................50 99 10.1 Metadata.................................................................................................................50 100 10.2 Federated Search Aggregators...............................................................................51 101 10.3 Service Discovery Registry....................................................................................52 102 10.4 Roles-Based Access...............................................................................................53 103 10.5 Smart Push/Pull of Data.........................................................................................54 104 10.6 Publication Mechanism for Smart Push/Pull of Data............................................55 105 10.7 Caching, Content Management, or Other “Smart” Delivery Mechanisms............56 106 10.8 Receipt and Delivery Notifications........................................................................57 107 10.9 Definition of User Population/COI........................................................................57 108 10.10 Contingency Operations.......................................................................................58 109 10.11 Monitoring and Analysis......................................................................................59 11011 APPENDIX B. ACRONYMS.....................................................................................61 11112 APPENDIX C. REFERENCES...................................................................................64 11213 APPENDIX D. DEFINITIONS...................................................................................68 113 19 20 iii 21 UNCLASSIFIED
  5. 5. 22 UNCLASSIFIED 23NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 2431 Aug 2007 Defense Information Systems Agency 25 1141 Introduction 115 116This document contains: 117 118 1. Definition of NetOps as referenced from the Version 3 Joint Concept of Operations 119 (CONOPS) for Global Information Grid NetOps (04 Aug 2006) 120 2. DISA’s role in NetOps as seen by the participating directorates 121 3. DISA management and guidance for NetOps on new acquisition and existing programs 122 regarding NetOps policy and requirements 123 4. DISA NetOps Readiness Review Process overview for assessing NetOps capabilities in 124 DISA-managed Information Systems 125 5. An overview of the documents used to assess NetOps readiness 126 6. DISA NetOps Program/System/Application/Service Readiness Checklist 1271.1 Background 128 129 The Commander, USSTRATCOM (CDRUSSTRATCOM) and the Assistant Secretary of 130 Defense for Networks and Information Integration, ASD(NII) have directed a common NetOps 131 framework and process for execution by DoD elements. DISA supports USSTRATCOM and the 132 Joint Task Force – Global Network Operations (JTF-GNO) vision to lead an adaptive force that 133 assures the availability, delivery, and protection of the Global Information Grid (GIG). The 134 NetOps tasks, effects, and organizational relationships described herein formulate a foundation 135 for the operational future of the GIG, but these will not happen automatically, nor will they occur 136 without significant effort from the entire NetOps community of interest (COI). The NetOps COI 137 is defined as the GIG providers, operators, defenders, and subscribers who possess a fundamental 138 understanding of their responsibilities, and act instinctively to ensure DoD’s intelligence, 139 business, and warfighting domains are a success. This vision requires cooperation, innovation, 140 and execution from all mission partners and everyone who touches the GIG. 1411.2 Purpose of the NetOps Readiness Review Process 142 143This NetOps Readiness Review Process document is intended to advance NetOps thinking within 144DISA and to accomplish the following objectives: 145 146 1. Define DISA’s requirements for NetOps that comply with USSTRATCOM NetOps 147 requirements 148 2. Identify how DISA is supporting NetOps requirements and capabilities for DISA’s 149 Information Systems and operations 150 151DISA’s role in achieving NetOps addresses two aspects of DISA’s products and services: 152 153 1. The development of new, transformational capabilities 154 2. The evolution of existing capabilities that are in sustainment 155 156This document shows how DISA’s NetOps Readiness Review Process fits in the broader context 157of DISA’s related processes and strategies, e.g., the DISA Net-Centric Review Process & 26 27 1 28 UNCLASSIFIED
  6. 6. 29 UNCLASSIFIED 30NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 3131 Aug 2007 Defense Information Systems Agency 32 158Strategy. This document also shows how DISA will use it to guide Agency technical decisions 159on direction of critical Programs/Systems/Applications/Services (P/S/A/S) that support the 160enterprise, to include applicable Pilots and Projects, and existing legacy systems’ development, 161fielding, and ongoing maintenance, through a NetOps Readiness Review Process. An electronic 162copy of this document is available online at the Systems Engineering Dashboard 163(https://dashboard.ncr.disa.mil/) under the Policy and Guidance section. This review process 164monitors program directions (or each program’s direction) toward NetOps readiness and potential 165cross-program disconnects that may affect successful movement toward NetOps. The following 166figure depicts where NetOps requirements are incorporated into all phases of the Defense 167Acquisition Management Framework and DISA’s Acquisition Lifecycle. 168 169 170 Figure 1: Integrating NetOps into DISA’s Acquisition Lifecycle 171 172The application of the NetOps Readiness Review Process for the acquisition of managed services, 173e.g. Net-Centric Enterprise Services (NCES), requires a modified approach than that depicted in 174Figure 1. DISA follows the precepts of adopt before buy and buy before create. Managed 175services adopted from the private sector may not necessarily follow the traditional milestone 176layout and will still be required to ensure an acceptable level of NetOps. The Agency will decide 177the level of acceptable risk for managed services that perform below DoD NetOps standards. As 178capability requirements are presented to industry in a Statement of Objectives (SOO), the NetOps 179requirements must also be included. A risk analysis will be conducted to determine if NetOps 180can be achieved. The managed service provider (MSP), Program Management Office (PMO), and 181government acquisition team will work together to establish a Service Level Agreement (SLA) 182that clearly articulates the interfacing and compliance of key NetOps requirements. Industry’s 183approach may be different from DoD’s NetOps approach, however both should have the same 184objectives to assure the availability, delivery, and protection of the GIG. 185 186The MSP is encouraged to cite Best Business Practices in response to the SOO to demonstrate 187how the NetOps requirements are satisfied. The government acquisition team will evaluate the 188responses and eliminate those that do not adequately satisfy functionality, cost, schedule, and 33 34 2 35 UNCLASSIFIED
  7. 7. 36 UNCLASSIFIED 37NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 3831 Aug 2007 Defense Information Systems Agency 39 189NetOps requirements. A site review is conducted on each remaining potential best value 190solution. During the site review the MSP must demonstrate the viability of the solution on three 191levels. Each level is given added weight to the NetOps certification recommendation developed 192at the conclusion of the site review. First, the MSP must articulate how they deliver the 193capabilities proposed in response to the SOO. Second, the MSP must present documentation on 194how those capabilities are delivered. Third, the MSP must demonstrate how the capabilities are 195delivered. Those areas that do not initially meet NetOps compliance will need a Plan of Action 196and Milestones (POA&M) with a mitigating strategy to come into compliance and to reduce 197risks. The government acquisition team will adjudicate the MSP proposal and present associated 198risks for Agency acceptance or rejection of associated risks. This approach should not delay the 199quick deployment associated with network-based services or applications delivered, hosted, and 200managed between PMO and service providers. As a minimum, any managed service operating 201across the GIG must be in accordance with the NetOps concept, be properly managed, provide 202adequate defensive mechanisms, and, if appropriate, stage content information to the warfighter 203and DoD customers. The NetOps Readiness Review Process constitutes a validation of proposed 204NetOps capabilities and affords the flexibility necessary to ensure essential NetOps information is 205synchronized to key acquisition decisions. 2061.3 Scope of the Document 207 208This document’s primary function is to aid DISA technical personnel in helping the Agency 209deliver NetOps compliant products and services to its community of users. This document is also 210intended for DISA’s Senior Program Directors, Program Managers, their Chief Engineers, the 211Cross Program – Synchronization and Integration Board (CP-SIB), and the GIG Operations 212Directorate (GO). The document can serve as a guide to help these leaders achieve NetOps 213requirements and capabilities for DISA. The document may also serve to inform people outside 214DISA, such as OSD, the Military Services, the Combatant Commands, and other Defense 215Agencies, on how DISA is implementing its technical approach to achieve NetOps in its products 216and services. 40 41 3 42 UNCLASSIFIED
  8. 8. 43 UNCLASSIFIED 44NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 4531 Aug 2007 Defense Information Systems Agency 46 2172 Definition of NetOps 2182.1 NetOps Essential Tasks and Desired Effects 219 220NetOps is defined as the operational framework consisting of: 221 • three essential tasks (GIG Enterprise Management (GEM), GIG Network Defense 222 (GND), and GIG Content Management (GCM)) 223 • situational awareness 224 • C2 that the CDRUSSTRATCOM employs to operate and defend the GIG. 225These tasks produce the desired effects of NetOps, which are: Assured System and Network 226Availability, Assured Information Protection, and Assured Information Delivery. NetOps relies 227on the application and integration of information technology and standard processes that provide 228traditional systems and network management (Fault, Configuration, Accounting, Performance, 229Security (FCAPS)); information and infrastructure protection; and the ability to maneuver 230information across GIG terrestrial, space, airborne and wireless environments. 231 232Figure 2, titled NetOps Essential Tasks and Effects, was developed to establish a common 233understanding of the technical composition that must be considered to provide and sustain the 234effects of NetOps. 235 236 237 Figure 2: NetOps Essential Tasks and Effects 47 48 4 49 UNCLASSIFIED
  9. 9. 50 UNCLASSIFIED 51NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 5231 Aug 2007 Defense Information Systems Agency 53 2382.2 NetOps in the DISA Framework 239 240NetOps is the operational construct that the CDRUSSTRATCOM will use to operate and defend 241the GIG. The goal of NetOps is to provide assured and timely Net-centric services across 242strategic operational and tactical boundaries in support of the Department of Defense (DoD) full 243spectrum of warfighting, intelligence and business missions. 244 245An enabling capability of NetOps is achieving shared situational awareness (SA) of GIG system, 246network and information availability. The primary purpose is to enhance knowledge of the GIG 247to improve the quality and timeliness of collaborative decision-making regarding the 248employment, protection and defense of the GIG. To be useful, much of this GIG SA must be 249available and shared in near real-time by the relevant decision-makers. DISA is to comply with 250USSTRATCOM and the JTF-GNO in their vision to lead an adaptive force that assures the 251availability, delivery, and protection of the GIG. 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 54 55 5 56 UNCLASSIFIED
  10. 10. 57 UNCLASSIFIED 58NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 5931 Aug 2007 Defense Information Systems Agency 60 2693 DISA’s Role in NetOps 2703.1 DISA’s NetOps Vision 271 272DISA has a long history in the area of NetOps resulting from its four decades of exercising 273operational direction and management control of the Defense Information System Network and 274its predecessor, the Defense Communications System. Drawing upon this experience, the 275Secretary of Defense and the CDRUSSTRATCOM are looking to DISA to provide the 276operational elements with the capabilities necessary to execute NetOps for the GIG. Key 277attributes of the NetOps operational elements include: 278 279 • An operational hierarchy and horizontal information sharing 280 • Global arbitration of NetOps priorities/requirements 281 • Global situational awareness 282 • Centralized management (monitoring and control) of DISA GIG resources 283 284By providing these capabilities, DISA supports the GIG NetOps vision. 2853.2 DISA’s Implementation of the GIG NetOps Vision 286 287To succeed in achieving its vision, DISA will implement and assess NetOps requirements using 288the process and tools as described in this document. Centralized management of NetOps will be 289conducted via the DISA NetOps Centers (DNC). The DNC are comprised of the Global NetOps 290Support Center (GNSC), Theater NetOps Centers (TNCs), GIG Infrastructure Services 291Management Center (GISMC), and Systems Management Center (SMC). Additional directives 292on the decision of which center each DISA P/S/A/S is to be managed from are currently in 293conception and will be referenced in future versions of this document. 294 295 • The Global NetOps Support Center (GNSC) provides the day-to-day technical operation, 296 control and management of the portions of the GIG that support Global Operations but 297 are not assigned to a COCOM (global backbone portions of the GIG). The GNSC 298 conducts GIG backbone NetOps along with other services as support as referenced in the 299 Joint CONOPS for GIG NetOps. 300 301 • Each Theater NetOps Center (TNC) is responsible for the effective operation and defense 302 of the GIG within the theater and for providing onsite, theater support for NetOps as 303 referenced in the Joint CONOPS for GIG NetOps. 304 305 • The GIG Infrastructure Services Management Center (GISMC) is the primary DOD 306 enterprise level applications services NetOps center that supports the GNSC and TNCs 307 with applications layer network and systems management, visibility, monitoring, 308 analysis, planning, and control. The center optimizes the integrated NetOps of the 309 existing and emerging applications networks and services as referenced in the Joint 310 CONOPS for GIG NetOps. 311 312 • The Systems Management Center (SMC) create points of convergence for problem 313 resolution and form a gateway to aid in facilitating customer support requirements for 61 62 6 63 UNCLASSIFIED
  11. 11. 64 UNCLASSIFIED 65NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 6631 Aug 2007 Defense Information Systems Agency 67 314 accessing and using the IT products and services provided by the Computing Services 315 Directorate (CSD). The SMC provides operational management oversight, support, and 316 problem resolution for production environments. The SMC is realigned into primary 317 areas reporting to a single Director or Commander as described in the DISA Operations 318 Support Team (OST) CONOPS. 319 320 68 69 7 70 UNCLASSIFIED
  12. 12. 71 UNCLASSIFIED 72NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 7331 Aug 2007 Defense Information Systems Agency 74 3214 Management for NetOps 322 323This section describes how DISA is working to achieve NetOps readiness in its key programs. 324Additional directives on management models are in conception, and will be referenced in future 325versions of this document. Further financial, programmatic, and technical management activities 326are discussed in Section 5, NetOps Readiness Reviews. 3274.1 DISA NetOps Goals 328 329The NetOps Readiness Review Process has the following strategic goals, each with important 330second-tier objectives: 331  Enable effective and efficient GIG NetOps. 332 − Identify and reduce technical obstacles to NetOps implementation. 333 − Accommodate DoD and industry changes that will affect NetOps, including net-centric 334 behavior of the GIG, IP Convergence, and IPv6. 335  Foster development and adoption of a joint NetOps architecture that addresses deployed 336 and sustainment forces. This must support GIG SA, C2, and all three NetOps essential 337 tasks: GIG Enterprise Management (GEM), GIG Network Defense (GND), and GIG 338 Content Management (GCM). 339 − Enable integration of GIG SA, C2, GEM, GND, and GCM data and analysis to exchange 340 data and conclusions where appropriate. 341 342DISA’s NetOps goals are to support the long-haul part of the end-to-end network, including 343enterprise services and tactical situational awareness, while individual Services and Agencies 344help provide this capability in the tactical and specialized domains. The overall goal is to assure 345effective NetOps across data, voice, and video; including applications, services, computing and 346transport layers by helping to implement the DISA CONOPS template in conformance with the 347other appropriate NetOps P/S/A/S Readiness Checklist requirements. To assist in reaching these 348goals, the DISA Field Security Operations (FSO) will be responsible for development of NetOps 349Training for the DISA workforce. 3504.2 Best Practices to Ensure NetOps 351 352There are some best practices that can be found in the systems engineering and integration 353literature and in experience gained in government and industry to ensure NetOps. Some DISA 354programs cannot adopt portions of this guidance due to policy and regulations that direct other 355standards. Thus cost, schedule, and technical risks can be introduced through adherence to policy 356guidance and regulations. Other documentation may be requested when existing policy and 357regulation precludes such adherence, such as a POA&M. 358 359NetOps guidance includes: 360 361 • Cooperation, innovation, and execution from all mission partners and everyone who 362 touches the GIG (refer to the GIG IA Portfolio (GIAP)) 363 • Adopt currently available resources before building new capabilities, and refrain from 364 creating new programs until exhausting the preceding approaches 75 76 8 77 UNCLASSIFIED
  13. 13. 78 UNCLASSIFIED 79NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 8031 Aug 2007 Defense Information Systems Agency 81 365 • Assure timely and secure Net-Centric capabilities across strategic, operational, and 366 tactical boundaries in support of DoD’s full spectrum of warfighting, intelligence, and 367 business missions 368 • Document operational purpose of the proposed Program/System/Application/Service 369 (P/S/A/S) to include items such as background and objectives, policies and constraints, 370 roles and responsibilities, support environment/lifecycle management in the form of a 371 Concept of Operations (CONOPS) 372 82 83 9 84 UNCLASSIFIED
  14. 14. 85 UNCLASSIFIED 86 87NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 8831 Aug 2007 Defense Information Systems Agency 89 3735 NetOps Readiness Reviews 3745.1 NetOps Readiness Review Process 375 376All DISA Programs/Systems/Applications/Services (P/S/A/S) are subject to NetOps Readiness 377Reviews. To ensure Agency P/S/A/S are managed and protected as they evolve over their 378lifecycle, the DISA Field Security Operations (FSO) marries the NetOps vision with their well 379established security certification and accreditation process during the NetOps Readiness Review. 380NetOps Readiness Reviews are to be conducted as part of ongoing DISA Component Acquisition 381Executive (CAE) program reviews to assure that sound acquisition, engineering, and financial 382practices are being used and that products and services are being developed in accordance with 383DoD guidance pursuant to major program milestones. The NetOps Readiness Review process 384will begin during the pre-system acquisition stage to ensure that NetOps is incorporated 385during concept refinement and as the Initial Capabilities Document is developed and will 386follow the sequence of events identified below: 387 388 1. The NetOps Readiness Review Board (NRRB) will meet on a regular basis to determine 389 which DISA P/S/A/S to include applicable Pilots and Projects are critical technologies 390 that require a NetOps Review. The NRRB is led by GIG Operations (GO) and consists of 391 members from DISA Field Security Operations Division (FSO), GO Technical Director’s 392 Team (GOTD), GO Integration Support Branch (GO51), CAE, GS, GE, and SPI-CIO. 393 394 2. The NetOps P/S/A/S Readiness Checklist requirements are introduced to the system 395 program manager (PM), or proponent for non-PM managed system (e.g. Transition 396 Manager, Migration Manager, etc.) during a pre-coordination meeting with the NRRB. 397 398 3. The PM works with Directorate Information Assurance Managers (IAM) and FSO to 399 perform a NetOps self-assessment using the Checklist requirements during the concept 400 refinement stage (pre-Milestone A) of the P/S/A/S’s lifecycle. Additional existing 401 documents (e.g., the Capability Description Document that identifies expected P/S/A/S 402 capabilities) are made available to GO staff. 403 404 4. FSO acts as the field agent to check the P/S/A/S documents for points of clarification. 405 Information is validated by the FSO team during both the NetOps Assessment and IA 406 Assessment. The FSO team may conduct informal review meetings with the PMs as 407 needed to ensure all NetOps P/S/A/S Readiness Checklist requirements are met. 408 409 5. The PM will provide the completed Checklist and plan of actions and milestones 410 (POA&M) to address any open findings to the FSO team. 411 412 6. FSO acts as the NetOps certifier and will provide a NetOps recommendation 413 memorandum for the particular P/S/A/S reviewed to the NetOps Readiness Review 414 Board (NRRB) for formal evaluation. 415 416 7. The P/S/A/S and NRRB meet to review the data and assess progress toward the final 417 operational capability of the P/S/A/S in terms of NetOps. The NRRB review identifies 9010 UNCLASSIFIED 91 92
  15. 15. 93 UNCLASSIFIED 94 95NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 9631 Aug 2007 Defense Information Systems Agency 97 418 actions to correct identified NetOps problems and suggests changes in direction. The 419 NRRB will act as the endorser for final NetOps certification. 420 421 8. The NetOps required actions are captured, managed, and may be presented to the NetOps 422 Governance and Advisory Board (NGAB) in the event of any critical issues associated 423 with the NetOps certification. The NGAB meets quarterly or on an ad-hoc basis as 424 recommended and is comprised of senior members from CAE, GO, GS, GE and SPI. 425 426 9. Information regarding NetOps Readiness of a P/S/A/S is included with the P/S/A/S’s 427 accreditation request package for an Authority to Operate (ATO) to the CIO who acts as 428 the DISA Designated Accrediting Authority (DAA). 429 430Throughout the P/S/A/S’s lifecycle and review processes, CIO and GO will cooperate from the 431security and NetOps aspects to inform each other of the P/S/A/S’s status. Information regarding 432NetOps Readiness will also be submitted at the next GE Systems Engineering Process 433Assessment (SEPA) with GO staff support. Further details of the NetOps Readiness Review 434process are detailed below in section 5.2.6. 435 436 Figure 3: NetOps Readiness Review Process 437 5.1.1 NetOps P/S/A/S Readiness Checklist 438 439The NetOps Program/System/Application/Service (P/S/A/S) Readiness Checklist may be found 440in Appendix A of this document. The NetOps P/S/A/S Readiness Checklist is a Global 441Information Grid Operations (GO) led initiative and was developed to provide DISA Designated 442Accrediting Authority (DAA) and Program Managers (PM)s with a mechanism that is used to 443assess the NetOps Readiness of critical DISA P/S/A/S and applicable Pilots and Projects prior to 444their introduction, or incorporation into the Global Information Grid (GIG) Architecture. 445 446The NetOps P/S/A/S Readiness Checklist is also designed as a tool to assess existing DISA 447P/S/A/S. Existing system’s shortcomings that are captured during the review process would 9811 UNCLASSIFIED 99 100
  16. 16. 101 UNCLASSIFIED 102 103NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 10431 Aug 2007 Defense Information Systems Agency 105 448serve as key factors and considerations in existing system strategy planning, with the primary 449focus of attaining an acceptable NetOps Readiness status. 450 451The NetOps P/S/A/S Readiness Checklist will serve as an internal DISA P/S/A/S certification 452tool. The Checklist is not intended to replace or supersede any similar or pre-existing DoD 453processes or guidance. Some items contained in the Checklist may overlap those in other 454established processes. However, the goal of the Checklist is to both validate the completion 455of other relative system processes while highlighting and re-emphasizing the most critical 456considerations for ensuring the NetOps readiness of the system. 457 458An electronic copy of this Checklist is available online at the Systems Engineering 459Dashboard (https://dashboard.ncr.disa.mil/) under the Policy and Guidance section. 460The NetOps P/S/A/S Readiness Checklist is to be kept simple with the intent that a review can 461move quickly over items that appear to be compliant. Items that appear to need greater discussion 462can be probed more deeply to assure review participants that being reviewed is on track to 463address any apparent challenges in achieving NetOps readiness. 464 465FSO will use the NetOps P/S/A/S Readiness Checklist, along with the other required system 466documentation as a framework to ensure that no potential security liability exists with the 467network. FSO will use the Checklist in combination with their normal certification and 468accreditation activities, with the main focus on the Top DISA P/S/A/S. In addition to conforming 469to the NetOps P/S/A/S Readiness Checklist attributes, the FSO team may also look at other 470requirements as appropriate as indicators of NetOps behavior. 471 472FSO will provide a NetOps recommendation memorandum based on the results of the NetOps P/ 473S/A/S Readiness Checklist. FSO will also provide Checklist support in maintaining version 474control with the GO Technical Director’s Team (GOTD). 475 5.1.1.1 Checklist Applicability 476 477The Checklist applies to critical DISA Programs/Systems/Applications/Services (P/S/A/S) that 478support the enterprise, to include applicable Pilots and Projects, and existing systems. Each 479newly developed and acquisitioned DISA P/S/A/S, existing P/S/A/S, and all system 480upgrades/modifications must be assessed to verify/validate its security posture, prior to their 481introduction or incorporation into the Global Information Grid (GIG) Architecture. The Checklist 482may be applied to an existing P/S/A/S regardless of where it lies in the Acquisition Lifecycle. 483 484Not all P/S/A/S will need to address the full checklist. For example, a P/S/A/S that primarily 485provides information transport will have minimal, if any, net-centricity issues having to do with 486data, applications, or the services infrastructure. Similarly, a P/S/A/S that supports directory 487services may have data-, applications- and services-, and information assurance infrastructure- 488related net-centricity issues but not transport-related issues. 489 5.1.1.2 Checklist Requirements 490 491The desired objective of a NetOps Readiness assessment of a DISA P/S/A/S is to verify full 492compliance with all requirements in sections six through nine of this document. Requirement 10612 UNCLASSIFIED 107 108
  17. 17. 109 UNCLASSIFIED 110 111NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 11231 Aug 2007 Defense Information Systems Agency 113 493compliance is verified through the review of required system documentation for completeness 494and accuracy, along with the evaluation of P/S/A/S functionality and interoperability to include 495compliance with quality of service (QoS) and security standards specified in the applicable policy 496and system design requirements. Verification of requirement compliance is guided by responses 497and results to indicators included with each requirement that are compiled from applicable DoD 498reference documents listed in Appendix C. 499 500A plan of action and milestones (POA&M) is required for those requirements which can not be 501verified as fully compliant with the applicable policy and system design requirements. The 502POA&M should lead to the efficient and effective compliance of the requirement or ensure the 503mitigation of requirement non-compliance to an acceptable level of risk. 504 505The evaluation requirements contained in the Checklist are organized to assess system 506compliance within the three essential tasks defined in the Joint Concept of Operations for Global 507Information Grid NetOps: GIG Enterprise Management (GEM); GIG Network Defense (GND) 508and GIG Content Management (GCM). Additionally, the requirements are further delineated 509based upon where the system is within its acquisition life cycle, whether newly acquired, or in the 510maintenance phase, e.g. existing systems. To ensure that the appropriate life cycle specifics are 511addressed, the proper milestone associated with each individual requirement is identified. The 512requirement shall be checked by the FSO accordingly as described below: 513 514Open if the stated requirement is non-compliant and requires mitigation. The appropriate 515Milestone category shall be “checked” as a justification and a POA&M shall be developed to 516address the open finding. 517 518Not a Finding if the stated requirement is in compliance and justification provided. 519 520Not Reviewed if the stated requirement is not reviewed during current assessment. 521 522Not Applicable if it pertains to a particular life-cycle stage of development for which the P/S/A/S 523has not yet attained, or not applicable to the P/S/A/S. The appropriate Milestone category shall 524be “checked” as a justification for the (N/A) designation. 525 5.1.1.3 Checklist Structure 526The NetOps P/S/A/S Readiness Checklist is organized using the three essential tasks that are 527described in the US Strategic Command (USSTRATCOM) Joint Concept of Operations for 528Global Information Grid NetOps. Each Checklist item is assigned to an essential tasks category 529based on its relationship to the high-level definitions below: 530 531 • Transport: Enterprise Services Management, Systems Management, Network 532 Management, and SATCOM / Electromagnetic Spectrum Management. 533 • Defense: Availability, Authentication, Confidentiality, Integrity, Non-repudiation, 534 Protection, Monitor, Detection, Analyze, and Response. 535 • Flow: Awareness, Access, Delivery and Support 536 5.1.2 CONOPS Template 537 11413 UNCLASSIFIED 115 116
  18. 18. 117 UNCLASSIFIED 118 119NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 12031 Aug 2007 Defense Information Systems Agency 121 538The CONOPS offer a place to showcase the NetOps attributes of the program’s products or 539services and how the program plans to provide those NetOps capabilities. Many of the 540requirements addressed in the NetOps P/S/A/S Readiness Checklist will already be documented 541in the P/S/A/S’s CONOPS. The CONOPS Template is available online from the DISA Systems 542Engineering Process website in the Toolbox, under “Templates and Forms” located at 543https://dashboard.ncr.disa.mil/index.php?page=se_temp_form . You can also access the DISA 544Systems Engineering Homepage by navigating to the DISA Edge portal (CAC required), 545Functions, Systems Engineering, SE Process (Groupshare). Access to this site may be granted 546by contacting Edge_Support@disa.mil 5475.2 DISA Roles in Achieving NetOps Readiness 548 549Many organizations in DISA have roles in assuring that DISA P/S/A/S achieve NetOps readiness. 550NetOps achievement is also measured by DISA in its corporate level balanced scorecard. 551This notion of measurement demands a corporate culture change and requires senior 552management involvement/participation in all phases of execution. 553 554The GIG Operations Directorate (GO) provides guidance and operational requirements that 555advocate for NetOps technology solutions and enterprise-wide implementation. The DISA Field 556Security Operations (FSO) will be responsible for development of NetOps Training for the DISA 557workforce. GO also acts as the NetOps compliance evaluators using tools such as the CONOPS 558Evaluation Checklist and NetOps P/S/A/S Readiness Checklist. The Component Acquisition 559Executive (CAE) conducts acquisition management reviews to assure that DoD and DISA 560acquisition policy are being followed. The Chief Financial Executive (CFE) is responsible for 561resourcing NetOps capabilities and conducts financially related reviews to assure that programs 562conform to financial policy and any prospective financial problems are addressed. The GIG 563Engineering and the Program Executive Offices (Information Assurance/NetOps (IAN), Defense 564Enterprise Computing Centers (DECC), Net-Centric Enterprise Services (NCES), Teleport and 565others that may be created in the future) are responsible for development of new project, program 566and service capabilities. GE holds engineering reviews to assure that sound systems, 567communications, and software engineering practices are being applied in the P/S/A/S. The Cross 568Program – Synchronization and Integration Board (CP-SIB) holds cross-program engineering 569reviews to assure that all affected programs are addressing program interdependencies. 570 571DISA Test and Evaluation Directorate (TED) will assess DISA products and services for their 572conformance to requirements in the context of NetOps readiness. Computing Services (part of 573GIG Combat Services or GS) will host DISA’s net-centric products and services in ways that 574assure fast and economical response to users’ updates of and access to information anywhere in 575the world. GS is responsible for the evolution of existing capabilities that are in sustainment and 576will support new NetOps requirements with consistently high quality of service (QoS) and class 577of service (CoS). The authority to ratify the NetOps certification of a system is the responsibility 578of the Principal Director for GIG Operations (GO). The Agency Designated Accrediting 579Authority (DAA) receives a system NetOps readiness certification recommendation from the 580NetOps Readiness Review Board (NRRB) and/or NetOps Governance and Advisory Board 581(NGAB). The basis of the NetOps Board’s certification recommendation is the review of a 582system accreditation request package that is compiled and submitted by the PM or proponent for 583non-PM managed system (e.g. Transition Manager, Migration Manager, etc.). The system 12214 UNCLASSIFIED 123 124
  19. 19. 125 UNCLASSIFIED 126 127NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 12831 Aug 2007 Defense Information Systems Agency 129 584accreditation request package is comprised of a variety of required system documentation, system 585assessments and certification assessments that includes the NetOps P/S/A/S Readiness Checklist. 13015 UNCLASSIFIED 131 132
  20. 20. 133 UNCLASSIFIED 134 135NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 13631 Aug 2007 Defense Information Systems Agency 137 586 5.2.1 The Chief Financial Executive Role 587 588Program Financial Reviews 589 590DISA’s Chief Financial Executive (CFE) conducts financially related reviews to assure that 591programs conform to financial policy, are executing spending plans appropriately and are 592prepared to address prospective financial problems. CFE holds one Annual Program Plan Review 593and three subsequent Financial Health Assessments. These reviews are typically held early in a 594new fiscal year to identify any funding issues that need early attention in a given year. Reviews of 595particularly complicated programs (e.g., with multiple overlapping blocks or phases) may occur 596with more frequency than for programs with sequential phases or a single sequence of milestones. 597Figure 4 depicts the nominal CFE schedule for a P/S/A/S. 598 599 600 Figure 4. Nominal Schedule for P/S/A/S Financial Reviews 601 5.2.2 The Component Acquisition Executive Role 602 603Acquisition Management Reviews 604 605The CAE conducts acquisition management reviews, mainly of programs and major services, to 606assure that DoD and DISA acquisition policies are being followed. Acquisition Management 607Reviews are conducted periodically (typically quarterly or semi-annually). More frequent checks 608are provided at weekly CAE PM meetings. Other acquisition reviews are conducted on programs 609prior to Overarching Integrated Product Team (OIPT) reviews at OSD and major milestone 610reviews. Figure 5 depicts the nominal CAE schedule for acquisition management reviews of 611major programs. Financial, engineering, and net-centricity reviews are conducted in the context 612of the CAE pre-OSD milestone readiness reviews. 13816 UNCLASSIFIED 139 140
  21. 21. 141 UNCLASSIFIED 142 143NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 14431 Aug 2007 Defense Information Systems Agency 145 613 614 Figure 5. Nominal Annual Schedule of CAE Reviews of Major DISA Programs 615 616The Defense Acquisition Management Framework description is provided in Figure 6 below. 617 618 619 620 Figure 6. Defense Acquisition Management Framework 6215.2.2.1 Milestone A 622 623A Milestone A decision usually comes at the end of Concept Refinement when the Milestone 624Decision Authority (MDA) approves the result of the Analysis of Alternatives (AoA) and the 625Technology Development Strategy (TDS). Milestone A is the beginning of the Technology 626Development stage. Concept Refinement and Technology Development constitute the “Pre- 627System Acquisition” phase of the Defense Acquisition System. 6285.2.2.2 Milestone B 629 630A Milestone B decision follows the completion of Technology Development, and begins the 631“Systems Acquisition” phase of the Defense Acquisition System. The Systems Acquisition phase 632is comprised of “System Development and Demonstration”, and “Production and Deployment”. 633System Development and Demonstration (SDD) is comprised of System Integration, and System 14617 UNCLASSIFIED 147 148
  22. 22. 149 UNCLASSIFIED 150 151NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 15231 Aug 2007 Defense Information Systems Agency 153 634Demonstration. Milestone B begins at System Integration, and ends the completion of System 635Demonstration. 6365.2.2.3 Milestone C 637 638A Milestone C decision comes at the completion of “System Development and Demonstration”, 639and begins the “Production and Deployment” phase. 6405.2.2.4 Sustainment 641 642Sustainment and Disposal comprise the “Operations and Support” stage of the Defense 643Acquisition System. 644 645It is assumed that P/S/A/Ss being considered for NetOps readiness for introduction or 646incorporation into the GIG architecture would have received a Milestone B decision at a 647minimum; entering the System Development and Demonstration (SDD) phase. Programs 648entering the acquisition process at Milestone B shall have an approved Initial Capabilities 649Document (ICD) that provides the context in which the capability was determined and approved, 650and an approved Capability Development Document (CDD) that describes specific program 651requirements. 652 653Programs considered for NetOps readiness may already be in the Production and Deployment, or 654Sustainment phase. In which case, a Milestone C decision would have been received. 655 656The tables in Enclosure 3 of DODI 5000.2, “Operation of the Defense Acquisition 657System”, May 12, 2003 identify the statutory and regulatory information requirements of 658each milestone and decision point. Additional non-mandatory guidance on best practices, 659lessons learned, and expectations is available in The Defense Acquisition Guidebook at 660http://dod5000.dau.mil/. 661 5.2.3 The Corporate Board Role 662 663The DISA Corporate Board is briefed on major DISA programs (i.e., ACAT I and Special 664Interest programs) as significant issues come up that affect strategic DISA directions. There is no 665explicit schedule for such Board meetings on program issues, except as dictated by major events 666on programs. 667 5.2.4 The GIG Engineering and the Program Executive Offices Role 668 669The GIG Engineering and the Program Executive Offices (IAN, DECC, NCES, Teleport and 670others that may be created in the future) are responsible for development of new P/S/A/S 671capabilities. The Program Executive Office for Information Assurance/NetOps (PEO-IAN) is 672subject to the various reviews in preparation to major milestone and other significant events in a 673program’s life cycle. PEO-IAN has the responsibility for development of new transformational 674capabilities and for ensuring that DISA products are NetOps ready when fielded. Figure 7 shows 675a notional schedule for a program over its life and the associated GE review insertion points to 676support CAE reviews. 15418 UNCLASSIFIED 155 156
  23. 23. 157 UNCLASSIFIED 158 159NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 16031 Aug 2007 Defense Information Systems Agency 161 677 678 679Figure 7. Notional Life-cycle Schedule of GE Systems Engineering Reviews 680 681 682Systems Engineering Process Assessments 683 684The GIG Engineering organization (GE) conducts systems engineering reviews in preparation to 685major milestone and other significant events in a program’s life cycle. The Systems Engineering 686Process Assessements (SEPA) will occur periodically throughout the programs lifecycle. The 687purpose of the SEPA is to provide a quick, broad life cycle view of a program’s Systems 688Engineering activities. The SEPA can be used to identify specific issues or risk areas that require 689more in-depth evaluation. As a part of this review the SEPA Team will verify that the program is 690aware of the CONOPS Template and the NetOps P/S/A/S Readiness Checklist and has completed 691the NetOps P/S/A/S Readiness Checklist questions appropriate to the program’s phase in the 692lifecycle. GE will partner with GO for NetOps assessments presented during a SEPA. All 693NetOps assessments should be a result from the most recent P/S/A/S’s NetOps Readiness 694Review, as described above in section 5.1. 695 5.2.5 The GIG Combat Support Directorate Role 696 697GIG Combat Support Directorate (GS) is responsible for the evolution of existing capabilities that 698are in sustainment and is being challenged to support new NetOps requirements with consistently 699high quality of service (QoS) and class of service (CoS). Any program planning to put 700capabilities into the DNCs must comply with the DNC requirements (DOTMLPF) and integration 701framework and will need to coordinate with the DISN Operations Support System (OSS) 702Division (GS28) in order to ensure their integration to the overall DISN OSS Architecture. New 703systems that are transitioning into GS responsibility and sustainment will have NetOps readiness 704reviews and certification as part of the transition process. The originating organization will 705provide the completed checklist and process the readiness review leading to DAA approval. 706 707Systems in sustainment will have a NetOps certification. Those existing systems that do not have 708certification will initiate the NetOps Readiness Review Process. Once a system is in sustainment 709and has had an initial or transition readiness review and DAA approval, it will be the system 710management office’s responsibility to maintain the NetOps P/S/A/S Readiness Checklist. 711Changes of varying degrees occur in sustainment and the checklist will be kept current for each 16219 UNCLASSIFIED 163 164
  24. 24. 165 UNCLASSIFIED 166 167NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 16831 Aug 2007 Defense Information Systems Agency 169 712change. The system management office will initiate a readiness review for any significant change 713that negatively impacts NetOps. Negative impacts are when any checklist criteria are degraded. 714All requirements are critical for NetOps compliance, and whatever areas are not met will need a 715Plan of Action and Milestones (POA&M). The NGAB reviews all changes for systems that are 716deployed to GNSC and TNC’s and will determine if a readiness review is required. 717 5.2.6 The GIG Operations Directorate Role 718 719NetOps Readiness Reviews 720 721As noted earlier, NetOps Readiness Reviews are intended to complement overall P/S/A/S reviews 722led by CAE and conducted with the CFE and GE. The intent of NetOps Readiness Reviews is to 723assure that DISA P/S/A/S are developed with the appropriate NetOps requirements. The 724information for the NetOps assessment of a given P/S/A/S will be a result of the NetOps review 725that is done by the NetOps Readiness Review Board (NRRB). The NRRB is led by GO and 726consists of members from FSO, GO Technical Director’s Team (GOTD), GO Integration Support 727Branch (GO51), CAE, GS, GE, and SPI-CIO. The expected outcomes include a “report card” for 728the reviewed P/S/A/S and guidance to the P/S/A/S on corrective technical actions to improve 729getting to NetOps. FSO will provide a NetOps recommendation memorandum based on the 730results of the NetOps P/S/A/S Readiness Checklist. The P/S/A/S will need to prepare a Plan of 731Action and Milestones (POA&M) with a mitigating strategy that addresses those areas that do not 732initially meet NetOps compliance. That information will be used as input by the NRRB to the 733Principal Director for GIG Operations (GO) who acts as the authority to accredit the NetOps 734certification of a system. The agency Designated Accrediting Authority (DAA) receives a system 735NetOps readiness certification recommendation from the NRRB or NGAB. 736 737GO will also act as the evaluators for P/S/A/S’s CONOPS. GO teams will want to participate in 738the engineering Working Integrated Product Teams (WIPTs) to provide guidance to programs 739with respect to their moving toward NetOps readiness. Alternatively, the GO teams may wish to 740review outcomes of WIPT meetings and work any issues with the appropriate participants from 741the WIPTs and the programs. The CAE may seek GO guidance on selected operational matters 742during quarterly program reviews as well. 743 5.2.7 Configuration Management Control Process 744DISA has several processes that are linked for overall management of assurances through control 745of changes made to hardware, software, firmware, documentation, and tests of 746Programs/Systems/Applications/Services (P/S/A/S) throughout its development and operational 747life. The Configuration Control Boards (CCB) are instrumented with common architecture, tools, 748and capabilities to accept management of DISA P/S/A/S. Example of DISA CCBs include the 749following: 750 751 • The DISA NetOps Configuration Control Board is chaired by GIG Operations (GO) and 752 is the approval authority to introduce new initiatives not approved by higher-level boards 753 to the configuration and routine operation of the DISA NetOps Centers (DNC). The 754 DNCs includes the Global NetOps Support Center (GNSC), Theater NetOps Centers 755 (TNCs), and GIG Infrastructure Services Management Center (GISMC). Initiatives 756 could affect policies, procedures, concepts or strategies, as well as tools, technologies, 757 and infrastructure required to support the DNCs (DOTMLPF issues). 17020 UNCLASSIFIED 171 172
  25. 25. 173 UNCLASSIFIED 174 175NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 17631 Aug 2007 Defense Information Systems Agency 177 758 759 • The DISN Network Services Configuration Control Board is chaired by GIG Combat 760 Support, Center for Network Services, Operational Support Systems Division (GS28) and 761 is responsible for establishing the initial integrated DISN core and DISN baseline in 762 terms of architecture, functionality and service offering, and for reviewing all subsequent 763 proposed configuration changes to the established baselines, assessing their impact, and 764 rendering a decision concerning approval or disapproval. Examples of changes include 765 any modifications to approved individual service/transport offerings as part of the overall 766 integrated DISN core and DISN architecture. 767 5.2.8 Supporting the GIG IA Portfolio (GIAP) 768 769The Deputy Secretary of Defense approved DoDD 8115.01, providing instruction on how to 770perform portfolio management activities for all GIG Information Technology (IT) investments. 771IT investments will be managed as portfolios to: 772 773 • Ensure IT investments support the Department’s vision, mission, and goals 774 • Ensure efficient and effective delivery of capabilities to the warfighter 775 • Maximize return on investment to the Enterprise using the GIG architecture, plans, risk 776 management techniques, capability goals 777 778Three major DoD IT Mission Areas include Business, Warfighting, and Enterprise Information 779Environment, which is comprised of four domain areas (Core Enterprise Services, Computing, 780Transport, and Information Assurance). 781 DoD IT Portfolio EIE Mission Area Portfolio GIG IA Portfolio AIS AMM CON DTG HAE INR Roadmap Roadmap Roadmap Roadmap Roadmap Roadmap Foundational Activities 782 Roadmap 783 Figure 8. DoD IT Portfolio 784 785Figure 8 depicts the GIG IA Portfolio (GIAP) as part of the DoD IT Portfolio. The GIAP is 786designed to analyze, select, control and evaluate critical IA capabilities and associated 787investments to enable information superiority. The purpose of GIAP is to: 788 17821 UNCLASSIFIED 179 180
  26. 26. 181 UNCLASSIFIED 182 183NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 18431 Aug 2007 Defense Information Systems Agency 185 789 • Develop an integrated IA operational capability roadmap that is accepted community- 790 wide 791 • Develop an investment strategy for IA portfolio to drive investment decisions 792 • Continuously analyze and refresh investment strategy to maximize operational benefit. 793 • Provide an opportunity to partner with IA community members 794 • Optimize existing funding and justify additional funding to meet IA priorities 795 796 797 Figure 9. DoD Governance IA Portfolio Management 798 799Figure 9 shows DoD Governance of IA Portfolio Management. Portfolio Management is defined 800as a holistic view of DoD’s GIG IA Strategy with: 801 802 1. Inventory of IA projects (Baseline is the Defense Information Assurance Program 803 (DIAP) Database) 804 2. Create a master Schedule 805 3. Evaluate Portfolio for synchronization, gaps, duplication, risks 806 4. Impact the Program Objective memorandum (POM) process 807 5. Cradle to grave investment strategy (life cycle management (LCM)) 808 809Under the GIAP there are six Capability Roadmaps: 810 18622 UNCLASSIFIED 187 188
  27. 27. 189 UNCLASSIFIED 190 191NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 19231 Aug 2007 Defense Information Systems Agency 193 811 1. Assured Information Sharing (AIS): Provides the user with the right information, at the 812 right time, at the right place, and displayed in the right format, while denying adversaries 813 access to that same information or service. 814 2. Assured Mission Management (AMM): Provides the ability to coordinate and de-conflict 815 system configuration and resource changes, mission priority changes, and cyber attack 816 responses as well as includes the ability to assign, prioritize, modify, and revoke user and 817 system roles, access rights, COI membership and resources. 818 3. Confidentiality (CON): Ensure information is not made available or disclosed to 819 unauthorized individuals, entities, devices, or processes. 820 4. Defend the GIG (DTG): Monitors, analyzes, detects, and responds to potential and actual 821 unauthorized network activities, as well as unintentional non-malicious user errors that 822 could potentially cause harm. 823 5. Highly Available Enterprise (HAE): Ensures GIG computing and communications 824 resources, services, and information are available and accessible. 825 6. Integrity and Non-Repudiation (INR): Integrity/Non-Repudiation capabilities provide 826 assurance that information does not change from production to consumption, or from 827 transmission to receipt. It also guarantees that neither recipient can deny the processing 828 or reception of the data. 829 830Additional information on the GIAP is available online 831(https://gesportal.dod.mil/sites/gigia/default.aspx). 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 19423 UNCLASSIFIED 195 196
  28. 28. 197 UNCLASSIFIED 198 199NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 20031 Aug 2007 Defense Information Systems Agency 201 8596 Appendix A. NetOps Program/System/Application/Service 860 Readiness Checklist 861Classification is based on classification of network reviewed: 862Date of NetOps RR:________ _____________ 863 P/S/A/S Reviewer Phone Previous RR Y N Date of Previous RR NA VC06 Available Y N Number of Current Open Findings 864 865 866P/S/A/S Information: P/S/A/S Name Program Manager Phone P/S/A/S Tracking # (DITPR) DAA: CIO [ ] GO [ ] J6 [ ] DSS [ ] OTHER [ ] 867 868 869Site Information: Site Name Address Phone 870 871Site Personnel Information: Position Name Phone Number Email Area of Responsibility IAM IAO NSO 872 873The Program/System/Application/Service (P/S/A/S) documentation provides the framework for 874the NetOps P/S/A/S Readiness assessment prior to incorporation into the GIG. 20224 UNCLASSIFIED 203 204
  29. 29. 205 UNCLASSIFIED 206 207NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 20831 Aug 2007 Defense Information Systems Agency 209 875 876The list of documentation provided in Table 1-1 is not intended to be all-inclusive, but provides 877those documents (including the NetOps P/S/A/S Readiness Checklist) recommended for a system 878PM, or proponent for non-PM managed systems, to submit for the system accreditation request 879package. The list also comprises the minimum recommended documentation that may be 880provided to the NetOps Readiness Review Board for review and consideration of P/S/A/S NetOps 881readiness certification. 882 883 Table 1-1 RECOMMENDED P/S/A/S DOCUMENTATION FOR NETOPS REVIEW 884 Item Documentation Yes No Notes for the Evaluator Security Certification and Accreditation documentation (DIACAP): The DIACAP package is a 1. set of documentation submitted to the Designated Accrediting Authority (DAA) for authorization to operate (ATO). DoD Architecture Framework: The DoDAF is a framework for development of a systems architecture or enterprise architecture (EA). DoDAF views are 2. organized into four basic view sets: overarching All View (AV), Operational View (OV), Systems View (SV), and the Technical Standards View (TV). Approval/Interim Approval to Operate (I/ATO), Approval/Interim Approval to Test (I/ATT), and Approval/Interim Approval to Connect (I/ATC) 3. Signed documentation by the Designated Accrediting Authority (DAA) authorizing operation of a system for a designated period of time. (In most cases will be part of the SSAA*) P/S/A/S Concept Of Operations (CONOPS): Outlines 4. assumptions or intent in regard to the operations, defense, NetOps, and C2 of a program. (May be part of SSAA) P/S/A/S Operation Manuals: Provide operational 5. instructions that can be used by system administrators to properly configure, manage, and troubleshoot a system. Configuration Management Plan: Identifies the organizations and procedures to be used by the 6. developers to perform activities related to configuration management. (May be part of SSAA) Network/System Management Plan: Defines how the network or system will be managed, and possibly what 7. Enterprise management tools will be used for performance monitoring, change and configuration management, reporting, etc. 21025 UNCLASSIFIED 211 212
  30. 30. 213 UNCLASSIFIED 214 215NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 21631 Aug 2007 Defense Information Systems Agency 217 Item Documentation Yes No Notes for the Evaluator Continuity of Operations Plan (COOP): Describes 8. preparations in place for survival of operations in the case of a catastrophic event. (May be part of SSAA) Disaster Recovery Plan (DRP): Describes the data, hardware, and software critical for an organization to 9. restart operations in the event of a natural or human- caused disaster. (May be part of SSAA) Systems Integration Test, Security Verification, Site and User Acceptance Test Reports: Reports from 10. security, testing and evaluations as part of the C&A process. Memorandums of Agreement or Memorandums of Interconnection (MOA/MOI): Document written between parties to cooperatively work together on an 11. agreed upon project or meet an agreed upon objective. The purpose of an MOA is to have a written understanding of the agreement between parties. (May be part of SSAA) System Deployment Schedule: Provides a deployment 12. timeline for a system, accounting for the end user, operator, and sustainment communities. Product (or Logistics) Support Plan: Outline how 13. logistics support and sustainment of a system will be managed over its life cycle. Functional Requirements Specification/ System Statement of Requirement (SOR): Describes how the user intends to use the system and the expected 14. performance. Issues of security and data integrity should also be included. Functional requirements specify specific behaviors of a system. The SOR details requirements that the system will provide. Implementation Plan: Outlines a program’s strategy for 15. successful execution of a program’s system/service/capability. FSO Test Reports and IA Controls: A roll-up of a series of physical security assessments and scans on a program’s hardware assets. Hardware is configured 16. according to the required Security Technical Implementation Guides (STIGs), and scanned for potential vulnerabilities. DISA System Accreditation Checklist and CIO Accreditation Memo: Appendix R contains the CA’s 17. recommendation to the DAA and the authorization to operate in a formal memorandum signed by the DAA, which is the accreditation memorandum. 21826 UNCLASSIFIED 219 220
  31. 31. 221 UNCLASSIFIED 222 223NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 22431 Aug 2007 Defense Information Systems Agency 225 Item Documentation Yes No Notes for the Evaluator NetOps P/S/A/S Readiness Checklist: Internal DISA P/ S/A/S certification tool that evaluates compliance within the three essential tasks defined in the Joint CONOPS for 18. GIG NetOps: GIG Enterprise Management (GEM); GIG Network Defense (GND) and GIG Content Management (GCM). 885 886*Systems Security Authorization Agreement (SSAA) – A living document that defines all 887system specifications including the system mission, target environment, target architecture, 888security requirements and applicable access policies. The SSAA also describes the applicable 889planning and certification actions, resources and documentation required to support the 890certification and accreditation. In essence, the SSAA is the vehicle that guides the implementation 891of information security. The SSAA is updated and revised during each of the four phases. 892 893The DIACAP Comprehensive Package includes: 894 895 • System Identification Profile (SIP) - Part of the Executive Package, which contains the 896 minimum required information for an accreditation decision. An information base, i.e., a 897 document, collection of documents, or collection of data objects within an automated 898 information system that uniquely identifies an information system within the DIACAP 899 and contains established management indicators, e.g., DIACAP status. 900 901 • DIACAP Implementation Plan – Contains the information system’s assigned IA 902 Controls. The plan also includes the implementation status, responsible entities, 903 resources and the estimated completion date for each assigned IA Control. The plan may 904 reference applicable supporting implementation material and artifacts. 905 906 • Certification Documentation - A collection of documents that describes the security 907 posture of the system, an evaluation of the risks, and recommendations for correcting any 908 deficiencies. 909 910 • DIACAP Scorecard - Part of the Executive Package, which contains the minimum 911 required information for an accreditation decision. A summary report that shows the 912 certified or accredited implementation status of a DoD information system’s assigned IA 913 Controls and supports or conveys a certification determination and/or accreditation 914 decision. The DIACAP Scorecard is intended to convey information about the IA 915 posture of a DoD information system in a format that can be easily understood by 916 managers and be easily exchanged electronically. 917 918 • Plan of Action & Milestones (POA&M) - Part of the Executive Package, which 919 contains the minimum required information for an accreditation decision. A POA&M is 920 required for any accreditation decision that requires corrective actions. It is a tool 921 identifying tasks that need to be accomplished. It specifies resources required to 922 accomplish the elements of the plan, any milestones in meeting the task, and scheduled 923 completion dates for the milestones. 22627 UNCLASSIFIED 227 228
  32. 32. 229 UNCLASSIFIED 230 231NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 23231 Aug 2007 Defense Information Systems Agency 233 9247 GIG ENTERPRISE MANAGEMENT (GEM) 9257.1 Assignment of Project Officer Has a DISA NetOps Center (DNC) representative been assigned to serve as a Project Officer responsible for coordinating the deployment of this system? Identify name(s) and role(s). Procedure: Verify assignment. References(s): Defense Information Systems Agency Instruction (DISAI) 310-220-1; DODI 5000.2, Para 3.4; DCID 6/3 para 2.B.4.e(4), 2.B.4.e(5); DoDI 8500.2 Encl 4, Att 1,2,3 DCSD-1; DCID 1/19 Sect 5 and 10 Indicators: Comments: o Appointment directive. o Personnel know are familiar with the identity of the Project Officer. Milestone A Requirement: Technology Development PDI Short Description: No DNC Representative has been assigned to serve as Project Officer. Open Not a Finding Not Reviewed Not Applicable 9277.2 CONOPS with NetOps Section 928 Has a CONOPS been written for the Program/System/Application/Service (P/S/A/S) that includes a NetOps section? Procedure: Verify documentation. References(s): Joint Concept of Operations for Global Information Grid NetOps, DISA CONOPS Template. Comments: Indicators: o Included in CONOPS. Milestone A Requirement: Technology Development PDI Short Description: NetOps is not included in the CONOPS. Open Not a Finding Not Reviewed Not Applicable 23428 UNCLASSIFIED 235 236
  33. 33. 237 UNCLASSIFIED 238 239NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 24031 Aug 2007 Defense Information Systems Agency 241 9307.3 Designation of DNC for Management and Control Has the PM worked with the DNC(s) to define a set of information necessary to manage the P/S/A/S? Procedure: Verify CONOPS includes an appropriate determination of how the DNC(s) will manage this capability. References(s): Defense Information Systems Agency Instruction (DISAI) 310-220-1; Joint Concept of Operations for Global Information Grid NetOps. Indicators: Comments: o Stated in the CONOPS or fielding document. o DNC acknowledgement or relationships. Milestone A Requirement: Technology Development PDI Short Description: No DNC has been designated to manage and control the P/S/A/S once it is declared operational. Open Not a Finding Not Reviewed Not Applicable 9327.4 System Status Reporting Requirements and Procedures Have the DNC’s Tactics, Techniques & Procedures (TTPs) for system status reporting been included in the P/S/A/S design and implementation documents? Procedure: Interview the Network Security Officer (NSO) and review implementation documentation References(s): Joint Concept of Operations (CONOPS) for Global Information Grid (GIG) NetOps, Version 3, 4 August 2006; CJCSI 6215.02A; DISAC 310-55-1, “Status Reporting for the Defense Communications System”; DODI 5000.2, Para 3.8 Indicators: Comments: o The DNC has documented status reporting requirements for the P/S/A/S. o The P/S/A/S documentation satisfies the DNC defined requirements. o Requirements Traceability Matrix (RTM) showing DNC requirements and system solutions to meet those requirements. Milestone B Requirement: System Development and Demonstration PDI Short Description: The P/S/A/S status reporting requirements and procedures have not been established. Open Not a Finding Not Reviewed Not Applicable 24229 UNCLASSIFIED 243 244
  34. 34. 245 UNCLASSIFIED 246 247NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 24831 Aug 2007 Defense Information Systems Agency 249 9347.5 Situational Awareness (SA)/Critical System Status Reporting Does the P/S/A/S report the status data on fault, configuration, security and performance data using GEM, GND, GCM tools and capabilities? Identify the tool or capability. Procedure: Review P/S/A/S documentation. References(s): Joint Concept of Operations (CONOPS) for Global Information Grid (GIG) NetOps, Version 3, 4 August 2006 (Situational Awareness) ; DODI 5000.2, Para 3.7; DoDI 8500.2 Encl 4, Att ½/3 DCHW-1, DCFA-1, DCPP-1, DCPR-1, DCSW-1; DoDD 5220.22M, Sec 8-101; DCID 6/3 Sec 2.B.4.b.(4), 2.B.5.c.(4), 5.B.1.a.(2), 5.B.2.a.(4) Indicators: Comments: o Sys logs being exported. o SNMP or other fault system integrated into the SA system. Milestone B Requirement: System Development and Demonstration PDI Short Description: Critical system devices do not report status to an internal Management System. Open Not a Finding Not Reviewed Not Applicable 9357.6 DISA NetOps Center (DNC) Specific Requirements 25030 UNCLASSIFIED 251 252
  35. 35. 253 UNCLASSIFIED 254 255NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 25631 Aug 2007 Defense Information Systems Agency 257 9367.7 Compliance with DISA OSS Have specific DNC NetOps requirements been met, and have all major issues that affect policies, procedures, concepts or Do the P/S/A/S’s management tools and capabilities fit intorequired to supportOperations been properly satisfied? strategies, as well as tools, technologies, and infrastructure the overall DISA the DNCs Support System (OSS) Architecture? Procedure: Review requirements documentation. Procedure: Review P/S/A/S documentation. Should comply with DISA OSS Architecture. References(s): Defense Information Systems Agency Instruction (DISAI) 310-220-1; DODI 5000.2, Para 3.4 and 3.8; References(s): 2.B.4.e(4), 2.B.4.e(5); DoDI (CONOPS) for Att 1,2,3 DCSD-1; DCID(GIG)Sect 5 andVersion 3, 4 August Ch DCID 6/3 para Joint Concept of Operations 8500.2 Encl 4, Global Information Grid 1/19 NetOps, 10; NISPOMSUP 2006 (Situational Awareness) ; DODI 5000.2, Para 3.7; CJCSM 6510.01 para 2.c 8 Sec 4 Indicators: Comments: Indicators: o System Requirements Traceability Matrix (RTM) o The DNC representative reviewed the DNC specific includes DNC requirements. Comments: requirements and has taken/assigned various tasks to o System Interface Control Document (ICD) identifies all manage and control the P/S/A/S once it is declared information exchange requirements. operational. o The DNC has the ability to satisfy critical requirements (e.g., requirements for security, reliability, real-time Milestone B Requirement: System Development and Demonstration responsiveness, and correctness) under all conditions. o Doctrine, Organization, Training, Materiel, Leadershipis not compatible with the DISA OSS Architecture. PDI Short Description: The P/S/A/S’s management data and Education, Personnel and Facilities (DOTMLPF) requirements. Open Not a Finding Not Reviewed Not Applicable Milestone A Requirement: Technology Development PDI Short Description: DNC requirements have not been met. Open Not a Finding Not Reviewed Not Applicable 9377.8 Filtering of Status Data 25831 UNCLASSIFIED 259 260
  36. 36. 261 UNCLASSIFIED 262 263NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 26431 Aug 2007 Defense Information Systems Agency 265 Is the P/S/A/S management data compliant or filterable for incorporation into a DISA Network Operations Common Operational Picture (COP)? Procedure: Review P/S/A/S architecture. References(s): CJCSI 6211.02B, “Defense Information System Network (DISN): Policy, Responsibilities and Processes”, 31 July 2003, Encl B; GIG Capstone Requirements Document; DODI 5000.2, Para 3.7 Indicators: Comments: o System Element Management System (EMS) data is entered in the DoD Metadata Registry. o System Ports and Protocols are registered IAW DoDI 8551.1. o Identify P/S/A/S EMS data that are filterable for incorporation into a DISA Network Operations COP. (User Defined Operational Picture (UDOP), NetCOP, INMS, Amberpoint) Milestone B Requirement: System Development and Demonstration PDI Short Description: The P/S/A/S is not capable of providing status data that can be filtered for incorporation into a DISA COP. Open Not a Finding Not Reviewed Not Applicable 9387.9 Alternate DNC if the Internal Management System is Not Redundant In the event of a DNC failure, can the P/S/A/S’s management data be redirected to an alternate DNC? Procedure: Interview the NSO. References(s): Joint Concept of Operations (CONOPS) for Global Information Grid (GIG) NetOps, Version 3, 4 August 2006; DODI 5000.2, Para 3.8; CJCSM 6510.01 para 2.c Indicators: Comments: o CONOPS. o System COOP. Milestone C Requirement: Production & Deployment/Operations & Maintenance PDI Short Description: The P/S/A/S’s EMS data cannot be redirected to an alternate DNC. Open Not a Finding Not Reviewed Not Applicable 9397.10 Automated Drill Down and Query Capability 940 26632 UNCLASSIFIED 267 268
  37. 37. 269 UNCLASSIFIED 270 271NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 27231 Aug 2007 Defense Information Systems Agency 273 Does the P/S/A/S support external queries using NetOps technology (UDOP, NetCOP, INMS, Amberpoint)? Procedure: Interview the NSO. References(s): Joint Concept of Operations (CONOPS) for Global Information Grid (GIG) NetOps, Version 3, 4 August 2006; DODI 5000.2, Para 3.8 Indicators: o Drill down and query specific system component Comments: configuration information to facilitate situational awareness. o Compliance with Tele-Management Forum, Multi- Technology Network Management (MTNM) Solutions Suite. o Compliance with Tele-Management Forum Multi- Technology Operations System Interface (MTOSI) Solutions Suite. o The Internal Management System interfaces to and correlates with other relevant system management tools and data. Milestone C Requirement: Production & Deployment/Operations & Maintenance PDI Short Description: The P/S/A/S does not support external queries using required NetOps technologies. Open Not a Finding Not Reviewed Not Applicable 9417.11 Integration to DISA Help Desk Center 942 If PM has established a separate Help Desk, is it integrated and compliant with the DNC Trouble Management System (TMS) policy? Procedure: Interview the NSO. Trouble tickets must link to Help Desk and DNC process. References(s): DODI 5000.2, Para 3.8 Indicators: Comments: o Integration plan addresses trouble management process and relationship with DNC. o GO and DNC involvement is documented. Milestone C Requirement: Production & Deployment/Operations & Maintenance PDI Short Description: The P/S/A/S integration plans do not include integration to an existing DISA Help Desk Center. Open Not a Finding Not Reviewed Not Applicable 27433 UNCLASSIFIED 275 276
  38. 38. 277 UNCLASSIFIED 278 279NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 28031 Aug 2007 Defense Information Systems Agency 281 9447.12 Trouble Management System (TMS) 945 Does the P/S/A/S seamlessly integrate with the existing DISA TMS? Procedure: Interview the NSO to ensure the P/S/A/S is compliant with this requirement. References(s): Director’s Policy Letter: Standard Trouble Management System; DODI 5000.2, Para 3.8 Indicators: Comments: o PM using the DISA-TMS. o System automated trouble tickets are generated in response to alarms and performance thresholds. o Trouble tickets are automatically cleared when alarms are cleared. o Manual ticket generation capability. Milestone C Requirement: Production & Deployment/Operations & Maintenance PDI Short Description: TMS is not being used as the corporate trouble-ticketing system. Open Not a Finding Not Reviewed Not Applicable 9467.13 Configuration Management Tracking 28234 UNCLASSIFIED 283 284
  39. 39. 285 UNCLASSIFIED 286 287NetOps Readiness Review Process and P/S/A/S Readiness Checklist, V2.1 28831 Aug 2007 Defense Information Systems Agency 289 Is there an automated configuration management (CM) process for the P/S/A/S? Procedure: Interview the NSO to ensure the P/S/A/S is compliant with this requirement. References(s): DODI 5000.2, Para 3.8 Indicators: Comments: o The P/S/A/S has established a plan and business processes for entering and maintaining configuration management data. O The P/S/A/S has designated overall CM responsibility to a person and users have attended CM training. O The P/S/A/S has assigned a member to the DISN Configuration Control Board. Milestone C Requirement: Production & Deployment/Operations & Maintenance PDI Short Description: There is no automated CM process. Open Not a Finding Not Reviewed Not Applicable 9477.14 Proposed Maintenance Schedule for System Devices/Components If P/S/A/S devices/components require scheduled maintenance, has a proposed maintenance plan and procedures been developed? Procedure: Refer to the Product Support Plan to validate. References(s): DODI 5000.2, Para 3.8; DoDI O-8530.2 Encl 4, para E4.3.1.2.1; NISPOM Ch 8 and 10; NISPOMSUP Ch 8 Sec 4; DCID 6/3 para 2.B.4.e(13) Indicators: Comments: o Instructions have been developed outlining maintenance procedures for devices/components requiring scheduled maintenance. o Requirements for scheduled maintenance are detailed in the PSP. Milestone C Requirement: Production & Deployment/Operations & Maintenance PDI Short Description: A proposed maintenance plan/schedule has not been developed for devices/components requiring scheduled maintenance. Open Not a Finding Not Reviewed Not Applicable 9487.15 Specialized Training Requirements 949 29035 UNCLASSIFIED 291 292

×