Cryptome DVDs. Donate $25 for two DVDs of the Cryptome collection of 47,000 files from June 1996 to January 2009 (~6.9 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. The collection includes all files of cryptome.org, cryptome.info, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org, and 23,100 (updated) pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere worldwide without extra cost.

11 March 1997
Source: http://www.hqda.army.mil/webs/techarch/ata45/sect6.htm

SECTION 6 INFORMATION SECURITY

Department of the Army

Technical Architecture (ATA)

ATA Logo

Version 4.5, Dated 12 November 1996

This is the latest approved version of the Army Technical Architecture.

Date revised: 12 November 1996

Send in your comments on the Army Technical Architecture.

Click here to submit comments Email: techarch@HQDA.ARMY.MIL

Your comment should include the following information: name, organization, phone number, recommended change including section number, and reason. Receiving comments by Email allows us to rapidly address your comment and make the necessary changes in the next revision.

INFORMATION SECURITY

6.1 INTRODUCTION

6.1.1 Purpose

This section describes the information security standards that apply to Army systems that produce, use or exchange information electronically. These standards provide the warfighter with a seamless flow of timely, accurate, accessible, and secure information.

6.1.2 Scope

The standards described in this section are drawn primarily from formally developed national and international standards. In order to be effective, security standards must be integrated into and used with the other information standards in the ATA. Therefore this section is structured to mirror the structure of the ATA itself with security standards organized corresponding to each ATA section. An additional subsection has been provided to address security unique considerations. This section assumes a level of knowledge of information security above an operational level.

6.1.3 Background

The TAFIM provides a blueprint for the Defense Information Infrastructure (DII), capturing the evolving vision of a common, multipurpose, standards-based technical infrastructure. The DOD Goal Security Architecture (DGSA), Volume 6 of the TAFIM, provides a comprehensive view of the architecture from the security perspective. The DGSA is a generic architectural framework for developing mission specific security architectures. The DGSA provides the basis of the security standards discussion in this section of the ATA. While the DGSA is oriented toward future systems, today's technology and standards can be used to achieve DGSA-consistent systems that are on the path to complete implementation of the DGSA.

Systems that process sensitive data must be certified and accredited before use. Certification is the technical evaluation of an Automated Information System's (AIS's) security features and other safeguards, made in support of the accreditation. Accreditation is the authorization by the Designated Approving Authority (DAA) that an automated system may be placed into operation. Therefore, system developers should open dialog with the DAA concurrently with their use of the ATA, as DAA decisions can affect the applicability of standards within specific environments.

Security requirements and engineering should be determined in the initial phases of design. The determination of security services to be used and the strength of the mechanisms providing the services are primary aspects of developing the specific security architectures to support specific domains. Section 6 of the ATA is used after operational architectural decisions are made regarding the security services needed and the required strengths of protection of the mechanisms providing those services. Section 6 of the ATA can also be used to assess the relevance of standards that can be met with evaluated commercial and government-provided components and protocols. The ATA can be used as a tool to evaluate elements of the system architecture regarding operational security requirements, standards compliance, interoperability with other systems, and cost reduction through software reuse.

Other technical architectural decisions must be made after considering Army enterprise level regulations. Army Regulation (AR), Information System Security (AR 380-19) contains the necessary references to other standards and mandates that must be considered by a system developer. Comprehensive system and security engineering are the basis for selecting proper combinations of standards to develop a system that meets the needs of mission security requirements.

6.2 INFORMATION PROCESSING SECURITY STANDARDS

Information processing security services are defined in ISO 7498-2. These services include authentication, access control, data integrity, data confidentiality, non-repudiation and availability. Availability management is not included in this international standard but is specifically called out in the DGSA for the local communications system and communications network management facilities. ISO 10181, OSI Security Frameworks, extends this list of services by including security audit and key management.

As a general requirement, all Army systems must demonstrate that they meet the applicable security profile described in both AR 380-19 and the DOD Trusted Computer System Evaluation Criteria standard, DOD 5200.28-STD.

6.2.1 Mandated Standards

6.2.1.1 Application Software Entity

The DOD Multilevel Security Initiative (MISSI) provides products for protecting information in electronic form. Its use is currently mandated for electronic mail and will be extended to other areas as products become available. The various specifications and types of products available that implement the security services are identified in the MISSI Implementation Guide. One of the products is the FORTEZZA card, a Personal Computer (PC) card (formerly known as a Personal Computer Memory Card International Association (PCMCIA) card) that provides several security services for electronic mail. Some security functions that would normally be invoked by applications are described in 6.3.1.1.1. The interface to the FORTEZZA card is described in:

Evaluation Criteria Standards, which describe security designations such as classes C2, B1, etc. are contained in:

6.2.1.2 Application Platform Entity

The following standard is mandated for security auditing or alarm reporting:

Authentication Security Standard:

If Open Software Foundation (OSF) Distributed Computing Environment (DCE) Version 1.1 is used, the following authentication standard is mandated:

6.2.2 Emerging Standards

6.2.2.1 Application Software Entity

FORTEZZA provided security services for functions other than electronic mail are still emerging and are not yet mandated. However, systems should strongly consider the possibility of a mandate in the near future.

Generic Data Unit Protection API:

Applications, where data needs to be protected without any on-line connection with the intended recipient(s) of that data, could make use of a generic security service. Subsequent to being protected, the data unit can be transferred to the recipient(s), or to an archive where it may be processed days or years later as unprotected. The Independent Data Unit Protection (IDUP)-GSS-API extends the GSS-API (RFC-1508) for non-session protocols and applications requiring protection of a generic data unit (such as a file or message) in a way which is independent of the protection of any other data unit and independent of any concurrent contact with designated "receivers" of the data unit.

6.2.2.2 Application Platform Entity

The following draft IEEE standards define a standard interface and environment for POSIX-based computer operating systems that require a secure environment:

Army systems that are required to exchange information at multiple sensitivity levels require a standard labeling format to identify the sensitivity level of the information. The following labeling standard applies:

Security Alarm Reporting:

6.2.2.3 Remote Authentication

Remote Authentication Dial In User Service (RADIUS), et. al., July 1996, is an Internet draft that describes a protocol for carrying authentication, authorization, and configuration information between a Network Access Server that desires to authenticate its links and a shared Authentication Server.

6.2.2.4 Generic Security Service Application Program Interface (GSS API)

The Generic Security Service Application Program Interface (GSS-API) (RFC 1508), September 1993, definition provides security services to callers in a generic fashion, supportable with a range of underlying mechanisms and technologies and hence allowing source-level portability of applications to different environments. This specification defines GSS-API services and primitives at a level independent of underlying mechanism and programming language environment, and is to be complemented by other, related specifications:

6.2.2.5 Security Management Protocols

Progress toward approval of SNMP V2 has been slow. In the meantime CMIP has been adopted by many developers for the management of circuit-switched systems. It is envisioned that a future Network and System Management standard will incorporate features of both SNMP V2 and CMIP for packet-switched and circuit-switched environments respectively. Developers should build or use products that are based on these standards to the maximum extent possible.

The MISSI system performs a number of functions through the exchange of administrative messages between MISSI components. These messages are characterized by the fact that they are all necessary for "system management" of MISSI-protected networks rather than being user-based messages. The following was created to provide a standard framework for defining these messages:

6.3 INFORMATION TRANSFER SECURITY STANDARDS

This section discusses the security standards that have an impact on the information transfer security services.

6.3.1 MANDATES

6.3.1.1 MISSI

6.3.1.1.1 MISSI Cryptographic Algorithms

The following API governs the interface to the services of the FORTEZZA card:

Design of the operating system drivers and/or hardware adapters to use the resources provided by the FORTEZZA card need the technical detail contained in the Interface Control Document (ICD). For the card, this can be found in for the FORTEZZA Crypto Card ICD, Version P1.5, 22 December 1994, and in FORTEZZA Plus Crypto Card ICD, Release 3.0, 01 June 1995.

For those systems that need to escrow an encryption key, the following standard applies:

6.3.1.1.2 Security Protocols

Security protocols that are algorithm independent, such as Message Security Protocol (MSP) and Network Layer Security Protocol (NLSP), can readily take advantage of these algorithms. Many of the protocols developed under the Secure Data Network System (SDNS) program and published under NIST in report NISTIR 90-4250, have become part of MISSI. MISSI currently uses MSP for messaging, Key Management Protocol (KMP), and Security Protocol at Layer 3 (SP3). SP3 is used in two MISSI products, the Tactical End-to-End Encryption Device (TEED) and the Network Encryption System (NES). Additionally, MISSI has recently added FIPS PUB 196, Entity Authentication Using Public Key Cryptography, 16 September 1996, as its identification and authentication (I&A) protocol.

The following standard is mandated for Army systems that are required to exchange security attributes, for example sensitivity labels:

6.3.1.1.3 MISSI Digital Signature Infrastructure

Wide-spread use of MISSI is dependent upon the successful establishment of a certificate and key management infrastructure. This infrastructure is responsible for the proper creation distribution and revocation of the end user's public key certificates. These certificates are based on ITU-T Rec. X.500 (ISO/IEC 9594-1) Directory Infrastructure and ITU-T Rec. X.509 Version 3 (ISO/IEC 9594-8.2), The Directory: Authentication Framework, 1993. Until the planned DMS X.500 directory infrastructure components are in place, developers must use an interim non-standard local caching system.

6.3.1.2 Transport Mechanisms

6.3.2 Emerging Standards

6.3.2.1 Security Association Management

6.3.2.2 Secure World Wide Web (WWW) Transactions

EDI is the current DOD mandated mechanism for electronic commerce and will probably continue to be supported by industry for large volume, commodity-type procurements at the wholesale level. EDI requires translation software to convert business application information into an EDI information standard. A common standard in the United States is the ANSI X.12 EDI format.

There are several competing schemes for encryption; however, the two predominant and totally incompatible approaches are Netscape's Secure Courier and Microsoft's Secure Transaction Technology. Both of these schemes use the same Secure Sockets Layer (SSL) encryption scheme.

The Internet Draft for SSL being considered for standardization:

6.3.2.3 Networking Security Standards

6.3.2.4 Security Protocols

The Common Internet Protocol Security Options (CIPSO) of the following emerging standard is expected to adopt MIL-STD-2045-48501, Common Security Label:

6.3.2.5 Other

6.3.3 Summary of Standards

Table 6-1 shows a mapping of common protocols and security standards and protocols that may be used to provide the required security services. International Organization for Standardization (ISO) 7498-2 Security Service Recommendations (1989), provides a list of applicable security services and makes recommendations for their implementation.

The appropriate security services required for any Army system must be determined during that system's security engineering process. This process must be closely coordinated with the system's designated approving authority (DAA), who will be cognizant of the germane security policies.

TABLE 6-1 NOTIONAL MAPPING OF PROTOCOLS AND SECURITY STANDARDS

Table 6-1 Table 6-1, part b

6.4 INFORMATION MODELING AND DATA EXCHANGE SECURITY STANDARDS

The DGSA discusses the need for a separation mechanism to mediate all calls to security critical functions and ensure strict isolation is maintained. A security management information base (SMIB) will contain the description of objects that are managed by the separation mechanism. However, the object class definitions for managing critical security functions are not currently standardized. Therefore, standards identified in the two following sections are provided for information and migration planning but are NOT mandated for use.

6.4.1 Mandated Standards

None mandated at this time.

6.4.2 Emerging Standards

6.5 HUMAN-COMPUTER INTERFACE SECURITY STANDARDS

One aspect of the human-computer interface is the need to identify individual users of an end system. End systems in turn need to be able to authenticate remote entities whether they are users, other end systems, or relay systems. The standards listed below identify the existing techniques for authentication. Specific selection of a standard should be mission specific.

6.5.1 Mandated Standards

6.5.1.1 Security Banners and Screen Labels

6.5.2 Emerging Standards

6.5.2.1 Entity Authentication

6.5.2.2 Personal Authentication

6.6 SECURITY RELATED DOCUMENTS

While most system planners and architects look to standards to arrive at a basic set of requirements, systems security is driven by policy. Security policy appears at many levels, including federal laws (e.g., The Privacy Act) and policy for the handling of national intelligence information (e.g., Director of Central Intelligence Directive (DCID) 1/16). Such policies do not have directly associated standards, yet their compliance requirements can affect both the system and technical architectures.

For those systems required or desiring to use a cryptographic device to protect privacy act information and other, unclassified, non-Warner Act exempt information, the Data Encryption Standard (DES) may apply. The DES is found in FIPS PUB 46-2 Data Encryption Standard, December 1993.

The C2 Protect initiative addresses those measures taken to maintain effective C2 of U.S. Army forces. While there are no technical standards mandated, it does establish a library of tasks and actions necessary to implement, manage, and support the initiative.

APPENDIX A - ACRONYMS

AAL ATM Adaptation Layer

ABOR Abort

ACP Allied Communication Publication

ACT Advanced Concept and Technology

ACTD Advanced Concept Technology Demonstration

ADDS Army Data Distribution System

ADO Army Digitization Office

AIS Automated Information Systems

ALSP Aggregate Level Simulation Protocol

ANSI American National Standards Institute

API Application Programming Interface

AR Army Regulation

AS Autonomous System

ASAS All Source Analysis System

ASB Army Science Board

ASD Assistant Secretary of Defense

ATA Army Technical Architecture

ATD Advanced Technology Demonstration

ATM Asynchronous Transfer Mode

BGP Border Gateway Protocol

BOOTP Bootstrap Protocol

BRI Basic Rate Interface

BUFR Binary Universal Format for Representation

C2 Command and Control

C3I Command, Control, Communications, and Intelligence

C3S Command, Control, and Communications Systems

C4I Command, Control, Communications, Computers, and Intelligence

C2CDM C2 Core Data Model

CAD Computer-Aided Design

CADRG Compressed ARC Digitized Raster Graphics

CASE Computer Aided Software Engineering

CBS Commission for Basic Systems

CCITT International Telephone and Telegraph Consultative Committee (now ITU-T)

CDE Common Desktop Environment

CDMA Code Division Multiple Access

CGI Computer Generated Imagery

CGM Computer Graphics Metafile

CIB Controlled Image Base

CIDE Communication Information Data Exchange

CINC Commander-in-Chief

CIPSO Common Internet Protocol Security Options

CMIP Common Management Information Protocol

CMIS Common Management Information Service

CMMS Conceptual Models of the Mission Space

CNR Combat Net Radio

COE Common Operating Environment

CORBA Common Object Request Broker Architecture

COTS Commercial Off-the-Shelf

CSMA/CD Carrier Sense Multiple Access / Collision Detection

DAA Designated Approving Authority

DBMS Database Management System

DCE Distributed Computing Environment

DCE Data Circuit-Terminating Equipment

DCID Director of Central Intelligence Directive

DDDS Defense Data Dictionary System

DDM Defense Data Model

DDRS Defense Data Repository System (now DDDS)

DEF Data Exchange Format

DES Data Encryption Standard

DGSA DOD Goal Security Architecture

DHCP Dynamic Host Configuration Protocol

DII Defense Information Infrastructure

DIS Distributed Interactive Simulation

DISA Defense Information Systems Agency

DISC4 Director of Information Systems for Command, Control, Communications, and Computers

DISN Defense Information Systems Network

DMA Defense Mapping Agency

DMS Defense Message System

DNC Digital Nautical Chart

DNS Domain Name System

DOD Department of Defense

DODD Department of Defense Directive

DPPDB Digital Point Positioning Data Base

DSS Digital Signature Standard

DSSS Direct Sequence Spread Spectrum

DTE Data Terminal Equipment

DTED Digital Terrain Elevation Data

DTOP Digital Topographic Data

EDI Electronic Data Interchange

EEI External Environment Interface

EIA Electronics Industries Association

ESP Encapsulating Security Payload

FDDI Fiber Distributed Data Interface

FIPS Federal Information Processing Standards

FOA Field Operating Agency

FTP File Transfer Protocol

GCCS Global Command and Control System

GIS Geographic Information System

GKS Graphical Kernel System

GOA Generic Open Architecture

GOTS Government Off-the-Shelf

GPS Global Positioning System

GRIB Gridded Binary

GSM Global System for Mobile Communications

GSS Generic Security Service

GUI Graphical User Interface

HCI Human-Computer Interface

HF High Frequency

HLA High Level Architecture

HQDA Headquarters Department of the Army

HTML HyperText Markup Language

HTTP HyperText Transfer Protocol

I&A Identification & Authentication

I&RTS Integration & Runtime Specification

IAB Internet Architecture Board

IAW In Accordance With

ICCCM Inter Client Communications Convention Manual

ICD Interface Control Document

ICMP Internet Control Message Protocol

ICOM Inputs, Controls, Outputs, and Mechanisms

IDEF Integrated Computer Aided Manufacturing Definition

IDEF0 Integrated Computer Aided Manufacturing Definition Function Method

IDEF1X Integrated Computer Aided Manufacturing Definition Extended Data Method

IDL Interface Definition Language

IDUP Independent Data Unit Protection

IEC International Electrotechnical Commission

IEEE Institute of Electrical and Electronic Engineers

IETF Internet Engineering Task Force

IGES Initial Graphics Exchange Specification

IGMP Internet Group Management Protocol

IMETS Integrated Meteorological System

IP Internet Protocol

IPCP Internet Protocol Control Protocol

IPv6 IP Next Generation/Version 6

ISDN Integrated Services Digital Network

ISO International Organization for Standardization

ISP ISDN Security Program

ITU International Telecommunications Union

JCS Joint Chiefs of Staff

JFIF JPEG File Interchange Format

JIEO Joint Interoperability and Engineering Organization

JPEG Joint Picture Expert Group

JTA Joint Technical Architecture

JTDLMP Joint Tactical Data Link Management Plan

JTIDS Joint Tactical Information Distribution System

kbps kilobits per second

KEA Key Exchange Algorithm

KMP Key Management Protocol

LAN Local Area Network

LCP Link Control Protocol

LLC Logical Link Control

LPI Low Probability of Intercept

LWD Littoral Warfare Data

M&S Modeling & Simulation

MACOM Major Army Command

Mbits/s Megabits per second

Mbps Megabits per second

MCG&I Mapping Cartographic, Geospatial & Imaging

MC&G Mapping, Charting, and Geodesy

MDA Milestone Decision Authority

MHS Message Handling System

MIL-HDBK Military Handbook

MIL-STD Military Standard

MISSI Multilevel Information System Security Initiative

MMP MISSI Management Protocol

MPEG Motion Pictures Expert Group

MSP Message Security Protocol

NCSC National Computer Security Center (see NSA)

NES Network Encryption System

NIST National Institute of Standards and Technology

NITFS NITF Standard

NLSP Network Layer Security Protocol

NSA National Security Agency

RT/NRT Real-Time/Near-Real-Time

OA Operational Architecture

ODBC Open Data Base Connectivity

ODISC4 Office of the Director of Information Systems for Command, Control, Communications, and Computers

ODMG Object Data Management Group

OOA Object Oriented Analysis

OOM Object-oriented methods (OOM

OOP Object Oriented Programming

OOT Object Oriented Technology

OOTW Operations-Other-Than-War

ORD Operational Requirements Document

OSF Open Software Foundation

OSI Open Systems Interconnection

OSPF Open Shortest Path First

PC Personal Computer

PCMCIA Personal Computer Memory Card International Association

PCS Personal Communications Services

PDU Protocol Data Unit

PEO Program Executive Office

PHIGS Programmers Hierarchical Interactive Graphics System

PM Program/Product Manager

PNNI Private Network-Network Interface

POSIX Portable Operating System Interface

PPP Point-to-Point Protocol

PPS Precise Position Service

PRI Primary Rate Interface

PSM Persistent Stored Modules

PSTN Public Switched Telephone Network

PTTI Precise Time and Time Interval

RADIUS Remote Authentication Dial In User Service

RDT&E Research, Development, Test & Evaluation

RFC Request for Comment

RPC Remote Procedure Calls

RPF Raster Product Format

RS Recommended Standard

SA Systems Architecture

SAE Society of Automotive Engineers

SAMP Security Association Management Protocol

SDNS Secure Data Network System

SEA Strategic Enterprise Architecture

SEDRIS Synthetic Environment Data Representation Interchange Specification

SGML Standard Generalized Markup Language

SHA Secure Hash Algorithm

SIF Simulation Information Format

SILS Standard for Interoperable LAN Security

SMIB Security Management Information Base

SMT Station Management

SNMP Simple Network Management Protocol

SP3 Security Protocol at Layer 3

SQL Structured Query Language

SSL Secure Sockets Layer (of HTTP)

STAMIS Standard Army Management Information System

STD Standard

STOU Store Unique

STRICOM Space and Strategic Defense Command

SUS Single UNIX Specification

TA Technical Architecture

TAFIM Technical Architecture Framework for Information Management

TCP Transmission Control Protocol

TDMA Time Division Multiple Access

TEED Tactical End-to-End Encryption Device

TELNET Telecommunications Network

TFTP Trivial File Transfer Protocol

TIDP Technical Interface Design Plan

TIDP-TE Technical Interface Design Plan - Test Edition

TOS Type-of-Service

TRM Technical Reference Model

TSIG Trusted Systems Interoperability Group

TSIX(RE) Trusted Information Exchange for Restricted Environments

UAV Unmanned Aerial Vehicle

UCS Universal Multiple-Octet Coded Character Set

UDP User Datagram Protocol

UFD User Functional Description

UNI User-Network Interface

URL Uniform Resource Locator

USMC United States Marine Corps

USMTF United States Message Text Format

UVMap Urban Vector Map

VMap AD VMap Aeronautical Data

VITD Vector Interim Terrain Data

VMap Vector Map

VMF Variable Message Format

VPF Vector Product Format

VTC Video Teleconferencing

WGS-84 World Geodetic System 84

WMO World Meteorological Organization

WSHCI Weapon Systems Human-Computer Interface

WSTAWG Weapon System Technical Architecture Working Group

WVS+ World Vector Shoreline Plus

WWW World Wide Web

APPENDIX B - LIST OF REFERENCES

B.1 MILITARY

B.1.1 DOD References

CJCSI 3900.01, Position Reference Procedures

DOD 5200.28-STD, DOD Trusted Computer System Evaluation Criteria (Orange Book), December 1985

DOD 8320.1-M-1, Department of Defense Data Element Standardization Procedures, January 1993

DOD Directive 3405.1, Computer Programming Language Policy, 2 April 1987

DOD Directive 8320.1, DOD Data Administration, September 1991

ICD-GPS-060, Precise Time and Time Interval (PTTI) Interface, Rev A

ICD-GPS-153, GPS User Equipment Radio Receivers (Draft)

ICD-GPS-155, GPS Receiver Application Module Interface, Parallel Dual Port Interface (Draft)

MD4000501-1.52, FORTEZZA Cryptologic Interface Programmer's Guide, 30 January 1996

MD4002101-1.52, FORTEZZA Application Implementor's Guide, 5 March 1996

MIL-D-89020, Digital Terrain Elevation Data (DTED)

MIL-HDBK-1300A, National Imagery Transmission Format Standard (NITFS)

MIL-PRF-28000A, Initial Graphics Exchange Specification (IGES)

MIL-STD-188-196, Bi-Level Image Compression

MIL-STD-188-198A, Joint Photographic Experts Group (JPEG) Image Compression for the National Imagery Transmission Format Standard, 15 December 1993

MIL-STD-188-199, Vector Quantization Decompression

MIL-STD-188-220A, Interoperability Standard for Digital Message Transfer Device Subsystem

MIL-STD-1477B, Symbols for Army Air Defense System Displays, 30 September 1993

MIL-STD-2045-47001, Interoperability Standard For Connectionless Data Transfer Application Layer Standard

MIL-STD-2045-48501, Common Security Labeling, 25 January 1995

MIL-STD-2301, Computer Graphics Metafile (CGM) Implementation Standard for the National Imagery Transmission Format Standard, 18 June 1993

MIL-STD-2401, World Geodetic System 84 (WGS-84), 21 March 1994

MIL-STD-2407, Vector Product Format (VPF)

MIL-STD-2411, Raster Product Format (RPF)

MIL-STD-2500A, National Imagery Transmission Format (NITF), Version 2.0

MIL-STD-2525A, Common Warfighting Symbology, Draft

MIL-STD-6040, US Message Text Format (USMTF) Electronic Document System, CDU95V01, 1 October 1995 (formerly Joint Pub 6-04)

NCSC-TG-005, Trusted Network Interpretation, 31 July 1987

NCSC-TG-021, Version-1, Trusted Database Management System Interpretation, April 1991

STANAG 5516, Edition 1, Tactical Data Exchange - LINK 16, Ratified 2 March 1990

(No Number) Assistant Secretary of Defense Memorandum, Delegations of Authority and Clarifing Guidance on Waivers from the Use of the Ada Programming Language

(No Number) ASD Memorandum, Development, Procurement, and Employment of DoD Global Position System User Equipment, 30 April 1992

(No Number) Department of Defense Joint Technical Architecture (JTA), Version 1.0, 22 August 1996

(No Number) DII COE Version 2.0 Baseline Specification, 28 June 1996

(No Number) DII COE Integration and Runtime Specification (I&RTS), Version 2.0, 23 October 1995

(No Number) DOD Memorandum, Subject: Accelerated Implementation of Migration Systems, Data Standards, and Process Improvement, 13 October 1993

(No Number) DOD Memorandum, Subject: Specifications & Standards -- A New Way of Doing Business, 29 June 1994

(No Number) DOD Technical Architecture Framework for Information Management (TAFIM), Volume 2: Technical Reference Model Version 2.0, Defense Information Systems Agency Center for Standards, 30 September 1994

(No Number) DOD Technical Architecture Framework for Information Management (TAFIM), Volume 6: DOD Goal Security Architecture (DGSA), Version 2.0, Defense Information Systems Agency Center for Standards, 30 September 1994

(No Number) DOD Technical Architecture Framework for Information Management (TAFIM), Volume 8: Department of Defense HCI Style Guide Version 2.0, Defense Information Systems Agency Center for Standards, 30 September 1994

(No Number) FORTEZZA Crypto Card Interface Control Document, Revision P1.5, 22 December 1994, FOUO

(No Number) FORTEZZA Plus Crypto Card Interface Control Document, Release 3.0, 1 June 1995, FOUO

(No Number) Interface Specification Version 1.0, (M&S HLA), 15 September 1996

(No Number) Joint Tactical Data Link Management Plan (JTDLMP), April 1996

(No Number) Joint VMF Technical Interface Design Plan (TIDP)

(No Number) JTIDS Technical Interface Design Plan - Test Edition (TIDP-TE), Reissue 3 August 1994

(No Number) Joint Tactical Information Distribution System (JTIDS) Technical Interface Design Plan - Test Edition (TIDP-TE), Reissue 3 August 1994

(No Number) M&S HLA Rules Version 1.0, 15 September 1996

(No Number) Object Model Template Version 1.0, (M&S HLA), 15 September 1996

(No Number) The Under Secretary of Defense for Acquisition and Technology, DOD High Level Architecture (HLA) for Simulations, 10 September 1996

(No Number) User Interface Specifications for the Defense Information Infrastructure (DII), Version 2.0, 1 April 1996

B.1.2 Army References

ACCS-A3-407-008D, Interface Specification for the Army Data Distribution System (ADDS) Interface

AR 380-19, Army Regulation, Information Systems Security, 1 August 1990

HQDA LTR 25-92-1, Implementation of the Ada Programming Language

HQDA LTR 25-94-1, Implementation of the Ada Programming Language

HQDA LTR 25-95-1, Implementation of the Ada Programming Language

FM 101-5-1, Operational Terms and Graphics

(No Number) Army Technical Architecture Implementation, Mark-On-The-Wall Message, Department of the Army, 6 June 1996

(No Number) Command and Control (C2) Core Data Model, Version 2, Defense Information Systems Agency, 1 July 1994

(No Number) Department of the Army C4I Technical Architecture, Version 3.1, 31 March 1995

(No Number) Department of the Army Technical Architecture, Version 4.0, 30 January 1996

(No Number) HQDA Memorandum, Subject: 1994 Army Science Board Study: Technical Architecture for Army C4I, 28 July 1994

(No Number) The Army Enterprise Implementation Plan, 8 August 1994

(No Number) The Army Enterprise Strategy, the Vision, 20 July 1993

(No Number) U.S. Army Weapon Systems Human-Computer Interface (WSHCI) Style Guide, September 1996

B.1.3 Other Government Agency References

ACP 123 U.S. Supplement No. 1, Common Messaging Strategy and Procedures, November 1995

DCID 1/16, Director of Central Intelligence Directive

FIPS Pub 46-2, Data Encryption Standard, December 1993

FIPS Pub 120-1, Graphical Kernel System (GKS) (Change Notice 1)

FIPS Pub 127-2, Database Language - SQL

FIPS Pub 128-1, Computer Graphics Metafile (CGM)

FIPS Pub 152, Standard Generalized Markup Language (SGML)

FIPS Pub 153, Programmers Hierarchical Interactive Graphics Systems (PHIGS)

FIPS Pub 158-1, X Window System, Version 11, Release 5, October 1993

FIPS Pub 161-1, Electronic Data Interchange (EDI)

FIPS Pub 180-1, National Institute of Standards and Technology (NIST) Secure Hash Algorithm (SHA), April 1995

FIPS Pub 183, Integration Definition for Function Modeling (IDEF0), December 1993

FIPS Pub 184, Integration Definition for Data Modeling (IDEF1X), December 1993

FIPS Pub 185, NIST Escrowed Encryption Standard, February 1994

FIPS Pub 186, NIST Digital Signature Standard (DSS) Algorithm, May 1994

FIPS Pub 189-1

FIPS Pub 196, Entity Authentication Using Public Key Cryptography, 16 September 1996.

NISTIR 90-4250, Network Transport and Message Security Protocol (Report)

R21-Tech-23-94, NSA-developed Type II Key Exchange Algorithm (KEA), 12 July 1994

(No Number) National Security Agency (NSA)-developed Type II confidentiality algorithm (SKIPJACK)

B.2 COMMERCIAL REFERENCES

ANSI J-STD-008, Personal Station - Base Station Compatibility Standard for Dual-Mode Wideband Spread Spectrum PCS System, Draft

ANSI T1.630, ATM Adaption Layer for Constant Bit Rate Services Functionality and Specification, 1993

ANSI T1.635, ATM Adaptation Layer Type 5, Common Part Functions and Specification, 1994

ANSI X3.100, Interface between DTE and DCE for Operation with PSDN, or between Two DTEs, by Dedicated Circuit, 1989

ANSI X3.229, Fiber Distribution Data Interface (FDDI) - Station Management (SMT)

ANSI/ISO 8632: 1992, Computer Graphics Metafile (CGM)

DIS 9075-4, Database Language SQL, Part 4: Persistent Stored Modules (SQL/PSM) (Draft)

EIA 232E, Interface Between Data Terminal Equipment and Data Circuit Terminating Equipment Employing Serial Binary Data Interchange, July 1991

EIA 449, General Purpose 37-Position and 9-Position Interface for Data Terminal Equipment and Data Circuit Terminating Equipment Employing Serial Binary Data Interchange, February 1980

EIA 530A, High Speed 25-Position Interface for Data Terminal Equipment and Data Circuit Terminating Equipment, June 1992, Including Alternate 26-Position Connector, 1992

EIA/TIA/IS-41-C, Cellular Radiotelecommunications Intersystem Operations

ESD-TR-86-278, Guidelines for Designing User Interface Software, Smith and Mosier, 1986

FM 92-X-GRIB, The WMO Format for the Storage of Weather Product Information and the Exchange of Weather Product Messages in Gridded Binary (GRIB) Form

FM 94-X-BUFR, The WMO Binary Universal Format for Representation (BUFR)

IDUP-GSS-API, Independent Data Unit Protection Generic Security Service Application Program Interface, 13 June 1996

IEEE 610.12, Software Engineering Terminology, 30 March 1990

IEEE 802.2, Local and Metropolitan Area Networks, Part 2: Logical Link Control, 1994

IEEE 802.3, Local and Metropolitan Area Networks, Part 3: Carrier Sense Multiple Access with Collision Detection (CSMA/CD) Access Method and Physical Layer Specifications, 1993

IEEE 802.3u, Local and Metropolitan Area Networks, Part 3: CSMA/CD Access Method and Physical Layer Specifications, 1995

IEEE 802.10, Local and Metropolitan Area Networks, Part 10: Interoperable LAN/MAN Security (SILS), 1992

IEEE 802.10a, Standard for Interoperable LAN Security-The Model, (Draft) Jan 1989

IEEE 802.10b, Standard for Interoperable LAN Security-Part B: Secure Data Exchange, 1992

IEEE 802.10c/D6, Standard for Interoperable LAN Security-Part C: Key Management, (Draft), 1994

IEEE 1003.1, Information Technology - Portable Operating System Interface (POSIX) - Part 1: System Application Program Interface (API) (ISO 9945-1)

IEEE 1003.2, POSIX: Shell and Utilities

IEEE 1003.2d, POSIX: Shell and Utilities - Batch Environment

IEEE 1003.5:1992, POSIX: Ada Language Interfaces Part 1: Binding for System API

IEEE 1003.5b, POSIX (Draft)

IEEE 1278.1, DIS Application Protocols, 1995

IEEE 1278.2, DIS Communication Services and Profiles, 1995

IEEE 1278.3, DIS Exercise Management and Feedback, 1995

IEEE P1003.1e, POSIX-Part 1: System API-Protection, Audit and Control Interfaces (C language), Draft 15

IEEE P1003.2c, POSIX-Part 2: Shells and Utilities-Protection and Control Interfaces, Draft 15

ISO 7498-2, Information Processing Systems - Open Systems Interconnection - Basic Reference Model - Part 2: Security Architecture, 1989

ISO 7776, Data Communication High-Level Data Link Control Procedures - Description of the X.25 LAPB-compatible DTE Data Link Procedures, 1986

ISO 8208, Data Communications - X.25 Packet Layer Protocol for Data Terminating Equipment, 1989

ISO 8652, Ada Reference Manual, Language and Standard Libraries, 15 February 1995

ISO 9314-1, Fibre Distributed Data Interface (FDDI) - Pt 1: Token Ring Physical Layer Protocol (PHY)

ISO 9314-2, Fibre Distributed Data Interface (FDDI) - Pt 2: Token Ring Media Access Control (MAC)

ISO 9314-3, Fibre Distributed Data Interface (FDDI) - Pt 3: Physical Layer Medium Dependent (PMD)

ISO 10918-1: 1994, Joint Picture Expert Group (JPEG)

ISO 11172, Coding of Moving Pictures and Associated Audio for Digital Storage Media up to 1.5 Mbps

ISO 11172-1, Motion Pictures Expert Group (MPEG), Coding of moving pictures and associated audio for digital storage media at up to about 1.5 Mbits/s -- Part 1: Systems

ISO 13818-1: 1996 - Generic Coding of Moving Pictures and Associated Audio Information - Part 1: Systems

ISO 13818-2: 1996 - Generic Coding of Moving Pictures and Associated Audio Information - Part 2: Video

ISO/IEC 8859-1:1987, Information Processing - 8-Bit Single-Byte Coded Character Sets - Part 1: Latin Alphabet No. 1

ISO/IEC 9075-3: 1995, Call Level Interface (Draft)

ISO/IEC 9596-1, 1991, Information Technology - Open Systems Interconnection - Common Management Information Protocol (CMIP) - Part 1: Specification (ITU-T X.711), 1991

ISO/IEC 9636, Information Technology-Computer Computer Graphics-Interfacing Techniques for Dialogue with Graphics Devices (CGI)

ISO/IEC 9798-1, 1991 Entity Authentication Mechanisms, Part 1- 4: General Model, 1991-1995

ISO/IEC 10021-1 1990/DAM 4, Information Technology-Message Handling Systems (MHS) - Part 1: System and Service Overview - Amendment 4: Interpersonal Messaging Security Extensions,ISO/IEC JTC1 SC18/WG4, IS (ITU-T X.400), 1990

ISO/IEC 10164-7, Information Technology - Open System Interconnection - Systems Management - Part 7: Security Alarm Reporting Function, ISO/IEC JTC1 SC21/WG4, IS May 1992 (ITU-T X.736, 1992)

ISO/IEC 10165, Open Systems Interconnection - Structure of Management Information - Parts 1- 4, 1993 - 1994

ISO/IEC 10646-1: 1993, Information Technology - Universal Multiple-Octet Coded Character Set (UCS), Part 1: Architecture and Basic Multilingual Plane

ISO/IEC 11172-1: 1993/Cor. 1:1995 Coding of moving pictures and associated audio for digital storage media at up to about 1.5 Mbits/s -- Part 1: Systems Technical Corrigendum 1

ISO/IEC 11172-2: 1993 Coding of moving pictures and associated audio for digital storage media at up to about 1.5 Mbits/s -- Part 2 Video

ISP-421/94.05.15 Revision 1.0, The ISDN Security Program (ISP) Security Association Management Protocol (SAMP)

ITU H.320, Narrow-Band Visual Telephone Systems and Terminal Equipment, 1996

ITU H.323, Visual Telephone Systems and Equipment for Local Area Networks Which Provide a Non-Guaranteed Quality of Service (Draft)

ITU I.430, Basic User-Network Interface - Layer 1 Specification, 1995

ITU I.431, Primary Rate User-Network Interface - Layer 1 Specification, 1993

ITU Q.921, ISDN User-Network Interface - Data Link Layer Specification, 1993

ITU Q.931, ISDN User-Network Interface - Layer 3 Specification for Basic Call Control, 1993

ITU-T X.25, Interface Between DTE and DCE for Terminals Operating in the Packet Mode on Public Data Networks

ITU-T H.324, Terminal for Low Bit Rate Multimedia Communications, 19 March 1996

ITU-T X.500, The Directory - Overview of Concepts, Models, and Services - Data Communication Networks Directory, 1993 (ISO/IEC 9594-1)

ITU-T X.509, The Directory: Authentication Framework, Version 3, 1993 (ISO/IEC 9594-8.2)

ODBC 2.0, Open Data Base Connectivity

OSF 1992, Open Software Foundation (OSF)/Motif Style Guide, Revision 1.2

RFC-951, Bootstrap Protocol, September 1985

RFC-1332, The PPP Internet Protocol Control Protocol (IPCP), May 1992

RFC-1333, PPP Link Quality Monitoring, May 1992

RFC-1334, PPP Authentication Protocols, October 1992

RFC-1356, Multiprotocol Interconnect on X.25 and ISDN in the Packet Mode, August 1992

RFC-1508, Generic Security Service Application Program Interface (GSS-API), September 1993

RFC-1510, The Kerberos Network Authentication Service, V.5, September 1993

RFC-1533, DHCP Options and BOOTP Vendor Extensions, October 1993

RFC-1541, Dynamic Host Configuration Protocol, October 1993

RFC-1542, Clarifications and Extensions for the Bootstrap Protocol, October 1993

RFC-1570, PPP LCP Extensions, January 1994

RFC-1577, Classical IP and ARP over ATM, January 1994

RFC-1583, OSPF Version 2, March 1994

RFC-1584, Multicast Extensions to OSPF, March 1994

RFC-1618, PPP over ISDN, May 1994

RFC-1738, Uniform Resource Locators (URL), December 1994

RFC-1771, A Border Gateway Protocol 4 (BGP-4), March 1995

RFC-1772, Application of the Border Gateway Protocol in the Internet, March 1995

RFC-1808, Relative Uniform Resource Locators, June 1995

RFC-1812, Requirements for IP Version 4 Routers, June 1995

RFC-1825, Security Architecture for the Internet Protocol, August 1995

RFC-1826, IP Authentication Header, August 1995

RFC-1827, IP Encapsulating Security Payload (ESP), August 1995

RFC-1828, IP Authentication using Keyed MD5, August 1995

RFC-1829, The ESP DES-CBC Transform, August 1995

RFC-1866, HyperText Mark-up Language (HTML), Version 2.0, 1995

RFC-1883, Internet Protocol, Version 6 (IPv6) Specification, January 1996

RFC-1884, IP Version 6 Addressing Architecture, January 1996

RFC-1885, Internet Control Message Protocol (ICMPv6) for IPv6, January 1996

RFC-1886, DNS Extensions to support IP Version 6, January 1996

RFC-1945, HyperText Transfer Protocol -- HTTP/1.0, May 1996

RS-232-D, Interface Between DTE and DCE Employing Serial Binary Data Interchange, June 1981

RS-449, General Purpose 37-Position and 9-Position Interface for DTE and DCE Employing Serial Binary Data Interchange, November 1987

RS-530, High-Speed 25-Position Interface for DTE and DCE

SAE AS4893, Generic Open Architecture (GOA) Framework, Society of Automotive Engineers (SAE)

SDN.703, MISSI Management Protocol (MMP), Revision 1.0, 7 June 1996

STD-3, Host Requirements, October 1989 (Also RFC-1122, RFC-1123)

STD-5, Internet Protocol, September 1981 (Also RFC-791, RFC-950, RFC-919, RFC-922, RFC-792, RFC-1112)

STD-6, User Datagram Protocol, August 1980 (Also RFC-768)

STD-7, Transmission Control Protocol, September 1981 (Also RFC-793)

STD-8, Telnet Protocol, May 1983 (Also RFC-854, RFC-855)

STD-9, File Transfer Protocol, October 1985 (Also RFC-959)

STD-13, Domain Name System, November 1987 (Also RFC-1034, RFC-1035)

STD-15, Simple Network Management Protocol, May 1990 (Also RFC-1157)

STD-16, Structure of Management Information, May 1990 (Also RFC-1155, RFC-1212)

STD-17, Management Information Base, March 1991 (Also RFC-1213)

STD-33, Trivial File Transfer Protocol, July 1992 (Also RFC-1350)

STD-35, ISO Transport Service on top of the TCP (Version 3), May 1978 (Also RFC-1006)

STD-36, Transmission of IP and ARP over FDDI Networks, January 1993 (Also RFC-1390)

STD-37, An Ethernet Address Resolution Protocol, November 1982 (Also RFC-826)

STD-41, Standard for the Transmission of IP Datagrams over Ethernet Networks, April 1984 (Also RFC-894)

STD-51, The Point-to-Point Protocol (PPP), July 1994 (Also RFC-1661, RFC-1662)

TIA/EIA/IS-95-A, Mobile Station - Base Station Compatibility Standard for Dual-Mode Wideband Spread Spectrum Cellular System

WD 9798-5, SC27 N 1104 (Project 1.27.03.05), Entity Authentication Mechanisms - Part 5: Entity Authentication Using Zero Knowledge Techniques, ISO/IEC JTC1 SC27/WG2, WD, target CD 1995, DII 1996, and IS 1997

WMO No. 306, Manual for Codes, Volume 1, Part B, Binary Codes

X/Open C309, DCE Remote Procedure Call

X/Open C310, DCE Time Services

X/Open C312, DCE Directory Services

X/Open C323, Common Desktop Environment (CDE) Version 1.0, April 1995

X/Open P315, DCE Authentication and Security Specification (Draft)

VTC001, Industry Video Teleconferencing Profile, Corporation for Open Systems (COS), Revision 1, April 1995

(No Number) ATM Forum 25.6 Mb/s over Twisted Pair Cable Physical Interface

(No Number) ATM Forum Local Area Network (LAN) Emulation over ATM, Version 1.0, af-lane-0021.000, August 1996

(No Number) ATM Forum Private Network-Network Interface (PNNI) Specification, Version 1, WP 510-1728WC-B, 1 August 1995

(No Number) ATM Forum User-Network Interface (UNI) Specification, Version 3.1, September 1994

(No Number) Common Object Request Broker Architecture (CORBA) 2.0 (Draft)

(No Number) IP Mobility Support

(No Number) JPEG File Interchange Format (JFIF), Version 1.02

(No Number) Open Software Foundation (OSF)/MotifTM Style Guide, Revision 1.2, 1992

(No Number) OSF/Motif Inter Client Communications Convention Manual (ICCCM)

(No Number) Remote Authentication Dial In User Service (RADIUS), July 1996 (Draft)

(No Number) Secure Sockets Layer (SSL) Protocol, Version 3.0, draft-freier-ssl-version3-01.txt, 13 March 1996 (Draft)

(No Number) TAWDS/Integrated Meteorological System (IMETS) Implementation Document for Communication Information Data Exchange (CIDE), Data Exchange Format (DEF) - Appendix 30

(No Number) The Windows Interface: An Application Design Guide, Microsoft Press, 1992

(No Number) Trusted Systems Interoperability Group (TSIG) Trusted Information Exchange for Restricted Environments (TSIX(RE)) 1.1 (draft)

(No Number) Win32 APIs, Microsoft Win32 Programmers Reference Manual, Volumes 1-5, Microsoft Press, January 1993

(No Number) Win32 APIs, Window Management and Graphics Device Interface, Volume 1, Microsoft Win32 Programmers Reference Manual, Microsoft Press, 1993

(No Number) X/Open Single UNIX Specification (SUS)

APPENDIX C - GLOSSARY

Access control

Process of limiting access to the resources of an IT product only to authorized users, programs, processes, systems, or other IT products.

Accreditation

The managerial authorization and approval, granted to an ADP system or network to process sensitive data in an operational environment, made on the basis of a certification by designated technical personnel of the extent to which design and implementation of the system meet pre-specified technical requirements, e.g., TCSEC, for achieving adequate data security. Management can accredit a system to operate at a higher/lower level than the risk level recommended (e.g., by the Requirements Guideline-) for the certification level of the system. If management accredits the system to operate at a higher level than is appropriate for the certification level, management is accepting the additional risk incurred.

Application Platform Entity

The application platform is defined as the set of resources that support the services on which application software will execute. It provides services at its interfaces that, as much as possible, make the implementation-specific characteristics of the platform transparent to the application software. (TAFIM, Version 2.0, Volume 2)

Application Program Interface (API)

The interface, or set of functions, between the application software and the application platform. (NIST Special Report, APP)

Application Software Entity

Mission-area and support applications. A common set of support applications forms the basis for the development of mission-area applications. Mission-area should be designed and developed to access this set of common support applications. Applications access the Application Platform via a standard set of APIs. (TAFIM, Version 2.0, Volume 2)

Architecture

An architecture is defined as the structure of components, their interrelationships, and the principles and guidelines governing their design and evolution over time. (IEEE 610.12)

An architecture is a composition of (1) components (including humans) with their functionality defined (Technical), (2) requirements that have been configured to achieve a prescribed purpose or mission (Operational), and (3) their connectivity with the information flow defined (System). (OS-JTF)

Authentication

(1) To verify the identity of a user, device, or other entity in a computer system, often as a prerequisite to allowing access to resources in a system.

(2) To verify the integrity of data that have been stored, transmitted, or otherwise exposed to possible unauthorized modification.

Character-based interface

A non-bit mapped user interface in which the primary form of interaction between the user and system is through text.

Commercial Item

1) Any item customarily used by the general public for other than governmental purposes, that has been sold, leased, or licensed to the general public, or that has been offered for sale, lease or license to the general public.

2) Any item that evolved from an item described in 1) above through advances in technology or performance that is not yet available in the commercial market, but will be available in time to meet the delivery requirements of the solicitation.

3) Any item that, but for modifications of a type customarily available in the commercial market or minor modifications made to meet DOD requirements, would satisfy the criteria in 1) or 2) above.

4) Any combination of items meeting the requirements of 1, 2, or 3 above or 5 below that are of a type customarily combined and sold in combination to the general public.

5) Installation services, maintenance services, repair services, training services, and other services if such services are procured for support of any item referred to paragraphs 1, 2, 3. or 4 above, if the sources of such services

6) Services offered and sold competitively, in substantial quantities, in the commercial marketplace based on established catalog prices of specific tasks performed and under standard commercial terms and conditions.

7) Any item, combination of items or service referred to in 1 through 6 above notwithstanding the fact that the item or service is transferred between or among separate divisions, subsidiaries, or affiliates of a contractor.

8) A nondevelopmental item developed exclusively at private expense and sold in substantial quantities, on a competitive basis, to State and local governments.

(DRAFT 6/30/95 NDI HANDBOOK/ Federal Acquisition Streamlining Act of 1994 DOD 5000.37H)

Commercial-off-the-shelf (COTS)

See the definition of Commercial Item found above. (OS-JTF 1995)

Compliance

Compliance is enumerated in an implementation/migration plan. A system is compliant with the ATA if it meets, or is implementing an approved plan to meet, all applicable ATA mandates.

Data Integrity

(1) The state that exists when computerized data is the same as that in the source documents and has not been exposed to accidental or malicious alteration or destruction.

(2) The property that data has not been exposed to accidental or malicious alteration or destruction.

Domain

A distinct functional area that can be supported by a family of systems with similar requirements and capabilities. An area of common operational and functional requirements.

External Environment Interface (EEI)

The interface that supports information transfer between the application platform and the external environment. (NIST Special Report, APP)

Graphical User Interface (GUI)

System design that allows the user to effect commands, enter into transaction sequences, and receive displayed information through graphical representations of objects (menus, screens, buttons, etc.).

Human-Computer Interface (HCI)

Hardware and software allowing information exchange between the user and the computer.

Hybrid Graphical User Interface

A GUI that is composed of toolkit components from more than one user interface style.

Integration

Two or more software applications that must run on the same physical processor(s) and under the same operating system.

Interoperability

(1) The ability of two or more systems or components to exchange data and use information. (IEEE STD 610.12)

(2) The ability of two or more systems to exchange information and to mutually use the information that has been exchanged. (Army Science Board)

Market Acceptance

Means that an item has been accepted in the market as evidenced by annual sales, length of time available for sale, and after-sale support capability. (DRAFT 6/30/95 NDI HANDBOOK/ Federal Acquisition Streamlining Act of 1994 DOD 5000.37H)

Motif

User interface design approach based upon the "look and feel" presented in the OSF/MotifTM style guide. MotifTM is marketed by the Open Software Foundation.

Non Developmental Item (NDI)

1) Any commercial item.

2) Any previously developed item in use by a US Federal, State or Local government agency or a foreign government with which the US has a mutual defense cooperation agreement.

3) Any item described in subparagraph 1 or 2, above, that requires only minor modification in order to meet the requirements of the procuring agency.

4) Any item currently being produced that does not meet the requirement of paragraphs 1, 2, or 3 above, solely because the item is not yet in use.

(DRAFT 6/30/95 NDI HANDBOOK/ Federal Acquisition Streamlining Act of 1994 DOD 5000.37H)

Open Software Foundation (OSF)

Consortium of computer hardware and software manufacturers whose membership includes over seventy of the computer industry's leading companies.

Open System

A system that implements sufficient open specifications for interfaces, services, and supporting formats to enable properly engineered components to be utilized across a wide range of systems with minimal changes, to interoperate with other components on local and remote systems, and to interact with users in a style that facilitates portability. An open system is characterized by the following:

- Well defined, widely used, non-proprietary interfaces/protocols, and

- Use of standards which are developed/adopted by industrially recognized standards bodies, and

-Definition of all aspects of system interfaces to facilitate new or additional systems capabilities for a wide range of applications, and

- Explicit provision for expansion or upgrading through the incorporation of additional or higher performance elements with minimal impact on the system.

(IEEE POSIX 1003.0/D15 as modified by the Tri-Service Open Systems Architecture Working Group)

Open Systems Approach

An open systems approach is a business approach that emphasizes commercially supported practices, products, specifications and standards. The approach defines, documents, and maintains a system technical architecture that depicts the lowest level of system configuration control. This architecture clearly identifies all the performance characteristics of the system including those that will be accomplished with an implementation that references open standards and specifications. (OS-JTF)

Operational Architecture (OA)

An Operational Architecture is a description (often graphical) of the operational elements, assigned tasks, and information flows required to support the warfighter. It defines the type of information, the frequency of the exchange, and what tasks are supported by these information exchanges. (JTA 1.0)

Portability

The ease with which a system, component, data, or user can be transferred from one hardware or software environment to another. (TAFIM, Version 2.0, Volume 1/3)

Real Time

Real time is a mode of operation. Real Time systems require events, data, and information to be available in time for the system to perform its required course of action. Real Time operation is characterized by scheduled event, data, and information meeting their acceptable arrival times. (OS-JTF)

Real Time Systems

Systems which provide a deterministic response to asynchronous inputs. (OS-JTF)

Reference Model

A reference model is a generally accepted abstract representation that allows users to focus on establishing definitions, building common understandings and identifying issues for resolution. For Warfare and Warfare Support System (WWSS) acquisitions, a reference model is necessary to establish a context for understanding how the disparate technologies and standards required to implement WWSS relate to each other. Reference modules provide a mechanism for identifying key issues associated with portability, scalability, and interoperability. Most importantly reference modules will aid in the evaluation and analysis of domain specific architectures. (TRI-SERVICE Open Systems Architecture Working Group)

Scalability

The capability to adapt hardware or software to accommodate changing work loads. (OS-JTF)

Security

(1) The combination of confidentiality, integrity, and availability.

(2) The quality or state of being protected from uncontrolled losses or effects. Note: Absolute security may in practice be impossible to reach; thus the security "quality" could be relative. Within state models of security systems, security is a specific "state" that is to be preserved under various operations.

Standard

A document that establishes uniform engineering and technical requirements for processes, procedures, practices, and methods. Standards may also establish requirements for selection, application, and design criteria of material. (DOD 4120.3-M)

Standards based architecture

Is an architecture based on an acceptable set of standards governing the arrangement, interaction, and interdependence of the parts or elements that together may be used to form a weapons systems, and whose purpose is to insure that a conformant system satisfies a specified set of requirements. (OS-JTF)

System

(1) People, machines and methods organized to accomplish a set of specific functions. (FIPS 11-3)

(2) An integrated composite of people, products, and processes that provides a capability or satisfy a stated need or objective. (DOD 5000.2)

(3) In the ATA, the term "system" refers to those items that produce, use or exchange information.

(4) Systems of systems such as ASAS or AFATDS are NOT considered monolithic systems for ATA compliance. For example, targeting and fire direction data passed to the fire direction center may come from outside the local system and travel over common data networks, and therefore compliance with the ATA is an important design consideration.

Systems Architecture (SA)

A Systems Architecture is a description, including graphics, of the systems and interconnections providing for or supporting a warfighting function. The SA defines the physical connection, location, and identification of the key nodes, circuits, networks, warfighting platforms, etc., and allocates system and component performance parameters. It is constructed to satisfy Operational Architecture requirements in the standards defined in the Technical Architecture. The SA shows how multiple systems within a domain or an operational scenario link and interoperate, and may describe the internal construction or operations of particular systems in the SA. (JTA 1.0)

Technical Architecture (TA)

A Technical Architecture is the minimal set of rules governing the arrangement, interaction, and interdependence of the parts or elements whose purpose is to ensure that a conformant system satisfies a specified set of requirements. The technical architecture identifies the services, interfaces, standards, and their relationships. It provides the technical guidelines for implementation of systems upon which engineering specifications are based, common building blocks are built, and product lines are developed. (JTA 1.0)

Technical Reference Model (TRM)

A target framework and profile of standards for the DOD computing and communications infrastructure. (TAFIM, Version 2.0, Vol. 1/OS-JTF)

Weapons System

A combination of one or more weapons with all related equipment, materials, services, personnel and means of delivery and deployment (if applicable) required for self sufficiency. (JCS Pub 1-02)

APPENDIX F - WEAPONS SYSTEM DOMAIN EXCEPTIONS AND EXTENSIONS

F.1 THE WEAPONS SYSTEM DOMAIN

Weapons systems communicate and receive information in support of their warfighting users. Weapons systems provide Command and Control capabilities that require gathering, processing, and communicating data to the warfighter. The systems need to be deterministic, having a real-time response to the mission critical data that requires a specific action or reaction. Weapons systems are designed to support the warfighter with the primary focus on lethality, survivability, and battle management. Weapons systems are also sensors which gather data for the larger seamless architecture, therefore they too must interact and interoperate.

The Weapon System Technical Architecture Working Group (WSTAWG) was formed in response to an ADO/Director of Information Systems for Command, Control, Communications, and Computers (DISC4) meeting that determined weapons systems should be included in the Technical Architecture effort. The WSTAWG group is comprised of representatives from the Army Program Executive Offices, Program Managers Army Research and Development Centers, and others who are engaged in building weapons systems. The WSTAWG discussed the military, proprietary, and commercial standards, that they employ in their current system designs and briefed the results of their effort to the Army Digitization Office, Army Science Board, and Army System Engineering Office. The WSTAWG concluded that there was a need for additional domain analysis to help identify additional standards that would allow specific weapons system domains to share products, processes, and services.

The focus of the WSTAWG, for this revision of the ATA, concentrated only on interoperability standards and specifications that interface weapons systems to C4I systems and to other weapons systems. The goal remains to reduce the unit cost, life cycle cost, and deployment cost of today's weapons by incorporating Army Technical Architecture standards into designs for new and already fielded weapons systems.

Weapons systems operate in many different environments around the world. The systems include physical restrictions of size, weight, and power. Weapons systems must also meet specific performance requirements based on the mission of the platform. To this end, one standard does not fit all of the many sizes and shapes of today's Army weapons systems. As an example: operational, technical, and physical constraints associated with embedded weapons systems may not permit the use of the DII COE as currently defined. Therefore, the WSTAWG is currently exploring and identifying an extension of the DII COE for the weapons system domain. This domain specific COE implementation will allow the development of application software which can then be offered up for reuse to other systems within the weapons system domain and to other domains.

The WSTAWG is committed to its work on domain analysis to identify standards that provide a common form, fit, and function across platforms of a similar domain (Interoperability and Intra-operability). When these standards are identified and agreed to, the WSTAWG will submit them through the Army Technical Architecture configuration management process for inclusion in the next revision.

[Snip balance of Appendix F.]